diff --git a/cmd/machine-config-controller/start.go b/cmd/machine-config-controller/start.go index 73640c7849..b94a39d404 100644 --- a/cmd/machine-config-controller/start.go +++ b/cmd/machine-config-controller/start.go @@ -66,9 +66,10 @@ func runStartCmd(_ *cobra.Command, _ []string) { run := func(ctx context.Context) { go common.SignalHandler(runCancel) + // Start the metrics handler + ctrlctx := ctrlcommon.CreateControllerContext(ctx, cb) - // Start the metrics handler go ctrlcommon.StartMetricsListener(startOpts.promMetricsListenAddress, ctrlctx.Stop, ctrlcommon.RegisterMCCMetrics) controllers := createControllers(ctrlctx) @@ -77,14 +78,15 @@ func runStartCmd(_ *cobra.Command, _ []string) { ctrlctx.KubeInformerFactory.Core().V1().Nodes(), ctrlctx.ClientBuilder.KubeClientOrDie("node-update-controller"), ctrlctx.ClientBuilder.MachineConfigClientOrDie("node-update-controller"), + ctrlctx.FeatureGateAccess, ) // Start the shared factory informers that you need to use in your controller ctrlctx.InformerFactory.Start(ctrlctx.Stop) ctrlctx.KubeInformerFactory.Start(ctrlctx.Stop) ctrlctx.OpenShiftConfigKubeNamespacedInformerFactory.Start(ctrlctx.Stop) - ctrlctx.ConfigInformerFactory.Start(ctrlctx.Stop) ctrlctx.OperatorInformerFactory.Start(ctrlctx.Stop) + ctrlctx.ConfigInformerFactory.Start(ctrlctx.Stop) close(ctrlctx.InformersStarted) @@ -131,8 +133,8 @@ func runStartCmd(_ *cobra.Command, _ []string) { } func createControllers(ctx *ctrlcommon.ControllerContext) []ctrlcommon.Controller { - var controllers []ctrlcommon.Controller + var controllers []ctrlcommon.Controller controllers = append(controllers, // Our primary MCs come from here template.New( @@ -192,6 +194,7 @@ func createControllers(ctx *ctrlcommon.ControllerContext) []ctrlcommon.Controlle ctx.ConfigInformerFactory.Config().V1().Schedulers(), ctx.ClientBuilder.KubeClientOrDie("node-update-controller"), ctx.ClientBuilder.MachineConfigClientOrDie("node-update-controller"), + ctx.FeatureGateAccess, ), ) diff --git a/cmd/machine-config-daemon/start.go b/cmd/machine-config-daemon/start.go index 34e9e72912..8f3dd9de4d 100644 --- a/cmd/machine-config-daemon/start.go +++ b/cmd/machine-config-daemon/start.go @@ -5,6 +5,7 @@ import ( "flag" "net/url" "os" + "time" "k8s.io/client-go/tools/clientcmd" @@ -166,25 +167,41 @@ func runStartCmd(_ *cobra.Command, _ []string) { go ctrlcommon.StartMetricsListener(startOpts.promMetricsURL, stopCh, daemon.RegisterMCDMetrics) ctrlctx := ctrlcommon.CreateControllerContext(ctx, cb) + // create the daemon instance. this also initializes kube client items // which need to come from the container and not the chroot. err = dn.ClusterConnect( startOpts.nodeName, kubeClient, + ctrlctx.ClientBuilder.MachineConfigClientOrDie(componentName), ctrlctx.InformerFactory.Machineconfiguration().V1().MachineConfigs(), ctrlctx.KubeInformerFactory.Core().V1().Nodes(), ctrlctx.InformerFactory.Machineconfiguration().V1().ControllerConfigs(), startOpts.kubeletHealthzEnabled, startOpts.kubeletHealthzEndpoint, + ctrlctx.FeatureGateAccess, ) if err != nil { klog.Fatalf("Failed to initialize: %v", err) } + ctrlctx.ConfigInformerFactory.Start(ctrlctx.Stop) ctrlctx.KubeInformerFactory.Start(stopCh) ctrlctx.InformerFactory.Start(stopCh) close(ctrlctx.InformersStarted) + select { + case <-ctrlctx.FeatureGateAccess.InitialFeatureGatesObserved(): + featureGates, err := ctrlctx.FeatureGateAccess.CurrentFeatureGates() + if err != nil { + klog.Fatalf("Could not get FG: %w", err) + } else { + klog.Infof("FeatureGates initialized: knownFeatureGates=%v", featureGates.KnownFeatures()) + } + case <-time.After(1 * time.Minute): + klog.Fatalf("Could not get FG, timed out: %w", err) + } + if err := dn.Run(stopCh, exitCh); err != nil { ctrlcommon.WriteTerminationError(err) } diff --git a/cmd/machine-config-operator/start.go b/cmd/machine-config-operator/start.go index 79d5579f24..f0c16a95f3 100644 --- a/cmd/machine-config-operator/start.go +++ b/cmd/machine-config-operator/start.go @@ -4,6 +4,7 @@ import ( "context" "flag" "os" + "time" "github.com/openshift/machine-config-operator/cmd/common" "github.com/openshift/machine-config-operator/internal/clients" @@ -44,6 +45,8 @@ func runStartCmd(_ *cobra.Command, _ []string) { // This is 'main' context that we thread through the controller context and // the leader elections. Cancelling this is "stop everything, we are shutting down". runContext, runCancel := context.WithCancel(context.Background()) + stopCh := make(chan struct{}) + defer close(stopCh) // To help debugging, immediately log version klog.Infof("Version: %s (Raw: %s, Hash: %s)", version.ReleaseVersion, version.Raw, version.Hash) @@ -57,16 +60,13 @@ func runStartCmd(_ *cobra.Command, _ []string) { klog.Fatalf("error creating clients: %v", err) } - stopCh := make(chan struct{}) - defer close(stopCh) - // start metrics listener go ctrlcommon.StartMetricsListener(startOpts.promMetricsURL, stopCh, operator.RegisterMCOMetrics) run := func(ctx context.Context) { go common.SignalHandler(runCancel) - ctrlctx := ctrlcommon.CreateControllerContext(ctx, cb) + controller := operator.New( ctrlcommon.MCONamespace, componentName, startOpts.imagesFile, @@ -97,19 +97,35 @@ func runStartCmd(_ *cobra.Command, _ []string) { ctrlctx.KubeNamespacedInformerFactory.Core().V1().Secrets(), ctrlctx.OpenShiftConfigKubeNamespacedInformerFactory.Core().V1().Secrets(), ctrlctx.ConfigInformerFactory.Config().V1().ClusterOperators(), + ctrlctx.NamespacedInformerFactory.Machineconfiguration().V1alpha1().MachineConfigNodes(), + ctrlctx.FeatureGateAccess, ) + ctrlctx.InformerFactory.Start(ctrlctx.Stop) + ctrlctx.ConfigInformerFactory.Start(ctrlctx.Stop) ctrlctx.NamespacedInformerFactory.Start(ctrlctx.Stop) ctrlctx.KubeInformerFactory.Start(ctrlctx.Stop) ctrlctx.KubeNamespacedInformerFactory.Start(ctrlctx.Stop) ctrlctx.APIExtInformerFactory.Start(ctrlctx.Stop) - ctrlctx.ConfigInformerFactory.Start(ctrlctx.Stop) ctrlctx.OpenShiftKubeAPIServerKubeNamespacedInformerFactory.Start(ctrlctx.Stop) ctrlctx.OpenShiftConfigKubeNamespacedInformerFactory.Start(ctrlctx.Stop) ctrlctx.OperatorInformerFactory.Start(ctrlctx.Stop) ctrlctx.KubeMAOSharedInformer.Start(ctrlctx.Stop) + close(ctrlctx.InformersStarted) + select { + case <-ctrlctx.FeatureGateAccess.InitialFeatureGatesObserved(): + featureGates, err := ctrlctx.FeatureGateAccess.CurrentFeatureGates() + if err != nil { + klog.Fatalf("Could not get FG: %w", err) + } else { + klog.Infof("FeatureGates initialized: knownFeatureGates=%v", featureGates.KnownFeatures()) + } + case <-time.After(1 * time.Minute): + klog.Fatalf("Could not get FG, timed out: %w", err) + } + go controller.Run(2, ctrlctx.Stop) // wait here in this function until the context gets cancelled (which tells us whe were being shut down) diff --git a/docs/ContainerRuntimeConfigDesign.md b/docs/ContainerRuntimeConfigDesign.md index ce7270971f..dce9fb80c0 100644 --- a/docs/ContainerRuntimeConfigDesign.md +++ b/docs/ContainerRuntimeConfigDesign.md @@ -68,8 +68,8 @@ e.g. ```bash $ oc logs -f -n openshift-machine-config-operator machine-config-controller-6fc64d9654-mdtv4 -W0330 08:03:49.665463 1 reflector.go:436] github.com/openshift/machine-config-operator/pkg/generated/informers/externalversions/factory.go:101: watch of *v1.ContainerRuntimeConfig ended with: an error on the server ("unable to decode an event from the watch stream: unable to decode watch event: v1.ContainerRuntimeConfig.Spec: v1.ContainerRuntimeConfigSpec.MachineConfigPoolSelector: ContainerRuntimeConfig: v1.ContainerRuntimeConfiguration.OverlaySize: unmarshalerDecoder: quantities must match the regular expression '^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$', error found in #10 byte of ...|\":\"9asadG\"},\"machine|..., bigger context ...|:{\"containerRuntimeConfig\":{\"overlaySize\":\"9asadG\"},\"machineConfigPoolSelector\":{\"matchLabels\":{\"cus|...") has prevented the request from succeeding -E0330 08:03:50.810155 1 reflector.go:138] github.com/openshift/machine-config-operator/pkg/generated/informers/externalversions/factory.go:101: Failed to watch *v1.ContainerRuntimeConfig: failed to list *v1.ContainerRuntimeConfig: v1.ContainerRuntimeConfigList.Items: []v1.ContainerRuntimeConfig: v1.ContainerRuntimeConfig.Spec: v1.ContainerRuntimeConfigSpec.MachineConfigPoolSelector: ContainerRuntimeConfig: v1.ContainerRuntimeConfiguration.OverlaySize: unmarshalerDecoder: quantities must match the regular expression '^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$', error found in #10 byte of ...|":"9asadG"},"machine|..., bigger context ...|:{"containerRuntimeConfig":{"overlaySize":"9asadG"},"machineConfigPoolSelector":{"matchLabels":{"cus|... +W0330 08:03:49.665463 1 reflector.go:436] github.com/openshift/client-go/machineconfiguration/informers/externalversions/factory.go:101: watch of *v1.ContainerRuntimeConfig ended with: an error on the server ("unable to decode an event from the watch stream: unable to decode watch event: v1.ContainerRuntimeConfig.Spec: v1.ContainerRuntimeConfigSpec.MachineConfigPoolSelector: ContainerRuntimeConfig: v1.ContainerRuntimeConfiguration.OverlaySize: unmarshalerDecoder: quantities must match the regular expression '^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$', error found in #10 byte of ...|\":\"9asadG\"},\"machine|..., bigger context ...|:{\"containerRuntimeConfig\":{\"overlaySize\":\"9asadG\"},\"machineConfigPoolSelector\":{\"matchLabels\":{\"cus|...") has prevented the request from succeeding +E0330 08:03:50.810155 1 reflector.go:138] github.com/openshift/client-go/machineconfiguration/informers/externalversions/factory.go:101: Failed to watch *v1.ContainerRuntimeConfig: failed to list *v1.ContainerRuntimeConfig: v1.ContainerRuntimeConfigList.Items: []v1.ContainerRuntimeConfig: v1.ContainerRuntimeConfig.Spec: v1.ContainerRuntimeConfigSpec.MachineConfigPoolSelector: ContainerRuntimeConfig: v1.ContainerRuntimeConfiguration.OverlaySize: unmarshalerDecoder: quantities must match the regular expression '^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$', error found in #10 byte of ...|":"9asadG"},"machine|..., bigger context ...|:{"containerRuntimeConfig":{"overlaySize":"9asadG"},"machineConfigPoolSelector":{"matchLabels":{"cus|... ``` ## Example diff --git a/go.mod b/go.mod index f00d4afe16..64aaf9ab3a 100644 --- a/go.mod +++ b/go.mod @@ -26,10 +26,10 @@ require ( github.com/google/renameio v0.1.0 github.com/imdario/mergo v0.3.13 github.com/opencontainers/go-digest v1.0.0 - github.com/openshift/api v0.0.0-20231013202211-096c446e7f60 - github.com/openshift/client-go v0.0.0-20231005121823-e81400b97c46 - github.com/openshift/cluster-config-operator v0.0.0-alpha.0.0.20230516205036-088c6d48cc1a - github.com/openshift/library-go v0.0.0-20231017173800-126f85ed0cc7 + github.com/openshift/api v0.0.0-20231128111040-e1845c5a7acd + github.com/openshift/client-go v0.0.0-20231110140829-a6ca51f6d5ba + github.com/openshift/cluster-config-operator v0.0.0-alpha.0.0.20231110142214-403ea8439974 + github.com/openshift/library-go v0.0.0-20231020125034-5a2d9fe760b3 github.com/openshift/runtime-utils v0.0.0-20230921210328-7bdb5b9c177b github.com/prometheus/client_golang v1.16.0 github.com/spf13/cobra v1.7.0 @@ -54,12 +54,17 @@ require ( 4d63.com/gocheckcompilerdirectives v1.2.1 // indirect github.com/4meepo/tagalign v1.2.2 // indirect github.com/Abirdcfly/dupword v0.0.11 // indirect + github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect + github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/OpenPeeDeeP/depguard/v2 v2.1.0 // indirect github.com/alexkohler/nakedret/v2 v2.0.2 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go v1.44.248 // indirect github.com/butuzov/mirror v1.1.0 // indirect + github.com/chai2010/gettext-go v1.0.2 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20230514072755-504adb8a8af1 // indirect + github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect + github.com/go-errors/errors v1.4.2 // indirect github.com/go-openapi/analysis v0.21.4 // indirect github.com/go-openapi/errors v0.20.3 // indirect github.com/go-openapi/loads v0.21.2 // indirect @@ -67,11 +72,20 @@ require ( github.com/go-openapi/spec v0.20.9 // indirect github.com/go-openapi/strfmt v0.21.7 // indirect github.com/go-openapi/validate v0.22.1 // indirect + github.com/google/btree v1.0.1 // indirect github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect + github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect github.com/kkHAIKE/contextcheck v1.1.4 // indirect + github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/maratori/testableexamples v1.0.0 // indirect + github.com/mitchellh/go-wordwrap v1.0.1 // indirect + github.com/moby/spdystream v0.2.0 // indirect + github.com/moby/term v0.5.0 // indirect + github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/nunnatsa/ginkgolinter v0.12.1 // indirect github.com/oklog/ulid v1.3.1 // indirect + github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/robfig/cron v1.2.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sigstore/fulcio v1.3.1 // indirect @@ -79,22 +93,25 @@ require ( github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c // indirect github.com/timonwong/loggercheck v0.9.4 // indirect github.com/xen0n/gosmopolitan v1.2.1 // indirect + github.com/xlab/treeprint v1.2.0 // indirect github.com/ykadowak/zerologlint v0.1.2 // indirect go.mongodb.org/mongo-driver v1.11.3 // indirect + go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.tmz.dev/musttag v0.7.0 // indirect gopkg.in/DATA-DOG/go-sqlmock.v1 v1.3.0 // indirect gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect + k8s.io/cli-runtime v0.28.3 // indirect + sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect ) require ( 4d63.com/gochecknoglobals v0.2.1 // indirect github.com/Antonboom/errname v0.1.10 // indirect github.com/Antonboom/nilnil v0.1.5 // indirect - github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect github.com/GaijinEntertainment/go-exhaustruct/v2 v2.3.0 // indirect github.com/InVisionApp/go-logger v1.0.1 // indirect - github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/semver v1.5.0 // indirect github.com/ajeddeloh/go-json v0.0.0-20200220154158-5ae607161559 // indirect github.com/alexkohler/prealloc v1.0.0 // indirect @@ -110,7 +127,6 @@ require ( github.com/breml/errchkjson v0.3.1 // indirect github.com/butuzov/ireturn v0.2.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/chai2010/gettext-go v1.0.2 // indirect github.com/charithe/durationcheck v0.0.10 // indirect github.com/chavacava/garif v0.0.0-20230227094218-b8c73b2037b8 // indirect github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect @@ -130,15 +146,13 @@ require ( github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/esimonov/ifshort v1.0.4 // indirect github.com/ettle/strcase v0.1.1 // indirect - github.com/evanphx/json-patch v4.12.0+incompatible // indirect + github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect - github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/color v1.15.0 // indirect github.com/fatih/structtag v1.2.0 // indirect github.com/firefart/nonamedreturns v1.0.4 // indirect github.com/fzipp/gocyclo v0.6.0 // indirect github.com/go-critic/go-critic v0.8.1 // indirect - github.com/go-errors/errors v1.4.2 // indirect github.com/go-logr/logr v1.2.4 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect @@ -165,10 +179,8 @@ require ( github.com/golangci/misspell v0.4.0 // indirect github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6 // indirect github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 // indirect - github.com/google/btree v1.0.1 // indirect github.com/google/go-containerregistry v0.15.2 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.3.0 // indirect github.com/gordonklaus/ineffassign v0.0.0-20230610083614-0e73809eb601 // indirect github.com/gorilla/mux v1.8.0 // indirect @@ -176,7 +188,6 @@ require ( github.com/gostaticanalysis/comment v1.4.2 // indirect github.com/gostaticanalysis/forcetypeassert v0.1.0 // indirect github.com/gostaticanalysis/nilerr v0.1.1 // indirect - github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-version v1.6.0 // indirect @@ -200,7 +211,6 @@ require ( github.com/ldez/tagliatelle v0.5.0 // indirect github.com/leonklingele/grouper v1.1.1 // indirect github.com/letsencrypt/boulder v0.0.0-20230213213521-fdfea0d469b6 // indirect - github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/lufeee/execinquery v1.2.1 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect @@ -213,14 +223,10 @@ require ( github.com/mbilski/exhaustivestruct v1.2.0 // indirect github.com/mgechev/revive v1.3.2 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect - github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect - github.com/moby/spdystream v0.2.0 // indirect github.com/moby/sys/mountinfo v0.6.2 // indirect - github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/moricho/tparallel v0.3.1 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/nakabonne/nestif v0.3.1 // indirect @@ -232,7 +238,6 @@ require ( github.com/opencontainers/runc v1.1.7 // indirect github.com/opencontainers/runtime-spec v1.1.0-rc.3 // indirect github.com/pelletier/go-toml/v2 v2.0.8 // indirect - github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/polyfloyd/go-errorlint v1.4.2 // indirect @@ -280,11 +285,9 @@ require ( github.com/ultraware/whitespace v0.0.5 // indirect github.com/uudashr/gocognit v1.0.6 // indirect github.com/vbatts/tar-split v0.11.3 // indirect - github.com/xlab/treeprint v1.2.0 // indirect github.com/yagipy/maintidx v1.0.0 // indirect github.com/yeya24/promlinter v0.2.0 // indirect gitlab.com/bosi/decorder v0.2.3 // indirect - go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/atomic v1.10.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.24.0 // indirect @@ -307,19 +310,18 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect honnef.co/go/tools v0.4.3 // indirect k8s.io/apiserver v0.28.3 // indirect - k8s.io/cli-runtime v0.28.3 // indirect k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect k8s.io/klog/v2 v2.100.1 k8s.io/kube-aggregator v0.28.3 // indirect - k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect + k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f // indirect mvdan.cc/gofumpt v0.5.0 // indirect mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed // indirect mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b // indirect mvdan.cc/unparam v0.0.0-20221223090309-7455f1af531d // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 // indirect - sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect - sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) + +replace k8s.io/kube-openapi => github.com/openshift/kube-openapi v0.0.0-20230816122517-ffc8f001abb0 diff --git a/go.sum b/go.sum index 6927e8b865..3b84ec562b 100644 --- a/go.sum +++ b/go.sum @@ -217,8 +217,8 @@ github.com/esimonov/ifshort v1.0.4 h1:6SID4yGWfRae/M7hkVDVVyppy8q/v9OuxNdmjLQStB github.com/esimonov/ifshort v1.0.4/go.mod h1:Pe8zjlRrJ80+q2CxHLfEOfTwxCZ4O+MuhcHcfgNWTk0= github.com/ettle/strcase v0.1.1 h1:htFueZyVeE1XNnMEfbqp5r67qAN/4r6ya1ysq8Q+Zcw= github.com/ettle/strcase v0.1.1/go.mod h1:hzDLsPC7/lwKyBOywSHEP89nt2pDgdy+No1NBA9o9VY= -github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= -github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= +github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= @@ -470,8 +470,8 @@ github.com/gostaticanalysis/nilerr v0.1.1 h1:ThE+hJP0fEp4zWLkWHWcRyI2Od0p7DlgYG3 github.com/gostaticanalysis/nilerr v0.1.1/go.mod h1:wZYb6YI5YAxxq0i1+VJbY0s2YONW0HU0GPE3+5PWN4A= github.com/gostaticanalysis/testutil v0.3.1-0.20210208050101-bfb5c8eec0e4/go.mod h1:D+FIZ+7OahH3ePw/izIEeH5I06eKs1IKI4Xr64/Am3M= github.com/gostaticanalysis/testutil v0.4.0 h1:nhdCmubdmDF6VEatUNjgUZBJKWRqugoISdUv3PPQgHY= -github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= -github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= +github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -658,14 +658,16 @@ github.com/opencontainers/runc v1.1.7 h1:y2EZDS8sNng4Ksf0GUYNhKbTShZJPJg1FiXJNH/ github.com/opencontainers/runc v1.1.7/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50= github.com/opencontainers/runtime-spec v1.1.0-rc.3 h1:l04uafi6kxByhbxev7OWiuUv0LZxEsYUfDWZ6bztAuU= github.com/opencontainers/runtime-spec v1.1.0-rc.3/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/openshift/api v0.0.0-20231013202211-096c446e7f60 h1:vaGyewNUE95Zo+GdK0HEorBlGm3MRa4AC8GUUqF5Ml8= -github.com/openshift/api v0.0.0-20231013202211-096c446e7f60/go.mod h1:qNtV0315F+f8ld52TLtPvrfivZpdimOzTi3kn9IVbtU= -github.com/openshift/client-go v0.0.0-20231005121823-e81400b97c46 h1:J7UsTNgyM1krYnfsmijowYqt5I4mDM1qxNAy4eEa0xc= -github.com/openshift/client-go v0.0.0-20231005121823-e81400b97c46/go.mod h1:xM64ClnmCheAmffZZdTSJejy3yPE1nTRWQthKaZQ7JY= -github.com/openshift/cluster-config-operator v0.0.0-alpha.0.0.20230516205036-088c6d48cc1a h1:y/vIcJvfAKxLlbtU1uCQea/NSAeUUunEJ68lR/wWKC8= -github.com/openshift/cluster-config-operator v0.0.0-alpha.0.0.20230516205036-088c6d48cc1a/go.mod h1:O4TuBlo2A+kZiykV1LxUSdEjx6zNqgCKf05+lkTDVZc= -github.com/openshift/library-go v0.0.0-20231017173800-126f85ed0cc7 h1:pJLcCSJzdiWCaJ4bAepgnvwMdP33LumbVJyWSW7+3ng= -github.com/openshift/library-go v0.0.0-20231017173800-126f85ed0cc7/go.mod h1:jgxNp8aApJnZtECid9SUSr5Bu6DLo8Hfdv1DgFZaYA8= +github.com/openshift/api v0.0.0-20231128111040-e1845c5a7acd h1:bkX3IPDizf3+oYTIn10KbSIHTCsns1Ov6Ilv86Vm+Yc= +github.com/openshift/api v0.0.0-20231128111040-e1845c5a7acd/go.mod h1:qNtV0315F+f8ld52TLtPvrfivZpdimOzTi3kn9IVbtU= +github.com/openshift/client-go v0.0.0-20231110140829-a6ca51f6d5ba h1:uZ9gqdJIKUegxqeBqKXbPdd0JfO6aueQ2Ot/gTOhkD8= +github.com/openshift/client-go v0.0.0-20231110140829-a6ca51f6d5ba/go.mod h1:/BACtJX3fnHOlecTC3VW7JPsJU7KCGaUqt/HkWp5ryo= +github.com/openshift/cluster-config-operator v0.0.0-alpha.0.0.20231110142214-403ea8439974 h1:Pb8KC/DpQUMLHTZalQL90ly9j4Fk2R6wIE8SAHbCf8I= +github.com/openshift/cluster-config-operator v0.0.0-alpha.0.0.20231110142214-403ea8439974/go.mod h1:/JRDiOBCyaQBoD7A0nGsTrPvco69QrGX4OmZGHm6MwM= +github.com/openshift/kube-openapi v0.0.0-20230816122517-ffc8f001abb0 h1:GPlAy197Jkr+D0T2FNWanamraTdzS/r9ZkT29lxvHaA= +github.com/openshift/kube-openapi v0.0.0-20230816122517-ffc8f001abb0/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= +github.com/openshift/library-go v0.0.0-20231020125034-5a2d9fe760b3 h1:RmbS0Ea69/ejW0HqUoUjO72EfNc/biuVDjODEDl/EnE= +github.com/openshift/library-go v0.0.0-20231020125034-5a2d9fe760b3/go.mod h1:8UzmrBMCn7+GzouL8DVYkL9COBQTB1Ggd13/mHJQCUg= github.com/openshift/runtime-utils v0.0.0-20230921210328-7bdb5b9c177b h1:oXzC1N6E9gw76/WH2gEA8GEHvuq09wuVQ9GoCuR8GF4= github.com/openshift/runtime-utils v0.0.0-20230921210328-7bdb5b9c177b/go.mod h1:l9/qeKZuAmYUMl0yicJlbkPGDsIycGhwxOvOAWyaP0E= github.com/otiai10/copy v1.2.0 h1:HvG945u96iNadPoG2/Ja2+AUJeW5YuFQMixq9yirC+k= @@ -1396,8 +1398,6 @@ k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-aggregator v0.28.3 h1:CVbj3+cpshSHR5dWPzLYx3sVpIDEPLlzMSxY/lAc9cM= k8s.io/kube-aggregator v0.28.3/go.mod h1:5DyLevbRTcWnT1f9b+lB3BfbXC1w7gDa/OtB6kKInCw= -k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= -k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= k8s.io/kubectl v0.28.3 h1:H1Peu1O3EbN9zHkJCcvhiJ4NUj6lb88sGPO5wrWIM6k= k8s.io/kubectl v0.28.3/go.mod h1:RDAudrth/2wQ3Sg46fbKKl4/g+XImzvbsSRZdP2RiyE= k8s.io/kubelet v0.28.3 h1:bp/uIf1R5F61BlFvFtzc4PDEiK7TtFcw3wFJlc0V0LM= diff --git a/hack/crds-sync.sh b/hack/crds-sync.sh index 50e34bf716..aee6e844e6 100755 --- a/hack/crds-sync.sh +++ b/hack/crds-sync.sh @@ -1,4 +1,4 @@ - #!/usr/bin/env bash +#!/usr/bin/env bash set -euo pipefail @@ -6,7 +6,8 @@ set -euo pipefail CRDS_MAPPING=( "v1/0000_80_containerruntimeconfig.crd.yaml:0000_80_machine-config-operator_01_containerruntimeconfig.crd.yaml" "v1/0000_80_kubeletconfig.crd.yaml:0000_80_machine-config-operator_01_kubeletconfig.crd.yaml" "v1/0000_80_machineconfig.crd.yaml:0000_80_machine-config-operator_01_machineconfig.crd.yaml" - "v1/0000_80_machineconfigpool.crd.yaml:0000_80_machine-config-operator_01_machineconfigpool.crd.yaml" ) + "v1/0000_80_machineconfigpool.crd.yaml:0000_80_machine-config-operator_01_machineconfigpool.crd.yaml" + "v1alpha1/0000_80_machineconfignode-TechPreviewNoUpgrade.crd.yaml:0000_80_machine-config-operator_01_machineconfignode-TechPreviewNoUpgrade.crd.yaml" ) #TODO(jkyros): 0000_80_machine-config-operator_02_containerruntimeconfig.crd.yaml) for crd in "${CRDS_MAPPING[@]}" ; do @@ -17,3 +18,6 @@ done #this one goes in manifests rather than install, but should it? cp "vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig.crd.yaml" "manifests/controllerconfig.crd.yaml" +cp "vendor/github.com/openshift/api/machineconfiguration/v1alpha1/0000_80_machineconfignode-TechPreviewNoUpgrade.crd.yaml" "manifests/0000_80_machine-config-operator_01_machineconfignode-TechPreviewNoUpgrade.crd.yaml" +cp "vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config.crd.yaml" "install/0000_80_machine-config-operator_01_config.crd.yaml" + diff --git a/install/0000_80_machine-config-operator_00_clusterreader_clusterrole.yaml b/install/0000_80_machine-config-operator_00_clusterreader_clusterrole.yaml index 062a30198b..cc8b428e00 100644 --- a/install/0000_80_machine-config-operator_00_clusterreader_clusterrole.yaml +++ b/install/0000_80_machine-config-operator_00_clusterreader_clusterrole.yaml @@ -33,3 +33,15 @@ rules: - get - list - watch + - apiGroups: + - config.openshift.io + resources: + - images + - clusterversions + - featuregates + - nodes + - nodes/status + verbs: + - get + - list + - watch diff --git a/install/0000_80_machine-config-operator_01_config.crd.yaml b/install/0000_80_machine-config-operator_01_config.crd.yaml new file mode 100644 index 0000000000..61ef7740e7 --- /dev/null +++ b/install/0000_80_machine-config-operator_01_config.crd.yaml @@ -0,0 +1,192 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + name: machineconfigurations.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: MachineConfiguration + plural: machineconfigurations + singular: machineconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "MachineConfiguration provides information to configure an operator to manage Machine Configuration. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the Machine Config Operator + type: object + properties: + failedRevisionLimit: + description: failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) + type: integer + format: int32 + forceRedeploymentReason: + description: forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config. + type: string + logLevel: + description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + succeededRevisionLimit: + description: succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default) + type: integer + format: int32 + unsupportedConfigOverrides: + description: unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: status is the most recently observed status of the Machine Config Operator + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're tracking + type: string + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most recent deployment + type: integer + format: int32 + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across individual nodes + type: array + items: + description: NodeStatus provides information about the current state of a particular node managed by this operator. + type: object + properties: + currentRevision: + description: currentRevision is the generation of the most recently successful deployment + type: integer + format: int32 + lastFailedCount: + description: lastFailedCount is how often the installer pod of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment we tried and failed to deploy. + type: integer + format: int32 + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision. + type: array + items: + type: string + lastFailedTime: + description: lastFailedTime is the time the last failed revision failed the last time. + type: string + format: date-time + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment we're trying to apply + type: integer + format: int32 + observedGeneration: + description: observedGeneration is the last generation change you've dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string + served: true + storage: true + subresources: + status: {} diff --git a/install/0000_80_machine-config-operator_01_kubeletconfig.crd.yaml b/install/0000_80_machine-config-operator_01_kubeletconfig.crd.yaml index 06c7b22c02..7171973b00 100644 --- a/install/0000_80_machine-config-operator_01_kubeletconfig.crd.yaml +++ b/install/0000_80_machine-config-operator_01_kubeletconfig.crd.yaml @@ -83,11 +83,11 @@ spec: type: string x-kubernetes-map-type: atomic tlsSecurityProfile: - description: If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that only Old and Intermediate profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12. + description: If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that only Old and Intermediate profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12. type: object properties: custom: - description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1" + description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: VersionTLS11" type: object properties: ciphers: @@ -96,7 +96,7 @@ spec: items: type: string minTLSVersion: - description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" + description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" type: string enum: - VersionTLS10 @@ -105,15 +105,15 @@ spec: - VersionTLS13 nullable: true intermediate: - description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2" + description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12" type: object nullable: true modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: VersionTLS13 \n NOTE: Currently unsupported." type: object nullable: true old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10" type: object nullable: true type: diff --git a/install/0000_80_machine-config-operator_01_machineconfignode-TechPreviewNoUpgrade.crd.yaml b/install/0000_80_machine-config-operator_01_machineconfignode-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 0000000000..74a01199f2 --- /dev/null +++ b/install/0000_80_machine-config-operator_01_machineconfignode-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,203 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: machineconfignodes.machineconfiguration.openshift.io + labels: + "openshift.io/operator-managed": "" + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1596 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade +spec: + # group name to use for REST API: /apis// + group: machineconfiguration.openshift.io + scope: Cluster + names: + kind: MachineConfigNode + singular: machineconfignode + plural: machineconfignodes + versions: + - name: v1alpha1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Updated")].status + name: Updated + type: string + - jsonPath: .status.conditions[?(@.type=="UpdatePrepared")].status + name: UpdatePrepared + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateExecuted")].status + name: UpdateExecuted + type: string + - jsonPath: .status.conditions[?(@.type=="UpdatePostActionComplete")].status + name: UpdatePostActionComplete + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateComplete")].status + name: UpdateComplete + type: string + - jsonPath: .status.conditions[?(@.type=="Resumed")].status + name: Resumed + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateCompatible")].status + name: UpdateCompatible + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="AppliedFilesAndOS")].status + name: UpdatedFilesAndOS + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Cordoned")].status + name: CordonedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Drained")].status + name: DrainedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="RebootedNode")].status + name: RebootedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="ReloadedCRIO")].status + name: ReloadedCRIO + priority: 1 + type: string + schema: + openAPIV3Schema: + description: 'MachineConfigNode describes the health of the Machines on the system Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.' + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec describes the configuration of the machine config node. + type: object + required: + - configVersion + - node + - pool + properties: + configVersion: + description: configVersion holds the desired config version for the node targeted by this machine config node resource. The desired version represents the machine config the node will attempt to update to. This gets set before the machine config operator validates the new machine config against the current machine config. + type: object + required: + - desired + properties: + desired: + description: desired is the name of the machine config that the the node should be upgraded to. This value is set when the machine config pool generates a new version of its rendered configuration. When this value is changed, the machine config daemon starts the node upgrade process. This value gets set in the machine config node spec once the machine config has been targeted for upgrade and before it is validated. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + node: + description: node contains a reference to the node for this machine config node. + type: object + required: + - name + properties: + name: + description: name is the object name. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + pool: + description: pool contains a reference to the machine config pool that this machine config node's referenced node belongs to. + type: object + required: + - name + properties: + name: + description: name is the object name. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + status: + description: status describes the last observed state of this machine config node. + type: object + required: + - configVersion + properties: + conditions: + description: conditions represent the observations of a machine config node's current state. + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + configVersion: + description: configVersion describes the current and desired machine config for this node. The current version represents the current machine config for the node and is updated after a successful update. The desired version represents the machine config the node will attempt to update to. This desired machine config has been compared to the current machine config and has been validated by the machine config operator as one that is valid and that exists. + type: object + required: + - desired + properties: + current: + description: current is the name of the machine config currently in use on the node. This value is updated once the machine config daemon has completed the update of the configuration for the node. This value should match the desired version unless an upgrade is in progress. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + desired: + description: desired is the MachineConfig the node wants to upgrade to. This value gets set in the machine config node status once the machine config has been validated against the current machine config. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + observedGeneration: + description: observedGeneration represents the generation observed by the controller. This field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec. + type: integer + format: int64 + x-kubernetes-validations: + - rule: self.metadata.name == self.spec.node.name + message: spec.node.name should match metadata.name diff --git a/install/0000_80_machine-config-operator_01_machineconfigpool.crd.yaml b/install/0000_80_machine-config-operator_01_machineconfigpool.crd.yaml index 3d6b81934b..f2afeef4a3 100644 --- a/install/0000_80_machine-config-operator_01_machineconfigpool.crd.yaml +++ b/install/0000_80_machine-config-operator_01_machineconfigpool.crd.yaml @@ -227,7 +227,6 @@ spec: type: object required: - bundle - - expiry - subject properties: bundle: diff --git a/lib/resourceapply/machineconfig.go b/lib/resourceapply/machineconfig.go index db3d7ceda8..88749a541f 100644 --- a/lib/resourceapply/machineconfig.go +++ b/lib/resourceapply/machineconfig.go @@ -4,7 +4,11 @@ import ( "context" mcfgv1 "github.com/openshift/api/machineconfiguration/v1" + mcfgalphav1 "github.com/openshift/api/machineconfiguration/v1alpha1" + mcfgclientv1 "github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1" + mcfgclientalphav1 "github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1" + "github.com/openshift/library-go/pkg/operator/resource/resourcemerge" mcoResourceMerge "github.com/openshift/machine-config-operator/lib/resourcemerge" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -53,6 +57,27 @@ func ApplyMachineConfigPool(client mcfgclientv1.MachineConfigPoolsGetter, requir return actual, true, err } +// ApplyMachineConfigNode applies the required machineconfignode to the cluster. +func ApplyMachineConfigNode(client mcfgclientalphav1.MachineConfigNodesGetter, required *mcfgalphav1.MachineConfigNode) (*mcfgalphav1.MachineConfigNode, bool, error) { + existing, err := client.MachineConfigNodes().Get(context.TODO(), required.GetName(), metav1.GetOptions{}) + if apierrors.IsNotFound(err) { + actual, err := client.MachineConfigNodes().Create(context.TODO(), required, metav1.CreateOptions{}) + return actual, true, err + } + if err != nil { + return nil, false, err + } + + modified := resourcemerge.BoolPtr(false) + mcoResourceMerge.EnsureMachineConfigNode(modified, existing, *required) + if !*modified { + return existing, false, nil + } + + actual, err := client.MachineConfigNodes().Update(context.TODO(), existing, metav1.UpdateOptions{}) + return actual, true, err +} + // ApplyControllerConfig applies the required machineconfig to the cluster. func ApplyControllerConfig(client mcfgclientv1.ControllerConfigsGetter, required *mcfgv1.ControllerConfig) (*mcfgv1.ControllerConfig, bool, error) { existing, err := client.ControllerConfigs().Get(context.TODO(), required.GetName(), metav1.GetOptions{}) diff --git a/lib/resourcemerge/machineconfig.go b/lib/resourcemerge/machineconfig.go index 125b27daff..2b7875ca3b 100644 --- a/lib/resourcemerge/machineconfig.go +++ b/lib/resourcemerge/machineconfig.go @@ -2,10 +2,19 @@ package resourcemerge import ( mcfgv1 "github.com/openshift/api/machineconfiguration/v1" + mcfgalphav1 "github.com/openshift/api/machineconfiguration/v1alpha1" + "github.com/openshift/library-go/pkg/operator/resource/resourcemerge" "k8s.io/apimachinery/pkg/api/equality" ) +// EnsureMachineConfig ensures that the existing matches the required. +// modified is set to true when existing had to be updated with required. +func EnsureMachineConfigNode(modified *bool, existing *mcfgalphav1.MachineConfigNode, required mcfgalphav1.MachineConfigNode) { + resourcemerge.EnsureObjectMeta(modified, &existing.ObjectMeta, required.ObjectMeta) + ensureMachineConfigNodeSpec(modified, &existing.Spec, required.Spec) +} + // EnsureMachineConfig ensures that the existing matches the required. // modified is set to true when existing had to be updated with required. func EnsureMachineConfig(modified *bool, existing *mcfgv1.MachineConfig, required mcfgv1.MachineConfig) { @@ -44,6 +53,16 @@ func EnsureMachineConfigPool(modified *bool, existing *mcfgv1.MachineConfigPool, } } +func ensureMachineConfigNodeSpec(modified *bool, existing *mcfgalphav1.MachineConfigNodeSpec, required mcfgalphav1.MachineConfigNodeSpec) { + if !equality.Semantic.DeepEqual(existing.Node, required.Node) { + *modified = true + (*existing).Node = required.Node + } + if !equality.Semantic.DeepEqual(existing.Pool, required.Pool) { + *modified = true + (*existing).Pool = required.Pool + } +} func ensureMachineConfigSpec(modified *bool, existing *mcfgv1.MachineConfigSpec, required mcfgv1.MachineConfigSpec) { resourcemerge.SetStringIfSet(modified, &existing.OSImageURL, required.OSImageURL) resourcemerge.SetStringIfSet(modified, &existing.KernelType, required.KernelType) diff --git a/lib/resourceread/machineconfig.go b/lib/resourceread/machineconfig.go index 1203b65ec6..0427d20676 100644 --- a/lib/resourceread/machineconfig.go +++ b/lib/resourceread/machineconfig.go @@ -5,6 +5,10 @@ import ( "fmt" mcfgv1 "github.com/openshift/api/machineconfiguration/v1" + opv1 "github.com/openshift/api/operator/v1" + + mcfgalphav1 "github.com/openshift/api/machineconfiguration/v1alpha1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" ) @@ -12,12 +16,24 @@ import ( var ( mcfgScheme = runtime.NewScheme() mcfgCodecs = serializer.NewCodecFactory(mcfgScheme) + + mcfgAlphaScheme = runtime.NewScheme() + mcfgAlphaCodecs = serializer.NewCodecFactory(mcfgAlphaScheme) + + opv1Scheme = runtime.NewScheme() + opv1Codec = serializer.NewCodecFactory(opv1Scheme) ) func init() { + if err := mcfgalphav1.AddToScheme(mcfgAlphaScheme); err != nil { + panic(err) + } if err := mcfgv1.AddToScheme(mcfgScheme); err != nil { panic(err) } + if err := opv1.AddToScheme(opv1Scheme); err != nil { + panic(err) + } } // ReadMachineConfigV1 reads raw MachineConfig object from bytes. Returns MachineConfig and error. @@ -60,6 +76,15 @@ func ReadMachineConfigPoolV1OrDie(objBytes []byte) *mcfgv1.MachineConfigPool { return requiredObj.(*mcfgv1.MachineConfigPool) } +// ReadMachineConfigPoolV1OrDie reads MachineConfigPool object from bytes. Panics on error. +func ReadMachineConfigNodeV1OrDie(objBytes []byte) *mcfgalphav1.MachineConfigNode { + requiredObj, err := runtime.Decode(mcfgAlphaCodecs.UniversalDecoder(mcfgalphav1.SchemeGroupVersion), objBytes) + if err != nil { + panic(err) + } + return requiredObj.(*mcfgalphav1.MachineConfigNode) +} + // ReadControllerConfigV1OrDie reads ControllerConfig object from bytes. Panics on error. func ReadControllerConfigV1OrDie(objBytes []byte) *mcfgv1.ControllerConfig { requiredObj, err := runtime.Decode(mcfgCodecs.UniversalDecoder(mcfgv1.SchemeGroupVersion), objBytes) @@ -68,3 +93,11 @@ func ReadControllerConfigV1OrDie(objBytes []byte) *mcfgv1.ControllerConfig { } return requiredObj.(*mcfgv1.ControllerConfig) } + +func ReadMachineConfigurationV1OrDie(objBytes []byte) *opv1.MachineConfiguration { + requiredObj, err := runtime.Decode(opv1Codec.UniversalDecoder(opv1.SchemeGroupVersion), objBytes) + if err != nil { + panic(err) + } + return requiredObj.(*opv1.MachineConfiguration) +} diff --git a/manifests/0000_80_machine-config-operator_01_machineconfignode-TechPreviewNoUpgrade.crd.yaml b/manifests/0000_80_machine-config-operator_01_machineconfignode-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 0000000000..74a01199f2 --- /dev/null +++ b/manifests/0000_80_machine-config-operator_01_machineconfignode-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,203 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: machineconfignodes.machineconfiguration.openshift.io + labels: + "openshift.io/operator-managed": "" + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1596 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade +spec: + # group name to use for REST API: /apis// + group: machineconfiguration.openshift.io + scope: Cluster + names: + kind: MachineConfigNode + singular: machineconfignode + plural: machineconfignodes + versions: + - name: v1alpha1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Updated")].status + name: Updated + type: string + - jsonPath: .status.conditions[?(@.type=="UpdatePrepared")].status + name: UpdatePrepared + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateExecuted")].status + name: UpdateExecuted + type: string + - jsonPath: .status.conditions[?(@.type=="UpdatePostActionComplete")].status + name: UpdatePostActionComplete + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateComplete")].status + name: UpdateComplete + type: string + - jsonPath: .status.conditions[?(@.type=="Resumed")].status + name: Resumed + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateCompatible")].status + name: UpdateCompatible + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="AppliedFilesAndOS")].status + name: UpdatedFilesAndOS + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Cordoned")].status + name: CordonedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Drained")].status + name: DrainedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="RebootedNode")].status + name: RebootedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="ReloadedCRIO")].status + name: ReloadedCRIO + priority: 1 + type: string + schema: + openAPIV3Schema: + description: 'MachineConfigNode describes the health of the Machines on the system Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.' + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec describes the configuration of the machine config node. + type: object + required: + - configVersion + - node + - pool + properties: + configVersion: + description: configVersion holds the desired config version for the node targeted by this machine config node resource. The desired version represents the machine config the node will attempt to update to. This gets set before the machine config operator validates the new machine config against the current machine config. + type: object + required: + - desired + properties: + desired: + description: desired is the name of the machine config that the the node should be upgraded to. This value is set when the machine config pool generates a new version of its rendered configuration. When this value is changed, the machine config daemon starts the node upgrade process. This value gets set in the machine config node spec once the machine config has been targeted for upgrade and before it is validated. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + node: + description: node contains a reference to the node for this machine config node. + type: object + required: + - name + properties: + name: + description: name is the object name. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + pool: + description: pool contains a reference to the machine config pool that this machine config node's referenced node belongs to. + type: object + required: + - name + properties: + name: + description: name is the object name. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + status: + description: status describes the last observed state of this machine config node. + type: object + required: + - configVersion + properties: + conditions: + description: conditions represent the observations of a machine config node's current state. + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + configVersion: + description: configVersion describes the current and desired machine config for this node. The current version represents the current machine config for the node and is updated after a successful update. The desired version represents the machine config the node will attempt to update to. This desired machine config has been compared to the current machine config and has been validated by the machine config operator as one that is valid and that exists. + type: object + required: + - desired + properties: + current: + description: current is the name of the machine config currently in use on the node. This value is updated once the machine config daemon has completed the update of the configuration for the node. This value should match the desired version unless an upgrade is in progress. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + desired: + description: desired is the MachineConfig the node wants to upgrade to. This value gets set in the machine config node status once the machine config has been validated against the current machine config. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + observedGeneration: + description: observedGeneration represents the generation observed by the controller. This field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec. + type: integer + format: int64 + x-kubernetes-validations: + - rule: self.metadata.name == self.spec.node.name + message: spec.node.name should match metadata.name diff --git a/manifests/controllerconfig.crd.yaml b/manifests/controllerconfig.crd.yaml index ee49210bc5..d725ef8850 100644 --- a/manifests/controllerconfig.crd.yaml +++ b/manifests/controllerconfig.crd.yaml @@ -283,6 +283,45 @@ spec: baremetal: description: BareMetal contains settings specific to the BareMetal platform. type: object + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + type: array + maxItems: 2 + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + type: array + maxItems: 2 + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + type: array + maxItems: 32 + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + message: apiServerInternalIPs list is required once set + - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + message: ingressIPs list is required once set equinixMetal: description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. type: object @@ -313,6 +352,80 @@ spec: - prismCentral - prismElements properties: + failureDomains: + description: failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster. + type: array + items: + description: NutanixFailureDomain configures failure domain information for the Nutanix platform. + type: object + required: + - cluster + - name + - subnets + properties: + cluster: + description: cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API. + type: object + required: + - type + properties: + name: + description: name is the resource name in the PC. It cannot be empty if the type is Name. + type: string + type: + description: type is the identifier type to use for this resource. + type: string + enum: + - UUID + - Name + uuid: + description: uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID. + type: string + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) : !has(self.uuid)' + message: uuid configuration is required when type is UUID, and forbidden otherwise + - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) : !has(self.name)' + message: name configuration is required when type is Name, and forbidden otherwise + name: + description: name defines the unique name of a failure domain. Name is required and must be at most 64 characters in length. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. This value is arbitrary and is used to identify the failure domain within the platform. + type: string + maxLength: 64 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + subnets: + description: subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API. + type: array + maxItems: 1 + minItems: 1 + items: + description: NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.) + type: object + required: + - type + properties: + name: + description: name is the resource name in the PC. It cannot be empty if the type is Name. + type: string + type: + description: type is the identifier type to use for this resource. + type: string + enum: + - UUID + - Name + uuid: + description: uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID. + type: string + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) : !has(self.uuid)' + message: uuid configuration is required when type is UUID, and forbidden otherwise + - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) : !has(self.name)' + message: name configuration is required when type is Name, and forbidden otherwise + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map prismCentral: description: prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. type: object @@ -367,6 +480,45 @@ spec: openstack: description: OpenStack contains settings specific to the OpenStack infrastructure provider. type: object + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + type: array + maxItems: 2 + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + type: array + maxItems: 2 + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + type: array + maxItems: 32 + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + message: apiServerInternalIPs list is required once set + - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + message: ingressIPs list is required once set ovirt: description: Ovirt contains settings specific to the oVirt infrastructure provider. type: object @@ -421,6 +573,18 @@ spec: description: VSphere contains settings specific to the VSphere infrastructure provider. type: object properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + type: array + maxItems: 2 + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address failureDomains: description: failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used. type: array @@ -494,6 +658,27 @@ spec: type: string maxLength: 80 minLength: 1 + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + type: array + maxItems: 2 + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + type: array + maxItems: 32 + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + x-kubernetes-list-type: set nodeNetworking: description: nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found. type: object @@ -560,6 +745,11 @@ spec: description: server is the fully-qualified domain name or the IP address of the vCenter server. --- type: string maxLength: 255 + x-kubernetes-validations: + - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + message: apiServerInternalIPs list is required once set + - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + message: ingressIPs list is required once set status: description: status holds observed values from the cluster. They may not be overridden. type: object @@ -782,6 +972,15 @@ spec: maxItems: 2 items: type: string + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + type: array + maxItems: 32 + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string @@ -859,10 +1058,20 @@ spec: - url properties: name: - description: name is the name of the IBM Cloud service. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com` + description: 'name is the name of the IBM Cloud service. Possible values are: CIS, COS, DNSServices, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`' type: string - maxLength: 32 - pattern: ^[a-zA-Z0-9-]+$ + enum: + - CIS + - COS + - DNSServices + - GlobalSearch + - GlobalTagging + - HyperProtect + - IAM + - KeyProtect + - ResourceController + - ResourceManager + - VPC url: description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. type: string @@ -949,6 +1158,15 @@ spec: x-kubernetes-validations: - rule: oldSelf == '' || self == oldSelf message: type is immutable once set + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + type: array + maxItems: 32 + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string @@ -1070,6 +1288,15 @@ spec: maxItems: 2 items: type: string + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + type: array + maxItems: 32 + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string @@ -1224,8 +1451,6 @@ spec: type: object required: - bundleFile - - notAfter - - notBefore - signer - subject properties: diff --git a/manifests/default.machineconfiguration.yaml b/manifests/default.machineconfiguration.yaml new file mode 100644 index 0000000000..9a0719a197 --- /dev/null +++ b/manifests/default.machineconfiguration.yaml @@ -0,0 +1,8 @@ +apiVersion: operator.openshift.io/v1 +kind: MachineConfiguration +metadata: + name: default + labels: +spec: + mode: in-cluster + managementState: Managed \ No newline at end of file diff --git a/manifests/machineconfigdaemon/clusterrole.yaml b/manifests/machineconfigdaemon/clusterrole.yaml index a734c52793..b3d3e3c5dc 100644 --- a/manifests/machineconfigdaemon/clusterrole.yaml +++ b/manifests/machineconfigdaemon/clusterrole.yaml @@ -6,9 +6,15 @@ rules: - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] +- apiGroups: ["config.openshift.io"] + resources: ["clusterversions", "featuregates"] + verbs: ["get", "list", "watch"] - apiGroups: ["machineconfiguration.openshift.io"] resources: ["machineconfigs", "controllerconfigs"] verbs: ["get", "list", "watch"] +- apiGroups: ["machineconfiguration.openshift.io"] + resources: ["machineconfignodes", "machineconfignodes/status"] + verbs: ["create", "update", "patch", "get"] - apiGroups: ["security.openshift.io"] resourceNames: ["privileged"] resources: ["securitycontextconstraints"] diff --git a/pkg/controller/bootstrap/testdata/bootstrap/featuregate.yaml b/pkg/controller/bootstrap/testdata/bootstrap/featuregate.yaml index 3673bd89ac..57bcab9d54 100644 --- a/pkg/controller/bootstrap/testdata/bootstrap/featuregate.yaml +++ b/pkg/controller/bootstrap/testdata/bootstrap/featuregate.yaml @@ -7,5 +7,3 @@ status: - version: 0.0.1-snapshot enabled: - name: OpenShiftPodSecurityAdmission - disabled: - - name: RetroactiveDefaultStorageClass diff --git a/pkg/controller/build/build_controller.go b/pkg/controller/build/build_controller.go index 7fb9ff1625..4d094b5cdb 100644 --- a/pkg/controller/build/build_controller.go +++ b/pkg/controller/build/build_controller.go @@ -10,8 +10,6 @@ import ( "github.com/containers/image/v5/docker/reference" buildv1 "github.com/openshift/api/build/v1" mcfgv1 "github.com/openshift/api/machineconfiguration/v1" - "github.com/openshift/client-go/machineconfiguration/clientset/versioned/scheme" - "github.com/openshift/machine-config-operator/pkg/apihelpers" corev1 "k8s.io/api/core/v1" aggerrors "k8s.io/apimachinery/pkg/util/errors" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -25,12 +23,14 @@ import ( "k8s.io/klog/v2" buildinformers "github.com/openshift/client-go/build/informers/externalversions" + "github.com/openshift/client-go/machineconfiguration/clientset/versioned/scheme" buildinformersv1 "github.com/openshift/client-go/build/informers/externalversions/build/v1" buildclientset "github.com/openshift/client-go/build/clientset/versioned" mcfgclientset "github.com/openshift/client-go/machineconfiguration/clientset/versioned" + mcfginformers "github.com/openshift/client-go/machineconfiguration/informers/externalversions" mcfginformersv1 "github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1" @@ -39,6 +39,7 @@ import ( coreinformers "k8s.io/client-go/informers" coreinformersv1 "k8s.io/client-go/informers/core/v1" + "github.com/openshift/machine-config-operator/pkg/apihelpers" ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/pkg/controller/build/build_controller_test.go b/pkg/controller/build/build_controller_test.go index 1ed512b325..ba0525647b 100644 --- a/pkg/controller/build/build_controller_test.go +++ b/pkg/controller/build/build_controller_test.go @@ -15,7 +15,6 @@ import ( mcfgv1 "github.com/openshift/api/machineconfiguration/v1" fakeclientbuildv1 "github.com/openshift/client-go/build/clientset/versioned/fake" fakeclientmachineconfigv1 "github.com/openshift/client-go/machineconfiguration/clientset/versioned/fake" - "github.com/openshift/machine-config-operator/pkg/apihelpers" testhelpers "github.com/openshift/machine-config-operator/test/helpers" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" fakecorev1client "k8s.io/client-go/kubernetes/fake" @@ -23,6 +22,7 @@ import ( corev1 "k8s.io/api/core/v1" + "github.com/openshift/machine-config-operator/pkg/apihelpers" ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" k8serrors "k8s.io/apimachinery/pkg/api/errors" diff --git a/pkg/controller/common/controller_context.go b/pkg/controller/common/controller_context.go index ea520ed094..8d06a679f8 100644 --- a/pkg/controller/common/controller_context.go +++ b/pkg/controller/common/controller_context.go @@ -7,6 +7,7 @@ import ( configinformers "github.com/openshift/client-go/config/informers/externalversions" mcfginformers "github.com/openshift/client-go/machineconfiguration/informers/externalversions" + operatorinformers "github.com/openshift/client-go/operator/informers/externalversions" "github.com/openshift/library-go/pkg/operator/configobserver/featuregates" "github.com/openshift/library-go/pkg/operator/events" @@ -102,7 +103,6 @@ func CreateControllerContext(ctx context.Context, cb *clients.Builder) *Controll apiextinformers.WithNamespace(MCONamespace), apiextinformers.WithTweakListOptions(assignFilterLabels)) configSharedInformer := configinformers.NewSharedInformerFactory(configClient, resyncPeriod()()) operatorSharedInformer := operatorinformers.NewSharedInformerFactory(operatorClient, resyncPeriod()()) - desiredVersion := version.ReleaseVersion missingVersion := "0.0.1-snapshot" @@ -111,7 +111,7 @@ func CreateControllerContext(ctx context.Context, cb *clients.Builder) *Controll klog.Warningf("unable to get owner reference (falling back to namespace): %v", err) } - recorder := events.NewKubeRecorder(kubeClient.CoreV1().Events(MCONamespace), "cloud-controller-manager-operator", controllerRef) + recorder := events.NewKubeRecorder(kubeClient.CoreV1().Events(MCONamespace), "machine-config-operator", controllerRef) // By default, this will exit(0) the process if the featuregates ever change to a different set of values. featureGateAccessor := featuregates.NewFeatureGateAccess( @@ -119,6 +119,7 @@ func CreateControllerContext(ctx context.Context, cb *clients.Builder) *Controll configSharedInformer.Config().V1().ClusterVersions(), configSharedInformer.Config().V1().FeatureGates(), recorder, ) + go featureGateAccessor.Run(ctx) return &ControllerContext{ diff --git a/pkg/controller/container-runtime-config/container_runtime_config_bootstrap.go b/pkg/controller/container-runtime-config/container_runtime_config_bootstrap.go index f862d348db..30afb09697 100644 --- a/pkg/controller/container-runtime-config/container_runtime_config_bootstrap.go +++ b/pkg/controller/container-runtime-config/container_runtime_config_bootstrap.go @@ -40,7 +40,7 @@ func RunContainerRuntimeBootstrap(templateDir string, crconfigs []*mcfgv1.Contai var configFileList []generatedConfigFile ctrcfg := cfg.Spec.ContainerRuntimeConfig - if !ctrcfg.OverlaySize.IsZero() { + if ctrcfg.OverlaySize != nil && !ctrcfg.OverlaySize.IsZero() { storageTOML, err := mergeConfigChanges(originalStorageIgn, cfg, updateStorageConfig) if err != nil { klog.V(2).Infoln(cfg, err, "error merging user changes to storage.conf: %v", err) @@ -49,7 +49,7 @@ func RunContainerRuntimeBootstrap(templateDir string, crconfigs []*mcfgv1.Contai } } // Create the cri-o drop-in files - if ctrcfg.LogLevel != "" || ctrcfg.PidsLimit != nil || !ctrcfg.LogSizeMax.IsZero() || ctrcfg.DefaultRuntime != mcfgv1.ContainerRuntimeDefaultRuntimeEmpty { + if ctrcfg.LogLevel != "" || ctrcfg.PidsLimit != nil || (ctrcfg.LogSizeMax != nil && !ctrcfg.LogSizeMax.IsZero()) || ctrcfg.DefaultRuntime != mcfgv1.ContainerRuntimeDefaultRuntimeEmpty { crioFileConfigs := createCRIODropinFiles(cfg) configFileList = append(configFileList, crioFileConfigs...) } diff --git a/pkg/controller/container-runtime-config/container_runtime_config_controller.go b/pkg/controller/container-runtime-config/container_runtime_config_controller.go index e433b6c2a1..bf7ac81bf9 100644 --- a/pkg/controller/container-runtime-config/container_runtime_config_controller.go +++ b/pkg/controller/container-runtime-config/container_runtime_config_controller.go @@ -610,7 +610,7 @@ func (ctrl *Controller) syncContainerRuntimeConfig(key string) error { var configFileList []generatedConfigFile ctrcfg := cfg.Spec.ContainerRuntimeConfig - if !ctrcfg.OverlaySize.IsZero() { + if ctrcfg.OverlaySize != nil && !ctrcfg.OverlaySize.IsZero() { storageTOML, err := mergeConfigChanges(originalStorageIgn, cfg, updateStorageConfig) if err != nil { klog.V(2).Infoln(cfg, err, "error merging user changes to storage.conf: %v", err) @@ -622,7 +622,7 @@ func (ctrl *Controller) syncContainerRuntimeConfig(key string) error { } // Create the cri-o drop-in files - if ctrcfg.LogLevel != "" || ctrcfg.PidsLimit != nil || !ctrcfg.LogSizeMax.IsZero() || ctrcfg.DefaultRuntime != mcfgv1.ContainerRuntimeDefaultRuntimeEmpty { + if ctrcfg.LogLevel != "" || ctrcfg.PidsLimit != nil || (ctrcfg.LogSizeMax != nil && !ctrcfg.LogSizeMax.IsZero()) || ctrcfg.DefaultRuntime != mcfgv1.ContainerRuntimeDefaultRuntimeEmpty { crioFileConfigs := createCRIODropinFiles(cfg) configFileList = append(configFileList, crioFileConfigs...) } diff --git a/pkg/controller/container-runtime-config/container_runtime_config_controller_test.go b/pkg/controller/container-runtime-config/container_runtime_config_controller_test.go index 8ca80928be..cb438e89f7 100644 --- a/pkg/controller/container-runtime-config/container_runtime_config_controller_test.go +++ b/pkg/controller/container-runtime-config/container_runtime_config_controller_test.go @@ -494,10 +494,13 @@ func TestContainerRuntimeConfigCreate(t *testing.T) { f := newFixture(t) f.newController() + nine := resource.MustParse("9k") + three := resource.MustParse("3G") + cc := newControllerConfig(ctrlcommon.ControllerConfigName, platform) mcp := helpers.NewMachineConfigPool("master", nil, helpers.MasterSelector, "v0") mcp2 := helpers.NewMachineConfigPool("worker", nil, helpers.WorkerSelector, "v0") - ctrcfg1 := newContainerRuntimeConfig("set-log-level", &mcfgv1.ContainerRuntimeConfiguration{LogLevel: "debug", LogSizeMax: resource.MustParse("9k"), OverlaySize: resource.MustParse("3G")}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "pools.operator.machineconfiguration.openshift.io/master", "")) + ctrcfg1 := newContainerRuntimeConfig("set-log-level", &mcfgv1.ContainerRuntimeConfiguration{LogLevel: "debug", LogSizeMax: &nine, OverlaySize: &three}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "pools.operator.machineconfiguration.openshift.io/master", "")) ctrCfgKey, _ := getManagedKeyCtrCfg(mcp, f.client, ctrcfg1) mcs1 := helpers.NewMachineConfig(getManagedKeyCtrCfgDeprecated(mcp), map[string]string{"node-role": "master"}, "dummy://", []ign3types.File{{}}) mcs2 := mcs1.DeepCopy() @@ -531,10 +534,13 @@ func TestContainerRuntimeConfigUpdate(t *testing.T) { f := newFixture(t) f.newController() + nine := resource.MustParse("9k") + three := resource.MustParse("3G") + cc := newControllerConfig(ctrlcommon.ControllerConfigName, platform) mcp := helpers.NewMachineConfigPool("master", nil, helpers.MasterSelector, "v0") mcp2 := helpers.NewMachineConfigPool("worker", nil, helpers.WorkerSelector, "v0") - ctrcfg1 := newContainerRuntimeConfig("set-log-level", &mcfgv1.ContainerRuntimeConfiguration{LogLevel: "debug", LogSizeMax: resource.MustParse("9k"), OverlaySize: resource.MustParse("3G")}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "pools.operator.machineconfiguration.openshift.io/master", "")) + ctrcfg1 := newContainerRuntimeConfig("set-log-level", &mcfgv1.ContainerRuntimeConfiguration{LogLevel: "debug", LogSizeMax: &nine, OverlaySize: &three}, metav1.AddLabelToSelector(&metav1.LabelSelector{}, "pools.operator.machineconfiguration.openshift.io/master", "")) keyCtrCfg, _ := getManagedKeyCtrCfg(mcp, f.client, ctrcfg1) mcs := helpers.NewMachineConfig(getManagedKeyCtrCfgDeprecated(mcp), map[string]string{"node-role": "master"}, "dummy://", []ign3types.File{{}}) mcsUpdate := mcs.DeepCopy() @@ -1238,6 +1244,8 @@ func TestContainerRuntimeConfigOptions(t *testing.T) { validZerolimit int64 = 0 invalidNegLimit int64 = -10 ) + three := resource.MustParse("3k") + ten := resource.MustParse("10k") failureTests := []struct { name string config *mcfgv1.ContainerRuntimeConfiguration @@ -1257,7 +1265,7 @@ func TestContainerRuntimeConfigOptions(t *testing.T) { { name: "inalid value of max log size", config: &mcfgv1.ContainerRuntimeConfiguration{ - LogSizeMax: resource.MustParse("3k"), + LogSizeMax: &three, }, }, { @@ -1293,7 +1301,7 @@ func TestContainerRuntimeConfigOptions(t *testing.T) { { name: "valid max log size", config: &mcfgv1.ContainerRuntimeConfiguration{ - LogSizeMax: resource.MustParse("10k"), + LogSizeMax: &ten, }, }, { diff --git a/pkg/controller/container-runtime-config/helpers.go b/pkg/controller/container-runtime-config/helpers.go index 88a3b5a547..e3b54e935f 100644 --- a/pkg/controller/container-runtime-config/helpers.go +++ b/pkg/controller/container-runtime-config/helpers.go @@ -295,11 +295,11 @@ func updateStorageConfig(data []byte, internal *mcfgv1.ContainerRuntimeConfigura return nil, fmt.Errorf("error decoding crio config: %w", err) } - if internal.OverlaySize.Value() < 0 { + if internal.OverlaySize != nil && internal.OverlaySize.Value() < 0 { return nil, fmt.Errorf("invalid overlaySize config %q: the overlaySize should be larger than 0", internal.OverlaySize.String()) } - if internal.OverlaySize.Value() != 0 { + if internal.OverlaySize != nil && internal.OverlaySize.Value() != 0 { tomlConf.Storage.Options.Size = internal.OverlaySize.String() } @@ -348,7 +348,7 @@ func createCRIODropinFiles(cfg *mcfgv1.ContainerRuntimeConfig) []generatedConfig klog.V(2).Infoln(cfg, err, "error updating user changes for pids-limit to crio.conf.d: %v", err) } } - if ctrcfg.LogSizeMax.Value() != 0 { + if ctrcfg.LogSizeMax != nil && ctrcfg.LogSizeMax.Value() != 0 { tomlConf := tomlConfigCRIOLogSizeMax{} tomlConf.Crio.Runtime.LogSizeMax = ctrcfg.LogSizeMax.Value() generatedConfigFileList, err = addTOMLgeneratedConfigFile(generatedConfigFileList, crioDropInFilePathLogSizeMax, tomlConf) @@ -496,11 +496,11 @@ func validateUserContainerRuntimeConfig(cfg *mcfgv1.ContainerRuntimeConfig) erro return fmt.Errorf("invalid PidsLimit %v", *ctrcfg.PidsLimit) } - if ctrcfg.LogSizeMax.Value() > 0 && ctrcfg.LogSizeMax.Value() <= minLogSize { + if ctrcfg.LogSizeMax != nil && ctrcfg.LogSizeMax.Value() > 0 && ctrcfg.LogSizeMax.Value() <= minLogSize { return fmt.Errorf("invalid LogSizeMax %q, cannot be less than 8kB", ctrcfg.LogSizeMax.String()) } - if ctrcfg.OverlaySize.Value() < 0 { + if ctrcfg.OverlaySize != nil && ctrcfg.OverlaySize.Value() < 0 { return fmt.Errorf("invalid overlaySize %q, cannot be less than 0", ctrcfg.OverlaySize.String()) } diff --git a/pkg/controller/drain/drain_controller.go b/pkg/controller/drain/drain_controller.go index f75fedb3c4..5be05903f0 100644 --- a/pkg/controller/drain/drain_controller.go +++ b/pkg/controller/drain/drain_controller.go @@ -9,10 +9,14 @@ import ( "strings" "time" + "github.com/openshift/api/machineconfiguration/v1alpha1" mcfgclientset "github.com/openshift/client-go/machineconfiguration/clientset/versioned" "github.com/openshift/client-go/machineconfiguration/clientset/versioned/scheme" + "github.com/openshift/library-go/pkg/operator/configobserver/featuregates" ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" + "github.com/openshift/machine-config-operator/pkg/daemon/constants" daemonconsts "github.com/openshift/machine-config-operator/pkg/daemon/constants" + "github.com/openshift/machine-config-operator/pkg/upgrademonitor" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -99,6 +103,8 @@ type Controller struct { ongoingDrains map[string]time.Time cfg Config + + featureGatesAccessor featuregates.FeatureGateAccess } // New returns a new node controller. @@ -107,17 +113,19 @@ func New( nodeInformer coreinformersv1.NodeInformer, kubeClient clientset.Interface, mcfgClient mcfgclientset.Interface, + fgAccessor featuregates.FeatureGateAccess, ) *Controller { eventBroadcaster := record.NewBroadcaster() eventBroadcaster.StartLogging(klog.Infof) eventBroadcaster.StartRecordingToSink(&coreclientsetv1.EventSinkImpl{Interface: kubeClient.CoreV1().Events("")}) ctrl := &Controller{ - client: mcfgClient, - kubeClient: kubeClient, - eventRecorder: ctrlcommon.NamespacedEventRecorder(eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: "machineconfigcontroller-nodecontroller"})), - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "machineconfigcontroller-nodecontroller"), - cfg: cfg, + client: mcfgClient, + kubeClient: kubeClient, + eventRecorder: ctrlcommon.NamespacedEventRecorder(eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: "machineconfigcontroller-nodecontroller"})), + queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "machineconfigcontroller-nodecontroller"), + cfg: cfg, + featureGatesAccessor: fgAccessor, } nodeInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ @@ -162,6 +170,7 @@ func (ctrl *Controller) Run(workers int, stopCh <-chan struct{}) { for i := 0; i < workers; i++ { go wait.Until(ctrl.worker, ctrl.cfg.WaitUntil, stopCh) + } <-stopCh @@ -306,9 +315,34 @@ func (ctrl *Controller) syncNode(key string) error { ctrl.logNode(node, "uncordoning") // perform uncordon if err := ctrl.cordonOrUncordonNode(false, node, drainer); err != nil { + nErr := upgrademonitor.GenerateAndApplyMachineConfigNodes(&upgrademonitor.Condition{State: v1alpha1.MachineConfigNodeUpdateComplete, Reason: string(v1alpha1.MachineConfigNodeUpdateCordoned), Message: fmt.Sprintf("Failed to UnCordon Node as part of completing upgrade phase")}, + &upgrademonitor.Condition{State: v1alpha1.MachineConfigNodeUpdateCordoned, Reason: fmt.Sprintf("%s%s", string(v1alpha1.MachineConfigNodeUpdateComplete), string(v1alpha1.MachineConfigNodeUpdateCordoned)), Message: fmt.Sprintf("Error: Failed to UnCordon node. Error is: %s The node is reporting Unschedulable = %t", err.Error(), node.Spec.Unschedulable)}, + metav1.ConditionUnknown, + metav1.ConditionUnknown, + node, + ctrl.client, + ctrl.featureGatesAccessor, + ) + if nErr != nil { + klog.Errorf("Error making MCN for Uncordon failure: %w", err) + } return fmt.Errorf("failed to uncordon node %v: %w", node.Name, err) + + } + + err = upgrademonitor.GenerateAndApplyMachineConfigNodes(&upgrademonitor.Condition{State: v1alpha1.MachineConfigNodeUpdateComplete, Reason: string(v1alpha1.MachineConfigNodeUpdateCordoned), Message: fmt.Sprintf("UnCordoned Node as part of completing upgrade phase")}, + &upgrademonitor.Condition{State: v1alpha1.MachineConfigNodeUpdateCordoned, Reason: fmt.Sprintf("%s%s", string(v1alpha1.MachineConfigNodeUpdateComplete), string(v1alpha1.MachineConfigNodeUpdateCordoned)), Message: fmt.Sprintf("UnCordoned node. The node is reporting Unschedulable = %t", node.Spec.Unschedulable)}, + metav1.ConditionTrue, + metav1.ConditionTrue, + node, + ctrl.client, + ctrl.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for UnCordon success: %w", err) } case daemonconsts.DrainerStateDrain: + if err := ctrl.drainNode(node, drainer); err != nil { // If we get an error from drainNode, that means the drain failed. // However, we want to requeue and try again. So we need to return nil @@ -359,13 +393,47 @@ func (ctrl *Controller) drainNode(node *corev1.Node, drainer *drain.Helper) erro ctrl.logNode(node, "cordoning") // perform cordon if err := ctrl.cordonOrUncordonNode(true, node, drainer); err != nil { + Nerr := upgrademonitor.GenerateAndApplyMachineConfigNodes(&upgrademonitor.Condition{State: v1alpha1.MachineConfigNodeUpdateExecuted, Reason: string(v1alpha1.MachineConfigNodeUpdateCordoned), Message: fmt.Sprintf("Failed to Cordon Node as part of In progress update phase")}, + &upgrademonitor.Condition{State: v1alpha1.MachineConfigNodeUpdateCordoned, Reason: fmt.Sprintf("%s%s", string(v1alpha1.MachineConfigNodeUpdateExecuted), string(v1alpha1.MachineConfigNodeUpdateCordoned)), Message: fmt.Sprintf("Error: Failed to Cordon node. Error is %s, The node is reporting Unschedulable = %t", err.Error(), node.Spec.Unschedulable)}, + metav1.ConditionUnknown, + metav1.ConditionUnknown, + node, + ctrl.client, + ctrl.featureGatesAccessor, + ) + if Nerr != nil { + klog.Errorf("Error making MCN for Cordon Failure: %w", Nerr) + } return fmt.Errorf("node %s: failed to cordon: %w", node.Name, err) } ctrl.ongoingDrains[node.Name] = time.Now() + err := upgrademonitor.GenerateAndApplyMachineConfigNodes(&upgrademonitor.Condition{State: v1alpha1.MachineConfigNodeUpdateExecuted, Reason: string(v1alpha1.MachineConfigNodeUpdateCordoned), Message: fmt.Sprintf("Cordoned Node as part of update executed phase")}, + &upgrademonitor.Condition{State: v1alpha1.MachineConfigNodeUpdateCordoned, Reason: fmt.Sprintf("%s%s", string(v1alpha1.MachineConfigNodeUpdateExecuted), string(v1alpha1.MachineConfigNodeUpdateCordoned)), Message: fmt.Sprintf("Cordoned node. The node is reporting Unschedulable = %t", node.Spec.Unschedulable)}, + metav1.ConditionUnknown, + metav1.ConditionTrue, + node, + ctrl.client, + ctrl.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for Cordon Success: %w", err) + } } // Attempt drain ctrl.logNode(node, "initiating drain") + err := upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: v1alpha1.MachineConfigNodeUpdateExecuted, Reason: string(v1alpha1.MachineConfigNodeUpdateDrained), Message: fmt.Sprintf("Draining Node as part of update executed phase")}, + &upgrademonitor.Condition{State: v1alpha1.MachineConfigNodeUpdateDrained, Reason: fmt.Sprintf("%s%s", string(v1alpha1.MachineConfigNodeUpdateExecuted), string(v1alpha1.MachineConfigNodeUpdateDrained)), Message: fmt.Sprintf("Draining node. The drain will not be complete until desired drainer %s matches current drainer %s", node.Annotations[constants.DesiredDrainerAnnotationKey], node.Annotations[constants.LastAppliedDrainerAnnotationKey])}, + metav1.ConditionUnknown, + metav1.ConditionUnknown, + node, + ctrl.client, + ctrl.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for Drain beginning: %w", err) + } if err := drain.RunNodeDrain(drainer, node.Name); err != nil { // To mimic our old daemon logic, we should probably have a more nuanced backoff. // However since the controller is processing all drains, it is less deterministic how soon the next drain will retry, @@ -381,9 +449,34 @@ func (ctrl *Controller) drainNode(node *corev1.Node, drainer *drain.Helper) erro ctrl.enqueueAfter(node, ctrl.cfg.DrainRequeueDelay) } + nErr := upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: v1alpha1.MachineConfigNodeUpdateExecuted, Reason: string(v1alpha1.MachineConfigNodeUpdateDrained), Message: fmt.Sprintf("Node Drain has not succeeded")}, + &upgrademonitor.Condition{State: v1alpha1.MachineConfigNodeUpdateDrained, Reason: fmt.Sprintf("%s%s", string(v1alpha1.MachineConfigNodeUpdateExecuted), string(v1alpha1.MachineConfigNodeUpdateDrained)), Message: fmt.Sprintf("Error: Node Drain has not succeeded. Error is: %s The drain will not be complete until desired drainer %s matches current drainer %s", err.Error(), node.Annotations[constants.DesiredDrainerAnnotationKey], node.Annotations[constants.LastAppliedDrainerAnnotationKey])}, + metav1.ConditionUnknown, + metav1.ConditionUnknown, + node, + ctrl.client, + ctrl.featureGatesAccessor, + ) + if nErr != nil { + klog.Errorf("Error making MCN for Drain failure: %w", nErr) + } + // Return early without deleting the ongoing drain. return err } + err = upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: v1alpha1.MachineConfigNodeUpdateExecuted, Reason: string(v1alpha1.MachineConfigNodeUpdateDrained), Message: fmt.Sprintf("Drained Node as part of update executed phase")}, + &upgrademonitor.Condition{State: v1alpha1.MachineConfigNodeUpdateDrained, Reason: fmt.Sprintf("%s%s", string(v1alpha1.MachineConfigNodeUpdateExecuted), string(v1alpha1.MachineConfigNodeUpdateDrained)), Message: fmt.Sprintf("Drained node. The drain is complete as the desired drainer matches current drainer: %s", node.Annotations[constants.DesiredDrainerAnnotationKey])}, + metav1.ConditionUnknown, + metav1.ConditionTrue, + node, + ctrl.client, + ctrl.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for Drain success: %w", err) + } // Drain was successful. Delete the ongoing drain. delete(ctrl.ongoingDrains, node.Name) diff --git a/pkg/controller/kubelet-config/kubelet_config_controller.go b/pkg/controller/kubelet-config/kubelet_config_controller.go index c8a8e3b1b8..0b66522d16 100644 --- a/pkg/controller/kubelet-config/kubelet_config_controller.go +++ b/pkg/controller/kubelet-config/kubelet_config_controller.go @@ -77,8 +77,9 @@ var errCouldNotFindMCPSet = errors.New("could not find any MachineConfigPool set type Controller struct { templatesDir string - client mcfgclientset.Interface - configClient configclientset.Interface + client mcfgclientset.Interface + configClient configclientset.Interface + eventRecorder record.EventRecorder syncHandler func(mcp string) error @@ -204,6 +205,7 @@ func (ctrl *Controller) Run(workers int, stopCh <-chan struct{}) { for i := 0; i < workers; i++ { go wait.Until(ctrl.nodeConfigWorker, time.Second, stopCh) + } <-stopCh diff --git a/pkg/controller/node/node_controller.go b/pkg/controller/node/node_controller.go index 611394ba42..efc86de585 100644 --- a/pkg/controller/node/node_controller.go +++ b/pkg/controller/node/node_controller.go @@ -8,6 +8,8 @@ import ( "sort" "time" + "github.com/openshift/library-go/pkg/operator/configobserver/featuregates" + configv1 "github.com/openshift/api/config/v1" mcfgv1 "github.com/openshift/api/machineconfiguration/v1" cligoinformersv1 "github.com/openshift/client-go/config/informers/externalversions/config/v1" @@ -93,6 +95,8 @@ type Controller struct { queue workqueue.RateLimitingInterface + fgAcessor featuregates.FeatureGateAccess + // updateDelay is a pause to deal with churn in MachineConfigs; see // https://github.com/openshift/machine-config-operator/issues/301 updateDelay time.Duration @@ -107,6 +111,7 @@ func New( schedulerInformer cligoinformersv1.SchedulerInformer, kubeClient clientset.Interface, mcfgClient mcfgclientset.Interface, + fgAccessor featuregates.FeatureGateAccess, ) *Controller { return newController( ccInformer, @@ -118,6 +123,7 @@ func New( kubeClient, mcfgClient, defaultUpdateDelay, + fgAccessor, ) } @@ -131,6 +137,7 @@ func NewWithCustomUpdateDelay( kubeClient clientset.Interface, mcfgClient mcfgclientset.Interface, updateDelay time.Duration, + fgAccessor featuregates.FeatureGateAccess, ) *Controller { return newController( ccInformer, @@ -142,6 +149,7 @@ func NewWithCustomUpdateDelay( kubeClient, mcfgClient, updateDelay, + fgAccessor, ) } @@ -156,6 +164,7 @@ func newController( kubeClient clientset.Interface, mcfgClient mcfgclientset.Interface, updateDelay time.Duration, + fgAccessor featuregates.FeatureGateAccess, ) *Controller { eventBroadcaster := record.NewBroadcaster() eventBroadcaster.StartLogging(klog.Infof) @@ -167,6 +176,7 @@ func newController( eventRecorder: ctrlcommon.NamespacedEventRecorder(eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: "machineconfigcontroller-nodecontroller"})), queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "machineconfigcontroller-nodecontroller"), updateDelay: updateDelay, + fgAcessor: fgAccessor, } mcpInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ @@ -856,6 +866,8 @@ func (ctrl *Controller) canLayeredPoolContinue(pool *mcfgv1.MachineConfigPool) ( // syncMachineConfigPool will sync the machineconfig pool with the given key. // This function is not meant to be invoked concurrently with the same key. +// +//nolint:gocyclo func (ctrl *Controller) syncMachineConfigPool(key string) error { startTime := time.Now() klog.V(4).Infof("Started syncing machineconfigpool %q (%v)", key, startTime) diff --git a/pkg/controller/node/node_controller_test.go b/pkg/controller/node/node_controller_test.go index 785ec28a0b..2e213ad9c5 100644 --- a/pkg/controller/node/node_controller_test.go +++ b/pkg/controller/node/node_controller_test.go @@ -8,6 +8,9 @@ import ( "testing" "time" + mcfgalphav1 "github.com/openshift/api/machineconfiguration/v1alpha1" + "github.com/openshift/library-go/pkg/operator/configobserver/featuregates" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -86,12 +89,13 @@ func (f *fixture) newControllerWithStopChan(stopCh <-chan struct{}) *Controller f.client = fake.NewSimpleClientset(f.objects...) f.kubeclient = k8sfake.NewSimpleClientset(f.kubeobjects...) f.schedulerClient = fakeconfigv1client.NewSimpleClientset(f.schedulerObjects...) + fgAccess := featuregates.NewHardcodedFeatureGateAccess(nil, nil) i := informers.NewSharedInformerFactory(f.client, noResyncPeriodFunc()) k8sI := kubeinformers.NewSharedInformerFactory(f.kubeclient, noResyncPeriodFunc()) ci := configv1informer.NewSharedInformerFactory(f.schedulerClient, noResyncPeriodFunc()) c := NewWithCustomUpdateDelay(i.Machineconfiguration().V1().ControllerConfigs(), i.Machineconfiguration().V1().MachineConfigs(), i.Machineconfiguration().V1().MachineConfigPools(), k8sI.Core().V1().Nodes(), - k8sI.Core().V1().Pods(), ci.Config().V1().Schedulers(), f.kubeclient, f.client, time.Millisecond) + k8sI.Core().V1().Pods(), ci.Config().V1().Schedulers(), f.kubeclient, f.client, time.Millisecond, fgAccess) c.ccListerSynced = alwaysReady c.mcpListerSynced = alwaysReady @@ -1140,7 +1144,7 @@ func TestShouldMakeProgress(t *testing.T) { } else { t.Logf("not expecting annotation") } - expStatus := calculateStatus(cc, mcp, nodes) + expStatus := calculateStatus([]*mcfgalphav1.MachineConfigNode{}, cc, mcp, nodes) expMcp := mcp.DeepCopy() expMcp.Status = expStatus f.expectUpdateMachineConfigPoolStatus(expMcp) @@ -1192,11 +1196,10 @@ func TestPaused(t *testing.T) { f.kubeobjects = append(f.kubeobjects, nodes[idx]) } - expStatus := calculateStatus(cc, mcp, nodes) + expStatus := calculateStatus([]*mcfgalphav1.MachineConfigNode{}, cc, mcp, nodes) expMcp := mcp.DeepCopy() expMcp.Status = expStatus f.expectUpdateMachineConfigPoolStatus(expMcp) - f.run(getKey(mcp, t)) } @@ -1220,7 +1223,7 @@ func TestShouldUpdateStatusOnlyUpdated(t *testing.T) { f.kubeobjects = append(f.kubeobjects, nodes[idx]) } - expStatus := calculateStatus(cc, mcp, nodes) + expStatus := calculateStatus([]*mcfgalphav1.MachineConfigNode{}, cc, mcp, nodes) expMcp := mcp.DeepCopy() expMcp.Status = expStatus f.expectUpdateMachineConfigPoolStatus(expMcp) @@ -1248,7 +1251,7 @@ func TestShouldUpdateStatusOnlyNoProgress(t *testing.T) { f.kubeobjects = append(f.kubeobjects, nodes[idx]) } - expStatus := calculateStatus(cc, mcp, nodes) + expStatus := calculateStatus([]*mcfgalphav1.MachineConfigNode{}, cc, mcp, nodes) expMcp := mcp.DeepCopy() expMcp.Status = expStatus f.expectUpdateMachineConfigPoolStatus(expMcp) @@ -1281,7 +1284,7 @@ func TestCertStatus(t *testing.T) { f.kubeobjects = append(f.kubeobjects, nodes[idx]) } - expStatus := calculateStatus(cc, mcp, nodes) + expStatus := calculateStatus([]*mcfgalphav1.MachineConfigNode{}, cc, mcp, nodes) expMcp := mcp.DeepCopy() expMcp.Status = expStatus @@ -1301,7 +1304,7 @@ func TestShouldDoNothing(t *testing.T) { newNodeWithLabel("node-0", machineConfigV1, machineConfigV1, map[string]string{"node-role/worker": "", "node-role/infra": ""}), newNodeWithLabel("node-1", machineConfigV1, machineConfigV1, map[string]string{"node-role/worker": "", "node-role/infra": ""}), } - status := calculateStatus(cc, mcp, nodes) + status := calculateStatus([]*mcfgalphav1.MachineConfigNode{}, cc, mcp, nodes) mcp.Status = status f.ccLister = append(f.ccLister, cc) @@ -1392,7 +1395,7 @@ func TestControlPlaneTopology(t *testing.T) { for _, node := range nodes { addNodeAnnotations(node, annotations) } - status := calculateStatus(cc, mcp, nodes) + status := calculateStatus([]*mcfgalphav1.MachineConfigNode{}, cc, mcp, nodes) mcp.Status = status f.ccLister = append(f.ccLister, cc) diff --git a/pkg/controller/node/status.go b/pkg/controller/node/status.go index 7c79e4b9e6..c1a0ad0a88 100644 --- a/pkg/controller/node/status.go +++ b/pkg/controller/node/status.go @@ -5,6 +5,11 @@ import ( "fmt" "strings" + configv1 "github.com/openshift/api/config/v1" + + "github.com/openshift/api/machineconfiguration/v1alpha1" + mcfgalphav1 "github.com/openshift/api/machineconfiguration/v1alpha1" + mcfgv1 "github.com/openshift/api/machineconfiguration/v1" v1 "github.com/openshift/api/machineconfiguration/v1" "github.com/openshift/machine-config-operator/pkg/apihelpers" @@ -17,6 +22,7 @@ import ( "k8s.io/klog/v2" ) +// syncStatusOnly for MachineConfigNode func (ctrl *Controller) syncStatusOnly(pool *mcfgv1.MachineConfigPool) error { cc, err := ctrl.ccLister.Get(ctrlcommon.ControllerConfigName) if err != nil { @@ -27,7 +33,28 @@ func (ctrl *Controller) syncStatusOnly(pool *mcfgv1.MachineConfigPool) error { return err } - newStatus := calculateStatus(cc, pool, nodes) + machineConfigStates := []*mcfgalphav1.MachineConfigNode{} + fg, err := ctrl.fgAcessor.CurrentFeatureGates() + list := fg.KnownFeatures() + mcnExists := false + for _, feature := range list { + if feature == configv1.FeatureGateMachineConfigNodes { + mcnExists = true + } + } + if err != nil { + klog.Errorf("Could not get FG: %w", err) + } else if mcnExists && fg.Enabled(configv1.FeatureGateMachineConfigNodes) { + for _, node := range nodes { + ms, err := ctrl.client.MachineconfigurationV1alpha1().MachineConfigNodes().Get(context.TODO(), node.Name, metav1.GetOptions{}) + if err != nil { + klog.Errorf("Could not find our MachineConfigNode for node. %s: %w", node.Name, err) + continue + } + machineConfigStates = append(machineConfigStates, ms) + } + } + newStatus := calculateStatus(machineConfigStates, cc, pool, nodes) if equality.Semantic.DeepEqual(pool.Status, newStatus) { return nil } @@ -35,6 +62,7 @@ func (ctrl *Controller) syncStatusOnly(pool *mcfgv1.MachineConfigPool) error { newPool := pool newPool.Status = newStatus _, err = ctrl.client.MachineconfigurationV1().MachineConfigPools().UpdateStatus(context.TODO(), newPool, metav1.UpdateOptions{}) + if pool.Spec.Configuration.Name != newPool.Spec.Configuration.Name { ctrl.eventRecorder.Eventf(pool, corev1.EventTypeNormal, "Updating", "Pool %s now targeting %s", pool.Name, getPoolUpdateLine(newPool)) } @@ -44,7 +72,8 @@ func (ctrl *Controller) syncStatusOnly(pool *mcfgv1.MachineConfigPool) error { return err } -func calculateStatus(cconfig *v1.ControllerConfig, pool *mcfgv1.MachineConfigPool, nodes []*corev1.Node) mcfgv1.MachineConfigPoolStatus { +//nolint:gocyclo +func calculateStatus(mcs []*mcfgalphav1.MachineConfigNode, cconfig *v1.ControllerConfig, pool *mcfgv1.MachineConfigPool, nodes []*corev1.Node) mcfgv1.MachineConfigPoolStatus { certExpirys := []v1.CertExpiry{} if cconfig != nil { for _, cert := range cconfig.Status.ControllerCertificates { @@ -60,16 +89,84 @@ func calculateStatus(cconfig *v1.ControllerConfig, pool *mcfgv1.MachineConfigPoo } machineCount := int32(len(nodes)) - updatedMachines := getUpdatedMachines(pool, nodes) + var degradedMachines, readyMachines, updatedMachines, unavailableMachines, updatingMachines []*corev1.Node + // if we represent updating properly here, we will also represent updating properly in the CO + // so this solves the cordoning RFE and the upgradeable RFE + // updating == updatePrepared, updateExecuted, updatedComplete, postAction, cordoning, draining + // updated == nodeResumed, updated + // ready == nodeResumed, updated + // unavailable == draining, cordoned + // degraded == if the condition.Reason == error + // this ensures that a MCP only enters Upgradeable==False if the node actually needs to upgrade to the new MC + for _, state := range mcs { + var ourNode *corev1.Node + for _, n := range nodes { + if state.Name == n.Name { + ourNode = n + break + } + } + if ourNode == nil { + klog.Errorf("Could not find specified node %s", state.Name) + } + if len(state.Status.Conditions) == 0 { + // not ready yet + break + } + for _, cond := range state.Status.Conditions { + if strings.Contains(cond.Message, "Error:") { + degradedMachines = append(degradedMachines, ourNode) + continue + } + if cond.Status == metav1.ConditionUnknown { + switch v1alpha1.StateProgress(cond.Type) { + case mcfgalphav1.MachineConfigNodeUpdatePrepared: + updatingMachines = append(updatedMachines, ourNode) + case mcfgalphav1.MachineConfigNodeUpdateExecuted: + updatingMachines = append(updatingMachines, ourNode) + case mcfgalphav1.MachineConfigNodeUpdatePostActionComplete: + updatingMachines = append(updatingMachines, ourNode) + case mcfgalphav1.MachineConfigNodeUpdateComplete: + updatingMachines = append(updatingMachines, ourNode) + case mcfgalphav1.MachineConfigNodeResumed: + updatedMachines = append(updatingMachines, ourNode) + readyMachines = append(readyMachines, ourNode) + case mcfgalphav1.MachineConfigNodeUpdateCompatible: + updatedMachines = append(updatingMachines, ourNode) + case mcfgalphav1.MachineConfigNodeUpdateDrained: + unavailableMachines = append(unavailableMachines, ourNode) + updatingMachines = append(updatingMachines, ourNode) + case mcfgalphav1.MachineConfigNodeUpdateCordoned: + unavailableMachines = append(unavailableMachines, ourNode) + updatingMachines = append(updatingMachines, ourNode) + case mcfgalphav1.MachineConfigNodeUpdated: + updatedMachines = append(updatedMachines, ourNode) + readyMachines = append(readyMachines, ourNode) + } + } + } + } + degradedMachineCount := int32(len(degradedMachines)) updatedMachineCount := int32(len(updatedMachines)) - - readyMachines := getReadyMachines(pool, nodes) + unavailableMachineCount := int32(len(unavailableMachines)) + updatingMachineCount := int32(len(updatingMachines)) readyMachineCount := int32(len(readyMachines)) - unavailableMachines := getUnavailableMachines(nodes, pool) - unavailableMachineCount := int32(len(unavailableMachines)) + // this is # 1 priority, get the upgrade states actually reporting + if degradedMachineCount+readyMachineCount+unavailableMachineCount+updatingMachineCount != int32(len(nodes)) { + updatedMachines = getUpdatedMachines(pool, nodes) + updatedMachineCount = int32(len(updatedMachines)) + + readyMachines = getReadyMachines(pool, nodes) + readyMachineCount = int32(len(readyMachines)) + + unavailableMachines = getUnavailableMachines(nodes, pool) + unavailableMachineCount = int32(len(unavailableMachines)) + + degradedMachines = getDegradedMachines(nodes) + degradedMachineCount = int32(len(degradedMachines)) + } - degradedMachines := getDegradedMachines(nodes) degradedReasons := []string{} for _, n := range degradedMachines { reason, ok := n.Annotations[daemonconsts.MachineConfigDaemonReasonAnnotationKey] @@ -77,7 +174,6 @@ func calculateStatus(cconfig *v1.ControllerConfig, pool *mcfgv1.MachineConfigPoo degradedReasons = append(degradedReasons, fmt.Sprintf("Node %s is reporting: %q", n.Name, reason)) } } - degradedMachineCount := int32(len(degradedMachines)) status := mcfgv1.MachineConfigPoolStatus{ ObservedGeneration: pool.Generation, diff --git a/pkg/controller/node/status_test.go b/pkg/controller/node/status_test.go index 949bc67a94..3ff11e3150 100644 --- a/pkg/controller/node/status_test.go +++ b/pkg/controller/node/status_test.go @@ -5,6 +5,8 @@ import ( "reflect" "testing" + mcfgalphav1 "github.com/openshift/api/machineconfiguration/v1alpha1" + mcfgv1 "github.com/openshift/api/machineconfiguration/v1" "github.com/openshift/machine-config-operator/pkg/apihelpers" daemonconsts "github.com/openshift/machine-config-operator/pkg/daemon/constants" @@ -879,7 +881,7 @@ func TestCalculateStatus(t *testing.T) { Paused: test.paused, }, } - status := calculateStatus(nil, pool, test.nodes) + status := calculateStatus([]*mcfgalphav1.MachineConfigNode{}, nil, pool, test.nodes) test.verify(status, t) }) } diff --git a/pkg/controller/render/render_controller.go b/pkg/controller/render/render_controller.go index eab1ca9887..cecab28aec 100644 --- a/pkg/controller/render/render_controller.go +++ b/pkg/controller/render/render_controller.go @@ -436,6 +436,7 @@ func (ctrl *Controller) syncMachineConfigPool(key string) error { } if err := ctrl.syncGeneratedMachineConfig(pool, mcs); err != nil { + klog.Errorf("Error syncing Generated MCFG: %w", err) return ctrl.syncFailingStatus(pool, err) } diff --git a/pkg/controller/template/template_controller.go b/pkg/controller/template/template_controller.go index 8bdb0389a2..4d6b33ce6c 100644 --- a/pkg/controller/template/template_controller.go +++ b/pkg/controller/template/template_controller.go @@ -54,10 +54,9 @@ var controllerKind = mcfgv1.SchemeGroupVersion.WithKind("ControllerConfig") type Controller struct { templatesDir string - client mcfgclientset.Interface - kubeClient clientset.Interface - eventRecorder record.EventRecorder - + client mcfgclientset.Interface + kubeClient clientset.Interface + eventRecorder record.EventRecorder syncHandler func(ccKey string) error enqueueControllerConfig func(*mcfgv1.ControllerConfig) diff --git a/pkg/controller/template/template_controller_test.go b/pkg/controller/template/template_controller_test.go index f70bde536c..1e024cdbe7 100644 --- a/pkg/controller/template/template_controller_test.go +++ b/pkg/controller/template/template_controller_test.go @@ -25,9 +25,10 @@ import ( "k8s.io/client-go/tools/record" mcfgv1 "github.com/openshift/api/machineconfiguration/v1" + ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" + "github.com/openshift/client-go/machineconfiguration/clientset/versioned/fake" informers "github.com/openshift/client-go/machineconfiguration/informers/externalversions" - ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" ) var ( diff --git a/pkg/daemon/constants/constants.go b/pkg/daemon/constants/constants.go index 7f1a42c0b0..1f07d1073d 100644 --- a/pkg/daemon/constants/constants.go +++ b/pkg/daemon/constants/constants.go @@ -38,17 +38,21 @@ const ( // GeneratedByVersionAnnotationKey is used to tag the controllerconfig to synchronize the MCO and MCC GeneratedByVersionAnnotationKey = "machineconfiguration.openshift.io/generated-by-version" - // MachineConfigDaemonStateWorking is set by daemon when it is applying an update. + // MachineConfigDaemonStateWorking is set by daemon when it is beginning to apply an update. MachineConfigDaemonStateWorking = "Working" // MachineConfigDaemonStateDone is set by daemon when it is done applying an update. MachineConfigDaemonStateDone = "Done" // MachineConfigDaemonStateDegraded is set by daemon when an error not caused by a bad MachineConfig // is thrown during an update. MachineConfigDaemonStateDegraded = "Degraded" + // MachineConfigDaemonRebooting is used to indicate a reboot is either queued or is in progress. + MachineConfigDaemonStateRebooting = "Rebooting" // MachineConfigDaemonStateUnreconcilable is set by the daemon when a MachineConfig cannot be applied. MachineConfigDaemonStateUnreconcilable = "Unreconcilable" // MachineConfigDaemonReasonAnnotationKey is set by the daemon when it needs to report a human readable reason for its state. E.g. when state flips to degraded/unreconcilable. MachineConfigDaemonReasonAnnotationKey = "machineconfiguration.openshift.io/reason" + // MachineConfigDaemonPostConfigAction is set by the daemon when it needs to report a human readable post config action that takes place during update. + MachineConfigDaemonPostConfigAction = "machineconfiguration.openshift.io/post-config-action" // MachineConfigDaemonFinalizeFailureAnnotationKey is set by the daemon when ostree fails to finalize MachineConfigDaemonFinalizeFailureAnnotationKey = "machineconfiguration.openshift.io/ostree-finalize-staged-failure" // InitialNodeAnnotationsFilePath defines the path at which it will find the node annotations it needs to set on the node once it comes up for the first time. diff --git a/pkg/daemon/daemon.go b/pkg/daemon/daemon.go index 8fd6fa2bb9..e8cc028ca1 100644 --- a/pkg/daemon/daemon.go +++ b/pkg/daemon/daemon.go @@ -18,6 +18,9 @@ import ( "syscall" "time" + mcfgclientset "github.com/openshift/client-go/machineconfiguration/clientset/versioned" + "github.com/openshift/library-go/pkg/operator/configobserver/featuregates" + ign3types "github.com/coreos/ignition/v2/config/v3_4/types" "github.com/google/renameio" "golang.org/x/time/rate" @@ -36,11 +39,14 @@ import ( configv1 "github.com/openshift/api/config/v1" mcfgv1 "github.com/openshift/api/machineconfiguration/v1" + mcfgalphav1 "github.com/openshift/api/machineconfiguration/v1alpha1" mcfginformersv1 "github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1" mcfglistersv1 "github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1" mcoResourceRead "github.com/openshift/machine-config-operator/lib/resourceread" ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" "github.com/openshift/machine-config-operator/pkg/daemon/constants" + "github.com/openshift/machine-config-operator/pkg/upgrademonitor" + "github.com/openshift/machine-config-operator/pkg/daemon/osrelease" ) @@ -76,6 +82,8 @@ type Daemon struct { // kubeClient allows interaction with Kubernetes, including the node we are running on. kubeClient kubernetes.Interface + mcfgClient mcfgclientset.Interface + // nodeLister is used to watch for updates via the informer nodeLister corev1lister.NodeLister nodeListerSynced cache.InformerSynced @@ -97,6 +105,8 @@ type Daemon struct { nodeWriter NodeWriter + featureGatesAccessor featuregates.FeatureGateAccess + // channel used by callbacks to signal Run() of an error exitCh chan<- error @@ -301,14 +311,17 @@ func New( func (dn *Daemon) ClusterConnect( name string, kubeClient kubernetes.Interface, + mcfgClient mcfgclientset.Interface, mcInformer mcfginformersv1.MachineConfigInformer, nodeInformer coreinformersv1.NodeInformer, ccInformer mcfginformersv1.ControllerConfigInformer, kubeletHealthzEnabled bool, kubeletHealthzEndpoint string, + featureGatesAccessor featuregates.FeatureGateAccess, ) error { dn.name = name dn.kubeClient = kubeClient + dn.mcfgClient = mcfgClient // Other controllers start out with the default controller limiter which retries // in milliseconds; since any change here will involve rebooting the node @@ -349,6 +362,8 @@ func (dn *Daemon) ClusterConnect( dn.kubeletHealthzEnabled = kubeletHealthzEnabled dn.kubeletHealthzEndpoint = kubeletHealthzEndpoint + dn.featureGatesAccessor = featureGatesAccessor + return nil } @@ -653,8 +668,31 @@ func (dn *Daemon) syncNode(key string) error { return nil } + if node.Annotations[constants.MachineConfigDaemonPostConfigAction] == constants.MachineConfigDaemonStateRebooting { + klog.Info("Detected Rebooting Annotation, applying MCN.") + err := upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdatePostActionComplete, Reason: string(mcfgalphav1.MachineConfigNodeUpdateRebooted), Message: "Node has rebooted"}, + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdateRebooted, Reason: fmt.Sprintf("%s%s", string(mcfgalphav1.MachineConfigNodeUpdatePostActionComplete), string(mcfgalphav1.MachineConfigNodeUpdateRebooted)), Message: "Upgrade required a reboot. Completed this as the post update action."}, + metav1.ConditionTrue, + metav1.ConditionTrue, + node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for Rebooted: %w", err) + } + removeRebooting := make(map[string]string) + removeRebooting[constants.MachineConfigDaemonPostConfigAction] = "" + _, err = dn.nodeWriter.SetAnnotations(removeRebooting) + if err != nil { + klog.Errorf("Could not unset rebooting Anno: %w", err) + } + } + // Deep-copy otherwise we are mutating our cache. node = node.DeepCopy() + if dn.node == nil { dn.node = node if err := dn.initializeNode(); err != nil { @@ -698,6 +736,21 @@ func (dn *Daemon) syncNode(key string) error { // I think we should change this to continue. dn.booting = false + err = upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeResumed, Reason: string(mcfgalphav1.MachineConfigNodeResumed), Message: fmt.Sprintf("In desired config %s. Resumed normal operations.", node.Annotations[constants.CurrentMachineConfigAnnotationKey])}, + nil, + metav1.ConditionTrue, + metav1.ConditionFalse, + node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for Resumed true: %w", err) + } + removeRebooting := make(map[string]string) + removeRebooting[constants.MachineConfigDaemonReasonAnnotationKey] = "" + node.SetAnnotations(removeRebooting) // Start the Config Drift Monitor since we're booted up. dn.startConfigDriftMonitor() @@ -720,6 +773,19 @@ func (dn *Daemon) syncNode(key string) error { } if ufc != nil { + err = upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdated, Reason: string(mcfgalphav1.MachineConfigNodeUpdated), Message: fmt.Sprintf("Node %s needs an update", dn.node.GetName())}, + nil, + metav1.ConditionFalse, + metav1.ConditionFalse, + dn.node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for Updated false: %w", err) + } + // Only check for config drift if we need to update. if err := dn.runPreflightConfigDriftCheck(); err != nil { return err @@ -728,7 +794,19 @@ func (dn *Daemon) syncNode(key string) error { if err := dn.triggerUpdate(ufc.currentConfig, ufc.desiredConfig, ufc.currentImage, ufc.desiredImage); err != nil { return err } - + } else { + err = upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdated, Reason: string(mcfgalphav1.MachineConfigNodeUpdated), Message: fmt.Sprintf("Node %s Updated", dn.node.GetName())}, + nil, + metav1.ConditionTrue, + metav1.ConditionFalse, + dn.node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for Updated: %w", err) + } } klog.V(2).Infof("Node %s is already synced", node.Name) return nil @@ -915,6 +993,7 @@ func (dn *Daemon) syncNodeHypershift(key string) error { return nil } // Assume an update is completed. Set node state to done. Also request an uncordon + annos := map[string]string{ constants.MachineConfigDaemonStateAnnotationKey: constants.MachineConfigDaemonStateDone, constants.MachineConfigDaemonReasonAnnotationKey: "", @@ -924,6 +1003,7 @@ func (dn *Daemon) syncNodeHypershift(key string) error { if _, err := dn.nodeWriter.SetAnnotations(annos); err != nil { return fmt.Errorf("failed to set Done annotation on node: %w", err) } + klog.Infof("The pod has completed update. Awaiting removal.") // TODO os.Exit here return nil @@ -1960,6 +2040,18 @@ func (dn *Daemon) updateConfigAndState(state *stateAndConfigs) (bool, bool, erro if inDesiredConfig { // Great, we've successfully rebooted for the desired config, // let's mark it done! + err = upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeResumed, Reason: string(mcfgalphav1.MachineConfigNodeResumed), Message: fmt.Sprintf("In desired config %s. Resumed normal operations. Applying proper annotations.", state.currentConfig.Name)}, + nil, + metav1.ConditionTrue, + metav1.ConditionFalse, + dn.node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for Resumed true: %w", err) + } klog.Infof("Completing update to target %s", state.getCurrentName()) if err := dn.completeUpdate(state.currentConfig.GetName()); err != nil { UpdateStateMetric(mcdUpdateState, "", err.Error()) @@ -2053,6 +2145,7 @@ func (dn *Daemon) handleNodeEvent(node interface{}) { n := node.(*corev1.Node) klog.V(4).Infof("Updating Node %s", n.Name) + dn.enqueueNode(n) } diff --git a/pkg/daemon/daemon_test.go b/pkg/daemon/daemon_test.go index c13f635b52..50101a8c45 100644 --- a/pkg/daemon/daemon_test.go +++ b/pkg/daemon/daemon_test.go @@ -152,11 +152,13 @@ func (f *fixture) newController() *Daemon { } d.ClusterConnect("node_name_test", f.kubeclient, + f.client, i.Machineconfiguration().V1().MachineConfigs(), k8sI.Core().V1().Nodes(), i.Machineconfiguration().V1().ControllerConfigs(), false, "", + d.featureGatesAccessor, ) d.mcListerSynced = alwaysReady diff --git a/pkg/daemon/drain.go b/pkg/daemon/drain.go index 238b02d64f..1d5c44f0a2 100644 --- a/pkg/daemon/drain.go +++ b/pkg/daemon/drain.go @@ -9,8 +9,10 @@ import ( "github.com/BurntSushi/toml" "github.com/containers/image/v5/pkg/sysregistriesv2" ign3types "github.com/coreos/ignition/v2/config/v3_4/types" + mcfgalphav1 "github.com/openshift/api/machineconfiguration/v1alpha1" ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" "github.com/openshift/machine-config-operator/pkg/daemon/constants" + "github.com/openshift/machine-config-operator/pkg/upgrademonitor" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" @@ -34,6 +36,18 @@ func (dn *Daemon) performDrain() error { if !dn.drainRequired() { logSystem("Drain not required, skipping") + err := upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdateExecuted, Reason: string(mcfgalphav1.MachineConfigNodeUpdateDrained), Message: "Node Drain Not required for this update."}, + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdateDrained, Reason: fmt.Sprintf("%s%s", string(mcfgalphav1.MachineConfigNodeUpdateExecuted), string(mcfgalphav1.MachineConfigNodeUpdateDrained)), Message: "Node Drain Not required for this update."}, + metav1.ConditionUnknown, + metav1.ConditionFalse, + dn.node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for Drain not required: %w", err) + } dn.nodeWriter.Eventf(corev1.EventTypeNormal, "Drain", "Drain not required, skipping") return nil } @@ -85,12 +99,15 @@ func (dn *Daemon) performDrain() error { if wait.Interrupted(err) { failMsg := fmt.Sprintf("failed to drain node: %s after 1 hour. Please see machine-config-controller logs for more information", dn.node.Name) dn.nodeWriter.Eventf(corev1.EventTypeWarning, "FailedToDrain", failMsg) + return fmt.Errorf(failMsg) + } return fmt.Errorf("Something went wrong while attempting to drain node: %v", err) } logSystem("drain complete") + t := time.Since(startTime).Seconds() klog.Infof("Successful drain took %v seconds", t) diff --git a/pkg/daemon/update.go b/pkg/daemon/update.go index 6546626bfa..bfd81809c5 100644 --- a/pkg/daemon/update.go +++ b/pkg/daemon/update.go @@ -27,10 +27,13 @@ import ( "k8s.io/klog/v2" mcfgv1 "github.com/openshift/api/machineconfiguration/v1" + mcfgalphav1 "github.com/openshift/api/machineconfiguration/v1alpha1" + ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" "github.com/openshift/machine-config-operator/pkg/daemon/constants" pivottypes "github.com/openshift/machine-config-operator/pkg/daemon/pivot/types" pivotutils "github.com/openshift/machine-config-operator/pkg/daemon/pivot/utils" + "github.com/openshift/machine-config-operator/pkg/upgrademonitor" ) const ( @@ -75,6 +78,18 @@ func reloadService(name string) error { // If at any point an error occurs, we reboot the node so that node has correct configuration. func (dn *Daemon) performPostConfigChangeAction(postConfigChangeActions []string, configName string) error { if ctrlcommon.InSlice(postConfigChangeActionReboot, postConfigChangeActions) { + err := upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdatePostActionComplete, Reason: string(mcfgalphav1.MachineConfigNodeUpdateRebooted), Message: fmt.Sprintf("Node will reboot into config %s", configName)}, + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdateRebooted, Reason: fmt.Sprintf("%s%s", string(mcfgalphav1.MachineConfigNodeUpdatePostActionComplete), string(mcfgalphav1.MachineConfigNodeUpdateRebooted)), Message: "Upgrade requires a reboot. Currently doing this as the post update action."}, + metav1.ConditionUnknown, + metav1.ConditionUnknown, + dn.node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for rebooting: %w", err) + } logSystem("Rebooting node") return dn.reboot(fmt.Sprintf("Node will reboot into config %s", configName)) } @@ -83,6 +98,18 @@ func (dn *Daemon) performPostConfigChangeAction(postConfigChangeActions []string if dn.nodeWriter != nil { dn.nodeWriter.Eventf(corev1.EventTypeNormal, "SkipReboot", "Config changes do not require reboot.") } + err := upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdatePostActionComplete, Reason: "None", Message: fmt.Sprintf("Changes do not require a reboot")}, + nil, + metav1.ConditionTrue, + metav1.ConditionFalse, + dn.node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for no post config change action: %w", err) + } logSystem("Node has Desired Config %s, skipping reboot", configName) } @@ -96,6 +123,19 @@ func (dn *Daemon) performPostConfigChangeAction(postConfigChangeActions []string return fmt.Errorf("could not apply update: reloading %s configuration failed. Error: %w", serviceName, err) } + err := upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdatePostActionComplete, Reason: string(mcfgalphav1.MachineConfigNodeUpdateReloaded), Message: "Node has reloaded CRIO"}, + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdateReloaded, Reason: fmt.Sprintf("%s%s", string(mcfgalphav1.MachineConfigNodeUpdatePostActionComplete), string(mcfgalphav1.MachineConfigNodeUpdateReloaded)), Message: "Upgrade required a CRIO reload. Completed this this as the post update action."}, + metav1.ConditionTrue, + metav1.ConditionTrue, + dn.node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for Reloading success: %w", err) + } + if dn.nodeWriter != nil { dn.nodeWriter.Eventf(corev1.EventTypeNormal, "SkipReboot", "Config changes do not require reboot. Service %s was reloaded.", serviceName) } @@ -599,10 +639,23 @@ func (dn *Daemon) update(oldConfig, newConfig *mcfgv1.MachineConfig, skipCertifi klog.Infof("Checking Reconcilable for config %v to %v", oldConfigName, newConfigName) + // checking for reconcilability // make sure we can actually reconcile this state diff, reconcilableError := reconcilable(oldConfig, newConfig) if reconcilableError != nil { + Nerr := upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdatePrepared, Reason: string(mcfgalphav1.MachineConfigNodeUpdateCompatible), Message: fmt.Sprintf("Update Failed during the Checking for Compatibility phase")}, + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdateCompatible, Reason: fmt.Sprintf("%s%s", string(mcfgalphav1.MachineConfigNodeUpdatePrepared), string(mcfgalphav1.MachineConfigNodeUpdateCompatible)), Message: fmt.Sprintf("Error: MachineConfigs %v and %v are not compatible. Err: %s", oldConfigName, newConfigName, reconcilableError.Error())}, + metav1.ConditionUnknown, + metav1.ConditionUnknown, + dn.node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if Nerr != nil { + klog.Errorf("Error making MCN for Preparing update failed: %w", err) + } wrappedErr := fmt.Errorf("can't reconcile config %s with %s: %w", oldConfigName, newConfigName, reconcilableError) if dn.nodeWriter != nil { dn.nodeWriter.Eventf(corev1.EventTypeWarning, "FailedToReconcile", wrappedErr.Error()) @@ -615,6 +668,18 @@ func (dn *Daemon) update(oldConfig, newConfig *mcfgv1.MachineConfig, skipCertifi diffFileSet := ctrlcommon.CalculateConfigFileDiffs(&oldIgnConfig, &newIgnConfig) actions, err := calculatePostConfigChangeAction(diff, diffFileSet) if err != nil { + Nerr := upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdatePrepared, Reason: string(mcfgalphav1.MachineConfigNodeUpdateCompatible), Message: "Update Failed during the Checking for Compatibility phase."}, + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdateCompatible, Reason: fmt.Sprintf("%s%s", string(mcfgalphav1.MachineConfigNodeUpdatePrepared), string(mcfgalphav1.MachineConfigNodeUpdateCompatible)), Message: fmt.Sprintf("Error: MachineConfigs %v and %v are not available for update. Error calculating post config change actions: %s", oldConfigName, newConfigName, err.Error())}, + metav1.ConditionUnknown, + metav1.ConditionUnknown, + dn.node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if Nerr != nil { + klog.Errorf("Error making MCN for Preparing update failed: %w", err) + } return err } @@ -623,12 +688,76 @@ func (dn *Daemon) update(oldConfig, newConfig *mcfgv1.MachineConfig, skipCertifi if err != nil { return err } + err = upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdatePrepared, Reason: string(mcfgalphav1.MachineConfigNodeUpdateCompatible), Message: "Update is Compatible."}, + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdateCompatible, Reason: fmt.Sprintf("%s%s", string(mcfgalphav1.MachineConfigNodeUpdatePrepared), string(mcfgalphav1.MachineConfigNodeUpdateCompatible)), Message: fmt.Sprintf("Update Compatible. Post Cfg Actions %v: Drain Required: %t", actions, drain)}, + metav1.ConditionTrue, + metav1.ConditionTrue, + dn.node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for Update Compatible: %w", err) + } + pool := "" + var ok bool + if dn.node != nil { + if _, ok = dn.node.Labels["node-role.kubernetes.io/worker"]; ok { + pool = "worker" + } else if _, ok = dn.node.Labels["node-role.kubernetes.io/master"]; ok { + pool = "master" + } + } + + err = upgrademonitor.GenerateAndApplyMachineConfigNodeSpec(dn.featureGatesAccessor, pool, dn.node, dn.mcfgClient) + if err != nil { + klog.Errorf("Error making MCN spec for Update Compatible: %w", err) + } if drain { if err := dn.performDrain(); err != nil { return err } } else { klog.Info("Changes do not require drain, skipping.") + err := upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdateExecuted, Reason: string(mcfgalphav1.MachineConfigNodeUpdateDrained), Message: "Node Drain Not required for this update."}, + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdateDrained, Reason: fmt.Sprintf("%s%s", string(mcfgalphav1.MachineConfigNodeUpdateExecuted), string(mcfgalphav1.MachineConfigNodeUpdateDrained)), Message: "Node Drain Not required for this update."}, + metav1.ConditionUnknown, + metav1.ConditionFalse, + dn.node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for Drain not required: %w", err) + } + } + + files := "" + for _, f := range newIgnConfig.Storage.Files { + files += f.Path + " " + } + + updatesNeeded := []string{"not", "not"} + if diff.passwd { + updatesNeeded[1] = "" + } + if diff.osUpdate || diff.extensions || diff.kernelType { + updatesNeeded[0] = "" + } + + err = upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdateExecuted, Reason: string(mcfgalphav1.MachineConfigNodeUpdateFilesAndOS), Message: fmt.Sprintf("Updating the Files and OS on disk as a part of the in progress phase")}, + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdateFilesAndOS, Reason: fmt.Sprintf("%s%s", string(mcfgalphav1.MachineConfigNodeUpdateExecuted), string(mcfgalphav1.MachineConfigNodeUpdateFilesAndOS)), Message: fmt.Sprintf("Applying files and new OS config to node. OS will %s need an update. SSH Keys will %s need an update", updatesNeeded[0], updatesNeeded[1])}, + metav1.ConditionUnknown, + metav1.ConditionUnknown, + dn.node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for Updating Files and OS: %w", err) } // update files on disk that need updating @@ -730,7 +859,24 @@ func (dn *Daemon) update(oldConfig, newConfig *mcfgv1.MachineConfig, skipCertifi } }() - return dn.performPostConfigChangeAction(actions, newConfig.GetName()) + err = upgrademonitor.GenerateAndApplyMachineConfigNodes( + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdateExecuted, Reason: string(mcfgalphav1.MachineConfigNodeUpdateFilesAndOS), Message: fmt.Sprintf("Updated the Files and OS on disk as a part of the in progress phase")}, + &upgrademonitor.Condition{State: mcfgalphav1.MachineConfigNodeUpdateFilesAndOS, Reason: fmt.Sprintf("%s%s", string(mcfgalphav1.MachineConfigNodeUpdateExecuted), string(mcfgalphav1.MachineConfigNodeUpdateFilesAndOS)), Message: fmt.Sprintf("Applied files and new OS config to node. OS did %s need an update. SSH Keys did %s need an update", updatesNeeded[0], updatesNeeded[1])}, + metav1.ConditionTrue, + metav1.ConditionTrue, + dn.node, + dn.mcfgClient, + dn.featureGatesAccessor, + ) + if err != nil { + klog.Errorf("Error making MCN for Updated Files and OS: %w", err) + } + + err = dn.performPostConfigChangeAction(actions, newConfig.GetName()) + if err != nil { + return err + } + return nil } // This is currently a subsection copied over from update() since we need to be more nuanced. Should eventually @@ -2204,6 +2350,15 @@ func (dn *Daemon) reboot(rationale string) error { } logSystem("initiating reboot: %s", rationale) + if dn.node != nil { + Rebooting := make(map[string]string) + Rebooting[constants.MachineConfigDaemonPostConfigAction] = constants.MachineConfigDaemonStateRebooting + _, err := dn.nodeWriter.SetAnnotations(Rebooting) + if err != nil { + klog.Errorf("Error setting post config action annotation %w", err) + } + } + // reboot, executed async via systemd-run so that the reboot command is executed // in the context of the host asynchronously from us // We're not returning the error from the reboot command as it can be terminated by @@ -2219,6 +2374,7 @@ func (dn *Daemon) reboot(rationale string) error { // and we wait for GracefulNodeShutdown dn.rebootQueued = true logSystem("reboot successful") + return nil } diff --git a/pkg/daemon/upgrade_monitor_test.go b/pkg/daemon/upgrade_monitor_test.go new file mode 100644 index 0000000000..a9f72c69fa --- /dev/null +++ b/pkg/daemon/upgrade_monitor_test.go @@ -0,0 +1,173 @@ +package daemon + +import ( + "context" + "testing" + + apicfgv1 "github.com/openshift/api/config/v1" + "github.com/openshift/machine-config-operator/pkg/upgrademonitor" + + "github.com/openshift/api/machineconfiguration/v1alpha1" + "github.com/openshift/client-go/machineconfiguration/clientset/versioned/fake" + informers "github.com/openshift/client-go/machineconfiguration/informers/externalversions" + "github.com/openshift/library-go/pkg/operator/configobserver/featuregates" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + kubeinformers "k8s.io/client-go/informers" + k8sfake "k8s.io/client-go/kubernetes/fake" +) + +type upgradeMonitorTestCase struct { + name string + err bool + parentCondition *upgrademonitor.Condition + childCondition *upgrademonitor.Condition + parentStatus metav1.ConditionStatus + childStatus metav1.ConditionStatus + expectedConditions []metav1.Condition +} + +func TestUpgradeMonitor(t *testing.T) { + testCases := []upgradeMonitorTestCase{ + { + name: "testUpdated", + err: false, + parentCondition: &upgrademonitor.Condition{ + State: v1alpha1.MachineConfigNodeUpdated, + Reason: "Updated", + Message: "Node Updated", + }, + childCondition: nil, + parentStatus: metav1.ConditionTrue, + childStatus: metav1.ConditionFalse, + expectedConditions: []metav1.Condition{ + { + Type: string(v1alpha1.MachineConfigNodeUpdated), + Message: "Node Updated", + Reason: "Updated", + LastTransitionTime: metav1.Now(), + Status: metav1.ConditionTrue, + }, + }, + }, + { + name: "testUpdating", + err: false, + parentCondition: &upgrademonitor.Condition{ + State: v1alpha1.MachineConfigNodeUpdateExecuted, + Reason: "Updating", + Message: "Node Updating", + }, + childCondition: &upgrademonitor.Condition{ + State: v1alpha1.MachineConfigNodeUpdateFilesAndOS, + Reason: "FilesAndOS", + Message: "Applied Files and OS", + }, + parentStatus: metav1.ConditionUnknown, + childStatus: metav1.ConditionTrue, + expectedConditions: []metav1.Condition{ + { + Type: string(v1alpha1.MachineConfigNodeUpdateExecuted), + Message: "Node Updating", + Reason: "Updating", + LastTransitionTime: metav1.Now(), + Status: metav1.ConditionUnknown, + }, + { + Type: string(v1alpha1.MachineConfigNodeUpdateFilesAndOS), + Message: "Applied new Files and OS", + Reason: "FilesAndOS", + LastTransitionTime: metav1.Now(), + Status: metav1.ConditionTrue, + }, + }, + }, + } + for _, testCase := range testCases { + testCase := testCase + t.Run(testCase.name, func(t *testing.T) { + t.Parallel() + + testCase.run(t) + }) + } +} + +// Runs the test case +func (tc upgradeMonitorTestCase) run(t *testing.T) { + stopCh := make(chan struct{}) + defer close(stopCh) + f := &fixture{} + f.t = t + f.objects = []runtime.Object{} + f.kubeobjects = []runtime.Object{} + f.client = fake.NewSimpleClientset(f.objects...) + f.kubeclient = k8sfake.NewSimpleClientset(f.kubeobjects...) + fgAccess := featuregates.NewHardcodedFeatureGateAccess( + []apicfgv1.FeatureGateName{ + apicfgv1.FeatureGateMachineConfigNodes, + }, + []apicfgv1.FeatureGateName{ + apicfgv1.FeatureGateExternalCloudProvider, + apicfgv1.FeatureGateExternalCloudProviderAzure, + apicfgv1.FeatureGateExternalCloudProviderGCP, + apicfgv1.FeatureGateExternalCloudProviderExternal, + }, + ) + + i := informers.NewSharedInformerFactory(f.client, noResyncPeriodFunc()) + k8sI := kubeinformers.NewSharedInformerFactory(f.kubeclient, noResyncPeriodFunc()) + + d, err := New(nil) + if err != nil { + f.t.Fatalf("can't bring up daemon: %v", err) + } + d.ClusterConnect("node_name_test", + f.kubeclient, + f.client, + i.Machineconfiguration().V1().MachineConfigs(), + k8sI.Core().V1().Nodes(), + i.Machineconfiguration().V1().ControllerConfigs(), + false, + "", + fgAccess, + ) + + d.mcListerSynced = alwaysReady + d.nodeListerSynced = alwaysReady + + i.Start(stopCh) + i.WaitForCacheSync(stopCh) + k8sI.Start(stopCh) + k8sI.WaitForCacheSync(stopCh) + + for _, mc := range f.mcLister { + i.Machineconfiguration().V1().MachineConfigs().Informer().GetIndexer().Add(mc) + } + + for _, n := range f.nodeLister { + k8sI.Core().V1().Nodes().Informer().GetIndexer().Add(n) + } + + for _, n := range f.nodeLister { + err = upgrademonitor.GenerateAndApplyMachineConfigNodes(tc.parentCondition, tc.childCondition, tc.parentStatus, tc.childStatus, n, d.mcfgClient, d.featureGatesAccessor) + if err != nil { + f.t.Fatalf("Could not generate and apply MCN %v", err) + } + + mcn, err := d.mcfgClient.MachineconfigurationV1alpha1().MachineConfigNodes().Get(context.TODO(), n.Name, metav1.GetOptions{}) + if err != nil { + f.t.Fatalf("can't bring up daemon: %v", err) + } + + for _, expectedCond := range tc.expectedConditions { + for _, cond := range mcn.Status.Conditions { + if cond.Type == expectedCond.Type { + if cond.Status != expectedCond.Status { + f.t.Fatalf("Conditions do not match %s an %s", string(cond.Status), string(expectedCond.Status)) + } + } + } + } + } +} diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go index 1a29d86d00..ee70861278 100644 --- a/pkg/operator/operator.go +++ b/pkg/operator/operator.go @@ -5,6 +5,10 @@ import ( "fmt" "time" + v1 "github.com/openshift/api/config/v1" + opv1 "github.com/openshift/api/operator/v1" + "github.com/openshift/library-go/pkg/operator/configobserver/featuregates" + "k8s.io/klog/v2" configclientset "github.com/openshift/client-go/config/clientset/versioned" @@ -38,7 +42,9 @@ import ( mcfgclientset "github.com/openshift/client-go/machineconfiguration/clientset/versioned" "github.com/openshift/client-go/machineconfiguration/clientset/versioned/scheme" mcfginformersv1 "github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1" + mcfginformersalphav1 "github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1" mcfglistersv1 "github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1" + mcfglistersalphav1 "github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1" ) const ( @@ -63,6 +69,8 @@ type Operator struct { vStore *versionStore + operatorHealthEvents record.EventRecorder + client mcfgclientset.Interface kubeClient kubernetes.Interface apiExtClient apiextclientset.Interface @@ -72,9 +80,11 @@ type Operator struct { syncHandler func(ic string) error + mcNodeLister mcfglistersalphav1.MachineConfigNodeLister imgLister configlistersv1.ImageLister crdLister apiextlistersv1.CustomResourceDefinitionLister mcpLister mcfglistersv1.MachineConfigPoolLister + msLister mcfglistersalphav1.MachineConfigNodeLister ccLister mcfglistersv1.ControllerConfigLister mcLister mcfglistersv1.MachineConfigLister deployLister appslisterv1.DeploymentLister @@ -92,6 +102,7 @@ type Operator struct { ocSecretLister corelisterv1.SecretLister mcoCOLister configlistersv1.ClusterOperatorLister + mcNodeListerSynced cache.InformerSynced crdListerSynced cache.InformerSynced deployListerSynced cache.InformerSynced daemonsetListerSynced cache.InformerSynced @@ -122,6 +133,8 @@ type Operator struct { stopCh <-chan struct{} renderConfig *renderConfig + + fgAccessor featuregates.FeatureGateAccess } // New returns a new machine config operator. @@ -154,6 +167,8 @@ func New( mcoSecretInformer coreinformersv1.SecretInformer, ocSecretInformer coreinformersv1.SecretInformer, mcoCOInformer configinformersv1.ClusterOperatorInformer, + mcNodeInformer mcfginformersalphav1.MachineConfigNodeInformer, + fgAccess featuregates.FeatureGateAccess, ) *Operator { eventBroadcaster := record.NewBroadcaster() eventBroadcaster.StartLogging(klog.Infof) @@ -175,7 +190,17 @@ func New( Namespace: ctrlcommon.MCONamespace, APIVersion: "apps/v1", }), - queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "machineconfigoperator"), + queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "machineconfigoperator"), + fgAccessor: fgAccess, + } + + err := corev1.AddToScheme(scheme.Scheme) + if err != nil { + klog.Errorf("Could not modify scheme: %w", err) + } + err = opv1.AddToScheme(scheme.Scheme) + if err != nil { + klog.Errorf("Could not modify scheme: %w", err) } for _, i := range []cache.SharedIndexInformer{ @@ -201,12 +226,14 @@ func New( mcoSecretInformer.Informer(), ocSecretInformer.Informer(), mcoCOInformer.Informer(), + mcNodeInformer.Informer(), } { i.AddEventHandler(optr.eventHandler()) } optr.syncHandler = optr.sync + optr.mcNodeLister = mcNodeInformer.Lister() optr.imgLister = imgInformer.Lister() optr.clusterCmLister = clusterCmInfomer.Lister() optr.clusterCmListerSynced = clusterCmInfomer.Informer().HasSynced @@ -223,6 +250,7 @@ func New( optr.nodeLister = nodeInformer.Lister() optr.nodeListerSynced = nodeInformer.Informer().HasSynced + optr.mcNodeListerSynced = mcInformer.Informer().HasSynced optr.imgListerSynced = imgInformer.Informer().HasSynced optr.maoSecretInformerSynced = maoSecretInformer.Informer().HasSynced optr.serviceAccountInformerSynced = serviceAccountInfomer.Informer().HasSynced @@ -272,8 +300,7 @@ func (optr *Operator) Run(workers int, stopCh <-chan struct{}) { } } - if !cache.WaitForCacheSync(stopCh, - optr.crdListerSynced, + cacheSynced := []cache.InformerSynced{optr.crdListerSynced, optr.deployListerSynced, optr.daemonsetListerSynced, optr.infraListerSynced, @@ -294,7 +321,15 @@ func (optr *Operator) Run(workers int, stopCh <-chan struct{}) { optr.mcoSAListerSynced, optr.mcoSecretListerSynced, optr.ocSecretListerSynced, - optr.mcoCOListerSynced) { + optr.mcoCOListerSynced} + fg, err := optr.fgAccessor.CurrentFeatureGates() + if err != nil { + klog.Errorf("No fg enabled %w", err) + } else if fg.Enabled(v1.FeatureGateMachineConfigNodes) { + cacheSynced = append(cacheSynced, optr.mcNodeListerSynced) + } + if !cache.WaitForCacheSync(stopCh, + cacheSynced...) { klog.Error("failed to sync caches") return } @@ -394,6 +429,7 @@ func (optr *Operator) sync(key string) error { // "RenderConfig" must always run first as it sets the renderConfig in the operator // for the sync funcs below {"RenderConfig", optr.syncRenderConfig}, + {"MachineConfigNode", optr.syncMachineConfigNodes}, {"MachineConfigPools", optr.syncMachineConfigPools}, {"MachineConfigDaemon", optr.syncMachineConfigDaemon}, {"MachineConfigController", optr.syncMachineConfigController}, @@ -402,5 +438,6 @@ func (optr *Operator) sync(key string) error { // this check must always run last since it makes sure the pools are in sync/upgrading correctly {"RequiredPools", optr.syncRequiredMachineConfigPools}, } + return optr.syncAll(syncFuncs) } diff --git a/pkg/operator/status.go b/pkg/operator/status.go index 12a7e646c2..da06aff481 100644 --- a/pkg/operator/status.go +++ b/pkg/operator/status.go @@ -8,6 +8,8 @@ import ( "strings" "time" + mcfgv1 "github.com/openshift/api/machineconfiguration/v1" + configv1 "github.com/openshift/api/config/v1" cov1helpers "github.com/openshift/library-go/pkg/config/clusteroperator/v1helpers" corev1 "k8s.io/api/core/v1" @@ -18,7 +20,6 @@ import ( "k8s.io/apimachinery/pkg/labels" "k8s.io/klog/v2" - mcfgv1 "github.com/openshift/api/machineconfiguration/v1" v1 "github.com/openshift/api/machineconfiguration/v1" "github.com/openshift/machine-config-operator/pkg/apihelpers" ctrlcommon "github.com/openshift/machine-config-operator/pkg/controller/common" @@ -306,6 +307,7 @@ func (optr *Operator) syncUpgradeableStatus() error { if isPoolStatusConditionTrue(pool, mcfgv1.MachineConfigPoolUpdating) { updating = true } + degraded = isPoolStatusConditionTrue(pool, mcfgv1.MachineConfigPoolDegraded) // degraded should get top billing in the clusteroperator status, if we find this, set it and update if degraded { @@ -315,6 +317,7 @@ func (optr *Operator) syncUpgradeableStatus() error { break } } + // this should no longer trigger when adding a node to a pool. It should only trigger if the node actually has to go through an upgrade // updating and degraded can occur together, in that case defer to the degraded Reason that is already set above if updating && !degraded { coStatus.Status = configv1.ConditionFalse diff --git a/pkg/operator/sync.go b/pkg/operator/sync.go index 7f4c85982a..6895ebf78d 100644 --- a/pkg/operator/sync.go +++ b/pkg/operator/sync.go @@ -35,6 +35,8 @@ import ( configv1 "github.com/openshift/api/config/v1" mcfgv1 "github.com/openshift/api/machineconfiguration/v1" v1 "github.com/openshift/api/machineconfiguration/v1" + v1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + "github.com/openshift/library-go/pkg/operator/resource/resourceapply" "github.com/openshift/library-go/pkg/operator/resource/resourceread" mcoResourceApply "github.com/openshift/machine-config-operator/lib/resourceapply" @@ -616,9 +618,11 @@ func getIgnitionHost(infraStatus *configv1.InfrastructureStatus) (string, error) func (optr *Operator) syncCustomResourceDefinitions() error { crds := []string{ "manifests/controllerconfig.crd.yaml", + "manifests/0000_80_machine-config-operator_01_machineconfignode-TechPreviewNoUpgrade.crd.yaml", } for _, crd := range crds { + crdBytes, err := manifests.ReadFile(crd) if err != nil { return fmt.Errorf("error getting asset %s: %w", crd, err) @@ -662,6 +666,7 @@ func (optr *Operator) syncMachineConfigPools(config *renderConfig) error { } // base64.StdEncoding.EncodeToString for _, pool := range pools { + pointerConfigAsset := newAssetRenderer("pointer-config") pointerConfigAsset.templateData = config.PointerConfig pointerConfigData, err := pointerConfigAsset.render(struct{ Role string }{pool.Name}) @@ -691,6 +696,62 @@ func (optr *Operator) syncMachineConfigPools(config *renderConfig) error { return nil } +// we need to mimic this +func (optr *Operator) syncMachineConfigNodes(_ *renderConfig) error { + fg, err := optr.fgAccessor.CurrentFeatureGates() + if err != nil { + klog.Errorf("Could not get fg: %w", err) + return err + } + if !fg.Enabled(configv1.FeatureGateMachineConfigNodes) { + return nil + } + nodes, err := optr.nodeLister.List(labels.Everything()) + if err != nil { + return err + } + for _, node := range nodes { + var pool string + var ok bool + if _, ok = node.Labels["node-role.kubernetes.io/worker"]; ok { + pool = "worker" + } else if _, ok = node.Labels["node-role.kubernetes.io/master"]; ok { + pool = "master" + } + newMCS := &v1alpha1.MachineConfigNode{ + Spec: v1alpha1.MachineConfigNodeSpec{ + Node: v1alpha1.MCOObjectReference{ + Name: node.Name, + }, + Pool: v1alpha1.MCOObjectReference{ + Name: pool, + }, + ConfigVersion: v1alpha1.MachineConfigNodeSpecMachineConfigVersion{ + Desired: "NotYetSet", + }, + }, + TypeMeta: metav1.TypeMeta{ + Kind: "MachineConfigNode", + APIVersion: "machineconfiguration.openshift.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: node.Name, + }, + } + mcsBytes, err := json.Marshal(newMCS) + if err != nil { + klog.Errorf("error rendering asset for MachineConfigNode %w", err) + return err + } + p := mcoResourceRead.ReadMachineConfigNodeV1OrDie(mcsBytes) + _, _, err = mcoResourceApply.ApplyMachineConfigNode(optr.client.MachineconfigurationV1alpha1(), p) + if err != nil { + return err + } + } + return nil +} + func (optr *Operator) applyManifests(config *renderConfig, paths manifestPaths) error { for _, path := range paths.clusterRoles { crBytes, err := renderAsset(config, path) @@ -1123,6 +1184,7 @@ func (optr *Operator) syncMachineConfigServer(config *renderConfig) error { }, daemonset: mcsDaemonsetManifestPath, } + if err := optr.applyManifests(config, paths); err != nil { return fmt.Errorf("failed to apply machine config server manifests: %w", err) } diff --git a/pkg/server/testdata/bar.crt b/pkg/server/testdata/bar.crt new file mode 100644 index 0000000000..9a2c7732fa --- /dev/null +++ b/pkg/server/testdata/bar.crt @@ -0,0 +1 @@ +testing \ No newline at end of file diff --git a/pkg/upgrademonitor/upgrade_monitor.go b/pkg/upgrademonitor/upgrade_monitor.go new file mode 100644 index 0000000000..a290388d1f --- /dev/null +++ b/pkg/upgrademonitor/upgrade_monitor.go @@ -0,0 +1,266 @@ +package upgrademonitor + +import ( + "context" + "fmt" + + machineconfigurationalphav1 "github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1" + mcfgclientset "github.com/openshift/client-go/machineconfiguration/clientset/versioned" + "github.com/openshift/library-go/pkg/operator/configobserver/featuregates" + corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + + v1 "github.com/openshift/api/config/v1" + mcfgalphav1 "github.com/openshift/api/machineconfiguration/v1alpha1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/klog/v2" +) + +type Condition struct { + State mcfgalphav1.StateProgress + Reason string + Message string +} + +// GenerateAndApplyMachineConfigNodes takes a parent and child conditions and applies them to the given node's MachineConfigNode object +// there are a few stipulations. 1) if the parent and child condition exactly match their currently applied statuses, no new MCN is generated +// 2) the desiredConfig in the MCN Status will only be set once the update is proven to be compatible. Meanwhile the desired and current config in the spec react to live changes of state on the Node +// 3) None of this will be executed unless the TechPreviewNoUpgrade featuregate is applied. +// nolint:gocyclo +func GenerateAndApplyMachineConfigNodes(parentCondition, childCondition *Condition, parentStatus, childStatus metav1.ConditionStatus, node *corev1.Node, mcfgClient mcfgclientset.Interface, fgAccessor featuregates.FeatureGateAccess) error { + if fgAccessor == nil || node == nil || parentCondition == nil || mcfgClient == nil { + return nil + } + fg, err := fgAccessor.CurrentFeatureGates() + if err != nil { + klog.Errorf("Could not get fg: %w", err) + return err + } + if fg == nil || !fg.Enabled(v1.FeatureGateMachineConfigNodes) { + return nil + } + + // get the existing MCN, or if it DNE create one below + mcNode, needNewMCNode := createOrGetMachineConfigNode(mcfgClient, node) + newMCNode := mcNode.DeepCopy() + newParentCondition := metav1.Condition{ + Type: string(parentCondition.State), + Status: parentStatus, + Reason: parentCondition.Reason, + Message: parentCondition.Message, + LastTransitionTime: metav1.Now(), + } + var newChildCondition *metav1.Condition + if childCondition != nil { + newChildCondition = &metav1.Condition{ + Type: string(childCondition.State), + Status: childStatus, + Reason: childCondition.Reason, + Message: childCondition.Message, + LastTransitionTime: metav1.Now(), + } + + } + reset := false + if newParentCondition.Type == string(mcfgalphav1.MachineConfigNodeUpdated) { + reset = true + } + + // we use this array to see if the MCN has all of its conditions set + // if not we set a sane default + allConditionTypes := []mcfgalphav1.StateProgress{ + mcfgalphav1.MachineConfigNodeUpdatePrepared, + mcfgalphav1.MachineConfigNodeUpdateExecuted, + mcfgalphav1.MachineConfigNodeUpdatePostActionComplete, + mcfgalphav1.MachineConfigNodeUpdateComplete, + mcfgalphav1.MachineConfigNodeResumed, + mcfgalphav1.MachineConfigNodeUpdateCompatible, + mcfgalphav1.MachineConfigNodeUpdateDrained, + mcfgalphav1.MachineConfigNodeUpdateFilesAndOS, + mcfgalphav1.MachineConfigNodeUpdateCordoned, + mcfgalphav1.MachineConfigNodeUpdateRebooted, + mcfgalphav1.MachineConfigNodeUpdateReloaded, + mcfgalphav1.MachineConfigNodeUpdated, + } + // create all of the conditions, even the false ones + if newMCNode.Status.Conditions == nil { + newMCNode.Status.Conditions = []metav1.Condition{} + newMCNode.Status.Conditions = append(newMCNode.Status.Conditions, newParentCondition) + if newChildCondition != nil { + newMCNode.Status.Conditions = append(newMCNode.Status.Conditions, *newChildCondition) + } + for _, condType := range allConditionTypes { + found := false + for _, cond := range newMCNode.Status.Conditions { + // if this is one of our two conditions, do not nullify this + if condType == mcfgalphav1.StateProgress(cond.Type) { + found = true + } + } + // else if we do not have this one yet, set it to some sane default. + if !found { + newMCNode.Status.Conditions = append(newMCNode.Status.Conditions, + metav1.Condition{ + Type: string(condType), + Message: fmt.Sprintf("This node has not yet entered the %s phase", string(condType)), + Reason: "NotYetOccured", + LastTransitionTime: metav1.Now(), + Status: metav1.ConditionFalse, + }) + } + } + // else we already have some conditions. Lets update accordingly + } else { + // we now check if child or parent exist. If they do, we also need to make sure they NEED to be updated. If not return nil. + foundChild := false + foundParent := false + childDNEOrIsTheSame := true + // look through all of the conditions for our current ones, update them accordingly + // also set all other ones to false and update last transition time. + for i, condition := range newMCNode.Status.Conditions { + if condition.Type == string(mcfgalphav1.MachineConfigNodeUpdated) && condition.Status == metav1.ConditionTrue && condition.Type != newParentCondition.Type { + // if this happens, it is because we manually updated the MCO. + // so, if we get a parent state == unknown or true or ANYTHING and updated also == true but it isn't the parent, set updated == false + newC := metav1.Condition{ + Type: string(mcfgalphav1.MachineConfigNodeUpdated), + Message: "This node is not updated, sensed disruption via a manual update.", + Reason: string(mcfgalphav1.MachineConfigNodeUpdated), + LastTransitionTime: metav1.Now(), + Status: metav1.ConditionFalse, + } + newC.DeepCopyInto(&newMCNode.Status.Conditions[i]) + } else if newChildCondition != nil && condition.Type == newChildCondition.Type { + childDNEOrIsTheSame = false + foundChild = true + newChildCondition.DeepCopyInto(&condition) + if newChildCondition.Status == condition.Status && newChildCondition.Message == condition.Message { + childDNEOrIsTheSame = true + } + } else if condition.Type == newParentCondition.Type { + foundParent = true + if condition.Status == newParentCondition.Status && condition.Message == newParentCondition.Message && childDNEOrIsTheSame { + // there is nothing to update. Return. + // this allows us to put the conditions in more general places but if we are already in phases like "updated" + // then nothing happens + // only do this if the messages match too + return nil + } + newParentCondition.DeepCopyInto(&condition) + } else if condition.Status != metav1.ConditionFalse && reset { + condition.Status = metav1.ConditionFalse + condition.Message = "Action during previous iteration: " + condition.Message + condition.LastTransitionTime = metav1.Now() + } + condition.DeepCopyInto(&newMCNode.Status.Conditions[i]) + } + if !foundChild && newChildCondition != nil { + newMCNode.Status.Conditions = append(newMCNode.Status.Conditions, *newChildCondition) + } + if !foundParent { + newMCNode.Status.Conditions = append(newMCNode.Status.Conditions, newParentCondition) + } + } + + // for now, keep spec and status aligned + newMCNode.Status.ConfigVersion = mcfgalphav1.MachineConfigNodeStatusMachineConfigVersion{ + Desired: newMCNode.Status.ConfigVersion.Desired, + Current: node.Annotations["machineconfiguration.openshift.io/currentConfig"], + } + // if the update is compatible, we can set the desired to the one being used in the update + // this happens either if we get prepared == true OR literally any other parent condition, since if we get past prepared, then the desiredConfig is correct. + if newParentCondition.Type == string(mcfgalphav1.MachineConfigNodeUpdatePrepared) && newParentCondition.Status == metav1.ConditionTrue || newParentCondition.Type != string(mcfgalphav1.MachineConfigNodeUpdatePrepared) { + newMCNode.Status.ConfigVersion.Desired = node.Annotations["machineconfiguration.openshift.io/desiredConfig"] + } else if newMCNode.Status.ConfigVersion.Desired == "" { + newMCNode.Status.ConfigVersion.Desired = "NotYetSet" + } + + // if we do not need a new MCN, generate the apply configurations for this object + if !needNewMCNode { + statusconfigVersionApplyConfig := machineconfigurationalphav1.MachineConfigNodeStatusMachineConfigVersion().WithCurrent(newMCNode.Status.ConfigVersion.Current).WithDesired(newMCNode.Status.ConfigVersion.Desired) + statusApplyConfig := machineconfigurationalphav1.MachineConfigNodeStatus().WithConditions(newMCNode.Status.Conditions...).WithObservedGeneration(newMCNode.Generation + 1).WithConfigVersion(statusconfigVersionApplyConfig) + mcnodeApplyConfig := machineconfigurationalphav1.MachineConfigNode(newMCNode.Name).WithStatus(statusApplyConfig) + _, err := mcfgClient.MachineconfigurationV1alpha1().MachineConfigNodes().ApplyStatus(context.TODO(), mcnodeApplyConfig, metav1.ApplyOptions{FieldManager: "machine-config-operator", Force: true}) + if err != nil { + klog.Errorf("Error applying MCN status: %w", err) + return err + } + } else { + // there are cases where we get here before the MCO has settled and applied all of the MCnodes. + var pool string + var ok bool + if _, ok = node.Labels["node-role.kubernetes.io/worker"]; ok { + pool = "worker" + } else if _, ok = node.Labels["node-role.kubernetes.io/master"]; ok { + pool = "master" + } + + newMCNode.Name = node.Name + newMCNode.Spec.Pool = mcfgalphav1.MCOObjectReference{Name: pool} + newMCNode.Spec.Node = mcfgalphav1.MCOObjectReference{Name: node.Name} + _, err := mcfgClient.MachineconfigurationV1alpha1().MachineConfigNodes().Create(context.TODO(), newMCNode, metav1.CreateOptions{}) + if err != nil { + klog.Errorf("Error creating MCN: %w", err) + return err + } + } + return nil +} + +// GenerateAndApplyMachineConfigNodeSpec generates and applies a new MCN spec based off the node state +func GenerateAndApplyMachineConfigNodeSpec(fgAccessor featuregates.FeatureGateAccess, pool string, node *corev1.Node, mcfgClient mcfgclientset.Interface) error { + if fgAccessor == nil || node == nil { + return nil + } + fg, err := fgAccessor.CurrentFeatureGates() + if err != nil { + klog.Errorf("Could not get fg: %w", err) + return err + } + if fg == nil || !fg.Enabled(v1.FeatureGateMachineConfigNodes) { + klog.Infof("MCN Featuregate is not enabled. Please enable the TechPreviewNoUpgrade featureset to use MachineConfigNodes") + return nil + } + // get the existing MCN, or if it DNE create one below + mcNode, needNewMCNode := createOrGetMachineConfigNode(mcfgClient, node) + newMCNode := mcNode.DeepCopy() + // set the spec config version + newMCNode.Spec.ConfigVersion = mcfgalphav1.MachineConfigNodeSpecMachineConfigVersion{ + Desired: node.Annotations["machineconfiguration.openshift.io/desiredConfig"], + } + newMCNode.Spec.Pool = mcfgalphav1.MCOObjectReference{ + Name: pool, + } + newMCNode.Spec.Node = mcfgalphav1.MCOObjectReference{ + Name: node.Name, + } + if !needNewMCNode { + nodeRefApplyConfig := machineconfigurationalphav1.MCOObjectReference().WithName(newMCNode.Spec.Node.Name) + poolRefApplyConfig := machineconfigurationalphav1.MCOObjectReference().WithName(newMCNode.Spec.Pool.Name) + specconfigVersionApplyConfig := machineconfigurationalphav1.MachineConfigNodeSpecMachineConfigVersion().WithDesired(newMCNode.Spec.ConfigVersion.Desired) + specApplyConfig := machineconfigurationalphav1.MachineConfigNodeSpec().WithNode(nodeRefApplyConfig).WithPool(poolRefApplyConfig).WithConfigVersion(specconfigVersionApplyConfig) + mcnodeApplyConfig := machineconfigurationalphav1.MachineConfigNode(newMCNode.Name).WithSpec(specApplyConfig) + _, err := mcfgClient.MachineconfigurationV1alpha1().MachineConfigNodes().Apply(context.TODO(), mcnodeApplyConfig, metav1.ApplyOptions{FieldManager: "machine-config-operator", Force: true}) + if err != nil { + klog.Errorf("Error applying MCN Spec: %w", err) + return err + } + } else { + _, err := mcfgClient.MachineconfigurationV1alpha1().MachineConfigNodes().Create(context.TODO(), newMCNode, metav1.CreateOptions{}) + if err != nil { + klog.Errorf("Error creating MCN: %w", err) + return err + } + } + return nil +} + +// createOrGetMachineConfigNode gets the named MCN or returns a boolean indicating we need to create one +func createOrGetMachineConfigNode(mcfgClient mcfgclientset.Interface, node *corev1.Node) (*mcfgalphav1.MachineConfigNode, bool) { + mcNode, err := mcfgClient.MachineconfigurationV1alpha1().MachineConfigNodes().Get(context.TODO(), node.Name, metav1.GetOptions{}) + if mcNode.Name == "" || (err != nil && apierrors.IsNotFound(err)) { + klog.Errorf("error getting existing MCN: %w", err) + return mcNode, true + } + + return mcNode, false +} diff --git a/templates/master/01-master-kubelet/_base/files/kubelet.yaml b/templates/master/01-master-kubelet/_base/files/kubelet.yaml index d76f6b742d..4ba3e9287e 100644 --- a/templates/master/01-master-kubelet/_base/files/kubelet.yaml +++ b/templates/master/01-master-kubelet/_base/files/kubelet.yaml @@ -37,7 +37,6 @@ contents: ExternalCloudProviderExternal: true OpenShiftPodSecurityAdmission: true PrivateHostedZoneAWS: true - RetroactiveDefaultStorageClass: false serverTLSBootstrap: true tlsMinVersion: VersionTLS12 tlsCipherSuites: diff --git a/templates/worker/01-worker-kubelet/_base/files/kubelet.yaml b/templates/worker/01-worker-kubelet/_base/files/kubelet.yaml index d76f6b742d..4ba3e9287e 100644 --- a/templates/worker/01-worker-kubelet/_base/files/kubelet.yaml +++ b/templates/worker/01-worker-kubelet/_base/files/kubelet.yaml @@ -37,7 +37,6 @@ contents: ExternalCloudProviderExternal: true OpenShiftPodSecurityAdmission: true PrivateHostedZoneAWS: true - RetroactiveDefaultStorageClass: false serverTLSBootstrap: true tlsMinVersion: VersionTLS12 tlsCipherSuites: diff --git a/test/e2e-bootstrap/bootstrap_test.go b/test/e2e-bootstrap/bootstrap_test.go index 847d92e79a..5b7dc3a493 100644 --- a/test/e2e-bootstrap/bootstrap_test.go +++ b/test/e2e-bootstrap/bootstrap_test.go @@ -513,6 +513,7 @@ func createControllers(ctx *ctrlcommon.ControllerContext) []ctrlcommon.Controlle ctx.ConfigInformerFactory.Config().V1().Schedulers(), ctx.ClientBuilder.KubeClientOrDie("node-update-controller"), ctx.ClientBuilder.MachineConfigClientOrDie("node-update-controller"), + ctx.FeatureGateAccess, ), ) diff --git a/vendor/github.com/evanphx/json-patch/patch.go b/vendor/github.com/evanphx/json-patch/patch.go index dc2b7e51e6..4bce5936d5 100644 --- a/vendor/github.com/evanphx/json-patch/patch.go +++ b/vendor/github.com/evanphx/json-patch/patch.go @@ -568,29 +568,6 @@ func (p Patch) replace(doc *container, op Operation) error { return errors.Wrapf(err, "replace operation failed to decode path") } - if path == "" { - val := op.value() - - if val.which == eRaw { - if !val.tryDoc() { - if !val.tryAry() { - return errors.Wrapf(err, "replace operation value must be object or array") - } - } - } - - switch val.which { - case eAry: - *doc = &val.ary - case eDoc: - *doc = &val.doc - case eRaw: - return errors.Wrapf(err, "replace operation hit impossible case") - } - - return nil - } - con, key := findObject(doc, path) if con == nil { @@ -657,25 +634,6 @@ func (p Patch) test(doc *container, op Operation) error { return errors.Wrapf(err, "test operation failed to decode path") } - if path == "" { - var self lazyNode - - switch sv := (*doc).(type) { - case *partialDoc: - self.doc = *sv - self.which = eDoc - case *partialArray: - self.ary = *sv - self.which = eAry - } - - if self.equal(op.value()) { - return nil - } - - return errors.Wrapf(ErrTestFailed, "testing value %s failed", path) - } - con, key := findObject(doc, path) if con == nil { diff --git a/vendor/github.com/gregjones/httpcache/.travis.yml b/vendor/github.com/gregjones/httpcache/.travis.yml index 597bc9996f..b5ffbe03d8 100644 --- a/vendor/github.com/gregjones/httpcache/.travis.yml +++ b/vendor/github.com/gregjones/httpcache/.travis.yml @@ -1,18 +1,19 @@ sudo: false language: go +go: + - 1.6.x + - 1.7.x + - 1.8.x + - 1.9.x + - master matrix: allow_failures: - go: master fast_finish: true - include: - - go: 1.10.x - - go: 1.11.x - env: GOFMT=1 - - go: master install: - # Do nothing. This is needed to prevent default install action "go get -t -v ./..." from happening here (we want it to happen inside script step). script: - go get -t -v ./... - - if test -n "${GOFMT}"; then gofmt -w -s . && git diff --exit-code; fi + - diff -u <(echo -n) <(gofmt -d .) - go tool vet . - go test -v -race ./... diff --git a/vendor/github.com/gregjones/httpcache/README.md b/vendor/github.com/gregjones/httpcache/README.md index 51e7d23d09..09c9e7c173 100644 --- a/vendor/github.com/gregjones/httpcache/README.md +++ b/vendor/github.com/gregjones/httpcache/README.md @@ -7,8 +7,6 @@ Package httpcache provides a http.RoundTripper implementation that works as a mo It is only suitable for use as a 'private' cache (i.e. for a web-browser or an API-client and not for a shared proxy). -This project isn't actively maintained; it works for what I, and seemingly others, want to do with it, and I consider it "done". That said, if you find any issues, please open a Pull Request and I will try to review it. Any changes now that change the public API won't be considered. - Cache Backends -------------- @@ -21,8 +19,6 @@ Cache Backends - [`github.com/die-net/lrucache/twotier`](https://github.com/die-net/lrucache/tree/master/twotier) allows caches to be combined, for example to use lrucache above with a persistent disk-cache. - [`github.com/birkelund/boltdbcache`](https://github.com/birkelund/boltdbcache) provides a BoltDB implementation (based on the [bbolt](https://github.com/coreos/bbolt) fork). -If you implement any other backend and wish it to be linked here, please send a PR editing this file. - License ------- diff --git a/vendor/github.com/gregjones/httpcache/httpcache.go b/vendor/github.com/gregjones/httpcache/httpcache.go index b41a63d1ff..f6a2ec4a53 100644 --- a/vendor/github.com/gregjones/httpcache/httpcache.go +++ b/vendor/github.com/gregjones/httpcache/httpcache.go @@ -416,14 +416,14 @@ func canStaleOnError(respHeaders, reqHeaders http.Header) bool { func getEndToEndHeaders(respHeaders http.Header) []string { // These headers are always hop-by-hop hopByHopHeaders := map[string]struct{}{ - "Connection": {}, - "Keep-Alive": {}, - "Proxy-Authenticate": {}, - "Proxy-Authorization": {}, - "Te": {}, - "Trailers": {}, - "Transfer-Encoding": {}, - "Upgrade": {}, + "Connection": struct{}{}, + "Keep-Alive": struct{}{}, + "Proxy-Authenticate": struct{}{}, + "Proxy-Authorization": struct{}{}, + "Te": struct{}{}, + "Trailers": struct{}{}, + "Transfer-Encoding": struct{}{}, + "Upgrade": struct{}{}, } for _, extra := range strings.Split(respHeaders.Get("connection"), ",") { @@ -433,7 +433,7 @@ func getEndToEndHeaders(respHeaders http.Header) []string { } } endToEndHeaders := []string{} - for respHeader := range respHeaders { + for respHeader, _ := range respHeaders { if _, ok := hopByHopHeaders[respHeader]; !ok { endToEndHeaders = append(endToEndHeaders, respHeader) } diff --git a/vendor/github.com/openshift/api/Dockerfile.rhel8 b/vendor/github.com/openshift/api/Dockerfile.rhel8 index 62fa30b2c0..a78178319b 100644 --- a/vendor/github.com/openshift/api/Dockerfile.rhel8 +++ b/vendor/github.com/openshift/api/Dockerfile.rhel8 @@ -1,10 +1,10 @@ -FROM registry.ci.openshift.org/ocp/builder:rhel-8-golang-1.20-openshift-4.15 AS builder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.20-openshift-4.15 AS builder WORKDIR /go/src/github.com/openshift/api COPY . . ENV GO_PACKAGE github.com/openshift/api RUN make build --warn-undefined-variables -FROM registry.ci.openshift.org/ocp/4.14:base +FROM registry.ci.openshift.org/ocp/4.15:base-rhel9 # copy the built binaries to /usr/bin COPY --from=builder /go/src/github.com/openshift/api/render /usr/bin/ @@ -31,5 +31,4 @@ COPY manifests /manifests #COPY operator/v1/0000_10_config-operator_*.yaml /manifests #COPY payload-command/empty-resources /manifests -# TODO uncomment after all the other "add a new image" steps are complete. -#LABEL io.openshift.release.operator true +LABEL io.openshift.release.operator true diff --git a/vendor/github.com/openshift/api/OWNERS b/vendor/github.com/openshift/api/OWNERS index ce5e8dc337..2e956a47dd 100644 --- a/vendor/github.com/openshift/api/OWNERS +++ b/vendor/github.com/openshift/api/OWNERS @@ -1,29 +1,19 @@ reviewers: - - adambkaplan - - abhinavdahiya - - smarterclayton - deads2k - derekwaynecarr - - eparis - JoelSpeed - - jwforres - knobunc - sjenning - mfojtik - soltysh - - sttts - bparees approvers: - bparees - deads2k - derekwaynecarr - - eparis - JoelSpeed - - jwforres - knobunc - mfojtik - sjenning - - smarterclayton - soltysh - spadgett - - sttts diff --git a/vendor/github.com/openshift/api/build/v1/consts.go b/vendor/github.com/openshift/api/build/v1/consts.go index 3310b9e0a8..0d9c8f03b3 100644 --- a/vendor/github.com/openshift/api/build/v1/consts.go +++ b/vendor/github.com/openshift/api/build/v1/consts.go @@ -164,9 +164,11 @@ const ( StatusReasonBuildPodEvicted StatusReason = "BuildPodEvicted" ) -// env vars -// WhitelistEnvVarNames is a list of special env vars allows s2i containers -var WhitelistEnvVarNames = []string{"BUILD_LOGLEVEL", "GIT_SSL_NO_VERIFY", "HTTP_PROXY", "HTTPS_PROXY", "LANG", "NO_PROXY"} +// WhitelistEnvVarNames is a list of environment variable names that are allowed to be specified +// in a buildconfig and merged into the created build pods, the code for this is located in +// openshift/openshift-controller-manager +var WhitelistEnvVarNames = []string{"BUILD_LOGLEVEL", "GIT_SSL_NO_VERIFY", "GIT_LFS_SKIP_SMUDGE", "LANG", + "HTTP_PROXY", "HTTPS_PROXY", "NO_PROXY", "http_proxy", "https_proxy", "no_proxy"} // env vars const ( diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml index 7cf29c2a84..9beee903a0 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -86,6 +86,7 @@ spec: - v4.12 - v4.13 - v4.14 + - v4.15 - vCurrent channel: description: channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters. diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml index 1895f9d33e..6bff43a781 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml @@ -129,11 +129,11 @@ spec: description: name is the metadata.name of the referenced secret type: string tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12." + description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12." type: object properties: custom: - description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1" + description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: VersionTLS11" type: object properties: ciphers: @@ -142,7 +142,7 @@ spec: items: type: string minTLSVersion: - description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" + description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" type: string enum: - VersionTLS10 @@ -151,15 +151,15 @@ spec: - VersionTLS13 nullable: true intermediate: - description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2" + description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12" type: object nullable: true modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: VersionTLS13 \n NOTE: Currently unsupported." type: object nullable: true old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10" type: object nullable: true type: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-Default.crd.yaml index 7edc7f23a7..bcf63f749c 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-Default.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-Default.crd.yaml @@ -129,11 +129,11 @@ spec: description: name is the metadata.name of the referenced secret type: string tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12." + description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12." type: object properties: custom: - description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1" + description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: VersionTLS11" type: object properties: ciphers: @@ -142,7 +142,7 @@ spec: items: type: string minTLSVersion: - description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" + description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" type: string enum: - VersionTLS10 @@ -151,15 +151,15 @@ spec: - VersionTLS13 nullable: true intermediate: - description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2" + description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12" type: object nullable: true modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: VersionTLS13 \n NOTE: Currently unsupported." type: object nullable: true old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10" type: object nullable: true type: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-TechPreviewNoUpgrade.crd.yaml index 8ce5214c1d..e5adf12046 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-TechPreviewNoUpgrade.crd.yaml @@ -129,11 +129,11 @@ spec: description: name is the metadata.name of the referenced secret type: string tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12." + description: "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. \n If unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12." type: object properties: custom: - description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1" + description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: VersionTLS11" type: object properties: ciphers: @@ -142,7 +142,7 @@ spec: items: type: string minTLSVersion: - description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" + description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" type: string enum: - VersionTLS10 @@ -151,15 +151,15 @@ spec: - VersionTLS13 nullable: true intermediate: - description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2" + description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12" type: object nullable: true modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: VersionTLS13 \n NOTE: Currently unsupported." type: object nullable: true old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10" type: object nullable: true type: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-CustomNoUpgrade.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-CustomNoUpgrade.yaml new file mode 100644 index 0000000000..b7954d79a6 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-CustomNoUpgrade.yaml @@ -0,0 +1,219 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade + name: authentications.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Authentication + listKind: AuthenticationList + plural: authentications + singular: authentication + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + "schema": + "openAPIV3Schema": + description: "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + oauthMetadata: + description: 'oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + oidcProviders: + description: "OIDCProviders are OIDC identity providers that can issue tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". \n At most one provider can be configured." + type: array + maxItems: 1 + items: + type: object + required: + - issuer + - name + properties: + claimMappings: + description: ClaimMappings describes rules on how to transform information from an ID token into a cluster identity + type: object + properties: + groups: + description: Groups is a name of the claim that should be used to construct groups for the cluster identity. The referenced claim must use array of strings values. + type: object + required: + - claim + properties: + claim: + description: Claim is a JWT token claim to be used in the mapping + type: string + prefix: + description: "Prefix is a string to prefix the value from the token in the result of the claim mapping. \n By default, no prefixing occurs. \n Example: if `prefix` is set to \"myoidc:\"\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"." + type: string + username: + description: "Username is a name of the claim that should be used to construct usernames for the cluster identity. \n Default value: \"sub\"" + type: object + required: + - claim + properties: + claim: + description: Claim is a JWT token claim to be used in the mapping + type: string + prefix: + type: object + required: + - prefixString + properties: + prefixString: + type: string + minLength: 1 + prefixPolicy: + description: "PrefixPolicy specifies how a prefix should apply. \n By default, claims other than `email` will be prefixed with the issuer URL to prevent naming clashes with other plugins. \n Set to \"NoPrefix\" to disable prefixing. \n Example: (1) `prefix` is set to \"myoidc:\" and `claim` is set to \"username\". If the JWT claim `username` contains value `userA`, the resulting mapped value will be \"myoidc:userA\". (2) `prefix` is set to \"myoidc:\" and `claim` is set to \"email\". If the JWT `email` claim contains value \"userA@myoidc.tld\", the resulting mapped value will be \"myoidc:userA@myoidc.tld\". (3) `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\", and `claim` is set to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" (b) \"email\": the mapped value will be \"userA@myoidc.tld\"" + type: string + enum: + - "" + - NoPrefix + - Prefix + x-kubernetes-validations: + - rule: 'has(self.prefixPolicy) && self.prefixPolicy == ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) > 0) : !has(self.prefix)' + message: prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise + claimValidationRules: + description: ClaimValidationRules are rules that are applied to validate token claims to authenticate users. + type: array + items: + type: object + properties: + requiredClaim: + description: RequiredClaim allows configuring a required claim name and its expected value + type: object + required: + - claim + - requiredValue + properties: + claim: + description: Claim is a name of a required claim. Only claims with string values are supported. + type: string + minLength: 1 + requiredValue: + description: RequiredValue is the required value for the claim. + type: string + minLength: 1 + type: + description: Type sets the type of the validation rule + type: string + default: RequiredClaim + enum: + - RequiredClaim + x-kubernetes-list-type: atomic + issuer: + description: Issuer describes atributes of the OIDC token issuer + type: object + required: + - audiences + - issuerURL + properties: + audiences: + description: Audiences is an array of audiences that the token was issued for. Valid tokens must include at least one of these values in their "aud" claim. Must be set to exactly one value. + type: array + maxItems: 1 + items: + type: string + minLength: 1 + x-kubernetes-list-type: set + issuerCertificateAuthority: + description: CertificateAuthority is a reference to a config map in the configuration namespace. The .data of the configMap must contain the "ca-bundle.crt" key. If unset, system trust is used instead. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + issuerURL: + description: URL is the serving URL of the token issuer. Must use the https:// scheme. + type: string + pattern: ^https:\/\/[^\s] + name: + description: Name of the OIDC provider + type: string + minLength: 1 + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceAccountIssuer: + description: 'serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.' + type: string + type: + description: type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth. + type: string + webhookTokenAuthenticator: + description: "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. \n Can only be set if \"Type\" is set to \"None\"." + type: object + required: + - kubeConfig + properties: + kubeConfig: + description: "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config. \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication \n The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored." + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + webhookTokenAuthenticators: + description: webhookTokenAuthenticators is DEPRECATED, setting it has no effect. + type: array + items: + description: deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field. + type: object + properties: + kubeConfig: + description: 'kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + x-kubernetes-list-type: atomic + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + integratedOAuthMetadata: + description: 'integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-TechPreviewNoUpgrade.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-TechPreviewNoUpgrade.yaml new file mode 100644 index 0000000000..e8047a40ba --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-TechPreviewNoUpgrade.yaml @@ -0,0 +1,219 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: authentications.config.openshift.io +spec: + group: config.openshift.io + names: + kind: Authentication + listKind: AuthenticationList + plural: authentications + singular: authentication + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + "schema": + "openAPIV3Schema": + description: "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + oauthMetadata: + description: 'oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key "oauthMetadata" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + oidcProviders: + description: "OIDCProviders are OIDC identity providers that can issue tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". \n At most one provider can be configured." + type: array + maxItems: 1 + items: + type: object + required: + - issuer + - name + properties: + claimMappings: + description: ClaimMappings describes rules on how to transform information from an ID token into a cluster identity + type: object + properties: + groups: + description: Groups is a name of the claim that should be used to construct groups for the cluster identity. The referenced claim must use array of strings values. + type: object + required: + - claim + properties: + claim: + description: Claim is a JWT token claim to be used in the mapping + type: string + prefix: + description: "Prefix is a string to prefix the value from the token in the result of the claim mapping. \n By default, no prefixing occurs. \n Example: if `prefix` is set to \"myoidc:\"\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"." + type: string + username: + description: "Username is a name of the claim that should be used to construct usernames for the cluster identity. \n Default value: \"sub\"" + type: object + required: + - claim + properties: + claim: + description: Claim is a JWT token claim to be used in the mapping + type: string + prefix: + type: object + required: + - prefixString + properties: + prefixString: + type: string + minLength: 1 + prefixPolicy: + description: "PrefixPolicy specifies how a prefix should apply. \n By default, claims other than `email` will be prefixed with the issuer URL to prevent naming clashes with other plugins. \n Set to \"NoPrefix\" to disable prefixing. \n Example: (1) `prefix` is set to \"myoidc:\" and `claim` is set to \"username\". If the JWT claim `username` contains value `userA`, the resulting mapped value will be \"myoidc:userA\". (2) `prefix` is set to \"myoidc:\" and `claim` is set to \"email\". If the JWT `email` claim contains value \"userA@myoidc.tld\", the resulting mapped value will be \"myoidc:userA@myoidc.tld\". (3) `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\", and `claim` is set to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" (b) \"email\": the mapped value will be \"userA@myoidc.tld\"" + type: string + enum: + - "" + - NoPrefix + - Prefix + x-kubernetes-validations: + - rule: 'has(self.prefixPolicy) && self.prefixPolicy == ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) > 0) : !has(self.prefix)' + message: prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise + claimValidationRules: + description: ClaimValidationRules are rules that are applied to validate token claims to authenticate users. + type: array + items: + type: object + properties: + requiredClaim: + description: RequiredClaim allows configuring a required claim name and its expected value + type: object + required: + - claim + - requiredValue + properties: + claim: + description: Claim is a name of a required claim. Only claims with string values are supported. + type: string + minLength: 1 + requiredValue: + description: RequiredValue is the required value for the claim. + type: string + minLength: 1 + type: + description: Type sets the type of the validation rule + type: string + default: RequiredClaim + enum: + - RequiredClaim + x-kubernetes-list-type: atomic + issuer: + description: Issuer describes atributes of the OIDC token issuer + type: object + required: + - audiences + - issuerURL + properties: + audiences: + description: Audiences is an array of audiences that the token was issued for. Valid tokens must include at least one of these values in their "aud" claim. Must be set to exactly one value. + type: array + maxItems: 1 + items: + type: string + minLength: 1 + x-kubernetes-list-type: set + issuerCertificateAuthority: + description: CertificateAuthority is a reference to a config map in the configuration namespace. The .data of the configMap must contain the "ca-bundle.crt" key. If unset, system trust is used instead. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string + issuerURL: + description: URL is the serving URL of the token issuer. Must use the https:// scheme. + type: string + pattern: ^https:\/\/[^\s] + name: + description: Name of the OIDC provider + type: string + minLength: 1 + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceAccountIssuer: + description: 'serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.' + type: string + type: + description: type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth. + type: string + webhookTokenAuthenticator: + description: "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. \n Can only be set if \"Type\" is set to \"None\"." + type: object + required: + - kubeConfig + properties: + kubeConfig: + description: "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config. \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication \n The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored." + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + webhookTokenAuthenticators: + description: webhookTokenAuthenticators is DEPRECATED, setting it has no effect. + type: array + items: + description: deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field. + type: object + properties: + kubeConfig: + description: 'kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key "kubeConfig" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + x-kubernetes-list-type: atomic + status: + description: status holds observed values from the cluster. They may not be overridden. + type: object + properties: + integratedOAuthMetadata: + description: 'integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw ''/.well-known/oauth-authorization-server'' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key "oauthMetadata" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config map + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml index facf7c6b09..b0cd9e67fc 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml @@ -6,6 +6,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: Default name: authentications.config.openshift.io spec: group: config.openshift.io @@ -52,7 +53,7 @@ spec: description: type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth. type: string webhookTokenAuthenticator: - description: webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. + description: "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service. \n Can only be set if \"Type\" is set to \"None\"." type: object required: - kubeConfig @@ -82,6 +83,7 @@ spec: name: description: name is the metadata.name of the referenced secret type: string + x-kubernetes-list-type: atomic status: description: status holds observed values from the cluster. They may not be overridden. type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml index 1b96b19c7e..177d4b203f 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml @@ -72,7 +72,46 @@ spec: type: object baremetal: description: BareMetal contains settings specific to the BareMetal platform. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' equinixMetal: description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. type: object @@ -99,6 +138,80 @@ spec: nutanix: description: Nutanix contains settings specific to the Nutanix infrastructure provider. properties: + failureDomains: + description: failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster. + items: + description: NutanixFailureDomain configures failure domain information for the Nutanix platform. + properties: + cluster: + description: cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API. + properties: + name: + description: name is the resource name in the PC. It cannot be empty if the type is Name. + type: string + type: + description: type is the identifier type to use for this resource. + enum: + - UUID + - Name + type: string + uuid: + description: uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID. + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: uuid configuration is required when type is UUID, and forbidden otherwise + rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) : !has(self.uuid)' + - message: name configuration is required when type is Name, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) : !has(self.name)' + name: + description: name defines the unique name of a failure domain. Name is required and must be at most 64 characters in length. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. This value is arbitrary and is used to identify the failure domain within the platform. + maxLength: 64 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + type: string + subnets: + description: subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API. + items: + description: NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.) + properties: + name: + description: name is the resource name in the PC. It cannot be empty if the type is Name. + type: string + type: + description: type is the identifier type to use for this resource. + enum: + - UUID + - Name + type: string + uuid: + description: uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID. + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: uuid configuration is required when type is UUID, and forbidden otherwise + rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) : !has(self.uuid)' + - message: name configuration is required when type is Name, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) : !has(self.name)' + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + required: + - cluster + - name + - subnets + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map prismCentral: description: prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. properties: @@ -156,7 +269,46 @@ spec: type: object openstack: description: OpenStack contains settings specific to the OpenStack infrastructure provider. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' ovirt: description: Ovirt contains settings specific to the oVirt infrastructure provider. type: object @@ -210,6 +362,18 @@ spec: vsphere: description: VSphere contains settings specific to the VSphere infrastructure provider. properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' failureDomains: description: failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used. items: @@ -268,6 +432,12 @@ spec: maxLength: 2048 pattern: ^/.*?/host/.*?/Resources.* type: string + template: + description: "template is the full inventory path of the virtual machine or template that will be cloned when creating new machines in this failure domain. The maximum length of the path is 2048 characters. \n When omitted, the template will be calculated by the control plane machineset operator based on the region and zone defined in VSpherePlatformFailureDomainSpec. For example, for zone=zonea, region=region1, and infrastructure name=test, the template path would be calculated as //vm/test-rhcos-region1-zonea." + maxLength: 2048 + minLength: 1 + pattern: ^/.*?/vm/.*? + type: string required: - computeCluster - datacenter @@ -287,6 +457,27 @@ spec: - zone type: object type: array + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set nodeNetworking: description: nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found. properties: @@ -362,6 +553,11 @@ spec: minItems: 0 type: array type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' type: object type: object status: @@ -599,6 +795,15 @@ spec: - message: type is immutable once set rule: oldSelf == '' || self == oldSelf type: object + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string @@ -640,6 +845,16 @@ spec: gcp: description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. properties: + clusterHostedDNS: + default: Disabled + description: clusterHostedDNS indicates the type of DNS solution in use within the cluster. Its default value of "Disabled" indicates that the cluster's DNS is the default provided by the cloud platform. It can be "Enabled" during install to bypass the configuration of the cloud default DNS. When "Enabled", the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed. The cluster's use of the cloud's Load Balancers is unaffected by this setting. The value is immutable after it has been set at install time. Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS. Enabling this functionality allows the user to start their own DNS solution outside the cluster after installation is complete. The customer would be responsible for configuring this custom DNS solution, and it can be run in addition to the in-cluster DNS solution. + enum: + - Enabled + - Disabled + type: string + x-kubernetes-validations: + - message: clusterHostedDNS is immutable and may only be configured during installation + rule: self == oldSelf projectID: description: resourceGroupName is the Project ID for new GCP resources created for the cluster. type: string @@ -655,7 +870,7 @@ spec: description: key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`. maxLength: 63 minLength: 1 - pattern: ^[a-z][0-9a-z_-]+$ + pattern: ^[a-z][0-9a-z_-]{0,62}$ type: string x-kubernetes-validations: - message: label keys must not start with either `openshift-io` or `kubernetes-io` @@ -664,7 +879,7 @@ spec: description: value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. maxLength: 63 minLength: 1 - pattern: ^[0-9a-z_-]+$ + pattern: ^[0-9a-z_-]{1,63}$ type: string required: - key @@ -744,9 +959,19 @@ spec: description: IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services. properties: name: - description: name is the name of the IBM Cloud service. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com` - maxLength: 32 - pattern: ^[a-zA-Z0-9-]+$ + description: 'name is the name of the IBM Cloud service. Possible values are: CIS, COS, DNSServices, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`' + enum: + - CIS + - COS + - DNSServices + - GlobalSearch + - GlobalTagging + - HyperProtect + - IAM + - KeyProtect + - ResourceController + - ResourceManager + - VPC type: string url: description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. @@ -855,6 +1080,15 @@ spec: - message: type is immutable once set rule: oldSelf == '' || self == oldSelf type: object + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string @@ -1008,6 +1242,15 @@ spec: - message: type is immutable once set rule: oldSelf == '' || self == oldSelf type: object + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml index 8e58063098..2993f2f5c0 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml @@ -72,7 +72,46 @@ spec: type: object baremetal: description: BareMetal contains settings specific to the BareMetal platform. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' equinixMetal: description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. type: object @@ -99,6 +138,80 @@ spec: nutanix: description: Nutanix contains settings specific to the Nutanix infrastructure provider. properties: + failureDomains: + description: failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster. + items: + description: NutanixFailureDomain configures failure domain information for the Nutanix platform. + properties: + cluster: + description: cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API. + properties: + name: + description: name is the resource name in the PC. It cannot be empty if the type is Name. + type: string + type: + description: type is the identifier type to use for this resource. + enum: + - UUID + - Name + type: string + uuid: + description: uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID. + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: uuid configuration is required when type is UUID, and forbidden otherwise + rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) : !has(self.uuid)' + - message: name configuration is required when type is Name, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) : !has(self.name)' + name: + description: name defines the unique name of a failure domain. Name is required and must be at most 64 characters in length. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. This value is arbitrary and is used to identify the failure domain within the platform. + maxLength: 64 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + type: string + subnets: + description: subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API. + items: + description: NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.) + properties: + name: + description: name is the resource name in the PC. It cannot be empty if the type is Name. + type: string + type: + description: type is the identifier type to use for this resource. + enum: + - UUID + - Name + type: string + uuid: + description: uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID. + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: uuid configuration is required when type is UUID, and forbidden otherwise + rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) : !has(self.uuid)' + - message: name configuration is required when type is Name, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) : !has(self.name)' + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + required: + - cluster + - name + - subnets + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map prismCentral: description: prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. properties: @@ -156,7 +269,46 @@ spec: type: object openstack: description: OpenStack contains settings specific to the OpenStack infrastructure provider. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' ovirt: description: Ovirt contains settings specific to the oVirt infrastructure provider. type: object @@ -210,6 +362,18 @@ spec: vsphere: description: VSphere contains settings specific to the VSphere infrastructure provider. properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' failureDomains: description: failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used. items: @@ -287,6 +451,27 @@ spec: - zone type: object type: array + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set nodeNetworking: description: nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found. properties: @@ -362,6 +547,11 @@ spec: minItems: 0 type: array type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' type: object type: object status: @@ -583,6 +773,15 @@ spec: type: string maxItems: 2 type: array + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string @@ -655,9 +854,19 @@ spec: description: IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services. properties: name: - description: name is the name of the IBM Cloud service. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com` - maxLength: 32 - pattern: ^[a-zA-Z0-9-]+$ + description: 'name is the name of the IBM Cloud service. Possible values are: CIS, COS, DNSServices, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`' + enum: + - CIS + - COS + - DNSServices + - GlobalSearch + - GlobalTagging + - HyperProtect + - IAM + - KeyProtect + - ResourceController + - ResourceManager + - VPC type: string url: description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. @@ -750,6 +959,15 @@ spec: - message: type is immutable once set rule: oldSelf == '' || self == oldSelf type: object + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string @@ -871,6 +1089,15 @@ spec: type: string maxItems: 2 type: array + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml index 1b84d0ae6f..2936c90fde 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml @@ -72,7 +72,46 @@ spec: type: object baremetal: description: BareMetal contains settings specific to the BareMetal platform. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' equinixMetal: description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. type: object @@ -99,6 +138,80 @@ spec: nutanix: description: Nutanix contains settings specific to the Nutanix infrastructure provider. properties: + failureDomains: + description: failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster. + items: + description: NutanixFailureDomain configures failure domain information for the Nutanix platform. + properties: + cluster: + description: cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API. + properties: + name: + description: name is the resource name in the PC. It cannot be empty if the type is Name. + type: string + type: + description: type is the identifier type to use for this resource. + enum: + - UUID + - Name + type: string + uuid: + description: uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID. + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: uuid configuration is required when type is UUID, and forbidden otherwise + rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) : !has(self.uuid)' + - message: name configuration is required when type is Name, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) : !has(self.name)' + name: + description: name defines the unique name of a failure domain. Name is required and must be at most 64 characters in length. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. This value is arbitrary and is used to identify the failure domain within the platform. + maxLength: 64 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + type: string + subnets: + description: subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API. + items: + description: NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.) + properties: + name: + description: name is the resource name in the PC. It cannot be empty if the type is Name. + type: string + type: + description: type is the identifier type to use for this resource. + enum: + - UUID + - Name + type: string + uuid: + description: uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID. + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: uuid configuration is required when type is UUID, and forbidden otherwise + rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) : !has(self.uuid)' + - message: name configuration is required when type is Name, and forbidden otherwise + rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) : !has(self.name)' + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + required: + - cluster + - name + - subnets + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map prismCentral: description: prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. properties: @@ -156,7 +269,46 @@ spec: type: object openstack: description: OpenStack contains settings specific to the OpenStack infrastructure provider. + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' ovirt: description: Ovirt contains settings specific to the oVirt infrastructure provider. type: object @@ -210,6 +362,18 @@ spec: vsphere: description: VSphere contains settings specific to the VSphere infrastructure provider. properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' failureDomains: description: failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used. items: @@ -268,6 +432,12 @@ spec: maxLength: 2048 pattern: ^/.*?/host/.*?/Resources.* type: string + template: + description: "template is the full inventory path of the virtual machine or template that will be cloned when creating new machines in this failure domain. The maximum length of the path is 2048 characters. \n When omitted, the template will be calculated by the control plane machineset operator based on the region and zone defined in VSpherePlatformFailureDomainSpec. For example, for zone=zonea, region=region1, and infrastructure name=test, the template path would be calculated as //vm/test-rhcos-region1-zonea." + maxLength: 2048 + minLength: 1 + pattern: ^/.*?/vm/.*? + type: string required: - computeCluster - datacenter @@ -287,6 +457,27 @@ spec: - zone type: object type: array + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + type: string + maxItems: 2 + type: array + x-kubernetes-list-type: set + x-kubernetes-validations: + - message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set nodeNetworking: description: nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found. properties: @@ -362,6 +553,11 @@ spec: minItems: 0 type: array type: object + x-kubernetes-validations: + - message: apiServerInternalIPs list is required once set + rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + - message: ingressIPs list is required once set + rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' type: object type: object status: @@ -599,6 +795,15 @@ spec: - message: type is immutable once set rule: oldSelf == '' || self == oldSelf type: object + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string @@ -640,6 +845,16 @@ spec: gcp: description: GCP contains settings specific to the Google Cloud Platform infrastructure provider. properties: + clusterHostedDNS: + default: Disabled + description: clusterHostedDNS indicates the type of DNS solution in use within the cluster. Its default value of "Disabled" indicates that the cluster's DNS is the default provided by the cloud platform. It can be "Enabled" during install to bypass the configuration of the cloud default DNS. When "Enabled", the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed. The cluster's use of the cloud's Load Balancers is unaffected by this setting. The value is immutable after it has been set at install time. Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS. Enabling this functionality allows the user to start their own DNS solution outside the cluster after installation is complete. The customer would be responsible for configuring this custom DNS solution, and it can be run in addition to the in-cluster DNS solution. + enum: + - Enabled + - Disabled + type: string + x-kubernetes-validations: + - message: clusterHostedDNS is immutable and may only be configured during installation + rule: self == oldSelf projectID: description: resourceGroupName is the Project ID for new GCP resources created for the cluster. type: string @@ -655,7 +870,7 @@ spec: description: key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`. maxLength: 63 minLength: 1 - pattern: ^[a-z][0-9a-z_-]+$ + pattern: ^[a-z][0-9a-z_-]{0,62}$ type: string x-kubernetes-validations: - message: label keys must not start with either `openshift-io` or `kubernetes-io` @@ -664,7 +879,7 @@ spec: description: value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. maxLength: 63 minLength: 1 - pattern: ^[0-9a-z_-]+$ + pattern: ^[0-9a-z_-]{1,63}$ type: string required: - key @@ -744,9 +959,19 @@ spec: description: IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services. properties: name: - description: name is the name of the IBM Cloud service. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com` - maxLength: 32 - pattern: ^[a-zA-Z0-9-]+$ + description: 'name is the name of the IBM Cloud service. Possible values are: CIS, COS, DNSServices, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`' + enum: + - CIS + - COS + - DNSServices + - GlobalSearch + - GlobalTagging + - HyperProtect + - IAM + - KeyProtect + - ResourceController + - ResourceManager + - VPC type: string url: description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. @@ -855,6 +1080,15 @@ spec: - message: type is immutable once set rule: oldSelf == '' || self == oldSelf type: object + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string @@ -1008,6 +1242,15 @@ spec: - message: type is immutable once set rule: oldSelf == '' || self == oldSelf type: object + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + maxItems: 32 + type: array + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string diff --git a/vendor/github.com/openshift/api/config/v1/custom.authentication.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.authentication.testsuite.yaml new file mode 100644 index 0000000000..aceb3ebd65 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/custom.authentication.testsuite.yaml @@ -0,0 +1,14 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[CustomNoUpgrade] Authentication" +crd: 0000_10_config-operator_01_authentication.crd-CustomNoUpgrade.yaml +tests: + onCreate: + - name: Should be able to create a minimal Authentication + initial: | + apiVersion: config.openshift.io/v1 + kind: Authentication + spec: {} # No spec is required for a Authentication + expected: | + apiVersion: config.openshift.io/v1 + kind: Authentication + spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/feature_gates.go b/vendor/github.com/openshift/api/config/v1/feature_gates.go index 158487b5a8..6dc53fd427 100644 --- a/vendor/github.com/openshift/api/config/v1/feature_gates.go +++ b/vendor/github.com/openshift/api/config/v1/feature_gates.go @@ -53,16 +53,6 @@ var ( OwningProduct: ocpSpecific, } - FeatureGateRetroactiveDefaultStorageClass = FeatureGateName("RetroactiveDefaultStorageClass") - retroactiveDefaultStorageClass = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateRetroactiveDefaultStorageClass, - }, - OwningJiraComponent: "storage", - ResponsiblePerson: "RomanBednar", - OwningProduct: kubernetes, - } - FeatureGateExternalCloudProvider = FeatureGateName("ExternalCloudProvider") externalCloudProvider = FeatureGateDescription{ FeatureGateAttributes: FeatureGateAttributes{ @@ -291,4 +281,74 @@ var ( ResponsiblePerson: "msluiter", OwningProduct: ocpSpecific, } + + FeatureGateDNSNameResolver = FeatureGateName("DNSNameResolver") + dnsNameResolver = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateDNSNameResolver, + }, + OwningJiraComponent: "dns", + ResponsiblePerson: "miciah", + OwningProduct: ocpSpecific, + } + + FeatureGateVSphereControlPlaneMachineset = FeatureGateName("VSphereControlPlaneMachineSet") + vSphereControlPlaneMachineset = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateVSphereControlPlaneMachineset, + }, + OwningJiraComponent: "splat", + ResponsiblePerson: "rvanderp3", + OwningProduct: ocpSpecific, + } + + FeatureGateMachineConfigNodes = FeatureGateName("MachineConfigNodes") + machineConfigNodes = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateMachineConfigNodes, + }, + OwningJiraComponent: "MachineConfigOperator", + ResponsiblePerson: "cdoern", + OwningProduct: ocpSpecific, + } + + FeatureGateClusterAPIInstall = FeatureGateName("ClusterAPIInstall") + clusterAPIInstall = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateClusterAPIInstall, + }, + OwningJiraComponent: "Installer", + ResponsiblePerson: "vincepri", + OwningProduct: ocpSpecific, + } + + FeatureGateMetricsServer = FeatureGateName("MetricsServer") + metricsServer = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateMetricsServer, + }, + OwningJiraComponent: "Monitoring", + ResponsiblePerson: "slashpai", + OwningProduct: ocpSpecific, + } + + FeatureGateInstallAlternateInfrastructureAWS = FeatureGateName("InstallAlternateInfrastructureAWS") + installAlternateInfrastructureAWS = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateInstallAlternateInfrastructureAWS, + }, + OwningJiraComponent: "Installer", + ResponsiblePerson: "padillon", + OwningProduct: ocpSpecific, + } + + FeatureGateGCPClusterHostedDNS = FeatureGateName("GCPClusterHostedDNS") + gcpClusterHostedDNS = FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: FeatureGateGCPClusterHostedDNS, + }, + OwningJiraComponent: "Installer", + ResponsiblePerson: "barbacbd", + OwningProduct: ocpSpecific, + } ) diff --git a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml index 99b11b0894..9d0861b68b 100644 --- a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml @@ -12,6 +12,176 @@ tests: apiVersion: config.openshift.io/v1 kind: Infrastructure spec: {} + - name: Should be able to pass 2 IP addresses to apiServerInternalIPs in the platform spec + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + apiServerInternalIPs: + - 192.0.2.1 + - "2001:db8::1" + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + apiServerInternalIPs: + - 192.0.2.1 + - "2001:db8::1" + - name: Should not be able to pass not-an-IP to apiServerInternalIPs in the platform spec + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + apiServerInternalIPs: + - not-an-ip-address + expectedError: "Invalid value: \"not-an-ip-address\"" + - name: Should not be able to pass 2 IPv4 addresses to apiServerInternalIPs in the platform spec + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + apiServerInternalIPs: + - 192.0.2.1 + - 192.0.2.2 + expectedError: "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" + - name: Should not be able to pass 2 IPv6 addresses to apiServerInternalIPs in the platform spec + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + apiServerInternalIPs: + - "2001:db8::1" + - "2001:db8::2" + expectedError: "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" + - name: Should not be able to pass more than 2 entries to apiServerInternalIPs in the platform spec + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + apiServerInternalIPs: + - 192.0.2.1 + - "2001:db8::1" + - 192.0.2.2 + expectedError: "Too many: 3: must have at most 2 items" + - name: Should be able to pass 2 IP addresses to ingressIPs in the platform spec + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + ingressIPs: + - 192.0.2.1 + - "2001:db8::1" + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + ingressIPs: + - 192.0.2.1 + - "2001:db8::1" + - name: Should not be able to pass not-an-IP to ingressIPs in the platform spec + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + ingressIPs: + - not-an-ip-address + expectedError: "Invalid value: \"not-an-ip-address\"" + - name: Should not be able to pass 2 IPv4 addresses to ingressIPs in the platform spec + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + ingressIPs: + - 192.0.2.1 + - 192.0.2.2 + expectedError: "ingressIPs must contain at most one IPv4 address and at most one IPv6 address" + - name: Should not be able to pass 2 IPv6 addresses to ingressIPs in the platform spec + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + ingressIPs: + - "2001:db8::1" + - "2001:db8::2" + expectedError: "ingressIPs must contain at most one IPv4 address and at most one IPv6 address" + - name: Should not be able to pass more than 2 entries to ingressIPs in the platform spec + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + ingressIPs: + - 192.0.2.1 + - "2001:db8::1" + - 192.0.2.2 + expectedError: "Too many: 3: must have at most 2 items" + - name: Should be able to pass 2 IP subnets addresses to machineNetworks in the platform spec + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + machineNetworks: + - "192.0.2.0/24" + - "2001:db8::0/32" + expected: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + machineNetworks: + - "192.0.2.0/24" + - "2001:db8::0/32" + - name: Should not be able to pass not-a-CIDR to machineNetworks in the platform spec + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: + platformSpec: + type: BareMetal + baremetal: + machineNetworks: + - 192.0.2.1 + expectedError: "Invalid value: \"192.0.2.1\"" onUpdate: - name: Should be able to change External platformName from unknown to something else initial: | @@ -993,9 +1163,9 @@ tests: type: IBMCloud ibmcloud: serviceEndpoints: - - name: DummyVPC + - name: VPC url: https://dummy.vpc.com - - name: DummyCOS + - name: COS url: https://dummy.cos.com expected: | apiVersion: config.openshift.io/v1 @@ -1010,9 +1180,9 @@ tests: type: IBMCloud ibmcloud: serviceEndpoints: - - name: DummyVPC + - name: VPC url: https://dummy.vpc.com - - name: DummyCOS + - name: COS url: https://dummy.cos.com - name: Should not be able to add empty (URL) ServiceEndpoints to IBMCloud PlatformStatus initial: | @@ -1035,7 +1205,7 @@ tests: type: IBMCloud ibmcloud: serviceEndpoints: - - name: EmptyCOS + - name: COS url: " " expectedStatusError: " status.platformStatus.ibmcloud.serviceEndpoints[0].url: Invalid value: \"string\": url must be a valid absolute URL" - name: Should not be able to add invalid (URL) ServiceEndpoints to IBMCloud PlatformStatus @@ -1059,8 +1229,34 @@ tests: type: IBMCloud ibmcloud: serviceEndpoints: - - name: DummyVPC + - name: VPC url: https://dummy.vpc.com - - name: BadCOS + - name: COS url: dummy-cos-com expectedStatusError: " status.platformStatus.ibmcloud.serviceEndpoints[1].url: Invalid value: \"string\": url must be a valid absolute URL" + - name: Should not be able to add invalid (Name) ServiceEndpoints to IBMCloud PlatformStatus + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: IBMCloud + platformStatus: + type: IBMCloud + ibmcloud: + serviceEndpoints: [] + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: IBMCloud + platformStatus: + type: IBMCloud + ibmcloud: + serviceEndpoints: + - name: VPC + url: https://dummy.vpc.com + - name: BadService + url: https://bad-service.com + expectedStatusError: " status.platformStatus.ibmcloud.serviceEndpoints[1].name: Unsupported value: \"BadService\": supported values: \"CIS\", \"COS\", \"DNSServices\", \"GlobalSearch\", \"GlobalTagging\", \"HyperProtect\", \"IAM\", \"KeyProtect\", \"ResourceController\", \"ResourceManager\", \"VPC\"" diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.authentication.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.authentication.testsuite.yaml new file mode 100644 index 0000000000..b29790dbd6 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/techpreview.authentication.testsuite.yaml @@ -0,0 +1,110 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[TechPreviewNoUpgrade] Authentication" +crd: 0000_10_config-operator_01_authentication.crd-TechPreviewNoUpgrade.yaml +tests: + onCreate: + - name: Should be able to create a minimal Authentication + initial: | + apiVersion: config.openshift.io/v1 + kind: Authentication + spec: {} # No spec is required for a Authentication + expected: | + apiVersion: config.openshift.io/v1 + kind: Authentication + spec: {} + - name: Cannot set username claim prefix with policy NoPrefix + initial: | + apiVersion: config.openshift.io/v1 + kind: Authentication + spec: + type: OIDC + oidcProviders: + - name: myoidc + issuer: + issuerURL: https://meh.tld + audiences: ['openshift-aud'] + claimMappings: + username: + claim: "preferred_username" + prefixPolicy: NoPrefix + prefix: + prefixString: "myoidc:" + expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" + - name: Can set username claim prefix with policy Prefix + initial: | + apiVersion: config.openshift.io/v1 + kind: Authentication + spec: + type: OIDC + oidcProviders: + - name: myoidc + issuer: + issuerURL: https://meh.tld + audiences: ['openshift-aud'] + claimMappings: + username: + claim: "preferred_username" + prefixPolicy: Prefix + prefix: + prefixString: "myoidc:" + expected: | + apiVersion: config.openshift.io/v1 + kind: Authentication + spec: + type: OIDC + oidcProviders: + - name: myoidc + issuer: + issuerURL: https://meh.tld + audiences: ['openshift-aud'] + claimMappings: + username: + claim: "preferred_username" + prefixPolicy: Prefix + prefix: + prefixString: "myoidc:" + - name: Cannot leave username claim prefix blank with policy Prefix + initial: | + apiVersion: config.openshift.io/v1 + kind: Authentication + spec: + type: OIDC + oidcProviders: + - name: myoidc + issuer: + issuerURL: https://meh.tld + audiences: ['openshift-aud'] + claimMappings: + username: + claim: "preferred_username" + prefixPolicy: Prefix + expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" + - name: Can set OIDC providers with no username prefixing + initial: | + apiVersion: config.openshift.io/v1 + kind: Authentication + spec: + type: OIDC + oidcProviders: + - name: myoidc + issuer: + issuerURL: https://meh.tld + audiences: ['openshift-aud'] + claimMappings: + username: + claim: "preferred_username" + prefixPolicy: NoPrefix + expected: | + apiVersion: config.openshift.io/v1 + kind: Authentication + spec: + type: OIDC + oidcProviders: + - name: myoidc + issuer: + issuerURL: https://meh.tld + audiences: ['openshift-aud'] + claimMappings: + username: + claim: "preferred_username" + prefixPolicy: NoPrefix diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml index 7834e1f841..78501fb174 100644 --- a/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml +++ b/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml @@ -517,3 +517,48 @@ tests: resourceTags: - {parentID: "test-project-123", key: "key", value: "value"} expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" + - name: Should not be able to modify the cluster hosted dns value for GCP Platform Status + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + controlPlaneTopology: "HighlyAvailable" + infrastructureTopology: "HighlyAvailable" + platform: GCP + platformStatus: + type: GCP + gcp: + clusterHostedDNS: "Enabled" + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + clusterHostedDNS: "Disabled" + expectedStatusError: "status.platformStatus.gcp.clusterHostedDNS: Invalid value: \"string\": clusterHostedDNS is immutable and may only be configured during installation" + - name: Should not be able to remove GCP cluster hosted DNS from platformStatus.gcp + initial: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: + clusterHostedDNS: "Enabled" + updated: | + apiVersion: config.openshift.io/v1 + kind: Infrastructure + spec: {} + status: + platform: GCP + platformStatus: + type: GCP + gcp: {} + expectedStatusError: "status.platformStatus.gcp.clusterHostedDNS: Invalid value: \"string\": clusterHostedDNS is immutable and may only be configured during installation" diff --git a/vendor/github.com/openshift/api/config/v1/types.go b/vendor/github.com/openshift/api/config/v1/types.go index 56d00648ee..6fb1b9adc9 100644 --- a/vendor/github.com/openshift/api/config/v1/types.go +++ b/vendor/github.com/openshift/api/config/v1/types.go @@ -398,3 +398,33 @@ const ( // NoOpinionIncludeSubDomains means HSTS "includeSubDomains" doesn't matter to the RequiredHSTSPolicy NoOpinionIncludeSubDomains IncludeSubDomainsPolicy = "NoOpinion" ) + +// IBMCloudServiceName contains a value specifying the name of an IBM Cloud Service, +// which are used by MAPI, CIRO, CIO, Installer, etc. +// +kubebuilder:validation:Enum=CIS;COS;DNSServices;GlobalSearch;GlobalTagging;HyperProtect;IAM;KeyProtect;ResourceController;ResourceManager;VPC +type IBMCloudServiceName string + +const ( + // IBMCloudServiceCIS is the name for IBM Cloud CIS. + IBMCloudServiceCIS IBMCloudServiceName = "CIS" + // IBMCloudServiceCOS is the name for IBM Cloud COS. + IBMCloudServiceCOS IBMCloudServiceName = "COS" + // IBMCloudServiceDNSServices is the name for IBM Cloud DNS Services. + IBMCloudServiceDNSServices IBMCloudServiceName = "DNSServices" + // IBMCloudServiceGlobalSearch is the name for IBM Cloud Global Search. + IBMCloudServiceGlobalSearch IBMCloudServiceName = "GlobalSearch" + // IBMCloudServiceGlobalTagging is the name for IBM Cloud Global Tagging. + IBMCloudServiceGlobalTagging IBMCloudServiceName = "GlobalTagging" + // IBMCloudServiceHyperProtect is the name for IBM Cloud Hyper Protect. + IBMCloudServiceHyperProtect IBMCloudServiceName = "HyperProtect" + // IBMCloudServiceIAM is the name for IBM Cloud IAM. + IBMCloudServiceIAM IBMCloudServiceName = "IAM" + // IBMCloudServiceKeyProtect is the name for IBM Cloud Key Protect. + IBMCloudServiceKeyProtect IBMCloudServiceName = "KeyProtect" + // IBMCloudServiceResourceController is the name for IBM Cloud Resource Controller. + IBMCloudServiceResourceController IBMCloudServiceName = "ResourceController" + // IBMCloudServiceResourceManager is the name for IBM Cloud Resource Manager. + IBMCloudServiceResourceManager IBMCloudServiceName = "ResourceManager" + // IBMCloudServiceVPC is the name for IBM Cloud VPC. + IBMCloudServiceVPC IBMCloudServiceName = "VPC" +) diff --git a/vendor/github.com/openshift/api/config/v1/types_apiserver.go b/vendor/github.com/openshift/api/config/v1/types_apiserver.go index 5d18860c3a..59b89388bd 100644 --- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go +++ b/vendor/github.com/openshift/api/config/v1/types_apiserver.go @@ -54,7 +54,7 @@ type APIServerSpec struct { // // If unset, a default (which may change between releases) is chosen. Note that only Old, // Intermediate and Custom profiles are currently supported, and the maximum available - // MinTLSVersions is VersionTLS12. + // minTLSVersion is VersionTLS12. // +optional TLSSecurityProfile *TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` // audit specifies the settings for audit configuration to be applied to all OpenShift-provided diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index dd2ef6e0ae..72c346ce11 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -4,6 +4,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +genclient // +genclient:nonNamespaced +// +kubebuilder:subresource:status // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Authentication specifies cluster-wide settings for authentication (like OAuth and @@ -50,12 +51,16 @@ type AuthenticationSpec struct { OAuthMetadata ConfigMapNameReference `json:"oauthMetadata"` // webhookTokenAuthenticators is DEPRECATED, setting it has no effect. + // +listType=atomic WebhookTokenAuthenticators []DeprecatedWebhookTokenAuthenticator `json:"webhookTokenAuthenticators,omitempty"` // webhookTokenAuthenticator configures a remote token reviewer. // These remote authentication webhooks can be used to verify bearer tokens // via the tokenreviews.authentication.k8s.io REST API. This is required to // honor bearer tokens that are provisioned by an external authentication service. + // + // Can only be set if "Type" is set to "None". + // // +optional WebhookTokenAuthenticator *WebhookTokenAuthenticator `json:"webhookTokenAuthenticator,omitempty"` @@ -69,6 +74,18 @@ type AuthenticationSpec struct { // This allows internal components to transition to use new service account issuer without service distruption. // +optional ServiceAccountIssuer string `json:"serviceAccountIssuer"` + + // OIDCProviders are OIDC identity providers that can issue tokens + // for this cluster + // Can only be set if "Type" is set to "OIDC". + // + // At most one provider can be configured. + // + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=1 + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + OIDCProviders []OIDCProvider `json:"oidcProviders,omitempty"` } type AuthenticationStatus struct { @@ -110,15 +127,17 @@ type AuthenticationType string const ( // None means that no cluster managed authentication system is in place. // Note that user login will only work if a manually configured system is in place and - // referenced in authentication spec via oauthMetadata and webhookTokenAuthenticators. + // referenced in authentication spec via oauthMetadata and + // webhookTokenAuthenticator/oidcProviders AuthenticationTypeNone AuthenticationType = "None" // IntegratedOAuth refers to the cluster managed OAuth server. // It is configured via the top level OAuth config. AuthenticationTypeIntegratedOAuth AuthenticationType = "IntegratedOAuth" - // TODO if we add support for an in-cluster operator managed Keycloak instance - // AuthenticationTypeKeycloak AuthenticationType = "Keycloak" + // AuthenticationTypeOIDC refers to a configuration with an external + // OIDC server configured directly with the kube-apiserver. + AuthenticationTypeOIDC AuthenticationType = "OIDC" ) // deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. @@ -159,3 +178,177 @@ const ( // KubeConfigKey is the key for the kube config file data in a secret KubeConfigKey = "kubeConfig" ) + +type OIDCProvider struct { + // Name of the OIDC provider + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Required + // +required + Name string `json:"name"` + // Issuer describes atributes of the OIDC token issuer + // + // +kubebuilder:validation:Required + // +required + Issuer TokenIssuer `json:"issuer"` + + // ClaimMappings describes rules on how to transform information from an + // ID token into a cluster identity + ClaimMappings TokenClaimMappings `json:"claimMappings"` + + // ClaimValidationRules are rules that are applied to validate token claims to authenticate users. + // + // +listType=atomic + ClaimValidationRules []TokenClaimValidationRule `json:"claimValidationRules,omitempty"` +} + +// +kubebuilder:validation:MinLength=1 +type TokenAudience string + +type TokenIssuer struct { + // URL is the serving URL of the token issuer. + // Must use the https:// scheme. + // + // +kubebuilder:validation:Pattern=`^https:\/\/[^\s]` + // +kubebuilder:validation:Required + // +required + URL string `json:"issuerURL"` + + // Audiences is an array of audiences that the token was issued for. + // Valid tokens must include at least one of these values in their + // "aud" claim. + // Must be set to exactly one value. + // + // +listType=set + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxItems=1 + // +required + Audiences []TokenAudience `json:"audiences"` + + // CertificateAuthority is a reference to a config map in the + // configuration namespace. The .data of the configMap must contain + // the "ca-bundle.crt" key. + // If unset, system trust is used instead. + CertificateAuthority ConfigMapNameReference `json:"issuerCertificateAuthority"` +} + +type TokenClaimMappings struct { + // Username is a name of the claim that should be used to construct + // usernames for the cluster identity. + // + // Default value: "sub" + Username UsernameClaimMapping `json:"username,omitempty"` + + // Groups is a name of the claim that should be used to construct + // groups for the cluster identity. + // The referenced claim must use array of strings values. + Groups PrefixedClaimMapping `json:"groups,omitempty"` +} + +type TokenClaimMapping struct { + // Claim is a JWT token claim to be used in the mapping + // + // +kubebuilder:validation:Required + // +required + Claim string `json:"claim"` +} + +// +kubebuilder:validation:XValidation:rule="has(self.prefixPolicy) && self.prefixPolicy == 'Prefix' ? (has(self.prefix) && size(self.prefix.prefixString) > 0) : !has(self.prefix)",message="prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" +type UsernameClaimMapping struct { + TokenClaimMapping `json:",inline"` + + // PrefixPolicy specifies how a prefix should apply. + // + // By default, claims other than `email` will be prefixed with the issuer URL to + // prevent naming clashes with other plugins. + // + // Set to "NoPrefix" to disable prefixing. + // + // Example: + // (1) `prefix` is set to "myoidc:" and `claim` is set to "username". + // If the JWT claim `username` contains value `userA`, the resulting + // mapped value will be "myoidc:userA". + // (2) `prefix` is set to "myoidc:" and `claim` is set to "email". If the + // JWT `email` claim contains value "userA@myoidc.tld", the resulting + // mapped value will be "myoidc:userA@myoidc.tld". + // (3) `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, + // the JWT claims include "username":"userA" and "email":"userA@myoidc.tld", + // and `claim` is set to: + // (a) "username": the mapped value will be "https://myoidc.tld#userA" + // (b) "email": the mapped value will be "userA@myoidc.tld" + // + // +kubebuilder:validation:Enum={"", "NoPrefix", "Prefix"} + PrefixPolicy UsernamePrefixPolicy `json:"prefixPolicy"` + + Prefix *UsernamePrefix `json:"prefix"` +} + +type UsernamePrefixPolicy string + +var ( + // NoOpinion let's the cluster assign prefixes. If the username claim is email, there is no prefix + // If the username claim is anything else, it is prefixed by the issuerURL + NoOpinion UsernamePrefixPolicy = "" + + // NoPrefix means the username claim value will not have any prefix + NoPrefix UsernamePrefixPolicy = "NoPrefix" + + // Prefix means the prefix value must be specified. It cannot be empty + Prefix UsernamePrefixPolicy = "Prefix" +) + +type UsernamePrefix struct { + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + PrefixString string `json:"prefixString"` +} + +type PrefixedClaimMapping struct { + TokenClaimMapping `json:",inline"` + + // Prefix is a string to prefix the value from the token in the result of the + // claim mapping. + // + // By default, no prefixing occurs. + // + // Example: if `prefix` is set to "myoidc:"" and the `claim` in JWT contains + // an array of strings "a", "b" and "c", the mapping will result in an + // array of string "myoidc:a", "myoidc:b" and "myoidc:c". + Prefix string `json:"prefix"` +} + +type TokenValidationRuleType string + +const ( + TokenValidationRuleTypeRequiredClaim = "RequiredClaim" +) + +type TokenClaimValidationRule struct { + // Type sets the type of the validation rule + // + // +kubebuilder:validation:Enum={"RequiredClaim"} + // +kubebuilder:default="RequiredClaim" + Type TokenValidationRuleType `json:"type"` + + // RequiredClaim allows configuring a required claim name and its expected + // value + RequiredClaim *TokenRequiredClaim `json:"requiredClaim"` +} + +type TokenRequiredClaim struct { + // Claim is a name of a required claim. Only claims with string values are + // supported. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Required + // +required + Claim string `json:"claim"` + + // RequiredValue is the required value for the claim. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Required + // +required + RequiredValue string `json:"requiredValue"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index a9bade6fe7..e5a03bac71 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -363,7 +363,7 @@ var KnownClusterVersionCapabilities = []ClusterVersionCapability{ } // ClusterVersionCapabilitySet defines sets of cluster version capabilities. -// +kubebuilder:validation:Enum=None;v4.11;v4.12;v4.13;v4.14;vCurrent +// +kubebuilder:validation:Enum=None;v4.11;v4.12;v4.13;v4.14;v4.15;vCurrent type ClusterVersionCapabilitySet string const ( @@ -395,6 +395,12 @@ const ( // version of OpenShift is installed. ClusterVersionCapabilitySet4_14 ClusterVersionCapabilitySet = "v4.14" + // ClusterVersionCapabilitySet4_15 is the recommended set of + // optional capabilities to enable for the 4.15 version of + // OpenShift. This list will remain the same no matter which + // version of OpenShift is installed. + ClusterVersionCapabilitySet4_15 ClusterVersionCapabilitySet = "v4.15" + // ClusterVersionCapabilitySetCurrent is the recommended set // of optional capabilities to enable for the cluster's // current version of OpenShift. @@ -445,6 +451,21 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityDeploymentConfig, ClusterVersionCapabilityImageRegistry, }, + ClusterVersionCapabilitySet4_15: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, + ClusterVersionCapabilityOperatorLifecycleManager, + }, ClusterVersionCapabilitySetCurrent: { ClusterVersionCapabilityBaremetal, ClusterVersionCapabilityConsole, diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index 149dd1194d..c31f82c627 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -168,18 +168,24 @@ var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ with(nodeSwap). with(machineAPIProviderOpenStack). with(insightsConfigAPI). - with(retroactiveDefaultStorageClass). with(dynamicResourceAllocation). with(gateGatewayAPI). with(maxUnavailableStatefulSet). without(eventedPleg). with(sigstoreImageVerification). with(gcpLabelsTags). + with(gcpClusterHostedDNS). with(vSphereStaticIPs). with(routeExternalCertificate). with(automatedEtcdBackup). + with(vSphereControlPlaneMachineset). without(machineAPIOperatorDisableMachineHealthCheckController). with(adminNetworkPolicy). + with(dnsNameResolver). + with(machineConfigNodes). + with(metricsServer). + with(installAlternateInfrastructureAWS). + without(clusterAPIInstall). toFeatures(defaultFeatures), LatencySensitive: newDefaultFeatures(). toFeatures(defaultFeatures), @@ -198,9 +204,7 @@ var defaultFeatures = &FeatureGateEnabledDisabled{ privateHostedZoneAWS, buildCSIVolumes, }, - Disabled: []FeatureGateDescription{ - retroactiveDefaultStorageClass, - }, + Disabled: []FeatureGateDescription{}, } type featureSetBuilder struct { diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 18d36519d1..94ace910ad 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -1,6 +1,8 @@ package v1 -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) // +genclient // +genclient:nonNamespaced @@ -229,6 +231,24 @@ const ( IBMCloudProviderTypeUPI IBMCloudProviderType = "UPI" ) +// ClusterHostedDNS indicates whether the cluster DNS is hosted by the cluster or Core DNS . +type ClusterHostedDNS string + +const ( + // EnabledClusterHostedDNS indicates that a DNS solution other than the default provided by the + // cloud platform is in use. In this mode, the cluster hosts a DNS solution during installation and the + // user is expected to provide their own DNS solution post-install. + // When "Enabled", the cluster will continue to use the default Load Balancers provided by the cloud + // platform. + EnabledClusterHostedDNS ClusterHostedDNS = "Enabled" + + // DisabledClusterHostedDNS indicates that the cluster is using the default DNS solution for the + // cloud platform. OpenShift is responsible for all the LB and DNS configuration needed for the + // cluster to be functional with no intervention from the user. To accomplish this, OpenShift + // configures the default LB and DNS solutions provided by the underlying cloud. + DisabledClusterHostedDNS ClusterHostedDNS = "Disabled" +) + // ExternalPlatformSpec holds the desired state for the generic External infrastructure provider. type ExternalPlatformSpec struct { // PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. @@ -610,6 +630,24 @@ type GCPPlatformStatus struct { // +optional // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade ResourceTags []GCPResourceTag `json:"resourceTags,omitempty"` + + // clusterHostedDNS indicates the type of DNS solution in use within the cluster. Its default value of + // "Disabled" indicates that the cluster's DNS is the default provided by the cloud platform. It can be + // "Enabled" during install to bypass the configuration of the cloud default DNS. When "Enabled", the + // cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed. + // The cluster's use of the cloud's Load Balancers is unaffected by this setting. + // The value is immutable after it has been set at install time. + // Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS. + // Enabling this functionality allows the user to start their own DNS solution outside the cluster after + // installation is complete. The customer would be responsible for configuring this custom DNS solution, + // and it can be run in addition to the in-cluster DNS solution. + // +kubebuilder:default:="Disabled" + // +default="Disabled" + // +kubebuilder:validation:Enum="Enabled";"Disabled" + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="clusterHostedDNS is immutable and may only be configured during installation" + // +optional + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + ClusterHostedDNS ClusterHostedDNS `json:"clusterHostedDNS,omitempty"` } // GCPResourceLabel is a label to apply to GCP resources created for the cluster. @@ -622,7 +660,7 @@ type GCPResourceLabel struct { // +kubebuilder:validation:Required // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=63 - // +kubebuilder:validation:Pattern=`^[a-z][0-9a-z_-]+$` + // +kubebuilder:validation:Pattern=`^[a-z][0-9a-z_-]{0,62}$` Key string `json:"key"` // value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. @@ -630,7 +668,7 @@ type GCPResourceLabel struct { // +kubebuilder:validation:Required // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=63 - // +kubebuilder:validation:Pattern=`^[0-9a-z_-]+$` + // +kubebuilder:validation:Pattern=`^[0-9a-z_-]{1,63}$` Value string `json:"value"` } @@ -691,7 +729,48 @@ type BareMetalPlatformLoadBalancer struct { // BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. // This only includes fields that can be modified in the cluster. -type BareMetalPlatformSpec struct{} +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)",message="apiServerInternalIPs list is required once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ingressIPs) || has(self.ingressIPs)",message="ingressIPs list is required once set" +type BareMetalPlatformSpec struct { + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. + // In dual stack clusters this list contains two IP addresses, one from IPv4 + // family and one from IPv6. + // In single stack clusters a single IP address is expected. + // When omitted, values from the status.apiServerInternalIPs will be used. + // Once set, the list cannot be completely removed (but its second entry can). + // + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=set + // +optional + APIServerInternalIPs []IP `json:"apiServerInternalIPs"` + + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. + // In dual stack clusters this list contains two IP addresses, one from IPv4 + // family and one from IPv6. + // In single stack clusters a single IP address is expected. + // When omitted, values from the status.ingressIPs will be used. + // Once set, the list cannot be completely removed (but its second entry can). + // + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=set + // +optional + IngressIPs []IP `json:"ingressIPs"` + + // machineNetworks are IP networks used to connect all the OpenShift cluster + // nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, + // for example "10.0.0.0/8" or "fd00::/8". + // +listType=set + // +kubebuilder:validation:MaxItems=32 + // +optional + MachineNetworks []CIDR `json:"machineNetworks"` +} // BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. // For more information about the network architecture used with the BareMetal platform type, see: @@ -744,6 +823,12 @@ type BareMetalPlatformStatus struct { // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade // +optional LoadBalancer *BareMetalPlatformLoadBalancer `json:"loadBalancer,omitempty"` + + // machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + // +listType=set + // +kubebuilder:validation:MaxItems=32 + // +optional + MachineNetworks []CIDR `json:"machineNetworks"` } // OpenStackPlatformLoadBalancer defines the load balancer used by the cluster on OpenStack platform. @@ -769,7 +854,48 @@ type OpenStackPlatformLoadBalancer struct { // OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. // This only includes fields that can be modified in the cluster. -type OpenStackPlatformSpec struct{} +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)",message="apiServerInternalIPs list is required once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ingressIPs) || has(self.ingressIPs)",message="ingressIPs list is required once set" +type OpenStackPlatformSpec struct { + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. + // In dual stack clusters this list contains two IP addresses, one from IPv4 + // family and one from IPv6. + // In single stack clusters a single IP address is expected. + // When omitted, values from the status.apiServerInternalIPs will be used. + // Once set, the list cannot be completely removed (but its second entry can). + // + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=set + // +optional + APIServerInternalIPs []IP `json:"apiServerInternalIPs"` + + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. + // In dual stack clusters this list contains two IP addresses, one from IPv4 + // family and one from IPv6. + // In single stack clusters a single IP address is expected. + // When omitted, values from the status.ingressIPs will be used. + // Once set, the list cannot be completely removed (but its second entry can). + // + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=set + // +optional + IngressIPs []IP `json:"ingressIPs"` + + // machineNetworks are IP networks used to connect all the OpenShift cluster + // nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, + // for example "10.0.0.0/8" or "fd00::/8". + // +listType=set + // +kubebuilder:validation:MaxItems=32 + // +optional + MachineNetworks []CIDR `json:"machineNetworks"` +} // OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider. type OpenStackPlatformStatus struct { @@ -823,6 +949,12 @@ type OpenStackPlatformStatus struct { // +kubebuilder:default={"type": "OpenShiftManagedDefault"} // +optional LoadBalancer *OpenStackPlatformLoadBalancer `json:"loadBalancer,omitempty"` + + // machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + // +listType=set + // +kubebuilder:validation:MaxItems=32 + // +optional + MachineNetworks []CIDR `json:"machineNetworks"` } // OvirtPlatformLoadBalancer defines the load balancer used by the cluster on Ovirt platform. @@ -1010,6 +1142,22 @@ type VSpherePlatformTopology struct { // +kubebuilder:validation:Pattern=`^/.*?/vm/.*?` // +optional Folder string `json:"folder,omitempty"` + + // template is the full inventory path of the virtual machine or template + // that will be cloned when creating new machines in this failure domain. + // The maximum length of the path is 2048 characters. + // + // When omitted, the template will be calculated by the control plane + // machineset operator based on the region and zone defined in + // VSpherePlatformFailureDomainSpec. + // For example, for zone=zonea, region=region1, and infrastructure name=test, + // the template path would be calculated as //vm/test-rhcos-region1-zonea. + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^/.*?/vm/.*?` + // +optional + Template string `json:"template,omitempty"` } // VSpherePlatformVCenterSpec stores the vCenter connection fields. @@ -1086,6 +1234,8 @@ type VSpherePlatformNodeNetworking struct { // VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. // In the future the cloud provider operator, storage operator and machine operator will // use these fields for configuration. +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)",message="apiServerInternalIPs list is required once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ingressIPs) || has(self.ingressIPs)",message="ingressIPs list is required once set" type VSpherePlatformSpec struct { // vcenters holds the connection details for services to communicate with vCenter. // Currently, only a single vCenter is supported. @@ -1109,6 +1259,45 @@ type VSpherePlatformSpec struct { // return the first one found. // +optional NodeNetworking VSpherePlatformNodeNetworking `json:"nodeNetworking,omitempty"` + + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. + // In dual stack clusters this list contains two IP addresses, one from IPv4 + // family and one from IPv6. + // In single stack clusters a single IP address is expected. + // When omitted, values from the status.apiServerInternalIPs will be used. + // Once set, the list cannot be completely removed (but its second entry can). + // + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=set + // +optional + APIServerInternalIPs []IP `json:"apiServerInternalIPs"` + + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. + // In dual stack clusters this list contains two IP addresses, one from IPv4 + // family and one from IPv6. + // In single stack clusters a single IP address is expected. + // When omitted, values from the status.ingressIPs will be used. + // Once set, the list cannot be completely removed (but its second entry can). + // + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=set + // +optional + IngressIPs []IP `json:"ingressIPs"` + + // machineNetworks are IP networks used to connect all the OpenShift cluster + // nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, + // for example "10.0.0.0/8" or "fd00::/8". + // +listType=set + // +kubebuilder:validation:MaxItems=32 + // +optional + MachineNetworks []CIDR `json:"machineNetworks"` } // VSpherePlatformStatus holds the current status of the vSphere infrastructure provider. @@ -1160,21 +1349,26 @@ type VSpherePlatformStatus struct { // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade // +optional LoadBalancer *VSpherePlatformLoadBalancer `json:"loadBalancer,omitempty"` + + // machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + // +listType=set + // +kubebuilder:validation:MaxItems=32 + // +optional + MachineNetworks []CIDR `json:"machineNetworks"` } // IBMCloudServiceEndpoint stores the configuration of a custom url to // override existing defaults of IBM Cloud Services. type IBMCloudServiceEndpoint struct { // name is the name of the IBM Cloud service. + // Possible values are: CIS, COS, DNSServices, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. // For example, the IBM Cloud Private IAM service could be configured with the // service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` // Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured // with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com` // // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9-]+$` - // +kubebuilder:validation:MaxLength=32 - Name string `json:"name"` + Name IBMCloudServiceName `json:"name"` // url is fully qualified URI with scheme https, that overrides the default generated // endpoint for a client. @@ -1209,13 +1403,13 @@ type IBMCloudPlatformStatus struct { // for the cluster's base domain DNSInstanceCRN string `json:"dnsInstanceCRN,omitempty"` - // serviceEndpoints is a list of custom endpoints which will override the default - // service endpoints of an IBM Cloud service. These endpoints are consumed by + // serviceEndpoints is a list of custom endpoints which will override the default + // service endpoints of an IBM Cloud service. These endpoints are consumed by // components within the cluster to reach the respective IBM Cloud Services. - // +listType=map - // +listMapKey=name - // +optional - ServiceEndpoints []IBMCloudServiceEndpoint `json:"serviceEndpoints,omitempty"` + // +listType=map + // +listMapKey=name + // +optional + ServiceEndpoints []IBMCloudServiceEndpoint `json:"serviceEndpoints,omitempty"` } // KubevirtPlatformSpec holds the desired state of the kubevirt infrastructure provider. @@ -1402,6 +1596,75 @@ type NutanixPlatformSpec struct { // +listType=map // +listMapKey=name PrismElements []NutanixPrismElementEndpoint `json:"prismElements"` + + // failureDomains configures failure domains information for the Nutanix platform. + // When set, the failure domains defined here may be used to spread Machines across + // prism element clusters to improve fault tolerance of the cluster. + // +listType=map + // +listMapKey=name + // +optional + FailureDomains []NutanixFailureDomain `json:"failureDomains"` +} + +// NutanixFailureDomain configures failure domain information for the Nutanix platform. +type NutanixFailureDomain struct { + // name defines the unique name of a failure domain. + // Name is required and must be at most 64 characters in length. + // It must consist of only lower case alphanumeric characters and hyphens (-). + // It must start and end with an alphanumeric character. + // This value is arbitrary and is used to identify the failure domain within the platform. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:Pattern=`[a-z0-9]([-a-z0-9]*[a-z0-9])?` + Name string `json:"name"` + + // cluster is to identify the cluster (the Prism Element under management of the Prism Central), + // in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained + // from the Prism Central console or using the prism_central API. + // +kubebuilder:validation:Required + Cluster NutanixResourceIdentifier `json:"cluster"` + + // subnets holds a list of identifiers (one or more) of the cluster's network subnets + // for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be + // obtained from the Prism Central console or using the prism_central API. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=1 + // +listType=map + // +listMapKey=type + Subnets []NutanixResourceIdentifier `json:"subnets"` +} + +// NutanixIdentifierType is an enumeration of different resource identifier types. +// +kubebuilder:validation:Enum:=UUID;Name +type NutanixIdentifierType string + +const ( + // NutanixIdentifierUUID is a resource identifier identifying the object by UUID. + NutanixIdentifierUUID NutanixIdentifierType = "UUID" + + // NutanixIdentifierName is a resource identifier identifying the object by Name. + NutanixIdentifierName NutanixIdentifierType = "Name" +) + +// NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.) +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UUID' ? has(self.uuid) : !has(self.uuid)",message="uuid configuration is required when type is UUID, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Name' ? has(self.name) : !has(self.name)",message="name configuration is required when type is Name, and forbidden otherwise" +// +union +type NutanixResourceIdentifier struct { + // type is the identifier type to use for this resource. + // +unionDiscriminator + // +kubebuilder:validation:Required + Type NutanixIdentifierType `json:"type"` + + // uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID. + // +optional + UUID *string `json:"uuid,omitempty"` + + // name is the resource name in the PC. It cannot be empty if the type is Name. + // +optional + Name *string `json:"name,omitempty"` } // NutanixPrismEndpoint holds the endpoint address and port to access the Nutanix Prism Central or Element (cluster) @@ -1492,3 +1755,19 @@ type InfrastructureList struct { Items []Infrastructure `json:"items"` } + +// CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). +// +kubebuilder:validation:Pattern=`(^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$)` +// + --- +// + The regex for the IPv4 and IPv6 CIDR range was taken from +// + https://blog.markhatton.co.uk/2011/03/15/regular-expressions-for-ip-addresses-cidr-ranges-and-hostnames/ +// + The resulting regex is an OR of both regexes. +type CIDR string + +// IP is an IP address (for example, "10.0.0.0" or "fd00::"). +// +kubebuilder:validation:Pattern=`(^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*)` +// + --- +// + The regex for the IPv4 and IPv6 address was taken from +// + https://blog.markhatton.co.uk/2011/03/15/regular-expressions-for-ip-addresses-cidr-ranges-and-hostnames/ +// + The resulting regex is an OR of both regexes. +type IP string diff --git a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go index 9dbacb9966..4f69de40cf 100644 --- a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go +++ b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go @@ -56,7 +56,7 @@ type TLSSecurityProfile struct { // - AES128-SHA // - AES256-SHA // - DES-CBC3-SHA - // minTLSVersion: TLSv1.0 + // minTLSVersion: VersionTLS10 // // +optional // +nullable @@ -79,7 +79,7 @@ type TLSSecurityProfile struct { // - ECDHE-RSA-CHACHA20-POLY1305 // - DHE-RSA-AES128-GCM-SHA256 // - DHE-RSA-AES256-GCM-SHA384 - // minTLSVersion: TLSv1.2 + // minTLSVersion: VersionTLS12 // // +optional // +nullable @@ -94,7 +94,7 @@ type TLSSecurityProfile struct { // - TLS_AES_128_GCM_SHA256 // - TLS_AES_256_GCM_SHA384 // - TLS_CHACHA20_POLY1305_SHA256 - // minTLSVersion: TLSv1.3 + // minTLSVersion: VersionTLS13 // // NOTE: Currently unsupported. // @@ -110,7 +110,7 @@ type TLSSecurityProfile struct { // - ECDHE-RSA-CHACHA20-POLY1305 // - ECDHE-RSA-AES128-GCM-SHA256 // - ECDHE-ECDSA-AES128-GCM-SHA256 - // minTLSVersion: TLSv1.1 + // minTLSVersion: VersionTLS11 // // +optional // +nullable @@ -167,7 +167,7 @@ type TLSProfileSpec struct { // that is negotiated during the TLS handshake. For example, to use TLS // versions 1.1, 1.2 and 1.3 (yaml): // - // minTLSVersion: TLSv1.1 + // minTLSVersion: VersionTLS11 // // NOTE: currently the highest minTLSVersion allowed is VersionTLS12 // diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 63b9f050d0..822085c163 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -522,6 +522,13 @@ func (in *AuthenticationSpec) DeepCopyInto(out *AuthenticationSpec) { *out = new(WebhookTokenAuthenticator) **out = **in } + if in.OIDCProviders != nil { + in, out := &in.OIDCProviders, &out.OIDCProviders + *out = make([]OIDCProvider, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -624,6 +631,21 @@ func (in *BareMetalPlatformLoadBalancer) DeepCopy() *BareMetalPlatformLoadBalanc // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BareMetalPlatformSpec) DeepCopyInto(out *BareMetalPlatformSpec) { *out = *in + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + if in.MachineNetworks != nil { + in, out := &in.MachineNetworks, &out.MachineNetworks + *out = make([]CIDR, len(*in)) + copy(*out, *in) + } return } @@ -655,6 +677,11 @@ func (in *BareMetalPlatformStatus) DeepCopyInto(out *BareMetalPlatformStatus) { *out = new(BareMetalPlatformLoadBalancer) **out = **in } + if in.MachineNetworks != nil { + in, out := &in.MachineNetworks, &out.MachineNetworks + *out = make([]CIDR, len(*in)) + copy(*out, *in) + } return } @@ -3710,6 +3737,30 @@ func (in *NodeStatus) DeepCopy() *NodeStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NutanixFailureDomain) DeepCopyInto(out *NutanixFailureDomain) { + *out = *in + in.Cluster.DeepCopyInto(&out.Cluster) + if in.Subnets != nil { + in, out := &in.Subnets, &out.Subnets + *out = make([]NutanixResourceIdentifier, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NutanixFailureDomain. +func (in *NutanixFailureDomain) DeepCopy() *NutanixFailureDomain { + if in == nil { + return nil + } + out := new(NutanixFailureDomain) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NutanixPlatformLoadBalancer) DeepCopyInto(out *NutanixPlatformLoadBalancer) { *out = *in @@ -3735,6 +3786,13 @@ func (in *NutanixPlatformSpec) DeepCopyInto(out *NutanixPlatformSpec) { *out = make([]NutanixPrismElementEndpoint, len(*in)) copy(*out, *in) } + if in.FailureDomains != nil { + in, out := &in.FailureDomains, &out.FailureDomains + *out = make([]NutanixFailureDomain, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -3812,6 +3870,32 @@ func (in *NutanixPrismEndpoint) DeepCopy() *NutanixPrismEndpoint { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NutanixResourceIdentifier) DeepCopyInto(out *NutanixResourceIdentifier) { + *out = *in + if in.UUID != nil { + in, out := &in.UUID, &out.UUID + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NutanixResourceIdentifier. +func (in *NutanixResourceIdentifier) DeepCopy() *NutanixResourceIdentifier { + if in == nil { + return nil + } + out := new(NutanixResourceIdentifier) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OAuth) DeepCopyInto(out *OAuth) { *out = *in @@ -3952,6 +4036,31 @@ func (in *OAuthTemplates) DeepCopy() *OAuthTemplates { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider) { + *out = *in + in.Issuer.DeepCopyInto(&out.Issuer) + in.ClaimMappings.DeepCopyInto(&out.ClaimMappings) + if in.ClaimValidationRules != nil { + in, out := &in.ClaimValidationRules, &out.ClaimValidationRules + *out = make([]TokenClaimValidationRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProvider. +func (in *OIDCProvider) DeepCopy() *OIDCProvider { + if in == nil { + return nil + } + out := new(OIDCProvider) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ObjectReference) DeepCopyInto(out *ObjectReference) { *out = *in @@ -4070,6 +4179,21 @@ func (in *OpenStackPlatformLoadBalancer) DeepCopy() *OpenStackPlatformLoadBalanc // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OpenStackPlatformSpec) DeepCopyInto(out *OpenStackPlatformSpec) { *out = *in + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + if in.MachineNetworks != nil { + in, out := &in.MachineNetworks, &out.MachineNetworks + *out = make([]CIDR, len(*in)) + copy(*out, *in) + } return } @@ -4101,6 +4225,11 @@ func (in *OpenStackPlatformStatus) DeepCopyInto(out *OpenStackPlatformStatus) { *out = new(OpenStackPlatformLoadBalancer) **out = **in } + if in.MachineNetworks != nil { + in, out := &in.MachineNetworks, &out.MachineNetworks + *out = make([]CIDR, len(*in)) + copy(*out, *in) + } return } @@ -4317,12 +4446,12 @@ func (in *PlatformSpec) DeepCopyInto(out *PlatformSpec) { if in.BareMetal != nil { in, out := &in.BareMetal, &out.BareMetal *out = new(BareMetalPlatformSpec) - **out = **in + (*in).DeepCopyInto(*out) } if in.OpenStack != nil { in, out := &in.OpenStack, &out.OpenStack *out = new(OpenStackPlatformSpec) - **out = **in + (*in).DeepCopyInto(*out) } if in.Ovirt != nil { in, out := &in.Ovirt, &out.Ovirt @@ -4526,6 +4655,23 @@ func (in *PowerVSServiceEndpoint) DeepCopy() *PowerVSServiceEndpoint { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrefixedClaimMapping) DeepCopyInto(out *PrefixedClaimMapping) { + *out = *in + out.TokenClaimMapping = in.TokenClaimMapping + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefixedClaimMapping. +func (in *PrefixedClaimMapping) DeepCopy() *PrefixedClaimMapping { + if in == nil { + return nil + } + out := new(PrefixedClaimMapping) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Project) DeepCopyInto(out *Project) { *out = *in @@ -5160,6 +5306,61 @@ func (in *TemplateReference) DeepCopy() *TemplateReference { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenClaimMapping) DeepCopyInto(out *TokenClaimMapping) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenClaimMapping. +func (in *TokenClaimMapping) DeepCopy() *TokenClaimMapping { + if in == nil { + return nil + } + out := new(TokenClaimMapping) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenClaimMappings) DeepCopyInto(out *TokenClaimMappings) { + *out = *in + in.Username.DeepCopyInto(&out.Username) + out.Groups = in.Groups + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenClaimMappings. +func (in *TokenClaimMappings) DeepCopy() *TokenClaimMappings { + if in == nil { + return nil + } + out := new(TokenClaimMappings) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenClaimValidationRule) DeepCopyInto(out *TokenClaimValidationRule) { + *out = *in + if in.RequiredClaim != nil { + in, out := &in.RequiredClaim, &out.RequiredClaim + *out = new(TokenRequiredClaim) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenClaimValidationRule. +func (in *TokenClaimValidationRule) DeepCopy() *TokenClaimValidationRule { + if in == nil { + return nil + } + out := new(TokenClaimValidationRule) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenConfig) DeepCopyInto(out *TokenConfig) { *out = *in @@ -5181,6 +5382,44 @@ func (in *TokenConfig) DeepCopy() *TokenConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenIssuer) DeepCopyInto(out *TokenIssuer) { + *out = *in + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]TokenAudience, len(*in)) + copy(*out, *in) + } + out.CertificateAuthority = in.CertificateAuthority + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenIssuer. +func (in *TokenIssuer) DeepCopy() *TokenIssuer { + if in == nil { + return nil + } + out := new(TokenIssuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenRequiredClaim) DeepCopyInto(out *TokenRequiredClaim) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequiredClaim. +func (in *TokenRequiredClaim) DeepCopy() *TokenRequiredClaim { + if in == nil { + return nil + } + out := new(TokenRequiredClaim) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Update) DeepCopyInto(out *Update) { *out = *in @@ -5218,6 +5457,44 @@ func (in *UpdateHistory) DeepCopy() *UpdateHistory { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UsernameClaimMapping) DeepCopyInto(out *UsernameClaimMapping) { + *out = *in + out.TokenClaimMapping = in.TokenClaimMapping + if in.Prefix != nil { + in, out := &in.Prefix, &out.Prefix + *out = new(UsernamePrefix) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UsernameClaimMapping. +func (in *UsernameClaimMapping) DeepCopy() *UsernameClaimMapping { + if in == nil { + return nil + } + out := new(UsernameClaimMapping) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UsernamePrefix) DeepCopyInto(out *UsernamePrefix) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UsernamePrefix. +func (in *UsernamePrefix) DeepCopy() *UsernamePrefix { + if in == nil { + return nil + } + out := new(UsernamePrefix) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VSpherePlatformFailureDomainSpec) DeepCopyInto(out *VSpherePlatformFailureDomainSpec) { *out = *in @@ -5313,6 +5590,21 @@ func (in *VSpherePlatformSpec) DeepCopyInto(out *VSpherePlatformSpec) { } } in.NodeNetworking.DeepCopyInto(&out.NodeNetworking) + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + if in.MachineNetworks != nil { + in, out := &in.MachineNetworks, &out.MachineNetworks + *out = make([]CIDR, len(*in)) + copy(*out, *in) + } return } @@ -5344,6 +5636,11 @@ func (in *VSpherePlatformStatus) DeepCopyInto(out *VSpherePlatformStatus) { *out = new(VSpherePlatformLoadBalancer) **out = **in } + if in.MachineNetworks != nil { + in, out := &in.MachineNetworks, &out.MachineNetworks + *out = make([]CIDR, len(*in)) + copy(*out, *in) + } return } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 048c37b16f..6d49963e2c 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -316,7 +316,7 @@ var map_APIServerSpec = map[string]string{ "clientCA": "clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data[\"ca-bundle.crt\"] - CA bundle.", "additionalCORSAllowedOrigins": "additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.", "encryption": "encryption allows the configuration of encryption of resources at the datastore layer.", - "tlsSecurityProfile": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nIf unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12.", + "tlsSecurityProfile": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nIf unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12.", "audit": "audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.", } @@ -367,8 +367,9 @@ var map_AuthenticationSpec = map[string]string{ "type": "type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.", "oauthMetadata": "oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key \"oauthMetadata\" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.", "webhookTokenAuthenticators": "webhookTokenAuthenticators is DEPRECATED, setting it has no effect.", - "webhookTokenAuthenticator": "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service.", + "webhookTokenAuthenticator": "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service.\n\nCan only be set if \"Type\" is set to \"None\".", "serviceAccountIssuer": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.", + "oidcProviders": "OIDCProviders are OIDC identity providers that can issue tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\".\n\nAt most one provider can be configured.", } func (AuthenticationSpec) SwaggerDoc() map[string]string { @@ -392,6 +393,78 @@ func (DeprecatedWebhookTokenAuthenticator) SwaggerDoc() map[string]string { return map_DeprecatedWebhookTokenAuthenticator } +var map_OIDCProvider = map[string]string{ + "name": "Name of the OIDC provider", + "issuer": "Issuer describes atributes of the OIDC token issuer", + "claimMappings": "ClaimMappings describes rules on how to transform information from an ID token into a cluster identity", + "claimValidationRules": "ClaimValidationRules are rules that are applied to validate token claims to authenticate users.", +} + +func (OIDCProvider) SwaggerDoc() map[string]string { + return map_OIDCProvider +} + +var map_PrefixedClaimMapping = map[string]string{ + "prefix": "Prefix is a string to prefix the value from the token in the result of the claim mapping.\n\nBy default, no prefixing occurs.\n\nExample: if `prefix` is set to \"myoidc:\"\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", +} + +func (PrefixedClaimMapping) SwaggerDoc() map[string]string { + return map_PrefixedClaimMapping +} + +var map_TokenClaimMapping = map[string]string{ + "claim": "Claim is a JWT token claim to be used in the mapping", +} + +func (TokenClaimMapping) SwaggerDoc() map[string]string { + return map_TokenClaimMapping +} + +var map_TokenClaimMappings = map[string]string{ + "username": "Username is a name of the claim that should be used to construct usernames for the cluster identity.\n\nDefault value: \"sub\"", + "groups": "Groups is a name of the claim that should be used to construct groups for the cluster identity. The referenced claim must use array of strings values.", +} + +func (TokenClaimMappings) SwaggerDoc() map[string]string { + return map_TokenClaimMappings +} + +var map_TokenClaimValidationRule = map[string]string{ + "type": "Type sets the type of the validation rule", + "requiredClaim": "RequiredClaim allows configuring a required claim name and its expected value", +} + +func (TokenClaimValidationRule) SwaggerDoc() map[string]string { + return map_TokenClaimValidationRule +} + +var map_TokenIssuer = map[string]string{ + "issuerURL": "URL is the serving URL of the token issuer. Must use the https:// scheme.", + "audiences": "Audiences is an array of audiences that the token was issued for. Valid tokens must include at least one of these values in their \"aud\" claim. Must be set to exactly one value.", + "issuerCertificateAuthority": "CertificateAuthority is a reference to a config map in the configuration namespace. The .data of the configMap must contain the \"ca-bundle.crt\" key. If unset, system trust is used instead.", +} + +func (TokenIssuer) SwaggerDoc() map[string]string { + return map_TokenIssuer +} + +var map_TokenRequiredClaim = map[string]string{ + "claim": "Claim is a name of a required claim. Only claims with string values are supported.", + "requiredValue": "RequiredValue is the required value for the claim.", +} + +func (TokenRequiredClaim) SwaggerDoc() map[string]string { + return map_TokenRequiredClaim +} + +var map_UsernameClaimMapping = map[string]string{ + "prefixPolicy": "PrefixPolicy specifies how a prefix should apply.\n\nBy default, claims other than `email` will be prefixed with the issuer URL to prevent naming clashes with other plugins.\n\nSet to \"NoPrefix\" to disable prefixing.\n\nExample:\n (1) `prefix` is set to \"myoidc:\" and `claim` is set to \"username\".\n If the JWT claim `username` contains value `userA`, the resulting\n mapped value will be \"myoidc:userA\".\n (2) `prefix` is set to \"myoidc:\" and `claim` is set to \"email\". If the\n JWT `email` claim contains value \"userA@myoidc.tld\", the resulting\n mapped value will be \"myoidc:userA@myoidc.tld\".\n (3) `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n (b) \"email\": the mapped value will be \"userA@myoidc.tld\"", +} + +func (UsernameClaimMapping) SwaggerDoc() map[string]string { + return map_UsernameClaimMapping +} + var map_WebhookTokenAuthenticator = map[string]string{ "": "webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator", "kubeConfig": "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config.\n\nFor further details, see:\n\nhttps://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication\n\nThe key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored.", @@ -1162,7 +1235,10 @@ func (BareMetalPlatformLoadBalancer) SwaggerDoc() map[string]string { } var map_BareMetalPlatformSpec = map[string]string{ - "": "BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. This only includes fields that can be modified in the cluster.", + "": "BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. This only includes fields that can be modified in the cluster.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", } func (BareMetalPlatformSpec) SwaggerDoc() map[string]string { @@ -1177,6 +1253,7 @@ var map_BareMetalPlatformStatus = map[string]string{ "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", "loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.", + "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", } func (BareMetalPlatformStatus) SwaggerDoc() map[string]string { @@ -1237,11 +1314,12 @@ func (GCPPlatformSpec) SwaggerDoc() map[string]string { } var map_GCPPlatformStatus = map[string]string{ - "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", - "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", - "region": "region holds the region for new GCP resources created for the cluster.", - "resourceLabels": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", - "resourceTags": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", + "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", + "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", + "region": "region holds the region for new GCP resources created for the cluster.", + "resourceLabels": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", + "resourceTags": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", + "clusterHostedDNS": "clusterHostedDNS indicates the type of DNS solution in use within the cluster. Its default value of \"Disabled\" indicates that the cluster's DNS is the default provided by the cloud platform. It can be \"Enabled\" during install to bypass the configuration of the cloud default DNS. When \"Enabled\", the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed. The cluster's use of the cloud's Load Balancers is unaffected by this setting. The value is immutable after it has been set at install time. Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS. Enabling this functionality allows the user to start their own DNS solution outside the cluster after installation is complete. The customer would be responsible for configuring this custom DNS solution, and it can be run in addition to the in-cluster DNS solution.", } func (GCPPlatformStatus) SwaggerDoc() map[string]string { @@ -1293,7 +1371,7 @@ func (IBMCloudPlatformStatus) SwaggerDoc() map[string]string { var map_IBMCloudServiceEndpoint = map[string]string{ "": "IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services.", - "name": "name is the name of the IBM Cloud service. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`", + "name": "name is the name of the IBM Cloud service. Possible values are: CIS, COS, DNSServices, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`", "url": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", } @@ -1366,6 +1444,17 @@ func (KubevirtPlatformStatus) SwaggerDoc() map[string]string { return map_KubevirtPlatformStatus } +var map_NutanixFailureDomain = map[string]string{ + "": "NutanixFailureDomain configures failure domain information for the Nutanix platform.", + "name": "name defines the unique name of a failure domain. Name is required and must be at most 64 characters in length. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. This value is arbitrary and is used to identify the failure domain within the platform.", + "cluster": "cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + "subnets": "subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", +} + +func (NutanixFailureDomain) SwaggerDoc() map[string]string { + return map_NutanixFailureDomain +} + var map_NutanixPlatformLoadBalancer = map[string]string{ "": "NutanixPlatformLoadBalancer defines the load balancer used by the cluster on Nutanix platform.", "type": "type defines the type of load balancer used by the cluster on Nutanix platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", @@ -1376,9 +1465,10 @@ func (NutanixPlatformLoadBalancer) SwaggerDoc() map[string]string { } var map_NutanixPlatformSpec = map[string]string{ - "": "NutanixPlatformSpec holds the desired state of the Nutanix infrastructure provider. This only includes fields that can be modified in the cluster.", - "prismCentral": "prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.", - "prismElements": "prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central.", + "": "NutanixPlatformSpec holds the desired state of the Nutanix infrastructure provider. This only includes fields that can be modified in the cluster.", + "prismCentral": "prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.", + "prismElements": "prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central.", + "failureDomains": "failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster.", } func (NutanixPlatformSpec) SwaggerDoc() map[string]string { @@ -1418,6 +1508,17 @@ func (NutanixPrismEndpoint) SwaggerDoc() map[string]string { return map_NutanixPrismEndpoint } +var map_NutanixResourceIdentifier = map[string]string{ + "": "NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)", + "type": "type is the identifier type to use for this resource.", + "uuid": "uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID.", + "name": "name is the resource name in the PC. It cannot be empty if the type is Name.", +} + +func (NutanixResourceIdentifier) SwaggerDoc() map[string]string { + return map_NutanixResourceIdentifier +} + var map_OpenStackPlatformLoadBalancer = map[string]string{ "": "OpenStackPlatformLoadBalancer defines the load balancer used by the cluster on OpenStack platform.", "type": "type defines the type of load balancer used by the cluster on OpenStack platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", @@ -1428,7 +1529,10 @@ func (OpenStackPlatformLoadBalancer) SwaggerDoc() map[string]string { } var map_OpenStackPlatformSpec = map[string]string{ - "": "OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. This only includes fields that can be modified in the cluster.", + "": "OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. This only includes fields that can be modified in the cluster.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", } func (OpenStackPlatformSpec) SwaggerDoc() map[string]string { @@ -1444,6 +1548,7 @@ var map_OpenStackPlatformStatus = map[string]string{ "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", "loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.", + "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", } func (OpenStackPlatformStatus) SwaggerDoc() map[string]string { @@ -1604,10 +1709,13 @@ func (VSpherePlatformNodeNetworkingSpec) SwaggerDoc() map[string]string { } var map_VSpherePlatformSpec = map[string]string{ - "": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. In the future the cloud provider operator, storage operator and machine operator will use these fields for configuration.", - "vcenters": "vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported.", - "failureDomains": "failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.", - "nodeNetworking": "nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.", + "": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. In the future the cloud provider operator, storage operator and machine operator will use these fields for configuration.", + "vcenters": "vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported.", + "failureDomains": "failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.", + "nodeNetworking": "nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", } func (VSpherePlatformSpec) SwaggerDoc() map[string]string { @@ -1622,6 +1730,7 @@ var map_VSpherePlatformStatus = map[string]string{ "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", "loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.", + "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", } func (VSpherePlatformStatus) SwaggerDoc() map[string]string { @@ -1636,6 +1745,7 @@ var map_VSpherePlatformTopology = map[string]string{ "datastore": "datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form //datastore/ The maximum length of the path is 2048 characters.", "resourcePool": "resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form //host//Resources/. The maximum length of the path is 2048 characters.", "folder": "folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form //vm/. The maximum length of the path is 2048 characters.", + "template": "template is the full inventory path of the virtual machine or template that will be cloned when creating new machines in this failure domain. The maximum length of the path is 2048 characters.\n\nWhen omitted, the template will be calculated by the control plane machineset operator based on the region and zone defined in VSpherePlatformFailureDomainSpec. For example, for zone=zonea, region=region1, and infrastructure name=test, the template path would be calculated as //vm/test-rhcos-region1-zonea.", } func (VSpherePlatformTopology) SwaggerDoc() map[string]string { @@ -2322,7 +2432,7 @@ func (OldTLSProfile) SwaggerDoc() map[string]string { var map_TLSProfileSpec = map[string]string{ "": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", - "minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: TLSv1.1\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", + "minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", } func (TLSProfileSpec) SwaggerDoc() map[string]string { @@ -2332,10 +2442,10 @@ func (TLSProfileSpec) SwaggerDoc() map[string]string { var map_TLSSecurityProfile = map[string]string{ "": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.\n\nNote that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.", - "old": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA\n minTLSVersion: TLSv1.0", - "intermediate": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n minTLSVersion: TLSv1.2", - "modern": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n minTLSVersion: TLSv1.3\n\nNOTE: Currently unsupported.", - "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n minTLSVersion: TLSv1.1", + "old": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA\n minTLSVersion: VersionTLS10", + "intermediate": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n minTLSVersion: VersionTLS12", + "modern": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n minTLSVersion: VersionTLS13\n\nNOTE: Currently unsupported.", + "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n minTLSVersion: VersionTLS11", } func (TLSSecurityProfile) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml b/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml index e2406e37cb..67d1c93d30 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml +++ b/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml @@ -680,6 +680,50 @@ spec: minLength: 3 pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ type: string + networkAccess: + default: + type: External + description: 'networkAccess defines the network access properties for the storage account. Defaults to type: External.' + properties: + internal: + description: 'internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.' + properties: + networkResourceGroupName: + description: networkResourceGroupName is the resource group name where the cluster's vnet and subnet are. When omitted, the registry operator will use the cluster resource group (from in the infrastructure status). If you set a networkResourceGroupName on your install-config.yaml, that value will be used automatically (for clusters configured with publish:Internal). Note that both vnet and subnet must be in the same resource group. It must be between 1 and 90 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_), and not end with a period. + maxLength: 90 + minLength: 1 + pattern: ^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$ + type: string + privateEndpointName: + description: privateEndpointName is the name of the private endpoint for the registry. When provided, the registry will use it as the name of the private endpoint it will create for the storage account. When omitted, the registry will generate one. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore. + maxLength: 64 + minLength: 2 + pattern: ^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$ + type: string + subnetName: + description: subnetName is the name of the subnet the registry operates in. When omitted, the registry operator will discover and set this by using the `kubernetes.io_cluster.` tag in the vnet resource, then using one of listed subnets. Advanced cluster network configurations that use network security groups to protect subnets should ensure the provided subnetName has access to Azure Storage service. It must be between 1 and 80 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). + maxLength: 80 + minLength: 1 + pattern: ^[0-9A-Za-z](?:[0-9A-Za-z_.-]*[0-9A-Za-z_])?$ + type: string + vnetName: + description: vnetName is the name of the vnet the registry operates in. When omitted, the registry operator will discover and set this by using the `kubernetes.io_cluster.` tag in the vnet resource. This tag is set automatically by the installer. Commonly, this will be the same vnet as the cluster. Advanced cluster network configurations should ensure the provided vnetName is the vnet of the nodes where the image registry pods are running from. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore. + maxLength: 64 + minLength: 2 + pattern: ^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$ + type: string + type: object + type: + default: External + description: 'type is the network access level to be used for the storage account. type: Internal means the storage account will be private, type: External means the storage account will be publicly accessible. Internal storage accounts are only exposed within the cluster''s vnet. External storage accounts are publicly exposed on the internet. When type: Internal is used, a vnetName, subNetName and privateEndpointName may optionally be specified. If unspecificed, the image registry operator will discover vnet and subnet names, and generate a privateEndpointName. Defaults to "External".' + enum: + - Internal + - External + type: string + type: object + x-kubernetes-validations: + - message: internal is forbidden when type is not Internal + rule: 'has(self.type) && self.type == ''Internal'' ? true : !has(self.internal)' type: object emptyDir: description: 'emptyDir represents ephemeral storage on the pod''s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.' @@ -1055,6 +1099,50 @@ spec: minLength: 3 pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ type: string + networkAccess: + default: + type: External + description: 'networkAccess defines the network access properties for the storage account. Defaults to type: External.' + properties: + internal: + description: 'internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.' + properties: + networkResourceGroupName: + description: networkResourceGroupName is the resource group name where the cluster's vnet and subnet are. When omitted, the registry operator will use the cluster resource group (from in the infrastructure status). If you set a networkResourceGroupName on your install-config.yaml, that value will be used automatically (for clusters configured with publish:Internal). Note that both vnet and subnet must be in the same resource group. It must be between 1 and 90 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_), and not end with a period. + maxLength: 90 + minLength: 1 + pattern: ^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$ + type: string + privateEndpointName: + description: privateEndpointName is the name of the private endpoint for the registry. When provided, the registry will use it as the name of the private endpoint it will create for the storage account. When omitted, the registry will generate one. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore. + maxLength: 64 + minLength: 2 + pattern: ^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$ + type: string + subnetName: + description: subnetName is the name of the subnet the registry operates in. When omitted, the registry operator will discover and set this by using the `kubernetes.io_cluster.` tag in the vnet resource, then using one of listed subnets. Advanced cluster network configurations that use network security groups to protect subnets should ensure the provided subnetName has access to Azure Storage service. It must be between 1 and 80 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). + maxLength: 80 + minLength: 1 + pattern: ^[0-9A-Za-z](?:[0-9A-Za-z_.-]*[0-9A-Za-z_])?$ + type: string + vnetName: + description: vnetName is the name of the vnet the registry operates in. When omitted, the registry operator will discover and set this by using the `kubernetes.io_cluster.` tag in the vnet resource. This tag is set automatically by the installer. Commonly, this will be the same vnet as the cluster. Advanced cluster network configurations should ensure the provided vnetName is the vnet of the nodes where the image registry pods are running from. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore. + maxLength: 64 + minLength: 2 + pattern: ^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$ + type: string + type: object + type: + default: External + description: 'type is the network access level to be used for the storage account. type: Internal means the storage account will be private, type: External means the storage account will be publicly accessible. Internal storage accounts are only exposed within the cluster''s vnet. External storage accounts are publicly exposed on the internet. When type: Internal is used, a vnetName, subNetName and privateEndpointName may optionally be specified. If unspecificed, the image registry operator will discover vnet and subnet names, and generate a privateEndpointName. Defaults to "External".' + enum: + - Internal + - External + type: string + type: object + x-kubernetes-validations: + - message: internal is forbidden when type is not Internal + rule: 'has(self.type) && self.type == ''Internal'' ? true : !has(self.internal)' type: object emptyDir: description: 'emptyDir represents ephemeral storage on the pod''s host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.' diff --git a/vendor/github.com/openshift/api/imageregistry/v1/stable.config.testsuite.yaml b/vendor/github.com/openshift/api/imageregistry/v1/stable.config.testsuite.yaml index 85a6b45d53..9d64cece98 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/stable.config.testsuite.yaml +++ b/vendor/github.com/openshift/api/imageregistry/v1/stable.config.testsuite.yaml @@ -16,3 +16,94 @@ tests: logLevel: Normal operatorLogLevel: Normal replicas: 1 + - name: Should be able to configure internal storage network access for Azure + initial: | + apiVersion: imageregistry.operator.openshift.io/v1 + kind: Config + spec: + replicas: 1 + storage: + azure: + networkAccess: + type: Internal + internal: + networkResourceGroupName: .my.resource_group-name + vnetName: foo-bar + subnetName: bar_foo + privateEndpointName: my-private-endpoint + expected: | + apiVersion: imageregistry.operator.openshift.io/v1 + kind: Config + spec: + logLevel: Normal + operatorLogLevel: Normal + replicas: 1 + storage: + azure: + networkAccess: + type: Internal + internal: + networkResourceGroupName: .my.resource_group-name + vnetName: foo-bar + subnetName: bar_foo + privateEndpointName: my-private-endpoint + - name: Should be able to configure internal storage network access for Azure without details + initial: | + apiVersion: imageregistry.operator.openshift.io/v1 + kind: Config + spec: + replicas: 1 + storage: + azure: + networkAccess: + type: Internal + expected: | + apiVersion: imageregistry.operator.openshift.io/v1 + kind: Config + spec: + logLevel: Normal + operatorLogLevel: Normal + replicas: 1 + storage: + azure: + networkAccess: + type: Internal + - name: Should reject configuration with invalid vnet name in internal storage network access config + initial: | + apiVersion: imageregistry.operator.openshift.io/v1 + kind: Config + spec: + replicas: 1 + storage: + azure: + networkAccess: + type: Internal + internal: + vnetName: .invalid + expectedError: "spec.storage.azure.networkAccess.internal.vnetName in body should match '^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$'" + - name: Should reject configuration with invalid subnet name in internal storage network access config + initial: | + apiVersion: imageregistry.operator.openshift.io/v1 + kind: Config + spec: + replicas: 1 + storage: + azure: + networkAccess: + type: Internal + internal: + subnetName: .invalid + expectedError: "spec.storage.azure.networkAccess.internal.subnetName in body should match '^[0-9A-Za-z](?:[0-9A-Za-z_.-]*[0-9A-Za-z_])?$'" + - name: Should reject configuration with invalid network resource group name in internal storage network access config + initial: | + apiVersion: imageregistry.operator.openshift.io/v1 + kind: Config + spec: + replicas: 1 + storage: + azure: + networkAccess: + type: Internal + internal: + networkResourceGroupName: invalid. + expectedError: "spec.storage.azure.networkAccess.internal.networkResourceGroupName in body should match '^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$'" diff --git a/vendor/github.com/openshift/api/imageregistry/v1/types.go b/vendor/github.com/openshift/api/imageregistry/v1/types.go index e9c0ca3098..840ac74c92 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/types.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/types.go @@ -159,8 +159,7 @@ type ImageRegistryConfigStorageS3CloudFront struct { // ImageRegistryConfigStorageEmptyDir is an place holder to be used when // when registry is leveraging ephemeral storage. -type ImageRegistryConfigStorageEmptyDir struct { -} +type ImageRegistryConfigStorageEmptyDir struct{} // S3TrustedCASource references a config map with a CA certificate bundle in // the "openshift-config" namespace. The key for the bundle in the @@ -303,8 +302,107 @@ type ImageRegistryConfigStorageAzure struct { // object. // +optional CloudName string `json:"cloudName,omitempty"` + // networkAccess defines the network access properties for the storage account. + // Defaults to type: External. + // +kubebuilder:default={"type": "External"} + // +optional + NetworkAccess *AzureNetworkAccess `json:"networkAccess,omitempty"` +} + +// AzureNetworkAccess defines the network access properties for the storage account. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Internal' ? true : !has(self.internal)",message="internal is forbidden when type is not Internal" +// +union +type AzureNetworkAccess struct { + // type is the network access level to be used for the storage account. + // type: Internal means the storage account will be private, type: External + // means the storage account will be publicly accessible. + // Internal storage accounts are only exposed within the cluster's vnet. + // External storage accounts are publicly exposed on the internet. + // When type: Internal is used, a vnetName, subNetName and privateEndpointName + // may optionally be specified. If unspecificed, the image registry operator + // will discover vnet and subnet names, and generate a privateEndpointName. + // Defaults to "External". + // +kubebuilder:default:="External" + // +unionDiscriminator + // +optional + Type AzureNetworkAccessType `json:"type,omitempty"` + // internal defines the vnet and subnet names to configure a private + // endpoint and connect it to the storage account in order to make it + // private. + // when type: Internal and internal is unset, the image registry operator + // will discover vnet and subnet names, and generate a private endpoint + // name. + // +optional + Internal *AzureNetworkAccessInternal `json:"internal,omitempty"` +} + +type AzureNetworkAccessInternal struct { + // networkResourceGroupName is the resource group name where the cluster's vnet + // and subnet are. When omitted, the registry operator will use the cluster + // resource group (from in the infrastructure status). + // If you set a networkResourceGroupName on your install-config.yaml, that + // value will be used automatically (for clusters configured with publish:Internal). + // Note that both vnet and subnet must be in the same resource group. + // It must be between 1 and 90 characters in length and must consist only of + // alphanumeric characters, hyphens (-), periods (.) and underscores (_), and + // not end with a period. + // +kubebuilder:validation:MaxLength=90 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$` + // +optional + NetworkResourceGroupName string `json:"networkResourceGroupName,omitempty"` + // vnetName is the name of the vnet the registry operates in. When omitted, + // the registry operator will discover and set this by using the `kubernetes.io_cluster.` + // tag in the vnet resource. This tag is set automatically by the installer. + // Commonly, this will be the same vnet as the cluster. + // Advanced cluster network configurations should ensure the provided vnetName + // is the vnet of the nodes where the image registry pods are running from. + // It must be between 2 and 64 characters in length and must consist only of + // alphanumeric characters, hyphens (-), periods (.) and underscores (_). + // It must start with an alphanumeric character and end with an alphanumeric character or an underscore. + // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:MinLength=2 + // +kubebuilder:validation:Pattern=`^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$` + // +optional + VNetName string `json:"vnetName,omitempty"` + // subnetName is the name of the subnet the registry operates in. When omitted, + // the registry operator will discover and set this by using the `kubernetes.io_cluster.` + // tag in the vnet resource, then using one of listed subnets. + // Advanced cluster network configurations that use network security groups + // to protect subnets should ensure the provided subnetName has access to + // Azure Storage service. + // It must be between 1 and 80 characters in length and must consist only of + // alphanumeric characters, hyphens (-), periods (.) and underscores (_). + // +kubebuilder:validation:MaxLength=80 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^[0-9A-Za-z](?:[0-9A-Za-z_.-]*[0-9A-Za-z_])?$` + // +optional + SubnetName string `json:"subnetName,omitempty"` + // privateEndpointName is the name of the private endpoint for the registry. + // When provided, the registry will use it as the name of the private endpoint + // it will create for the storage account. When omitted, the registry will + // generate one. + // It must be between 2 and 64 characters in length and must consist only of + // alphanumeric characters, hyphens (-), periods (.) and underscores (_). + // It must start with an alphanumeric character and end with an alphanumeric character or an underscore. + // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:MinLength=2 + // +kubebuilder:validation:Pattern=`^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$` + // +optional + PrivateEndpointName string `json:"privateEndpointName,omitempty"` } +// AzureNetworkAccessType is the network access level to be used for the storage account. +// +kubebuilder:validation:Enum:="Internal";"External" +type AzureNetworkAccessType string + +const ( + // AzureNetworkAccessTypeInternal means the storage account will be private + AzureNetworkAccessTypeInternal AzureNetworkAccessType = "Internal" + // AzureNetworkAccessTypeExternal means the storage account will be publicly accessible + AzureNetworkAccessTypeExternal AzureNetworkAccessType = "External" +) + // ImageRegistryConfigStorageIBMCOS holds the information to configure // the registry to use IBM Cloud Object Storage for backend storage. type ImageRegistryConfigStorageIBMCOS struct { diff --git a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go index 7519720a12..63f25fc19e 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go @@ -14,6 +14,43 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureNetworkAccess) DeepCopyInto(out *AzureNetworkAccess) { + *out = *in + if in.Internal != nil { + in, out := &in.Internal, &out.Internal + *out = new(AzureNetworkAccessInternal) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureNetworkAccess. +func (in *AzureNetworkAccess) DeepCopy() *AzureNetworkAccess { + if in == nil { + return nil + } + out := new(AzureNetworkAccess) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureNetworkAccessInternal) DeepCopyInto(out *AzureNetworkAccessInternal) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureNetworkAccessInternal. +func (in *AzureNetworkAccessInternal) DeepCopy() *AzureNetworkAccessInternal { + if in == nil { + return nil + } + out := new(AzureNetworkAccessInternal) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Config) DeepCopyInto(out *Config) { *out = *in @@ -348,7 +385,7 @@ func (in *ImageRegistryConfigStorage) DeepCopyInto(out *ImageRegistryConfigStora if in.Azure != nil { in, out := &in.Azure, &out.Azure *out = new(ImageRegistryConfigStorageAzure) - **out = **in + (*in).DeepCopyInto(*out) } if in.IBMCOS != nil { in, out := &in.IBMCOS, &out.IBMCOS @@ -397,6 +434,11 @@ func (in *ImageRegistryConfigStorageAlibabaOSS) DeepCopy() *ImageRegistryConfigS // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImageRegistryConfigStorageAzure) DeepCopyInto(out *ImageRegistryConfigStorageAzure) { *out = *in + if in.NetworkAccess != nil { + in, out := &in.NetworkAccess, &out.NetworkAccess + *out = new(AzureNetworkAccess) + (*in).DeepCopyInto(*out) + } return } diff --git a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go index 391381ea0e..24d6d780dd 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go @@ -11,6 +11,27 @@ package v1 // Those methods can be generated by using hack/update-swagger-docs.sh // AUTO-GENERATED FUNCTIONS START HERE +var map_AzureNetworkAccess = map[string]string{ + "": "AzureNetworkAccess defines the network access properties for the storage account.", + "type": "type is the network access level to be used for the storage account. type: Internal means the storage account will be private, type: External means the storage account will be publicly accessible. Internal storage accounts are only exposed within the cluster's vnet. External storage accounts are publicly exposed on the internet. When type: Internal is used, a vnetName, subNetName and privateEndpointName may optionally be specified. If unspecificed, the image registry operator will discover vnet and subnet names, and generate a privateEndpointName. Defaults to \"External\".", + "internal": "internal defines the vnet and subnet names to configure a private endpoint and connect it to the storage account in order to make it private. when type: Internal and internal is unset, the image registry operator will discover vnet and subnet names, and generate a private endpoint name.", +} + +func (AzureNetworkAccess) SwaggerDoc() map[string]string { + return map_AzureNetworkAccess +} + +var map_AzureNetworkAccessInternal = map[string]string{ + "networkResourceGroupName": "networkResourceGroupName is the resource group name where the cluster's vnet and subnet are. When omitted, the registry operator will use the cluster resource group (from in the infrastructure status). If you set a networkResourceGroupName on your install-config.yaml, that value will be used automatically (for clusters configured with publish:Internal). Note that both vnet and subnet must be in the same resource group. It must be between 1 and 90 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_), and not end with a period.", + "vnetName": "vnetName is the name of the vnet the registry operates in. When omitted, the registry operator will discover and set this by using the `kubernetes.io_cluster.` tag in the vnet resource. This tag is set automatically by the installer. Commonly, this will be the same vnet as the cluster. Advanced cluster network configurations should ensure the provided vnetName is the vnet of the nodes where the image registry pods are running from. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.", + "subnetName": "subnetName is the name of the subnet the registry operates in. When omitted, the registry operator will discover and set this by using the `kubernetes.io_cluster.` tag in the vnet resource, then using one of listed subnets. Advanced cluster network configurations that use network security groups to protect subnets should ensure the provided subnetName has access to Azure Storage service. It must be between 1 and 80 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_).", + "privateEndpointName": "privateEndpointName is the name of the private endpoint for the registry. When provided, the registry will use it as the name of the private endpoint it will create for the storage account. When omitted, the registry will generate one. It must be between 2 and 64 characters in length and must consist only of alphanumeric characters, hyphens (-), periods (.) and underscores (_). It must start with an alphanumeric character and end with an alphanumeric character or an underscore.", +} + +func (AzureNetworkAccessInternal) SwaggerDoc() map[string]string { + return map_AzureNetworkAccessInternal +} + var map_Config = map[string]string{ "": "Config is the configuration object for a registry instance managed by the registry operator\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -112,10 +133,11 @@ func (ImageRegistryConfigStorageAlibabaOSS) SwaggerDoc() map[string]string { } var map_ImageRegistryConfigStorageAzure = map[string]string{ - "": "ImageRegistryConfigStorageAzure holds the information to configure the registry to use Azure Blob Storage for backend storage.", - "accountName": "accountName defines the account to be used by the registry.", - "container": "container defines Azure's container to be used by registry.", - "cloudName": "cloudName is the name of the Azure cloud environment to be used by the registry. If empty, the operator will set it based on the infrastructure object.", + "": "ImageRegistryConfigStorageAzure holds the information to configure the registry to use Azure Blob Storage for backend storage.", + "accountName": "accountName defines the account to be used by the registry.", + "container": "container defines Azure's container to be used by registry.", + "cloudName": "cloudName is the name of the Azure cloud environment to be used by the registry. If empty, the operator will set it based on the infrastructure object.", + "networkAccess": "networkAccess defines the network access properties for the storage account. Defaults to type: External.", } func (ImageRegistryConfigStorageAzure) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/install.go b/vendor/github.com/openshift/api/install.go index d7668b3c03..cc91150009 100644 --- a/vendor/github.com/openshift/api/install.go +++ b/vendor/github.com/openshift/api/install.go @@ -26,7 +26,6 @@ import ( keventsv1 "k8s.io/api/events/v1" keventsv1beta1 "k8s.io/api/events/v1beta1" kextensionsv1beta1 "k8s.io/api/extensions/v1beta1" - kflowcontrolv1alpha1 "k8s.io/api/flowcontrol/v1alpha1" kflowcontrolv1beta1 "k8s.io/api/flowcontrol/v1beta1" kflowcontrolv1beta2 "k8s.io/api/flowcontrol/v1beta2" kimagepolicyv1alpha1 "k8s.io/api/imagepolicy/v1alpha1" @@ -143,7 +142,6 @@ var ( keventsv1.AddToScheme, keventsv1beta1.AddToScheme, kextensionsv1beta1.AddToScheme, - kflowcontrolv1alpha1.AddToScheme, kflowcontrolv1beta1.AddToScheme, kflowcontrolv1beta2.AddToScheme, kimagepolicyv1alpha1.AddToScheme, diff --git a/vendor/github.com/openshift/api/machine/.codegen.yaml b/vendor/github.com/openshift/api/machine/.codegen.yaml index ffa2c8d9b2..e799336feb 100644 --- a/vendor/github.com/openshift/api/machine/.codegen.yaml +++ b/vendor/github.com/openshift/api/machine/.codegen.yaml @@ -1,2 +1,8 @@ +schemapatch: + requiredFeatureSets: + - "" + - "Default" + - "TechPreviewNoUpgrade" + - "CustomNoUpgrade" swaggerdocs: commentPolicy: Warn diff --git a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-CustomNoUpgrade.crd.yaml new file mode 100644 index 0000000000..61f84a389d --- /dev/null +++ b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-CustomNoUpgrade.crd.yaml @@ -0,0 +1,604 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1112 + capability.openshift.io/name: MachineAPI + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: CustomNoUpgrade + creationTimestamp: null + name: controlplanemachinesets.machine.openshift.io +spec: + group: machine.openshift.io + names: + kind: ControlPlaneMachineSet + listKind: ControlPlaneMachineSetList + plural: controlplanemachinesets + singular: controlplanemachineset + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Desired Replicas + jsonPath: .spec.replicas + name: Desired + type: integer + - description: Current Replicas + jsonPath: .status.replicas + name: Current + type: integer + - description: Ready Replicas + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Updated Replicas + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Observed number of unavailable replicas + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + - description: ControlPlaneMachineSet state + jsonPath: .spec.state + name: State + type: string + - description: ControlPlaneMachineSet age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: 'ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlPlaneMachineSet represents the configuration of the ControlPlaneMachineSet. + type: object + required: + - replicas + - selector + - template + properties: + replicas: + description: Replicas defines how many Control Plane Machines should be created by this ControlPlaneMachineSet. This field is immutable and cannot be changed after cluster installation. The ControlPlaneMachineSet only operates with 3 or 5 node control planes, 3 and 5 are the only valid values for this field. + type: integer + format: int32 + default: 3 + enum: + - 3 + - 5 + x-kubernetes-validations: + - rule: self == oldSelf + message: replicas is immutable + selector: + description: Label selector for Machines. Existing Machines selected by this selector will be the ones affected by this ControlPlaneMachineSet. It must match the template's labels. This field is considered immutable after creation of the resource. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - rule: self == oldSelf + message: selector is immutable + state: + description: State defines whether the ControlPlaneMachineSet is Active or Inactive. When Inactive, the ControlPlaneMachineSet will not take any action on the state of the Machines within the cluster. When Active, the ControlPlaneMachineSet will reconcile the Machines and will update the Machines as necessary. Once Active, a ControlPlaneMachineSet cannot be made Inactive. To prevent further action please remove the ControlPlaneMachineSet. + type: string + default: Inactive + enum: + - Active + - Inactive + x-kubernetes-validations: + - rule: oldSelf != 'Active' || self == oldSelf + message: state cannot be changed once Active + strategy: + description: Strategy defines how the ControlPlaneMachineSet will update Machines when it detects a change to the ProviderSpec. + type: object + default: + type: RollingUpdate + properties: + type: + description: Type defines the type of update strategy that should be used when updating Machines owned by the ControlPlaneMachineSet. Valid values are "RollingUpdate" and "OnDelete". The current default value is "RollingUpdate". + type: string + default: RollingUpdate + enum: + - RollingUpdate + - OnDelete + template: + description: Template describes the Control Plane Machines that will be created by this ControlPlaneMachineSet. + type: object + required: + - machineType + properties: + machineType: + description: MachineType determines the type of Machines that should be managed by the ControlPlaneMachineSet. Currently, the only valid value is machines_v1beta1_machine_openshift_io. + type: string + enum: + - machines_v1beta1_machine_openshift_io + machines_v1beta1_machine_openshift_io: + description: OpenShiftMachineV1Beta1Machine defines the template for creating Machines from the v1beta1.machine.openshift.io API group. + type: object + required: + - metadata + - spec + properties: + failureDomains: + description: FailureDomains is the list of failure domains (sometimes called availability zones) in which the ControlPlaneMachineSet should balance the Control Plane Machines. This will be merged into the ProviderSpec given in the template. This field is optional on platforms that do not require placement information. + type: object + required: + - platform + properties: + aws: + description: AWS configures failure domain information for the AWS platform. + type: array + items: + description: AWSFailureDomain configures failure domain information for the AWS platform. + type: object + minProperties: 1 + properties: + placement: + description: Placement configures the placement information for this instance. + type: object + required: + - availabilityZone + properties: + availabilityZone: + description: AvailabilityZone is the availability zone of the instance. + type: string + subnet: + description: Subnet is a reference to the subnet to use for this instance. + type: object + required: + - type + properties: + arn: + description: ARN of resource. + type: string + filters: + description: Filters is a set of filters used to identify a resource. + type: array + items: + description: AWSResourceFilter is a filter used to identify an AWS resource + type: object + required: + - name + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. Filter values are case-sensitive. + type: array + items: + type: string + id: + description: ID of resource. + type: string + type: + description: Type determines how the reference will fetch the AWS resource. + type: string + enum: + - ID + - ARN + - Filters + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''ID'' ? has(self.id) : !has(self.id)' + message: id is required when type is ID, and forbidden otherwise + - rule: 'has(self.type) && self.type == ''ARN'' ? has(self.arn) : !has(self.arn)' + message: arn is required when type is ARN, and forbidden otherwise + - rule: 'has(self.type) && self.type == ''Filters'' ? has(self.filters) : !has(self.filters)' + message: filters is required when type is Filters, and forbidden otherwise + azure: + description: Azure configures failure domain information for the Azure platform. + type: array + items: + description: AzureFailureDomain configures failure domain information for the Azure platform. + type: object + required: + - zone + properties: + subnet: + description: subnet is the name of the network subnet in which the VM will be created. When omitted, the subnet value from the machine providerSpec template will be used. + type: string + maxLength: 80 + pattern: ^[a-zA-Z0-9](?:[a-zA-Z0-9._-]*[a-zA-Z0-9_])?$ + zone: + description: Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone. + type: string + gcp: + description: GCP configures failure domain information for the GCP platform. + type: array + items: + description: GCPFailureDomain configures failure domain information for the GCP platform + type: object + required: + - zone + properties: + zone: + description: Zone is the zone in which the GCP machine provider will create the VM. + type: string + nutanix: + description: nutanix configures failure domain information for the Nutanix platform. + type: array + items: + description: NutanixFailureDomainReference refers to the failure domain of the Nutanix platform. + type: object + required: + - name + properties: + name: + description: name of the failure domain in which the nutanix machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. + type: string + maxLength: 64 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + openstack: + description: OpenStack configures failure domain information for the OpenStack platform. + type: array + items: + description: OpenStackFailureDomain configures failure domain information for the OpenStack platform. + type: object + minProperties: 1 + properties: + availabilityZone: + description: 'availabilityZone is the nova availability zone in which the OpenStack machine provider will create the VM. If not specified, the VM will be created in the default availability zone specified in the nova configuration. Availability zone names must NOT contain : since it is used by admin users to specify hosts where instances are launched in server creation. Also, it must not contain spaces otherwise it will lead to node that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.' + type: string + maxLength: 63 + minLength: 1 + pattern: '^[^: ]*$' + rootVolume: + description: rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM. If not specified, no root volume will be created. + type: object + required: + - volumeType + properties: + availabilityZone: + description: availabilityZone specifies the Cinder availability zone where the root volume will be created. If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details. If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone). Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits. + type: string + maxLength: 63 + minLength: 1 + pattern: ^[^ ]*$ + volumeType: + description: volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit. + type: string + maxLength: 255 + minLength: 1 + x-kubernetes-validations: + - rule: '!has(self.availabilityZone) || !has(self.rootVolume) || has(self.rootVolume.availabilityZone)' + message: rootVolume.availabilityZone is required when availabilityZone is set + platform: + description: Platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix. + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + vsphere: + description: vsphere configures failure domain information for the VSphere platform. + type: array + items: + description: VSphereFailureDomain configures failure domain information for the vSphere platform + type: object + required: + - name + properties: + name: + description: name of the failure domain in which the vSphere machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. When balancing machines across failure domains, the control plane machine set will inject configuration from the Infrastructure resource into the machine providerSpec to allocate the machine to a failure domain. + type: string + x-kubernetes-validations: + - rule: 'has(self.platform) && self.platform == ''VSphere'' ? has(self.vsphere) : !has(self.vsphere)' + message: vsphere configuration is required when platform is VSphere, and forbidden otherwise + - rule: 'has(self.platform) && self.platform == ''AWS'' ? has(self.aws) : !has(self.aws)' + message: aws configuration is required when platform is AWS, and forbidden otherwise + - rule: 'has(self.platform) && self.platform == ''Azure'' ? has(self.azure) : !has(self.azure)' + message: azure configuration is required when platform is Azure, and forbidden otherwise + - rule: 'has(self.platform) && self.platform == ''GCP'' ? has(self.gcp) : !has(self.gcp)' + message: gcp configuration is required when platform is GCP, and forbidden otherwise + - rule: 'has(self.platform) && self.platform == ''OpenStack'' ? has(self.openstack) : !has(self.openstack)' + message: openstack configuration is required when platform is OpenStack, and forbidden otherwise + - rule: 'has(self.platform) && self.platform == ''Nutanix'' ? has(self.nutanix) : !has(self.nutanix)' + message: nutanix configuration is required when platform is Nutanix, and forbidden otherwise + metadata: + description: 'ObjectMeta is the standard object metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Labels are required to match the ControlPlaneMachineSet selector.' + type: object + required: + - labels + properties: + annotations: + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + additionalProperties: + type: string + labels: + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels. This field must contain both the ''machine.openshift.io/cluster-api-machine-role'' and ''machine.openshift.io/cluster-api-machine-type'' labels, both with a value of ''master''. It must also contain a label with the key ''machine.openshift.io/cluster-api-cluster''.' + type: object + additionalProperties: + type: string + x-kubernetes-validations: + - rule: '''machine.openshift.io/cluster-api-machine-role'' in self && self[''machine.openshift.io/cluster-api-machine-role''] == ''master''' + message: label 'machine.openshift.io/cluster-api-machine-role' is required, and must have value 'master' + - rule: '''machine.openshift.io/cluster-api-machine-type'' in self && self[''machine.openshift.io/cluster-api-machine-type''] == ''master''' + message: label 'machine.openshift.io/cluster-api-machine-type' is required, and must have value 'master' + - rule: '''machine.openshift.io/cluster-api-cluster'' in self' + message: label 'machine.openshift.io/cluster-api-cluster' is required + spec: + description: Spec contains the desired configuration of the Control Plane Machines. The ProviderSpec within contains platform specific details for creating the Control Plane Machines. The ProviderSe should be complete apart from the platform specific failure domain field. This will be overriden when the Machines are created based on the FailureDomains field. + type: object + properties: + lifecycleHooks: + description: LifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle. + type: object + properties: + preDrain: + description: PreDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination. + type: array + items: + description: LifecycleHook represents a single instance of a lifecycle hook + type: object + required: + - name + - owner + properties: + name: + description: Name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity. + type: string + maxLength: 256 + minLength: 3 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + owner: + description: Owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook. + type: string + maxLength: 512 + minLength: 3 + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + preTerminate: + description: PreTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained. + type: array + items: + description: LifecycleHook represents a single instance of a lifecycle hook + type: object + required: + - name + - owner + properties: + name: + description: Name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity. + type: string + maxLength: 256 + minLength: 3 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + owner: + description: Owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook. + type: string + maxLength: 512 + minLength: 3 + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + metadata: + description: ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node. + type: object + properties: + annotations: + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + additionalProperties: + type: string + generateName: + description: "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + additionalProperties: + type: string + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. + type: array + items: + description: OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field. + type: object + required: + - apiVersion + - kind + - name + - uid + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + providerID: + description: ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider. + type: string + providerSpec: + description: ProviderSpec details Provider-specific configuration to use during node creation. + type: object + properties: + value: + description: Value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config. + type: object + x-kubernetes-preserve-unknown-fields: true + taints: + description: The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints + type: array + items: + description: The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint. + type: object + required: + - effect + - key + properties: + effect: + description: Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints. + type: string + format: date-time + value: + description: The taint value corresponding to the taint key. + type: string + x-kubernetes-validations: + - rule: 'has(self.machineType) && self.machineType == ''machines_v1beta1_machine_openshift_io'' ? has(self.machines_v1beta1_machine_openshift_io) : !has(self.machines_v1beta1_machine_openshift_io)' + message: machines_v1beta1_machine_openshift_io configuration is required when machineType is machines_v1beta1_machine_openshift_io, and forbidden otherwise + status: + description: ControlPlaneMachineSetStatus represents the status of the ControlPlaneMachineSet CRD. + type: object + properties: + conditions: + description: 'Conditions represents the observations of the ControlPlaneMachineSet''s current state. Known .status.conditions.type are: Available, Degraded and Progressing.' + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: ObservedGeneration is the most recent generation observed for this ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's generation, which is updated on mutation by the API Server. + type: integer + format: int64 + readyReplicas: + description: ReadyReplicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller which are ready. Note that this value may be higher than the desired number of replicas while rolling updates are in-progress. + type: integer + format: int32 + replicas: + description: Replicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller. Note that during update operations this value may differ from the desired replica count. + type: integer + format: int32 + unavailableReplicas: + description: UnavailableReplicas is the number of Control Plane Machines that are still required before the ControlPlaneMachineSet reaches the desired available capacity. When this value is non-zero, the number of ReadyReplicas is less than the desired Replicas. + type: integer + format: int32 + updatedReplicas: + description: UpdatedReplicas is the number of non-terminated Control Plane Machines created by the ControlPlaneMachineSet controller that have the desired provider spec and are ready. This value is set to 0 when a change is detected to the desired spec. When the update strategy is RollingUpdate, this will also coincide with starting the process of updating the Machines. When the update strategy is OnDelete, this value will remain at 0 until a user deletes an existing replica and its replacement has become ready. + type: integer + format: int32 + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.labelSelector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-Default.crd.yaml similarity index 96% rename from vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml rename to vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-Default.crd.yaml index 97c0ae6009..906aca90d7 100644 --- a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml +++ b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-Default.crd.yaml @@ -6,6 +6,7 @@ metadata: api-approved.openshift.io: https://github.com/openshift/api/pull/1112 exclude.release.openshift.io/internal-openshift-hosted: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: Default creationTimestamp: null name: controlplanemachinesets.machine.openshift.io spec: @@ -249,6 +250,24 @@ spec: zone: description: Zone is the zone in which the GCP machine provider will create the VM. type: string + nutanix: + description: nutanix configures failure domain information for the Nutanix platform. + type: array + items: + description: NutanixFailureDomainReference refers to the failure domain of the Nutanix platform. + type: object + required: + - name + properties: + name: + description: name of the failure domain in which the nutanix machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. + type: string + maxLength: 64 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map openstack: description: OpenStack configures failure domain information for the OpenStack platform. type: array @@ -284,7 +303,7 @@ spec: - rule: '!has(self.availabilityZone) || !has(self.rootVolume) || has(self.rootVolume.availabilityZone)' message: rootVolume.availabilityZone is required when availabilityZone is set platform: - description: Platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, and GCP. + description: Platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix. type: string enum: - "" @@ -313,6 +332,8 @@ spec: message: gcp configuration is required when platform is GCP, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''OpenStack'' ? has(self.openstack) : !has(self.openstack)' message: openstack configuration is required when platform is OpenStack, and forbidden otherwise + - rule: 'has(self.platform) && self.platform == ''Nutanix'' ? has(self.nutanix) : !has(self.nutanix)' + message: nutanix configuration is required when platform is Nutanix, and forbidden otherwise metadata: description: 'ObjectMeta is the standard object metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Labels are required to match the ControlPlaneMachineSet selector.' type: object diff --git a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 0000000000..442ae307a2 --- /dev/null +++ b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,604 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1112 + capability.openshift.io/name: MachineAPI + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + creationTimestamp: null + name: controlplanemachinesets.machine.openshift.io +spec: + group: machine.openshift.io + names: + kind: ControlPlaneMachineSet + listKind: ControlPlaneMachineSetList + plural: controlplanemachinesets + singular: controlplanemachineset + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Desired Replicas + jsonPath: .spec.replicas + name: Desired + type: integer + - description: Current Replicas + jsonPath: .status.replicas + name: Current + type: integer + - description: Ready Replicas + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Updated Replicas + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Observed number of unavailable replicas + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + - description: ControlPlaneMachineSet state + jsonPath: .spec.state + name: State + type: string + - description: ControlPlaneMachineSet age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: 'ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlPlaneMachineSet represents the configuration of the ControlPlaneMachineSet. + type: object + required: + - replicas + - selector + - template + properties: + replicas: + description: Replicas defines how many Control Plane Machines should be created by this ControlPlaneMachineSet. This field is immutable and cannot be changed after cluster installation. The ControlPlaneMachineSet only operates with 3 or 5 node control planes, 3 and 5 are the only valid values for this field. + type: integer + format: int32 + default: 3 + enum: + - 3 + - 5 + x-kubernetes-validations: + - rule: self == oldSelf + message: replicas is immutable + selector: + description: Label selector for Machines. Existing Machines selected by this selector will be the ones affected by this ControlPlaneMachineSet. It must match the template's labels. This field is considered immutable after creation of the resource. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + x-kubernetes-validations: + - rule: self == oldSelf + message: selector is immutable + state: + description: State defines whether the ControlPlaneMachineSet is Active or Inactive. When Inactive, the ControlPlaneMachineSet will not take any action on the state of the Machines within the cluster. When Active, the ControlPlaneMachineSet will reconcile the Machines and will update the Machines as necessary. Once Active, a ControlPlaneMachineSet cannot be made Inactive. To prevent further action please remove the ControlPlaneMachineSet. + type: string + default: Inactive + enum: + - Active + - Inactive + x-kubernetes-validations: + - rule: oldSelf != 'Active' || self == oldSelf + message: state cannot be changed once Active + strategy: + description: Strategy defines how the ControlPlaneMachineSet will update Machines when it detects a change to the ProviderSpec. + type: object + default: + type: RollingUpdate + properties: + type: + description: Type defines the type of update strategy that should be used when updating Machines owned by the ControlPlaneMachineSet. Valid values are "RollingUpdate" and "OnDelete". The current default value is "RollingUpdate". + type: string + default: RollingUpdate + enum: + - RollingUpdate + - OnDelete + template: + description: Template describes the Control Plane Machines that will be created by this ControlPlaneMachineSet. + type: object + required: + - machineType + properties: + machineType: + description: MachineType determines the type of Machines that should be managed by the ControlPlaneMachineSet. Currently, the only valid value is machines_v1beta1_machine_openshift_io. + type: string + enum: + - machines_v1beta1_machine_openshift_io + machines_v1beta1_machine_openshift_io: + description: OpenShiftMachineV1Beta1Machine defines the template for creating Machines from the v1beta1.machine.openshift.io API group. + type: object + required: + - metadata + - spec + properties: + failureDomains: + description: FailureDomains is the list of failure domains (sometimes called availability zones) in which the ControlPlaneMachineSet should balance the Control Plane Machines. This will be merged into the ProviderSpec given in the template. This field is optional on platforms that do not require placement information. + type: object + required: + - platform + properties: + aws: + description: AWS configures failure domain information for the AWS platform. + type: array + items: + description: AWSFailureDomain configures failure domain information for the AWS platform. + type: object + minProperties: 1 + properties: + placement: + description: Placement configures the placement information for this instance. + type: object + required: + - availabilityZone + properties: + availabilityZone: + description: AvailabilityZone is the availability zone of the instance. + type: string + subnet: + description: Subnet is a reference to the subnet to use for this instance. + type: object + required: + - type + properties: + arn: + description: ARN of resource. + type: string + filters: + description: Filters is a set of filters used to identify a resource. + type: array + items: + description: AWSResourceFilter is a filter used to identify an AWS resource + type: object + required: + - name + properties: + name: + description: Name of the filter. Filter names are case-sensitive. + type: string + values: + description: Values includes one or more filter values. Filter values are case-sensitive. + type: array + items: + type: string + id: + description: ID of resource. + type: string + type: + description: Type determines how the reference will fetch the AWS resource. + type: string + enum: + - ID + - ARN + - Filters + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''ID'' ? has(self.id) : !has(self.id)' + message: id is required when type is ID, and forbidden otherwise + - rule: 'has(self.type) && self.type == ''ARN'' ? has(self.arn) : !has(self.arn)' + message: arn is required when type is ARN, and forbidden otherwise + - rule: 'has(self.type) && self.type == ''Filters'' ? has(self.filters) : !has(self.filters)' + message: filters is required when type is Filters, and forbidden otherwise + azure: + description: Azure configures failure domain information for the Azure platform. + type: array + items: + description: AzureFailureDomain configures failure domain information for the Azure platform. + type: object + required: + - zone + properties: + subnet: + description: subnet is the name of the network subnet in which the VM will be created. When omitted, the subnet value from the machine providerSpec template will be used. + type: string + maxLength: 80 + pattern: ^[a-zA-Z0-9](?:[a-zA-Z0-9._-]*[a-zA-Z0-9_])?$ + zone: + description: Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone. + type: string + gcp: + description: GCP configures failure domain information for the GCP platform. + type: array + items: + description: GCPFailureDomain configures failure domain information for the GCP platform + type: object + required: + - zone + properties: + zone: + description: Zone is the zone in which the GCP machine provider will create the VM. + type: string + nutanix: + description: nutanix configures failure domain information for the Nutanix platform. + type: array + items: + description: NutanixFailureDomainReference refers to the failure domain of the Nutanix platform. + type: object + required: + - name + properties: + name: + description: name of the failure domain in which the nutanix machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. + type: string + maxLength: 64 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + openstack: + description: OpenStack configures failure domain information for the OpenStack platform. + type: array + items: + description: OpenStackFailureDomain configures failure domain information for the OpenStack platform. + type: object + minProperties: 1 + properties: + availabilityZone: + description: 'availabilityZone is the nova availability zone in which the OpenStack machine provider will create the VM. If not specified, the VM will be created in the default availability zone specified in the nova configuration. Availability zone names must NOT contain : since it is used by admin users to specify hosts where instances are launched in server creation. Also, it must not contain spaces otherwise it will lead to node that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.' + type: string + maxLength: 63 + minLength: 1 + pattern: '^[^: ]*$' + rootVolume: + description: rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM. If not specified, no root volume will be created. + type: object + required: + - volumeType + properties: + availabilityZone: + description: availabilityZone specifies the Cinder availability zone where the root volume will be created. If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details. If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone). Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits. + type: string + maxLength: 63 + minLength: 1 + pattern: ^[^ ]*$ + volumeType: + description: volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit. + type: string + maxLength: 255 + minLength: 1 + x-kubernetes-validations: + - rule: '!has(self.availabilityZone) || !has(self.rootVolume) || has(self.rootVolume.availabilityZone)' + message: rootVolume.availabilityZone is required when availabilityZone is set + platform: + description: Platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix. + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + - PowerVS + - AlibabaCloud + - Nutanix + - External + vsphere: + description: vsphere configures failure domain information for the VSphere platform. + type: array + items: + description: VSphereFailureDomain configures failure domain information for the vSphere platform + type: object + required: + - name + properties: + name: + description: name of the failure domain in which the vSphere machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. When balancing machines across failure domains, the control plane machine set will inject configuration from the Infrastructure resource into the machine providerSpec to allocate the machine to a failure domain. + type: string + x-kubernetes-validations: + - rule: 'has(self.platform) && self.platform == ''VSphere'' ? has(self.vsphere) : !has(self.vsphere)' + message: vsphere configuration is required when platform is VSphere, and forbidden otherwise + - rule: 'has(self.platform) && self.platform == ''AWS'' ? has(self.aws) : !has(self.aws)' + message: aws configuration is required when platform is AWS, and forbidden otherwise + - rule: 'has(self.platform) && self.platform == ''Azure'' ? has(self.azure) : !has(self.azure)' + message: azure configuration is required when platform is Azure, and forbidden otherwise + - rule: 'has(self.platform) && self.platform == ''GCP'' ? has(self.gcp) : !has(self.gcp)' + message: gcp configuration is required when platform is GCP, and forbidden otherwise + - rule: 'has(self.platform) && self.platform == ''OpenStack'' ? has(self.openstack) : !has(self.openstack)' + message: openstack configuration is required when platform is OpenStack, and forbidden otherwise + - rule: 'has(self.platform) && self.platform == ''Nutanix'' ? has(self.nutanix) : !has(self.nutanix)' + message: nutanix configuration is required when platform is Nutanix, and forbidden otherwise + metadata: + description: 'ObjectMeta is the standard object metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Labels are required to match the ControlPlaneMachineSet selector.' + type: object + required: + - labels + properties: + annotations: + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + additionalProperties: + type: string + labels: + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels. This field must contain both the ''machine.openshift.io/cluster-api-machine-role'' and ''machine.openshift.io/cluster-api-machine-type'' labels, both with a value of ''master''. It must also contain a label with the key ''machine.openshift.io/cluster-api-cluster''.' + type: object + additionalProperties: + type: string + x-kubernetes-validations: + - rule: '''machine.openshift.io/cluster-api-machine-role'' in self && self[''machine.openshift.io/cluster-api-machine-role''] == ''master''' + message: label 'machine.openshift.io/cluster-api-machine-role' is required, and must have value 'master' + - rule: '''machine.openshift.io/cluster-api-machine-type'' in self && self[''machine.openshift.io/cluster-api-machine-type''] == ''master''' + message: label 'machine.openshift.io/cluster-api-machine-type' is required, and must have value 'master' + - rule: '''machine.openshift.io/cluster-api-cluster'' in self' + message: label 'machine.openshift.io/cluster-api-cluster' is required + spec: + description: Spec contains the desired configuration of the Control Plane Machines. The ProviderSpec within contains platform specific details for creating the Control Plane Machines. The ProviderSe should be complete apart from the platform specific failure domain field. This will be overriden when the Machines are created based on the FailureDomains field. + type: object + properties: + lifecycleHooks: + description: LifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle. + type: object + properties: + preDrain: + description: PreDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination. + type: array + items: + description: LifecycleHook represents a single instance of a lifecycle hook + type: object + required: + - name + - owner + properties: + name: + description: Name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity. + type: string + maxLength: 256 + minLength: 3 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + owner: + description: Owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook. + type: string + maxLength: 512 + minLength: 3 + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + preTerminate: + description: PreTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained. + type: array + items: + description: LifecycleHook represents a single instance of a lifecycle hook + type: object + required: + - name + - owner + properties: + name: + description: Name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity. + type: string + maxLength: 256 + minLength: 3 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + owner: + description: Owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook. + type: string + maxLength: 512 + minLength: 3 + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + metadata: + description: ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node. + type: object + properties: + annotations: + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + additionalProperties: + type: string + generateName: + description: "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + additionalProperties: + type: string + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. + type: array + items: + description: OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field. + type: object + required: + - apiVersion + - kind + - name + - uid + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' + type: string + providerID: + description: ProviderID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider. + type: string + providerSpec: + description: ProviderSpec details Provider-specific configuration to use during node creation. + type: object + properties: + value: + description: Value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config. + type: object + x-kubernetes-preserve-unknown-fields: true + taints: + description: The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints + type: array + items: + description: The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint. + type: object + required: + - effect + - key + properties: + effect: + description: Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to a node. + type: string + timeAdded: + description: TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints. + type: string + format: date-time + value: + description: The taint value corresponding to the taint key. + type: string + x-kubernetes-validations: + - rule: 'has(self.machineType) && self.machineType == ''machines_v1beta1_machine_openshift_io'' ? has(self.machines_v1beta1_machine_openshift_io) : !has(self.machines_v1beta1_machine_openshift_io)' + message: machines_v1beta1_machine_openshift_io configuration is required when machineType is machines_v1beta1_machine_openshift_io, and forbidden otherwise + status: + description: ControlPlaneMachineSetStatus represents the status of the ControlPlaneMachineSet CRD. + type: object + properties: + conditions: + description: 'Conditions represents the observations of the ControlPlaneMachineSet''s current state. Known .status.conditions.type are: Available, Degraded and Progressing.' + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + observedGeneration: + description: ObservedGeneration is the most recent generation observed for this ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's generation, which is updated on mutation by the API Server. + type: integer + format: int64 + readyReplicas: + description: ReadyReplicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller which are ready. Note that this value may be higher than the desired number of replicas while rolling updates are in-progress. + type: integer + format: int32 + replicas: + description: Replicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller. Note that during update operations this value may differ from the desired replica count. + type: integer + format: int32 + unavailableReplicas: + description: UnavailableReplicas is the number of Control Plane Machines that are still required before the ControlPlaneMachineSet reaches the desired available capacity. When this value is non-zero, the number of ReadyReplicas is less than the desired Replicas. + type: integer + format: int32 + updatedReplicas: + description: UpdatedReplicas is the number of non-terminated Control Plane Machines created by the ControlPlaneMachineSet controller that have the desired provider spec and are ready. This value is set to 0 when a change is detected to the desired spec. When the update strategy is RollingUpdate, this will also coincide with starting the process of updating the Machines. When the update strategy is OnDelete, this value will remain at 0 until a user deletes an existing replica and its replacement has become ready. + type: integer + format: int32 + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.labelSelector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/vendor/github.com/openshift/api/machine/v1/custom.controlplanemachineset.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/custom.controlplanemachineset.testsuite.yaml new file mode 100644 index 0000000000..350be2bf31 --- /dev/null +++ b/vendor/github.com/openshift/api/machine/v1/custom.controlplanemachineset.testsuite.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[CustomNoUpgrade] ControlPlaneMachineSet" +crd: 0000_10_controlplanemachineset-CustomNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should reject a VSphere platform failure domain without any VSphere config + initial: | + apiVersion: machine.openshift.io/v1 + kind: ControlPlaneMachineSet + spec: + selector: + matchLabels: + machine.openshift.io/cluster-api-machine-role: master + machine.openshift.io/cluster-api-machine-type: master + template: + machineType: machines_v1beta1_machine_openshift_io + machines_v1beta1_machine_openshift_io: + metadata: + labels: + machine.openshift.io/cluster-api-machine-role: master + machine.openshift.io/cluster-api-machine-type: master + machine.openshift.io/cluster-api-cluster: cluster + spec: + providerSpec: {} + failureDomains: + platform: VSphere + expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": vsphere configuration is required when platform is VSphere" + - name: Should reject a VSphere configured failure domain without a platform type + initial: | + apiVersion: machine.openshift.io/v1 + kind: ControlPlaneMachineSet + spec: + selector: + matchLabels: + machine.openshift.io/cluster-api-machine-role: master + machine.openshift.io/cluster-api-machine-type: master + template: + machineType: machines_v1beta1_machine_openshift_io + machines_v1beta1_machine_openshift_io: + metadata: + labels: + machine.openshift.io/cluster-api-machine-role: master + machine.openshift.io/cluster-api-machine-type: master + machine.openshift.io/cluster-api-cluster: cluster + spec: + providerSpec: {} + failureDomains: + vsphere: + - name: foo + expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.platform: Required value" diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.aws.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.aws.testsuite.yaml index 07a5ec7c13..f599fcc2db 100644 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.aws.testsuite.yaml +++ b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.aws.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] ControlPlaneMachineSet (AWS)" -crd: 0000_10_controlplanemachineset.crd.yaml +crd: 0000_10_controlplanemachineset-Default.crd.yaml tests: onCreate: - name: Should reject an AWS platform failure domain without any AWS config diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.azure.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.azure.testsuite.yaml index 191bf65f2e..6b6295e536 100644 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.azure.testsuite.yaml +++ b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.azure.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] ControlPlaneMachineSet" -crd: 0000_10_controlplanemachineset.crd.yaml +crd: 0000_10_controlplanemachineset-Default.crd.yaml tests: onCreate: - name: Should reject an Azure platform failure domain without any Azure config diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.gcp.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.gcp.testsuite.yaml index 518625f915..24e617286c 100644 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.gcp.testsuite.yaml +++ b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.gcp.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] ControlPlaneMachineSet" -crd: 0000_10_controlplanemachineset.crd.yaml +crd: 0000_10_controlplanemachineset-Default.crd.yaml tests: onCreate: - name: Should reject an GCP platform failure domain without any GCP config diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml index a09de51e0f..ae65d8f7f4 100644 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml +++ b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] ControlPlaneMachineSet" -crd: 0000_10_controlplanemachineset.crd.yaml +crd: 0000_10_controlplanemachineset-Default.crd.yaml tests: onCreate: - name: Should reject an OpenStack platform failure domain without any OpenStack config diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.testsuite.yaml index 3e65b31f64..dd4f09ccf6 100644 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.testsuite.yaml +++ b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Stable] ControlPlaneMachineSet" -crd: 0000_10_controlplanemachineset.crd.yaml +crd: 0000_10_controlplanemachineset-Default.crd.yaml tests: onCreate: - name: Should be able to create a minimal ControlPlaneMachineSet diff --git a/vendor/github.com/openshift/api/machine/v1/techpreview.controlplanemachineset.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/techpreview.controlplanemachineset.testsuite.yaml new file mode 100644 index 0000000000..519b0cad2c --- /dev/null +++ b/vendor/github.com/openshift/api/machine/v1/techpreview.controlplanemachineset.testsuite.yaml @@ -0,0 +1,50 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[TechPreviewNoUpgrade] ControlPlaneMachineSet" +crd: 0000_10_controlplanemachineset-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should reject an VSphere platform failure domain without any VSphere config + initial: | + apiVersion: machine.openshift.io/v1 + kind: ControlPlaneMachineSet + spec: + selector: + matchLabels: + machine.openshift.io/cluster-api-machine-role: master + machine.openshift.io/cluster-api-machine-type: master + template: + machineType: machines_v1beta1_machine_openshift_io + machines_v1beta1_machine_openshift_io: + metadata: + labels: + machine.openshift.io/cluster-api-machine-role: master + machine.openshift.io/cluster-api-machine-type: master + machine.openshift.io/cluster-api-cluster: cluster + spec: + providerSpec: {} + failureDomains: + platform: VSphere + expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": vsphere configuration is required when platform is VSphere" + - name: Should reject an VSphere configured failure domain without a platform type + initial: | + apiVersion: machine.openshift.io/v1 + kind: ControlPlaneMachineSet + spec: + selector: + matchLabels: + machine.openshift.io/cluster-api-machine-role: master + machine.openshift.io/cluster-api-machine-type: master + template: + machineType: machines_v1beta1_machine_openshift_io + machines_v1beta1_machine_openshift_io: + metadata: + labels: + machine.openshift.io/cluster-api-machine-role: master + machine.openshift.io/cluster-api-machine-type: master + machine.openshift.io/cluster-api-cluster: cluster + spec: + providerSpec: {} + failureDomains: + vsphere: + - name: foo + expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.platform: Required value" diff --git a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go index e46c39b552..42e2b83fa1 100644 --- a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go +++ b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go @@ -138,7 +138,7 @@ type OpenShiftMachineV1Beta1MachineTemplate struct { // This will be merged into the ProviderSpec given in the template. // This field is optional on platforms that do not require placement information. // +optional - FailureDomains FailureDomains `json:"failureDomains,omitempty"` + FailureDomains *FailureDomains `json:"failureDomains,omitempty"` // ObjectMeta is the standard object metadata // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -231,9 +231,11 @@ const ( // +kubebuilder:validation:XValidation:rule="has(self.platform) && self.platform == 'Azure' ? has(self.azure) : !has(self.azure)",message="azure configuration is required when platform is Azure, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.platform) && self.platform == 'GCP' ? has(self.gcp) : !has(self.gcp)",message="gcp configuration is required when platform is GCP, and forbidden otherwise" // +kubebuilder:validation:XValidation:rule="has(self.platform) && self.platform == 'OpenStack' ? has(self.openstack) : !has(self.openstack)",message="openstack configuration is required when platform is OpenStack, and forbidden otherwise" +// +openshift:validation:FeatureSetAwareXValidation:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,rule="has(self.platform) && self.platform == 'VSphere' ? has(self.vsphere) : !has(self.vsphere)",message="vsphere configuration is required when platform is VSphere, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.platform) && self.platform == 'Nutanix' ? has(self.nutanix) : !has(self.nutanix)",message="nutanix configuration is required when platform is Nutanix, and forbidden otherwise" type FailureDomains struct { // Platform identifies the platform for which the FailureDomain represents. - // Currently supported values are AWS, Azure, and GCP. + // Currently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix. // +unionDiscriminator // +kubebuilder:validation:Required Platform configv1.PlatformType `json:"platform"` @@ -250,6 +252,11 @@ type FailureDomains struct { // +optional GCP *[]GCPFailureDomain `json:"gcp,omitempty"` + // vsphere configures failure domain information for the VSphere platform. + // +optional + // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + VSphere []VSphereFailureDomain `json:"vsphere,omitempty"` + // OpenStack configures failure domain information for the OpenStack platform. // +optional // @@ -260,6 +267,12 @@ type FailureDomains struct { // + of nil if it would be a pointer. // +optional OpenStack []OpenStackFailureDomain `json:"openstack,omitempty"` + + // nutanix configures failure domain information for the Nutanix platform. + // +listType=map + // +listMapKey=name + // +optional + Nutanix []NutanixFailureDomainReference `json:"nutanix,omitempty"` } // AWSFailureDomain configures failure domain information for the AWS platform. @@ -303,6 +316,16 @@ type GCPFailureDomain struct { Zone string `json:"zone"` } +// VSphereFailureDomain configures failure domain information for the vSphere platform +type VSphereFailureDomain struct { + // name of the failure domain in which the vSphere machine provider will create the VM. + // Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. + // When balancing machines across failure domains, the control plane machine set will inject configuration from the + // Infrastructure resource into the machine providerSpec to allocate the machine to a failure domain. + // +kubebuilder:validation:Required + Name string `json:"name"` +} + // OpenStackFailureDomain configures failure domain information for the OpenStack platform. // +kubebuilder:validation:MinProperties:=1 // +kubebuilder:validation:XValidation:rule="!has(self.availabilityZone) || !has(self.rootVolume) || has(self.rootVolume.availabilityZone)",message="rootVolume.availabilityZone is required when availabilityZone is set" @@ -329,6 +352,17 @@ type OpenStackFailureDomain struct { RootVolume *RootVolume `json:"rootVolume,omitempty"` } +// NutanixFailureDomainReference refers to the failure domain of the Nutanix platform. +type NutanixFailureDomainReference struct { + // name of the failure domain in which the nutanix machine provider will create the VM. + // Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:Pattern=`[a-z0-9]([-a-z0-9]*[a-z0-9])?` + Name string `json:"name"` +} + // RootVolume represents the volume metadata to boot from. // The original RootVolume struct is defined in the v1alpha1 but it's not best practice to use it directly here so we define a new one // that should stay in sync with the original one. diff --git a/vendor/github.com/openshift/api/machine/v1/types_nutanixprovider.go b/vendor/github.com/openshift/api/machine/v1/types_nutanixprovider.go index fc7db6be67..1370ebdd28 100644 --- a/vendor/github.com/openshift/api/machine/v1/types_nutanixprovider.go +++ b/vendor/github.com/openshift/api/machine/v1/types_nutanixprovider.go @@ -86,6 +86,14 @@ type NutanixMachineProviderConfig struct { // credentials data to access Nutanix PC client // +kubebuilder:validation:Required CredentialsSecret *corev1.LocalObjectReference `json:"credentialsSecret"` + + // failureDomain refers to the name of the FailureDomain with which this Machine is associated. + // If this is configured, the Nutanix machine controller will use the prism_central endpoint + // and credentials defined in the referenced FailureDomain to communicate to the prism_central. + // It will also verify that the 'cluster' and subnets' configuration in the NutanixMachineProviderConfig + // is consistent with that in the referenced failureDomain. + // +optional + FailureDomain *NutanixFailureDomainReference `json:"failureDomain"` } // NutanixCategory identifies a pair of prism category key and value diff --git a/vendor/github.com/openshift/api/machine/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machine/v1/zz_generated.deepcopy.go index ca31843272..ffd8e951f2 100644 --- a/vendor/github.com/openshift/api/machine/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/machine/v1/zz_generated.deepcopy.go @@ -530,6 +530,11 @@ func (in *FailureDomains) DeepCopyInto(out *FailureDomains) { copy(*out, *in) } } + if in.VSphere != nil { + in, out := &in.VSphere, &out.VSphere + *out = make([]VSphereFailureDomain, len(*in)) + copy(*out, *in) + } if in.OpenStack != nil { in, out := &in.OpenStack, &out.OpenStack *out = make([]OpenStackFailureDomain, len(*in)) @@ -537,6 +542,11 @@ func (in *FailureDomains) DeepCopyInto(out *FailureDomains) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Nutanix != nil { + in, out := &in.Nutanix, &out.Nutanix + *out = make([]NutanixFailureDomainReference, len(*in)) + copy(*out, *in) + } return } @@ -598,6 +608,22 @@ func (in *NutanixCategory) DeepCopy() *NutanixCategory { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NutanixFailureDomainReference) DeepCopyInto(out *NutanixFailureDomainReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NutanixFailureDomainReference. +func (in *NutanixFailureDomainReference) DeepCopy() *NutanixFailureDomainReference { + if in == nil { + return nil + } + out := new(NutanixFailureDomainReference) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NutanixMachineProviderConfig) DeepCopyInto(out *NutanixMachineProviderConfig) { *out = *in @@ -630,6 +656,11 @@ func (in *NutanixMachineProviderConfig) DeepCopyInto(out *NutanixMachineProvider *out = new(corev1.LocalObjectReference) **out = **in } + if in.FailureDomain != nil { + in, out := &in.FailureDomain, &out.FailureDomain + *out = new(NutanixFailureDomainReference) + **out = **in + } return } @@ -717,7 +748,11 @@ func (in *NutanixResourceIdentifier) DeepCopy() *NutanixResourceIdentifier { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OpenShiftMachineV1Beta1MachineTemplate) DeepCopyInto(out *OpenShiftMachineV1Beta1MachineTemplate) { *out = *in - in.FailureDomains.DeepCopyInto(&out.FailureDomains) + if in.FailureDomains != nil { + in, out := &in.FailureDomains, &out.FailureDomains + *out = new(FailureDomains) + (*in).DeepCopyInto(*out) + } in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) return @@ -940,3 +975,19 @@ func (in *Tag) DeepCopy() *Tag { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSphereFailureDomain) DeepCopyInto(out *VSphereFailureDomain) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSphereFailureDomain. +func (in *VSphereFailureDomain) DeepCopy() *VSphereFailureDomain { + if in == nil { + return nil + } + out := new(VSphereFailureDomain) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go index 6406220e7d..44fed0c1e1 100644 --- a/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machine/v1/zz_generated.swagger_doc_generated.go @@ -244,11 +244,13 @@ func (ControlPlaneMachineSetTemplateObjectMeta) SwaggerDoc() map[string]string { var map_FailureDomains = map[string]string{ "": "FailureDomain represents the different configurations required to spread Machines across failure domains on different platforms.", - "platform": "Platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, and GCP.", + "platform": "Platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix.", "aws": "AWS configures failure domain information for the AWS platform.", "azure": "Azure configures failure domain information for the Azure platform.", "gcp": "GCP configures failure domain information for the GCP platform.", + "vsphere": "vsphere configures failure domain information for the VSphere platform.", "openstack": "OpenStack configures failure domain information for the OpenStack platform.", + "nutanix": "nutanix configures failure domain information for the Nutanix platform.", } func (FailureDomains) SwaggerDoc() map[string]string { @@ -264,6 +266,15 @@ func (GCPFailureDomain) SwaggerDoc() map[string]string { return map_GCPFailureDomain } +var map_NutanixFailureDomainReference = map[string]string{ + "": "NutanixFailureDomainReference refers to the failure domain of the Nutanix platform.", + "name": "name of the failure domain in which the nutanix machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource.", +} + +func (NutanixFailureDomainReference) SwaggerDoc() map[string]string { + return map_NutanixFailureDomainReference +} + var map_OpenShiftMachineV1Beta1MachineTemplate = map[string]string{ "": "OpenShiftMachineV1Beta1MachineTemplate is a template for the ControlPlaneMachineSet to create Machines from the v1beta1.machine.openshift.io API group.", "failureDomains": "FailureDomains is the list of failure domains (sometimes called availability zones) in which the ControlPlaneMachineSet should balance the Control Plane Machines. This will be merged into the ProviderSpec given in the template. This field is optional on platforms that do not require placement information.", @@ -295,6 +306,15 @@ func (RootVolume) SwaggerDoc() map[string]string { return map_RootVolume } +var map_VSphereFailureDomain = map[string]string{ + "": "VSphereFailureDomain configures failure domain information for the vSphere platform", + "name": "name of the failure domain in which the vSphere machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. When balancing machines across failure domains, the control plane machine set will inject configuration from the Infrastructure resource into the machine providerSpec to allocate the machine to a failure domain.", +} + +func (VSphereFailureDomain) SwaggerDoc() map[string]string { + return map_VSphereFailureDomain +} + var map_NutanixCategory = map[string]string{ "": "NutanixCategory identifies a pair of prism category key and value", "key": "key is the prism category key name", @@ -320,6 +340,7 @@ var map_NutanixMachineProviderConfig = map[string]string{ "categories": "categories optionally adds one or more prism categories (each with key and value) for the Machine's VM to associate with. All the category key and value pairs specified must already exist in the prism central.", "userDataSecret": "userDataSecret is a local reference to a secret that contains the UserData to apply to the VM", "credentialsSecret": "credentialsSecret is a local reference to a secret that contains the credentials data to access Nutanix PC client", + "failureDomain": "failureDomain refers to the name of the FailureDomain with which this Machine is associated. If this is configured, the Nutanix machine controller will use the prism_central endpoint and credentials defined in the referenced FailureDomain to communicate to the prism_central. It will also verify that the 'cluster' and subnets' configuration in the NutanixMachineProviderConfig is consistent with that in the referenced failureDomain.", } func (NutanixMachineProviderConfig) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/machine/v1alpha1/types_openstack.go b/vendor/github.com/openshift/api/machine/v1alpha1/types_openstack.go index e3dd4d0a02..da5fbc5152 100644 --- a/vendor/github.com/openshift/api/machine/v1alpha1/types_openstack.go +++ b/vendor/github.com/openshift/api/machine/v1alpha1/types_openstack.go @@ -92,6 +92,12 @@ type OpenstackProviderSpec struct { // The volume metadata to boot from RootVolume *RootVolume `json:"rootVolume,omitempty"` + // additionalBlockDevices is a list of specifications for additional block devices to attach to the server instance + // +optional + // +listType=map + // +listMapKey=name + AdditionalBlockDevices []AdditionalBlockDevice `json:"additionalBlockDevices,omitempty"` + // The server group to assign the machine to. ServerGroupID string `json:"serverGroupID,omitempty"` @@ -366,3 +372,68 @@ type RootVolume struct { // Deprecated: deviceType will be silently ignored. There is no replacement. DeprecatedDeviceType string `json:"deviceType,omitempty"` } + +// blockDeviceStorage is the storage type of a block device to create and +// contains additional storage options. +// +union +type BlockDeviceStorage struct { + // type is the type of block device to create. + // This can be either "Volume" or "Local". + // +kubebuilder:validation:Required + // +unionDiscriminator + Type BlockDeviceType `json:"type"` + + // volume contains additional storage options for a volume block device. + // +optional + // +unionMember,optional + Volume *BlockDeviceVolume `json:"volume,omitempty"` +} + +// blockDeviceVolume contains additional storage options for a volume block device. +type BlockDeviceVolume struct { + // type is the Cinder volume type of the volume. + // If omitted, the default Cinder volume type that is configured in the OpenStack cloud + // will be used. + // +optional + Type string `json:"type,omitempty"` + + // availabilityZone is the volume availability zone to create the volume in. + // If omitted, the availability zone of the server will be used. + // The availability zone must NOT contain spaces otherwise it will lead to volume that belongs + // to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for + // further information. + // +optional + AvailabilityZone string `json:"availabilityZone,omitempty"` +} + +// additionalBlockDevice is a block device to attach to the server. +type AdditionalBlockDevice struct { + // name of the block device in the context of a machine. + // If the block device is a volume, the Cinder volume will be named + // as a combination of the machine name and this name. + // Also, this name will be used for tagging the block device. + // Information about the block device tag can be obtained from the OpenStack + // metadata API or the config drive. + // +kubebuilder:validation:Required + Name string `json:"name"` + + // sizeGiB is the size of the block device in gibibytes (GiB). + // +kubebuilder:validation:Required + SizeGiB int `json:"sizeGiB"` + + // storage specifies the storage type of the block device and + // additional storage options. + // +kubebuilder:validation:Required + Storage BlockDeviceStorage `json:"storage"` +} + +// BlockDeviceType defines the type of block device to create. +type BlockDeviceType string + +const ( + // LocalBlockDevice is an ephemeral block device attached to the server. + LocalBlockDevice BlockDeviceType = "Local" + + // VolumeBlockDevice is a volume block device attached to the server. + VolumeBlockDevice BlockDeviceType = "Volume" +) diff --git a/vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.deepcopy.go index 7210713e38..f61b35ab44 100644 --- a/vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.deepcopy.go @@ -10,6 +10,23 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalBlockDevice) DeepCopyInto(out *AdditionalBlockDevice) { + *out = *in + in.Storage.DeepCopyInto(&out.Storage) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalBlockDevice. +func (in *AdditionalBlockDevice) DeepCopy() *AdditionalBlockDevice { + if in == nil { + return nil + } + out := new(AdditionalBlockDevice) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AddressPair) DeepCopyInto(out *AddressPair) { *out = *in @@ -26,6 +43,43 @@ func (in *AddressPair) DeepCopy() *AddressPair { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BlockDeviceStorage) DeepCopyInto(out *BlockDeviceStorage) { + *out = *in + if in.Volume != nil { + in, out := &in.Volume, &out.Volume + *out = new(BlockDeviceVolume) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockDeviceStorage. +func (in *BlockDeviceStorage) DeepCopy() *BlockDeviceStorage { + if in == nil { + return nil + } + out := new(BlockDeviceStorage) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BlockDeviceVolume) DeepCopyInto(out *BlockDeviceVolume) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockDeviceVolume. +func (in *BlockDeviceVolume) DeepCopy() *BlockDeviceVolume { + if in == nil { + return nil + } + out := new(BlockDeviceVolume) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Filter) DeepCopyInto(out *Filter) { *out = *in @@ -165,6 +219,13 @@ func (in *OpenstackProviderSpec) DeepCopyInto(out *OpenstackProviderSpec) { *out = new(RootVolume) **out = **in } + if in.AdditionalBlockDevices != nil { + in, out := &in.AdditionalBlockDevices, &out.AdditionalBlockDevices + *out = make([]AdditionalBlockDevice, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } diff --git a/vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.swagger_doc_generated.go index 3ea9595d26..c8094eb269 100644 --- a/vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.swagger_doc_generated.go @@ -11,6 +11,37 @@ package v1alpha1 // Those methods can be generated by using hack/update-swagger-docs.sh // AUTO-GENERATED FUNCTIONS START HERE +var map_AdditionalBlockDevice = map[string]string{ + "": "additionalBlockDevice is a block device to attach to the server.", + "name": "name of the block device in the context of a machine. If the block device is a volume, the Cinder volume will be named as a combination of the machine name and this name. Also, this name will be used for tagging the block device. Information about the block device tag can be obtained from the OpenStack metadata API or the config drive.", + "sizeGiB": "sizeGiB is the size of the block device in gibibytes (GiB).", + "storage": "storage specifies the storage type of the block device and additional storage options.", +} + +func (AdditionalBlockDevice) SwaggerDoc() map[string]string { + return map_AdditionalBlockDevice +} + +var map_BlockDeviceStorage = map[string]string{ + "": "blockDeviceStorage is the storage type of a block device to create and contains additional storage options.", + "type": "type is the type of block device to create. This can be either \"Volume\" or \"Local\".", + "volume": "volume contains additional storage options for a volume block device.", +} + +func (BlockDeviceStorage) SwaggerDoc() map[string]string { + return map_BlockDeviceStorage +} + +var map_BlockDeviceVolume = map[string]string{ + "": "blockDeviceVolume contains additional storage options for a volume block device.", + "type": "type is the Cinder volume type of the volume. If omitted, the default Cinder volume type that is configured in the OpenStack cloud will be used.", + "availabilityZone": "availabilityZone is the volume availability zone to create the volume in. If omitted, the availability zone of the server will be used. The availability zone must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information.", +} + +func (BlockDeviceVolume) SwaggerDoc() map[string]string { + return map_BlockDeviceVolume +} + var map_Filter = map[string]string{ "id": "Deprecated: use NetworkParam.uuid instead. Ignored if NetworkParam.uuid is set.", "name": "name filters networks by name.", @@ -60,28 +91,29 @@ func (NetworkParam) SwaggerDoc() map[string]string { } var map_OpenstackProviderSpec = map[string]string{ - "": "OpenstackProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an OpenStack Instance. It is used by the Openstack machine actuator to create a single machine instance. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "cloudsSecret": "The name of the secret containing the openstack credentials", - "cloudName": "The name of the cloud to use from the clouds secret", - "flavor": "The flavor reference for the flavor for your server instance.", - "image": "The name of the image to use for your server instance. If the RootVolume is specified, this will be ignored and use rootVolume directly.", - "keyName": "The ssh key to inject in the instance", - "sshUserName": "The machine ssh username", - "networks": "A networks object. Required parameter when there are multiple networks defined for the tenant. When you do not specify the networks parameter, the server attaches to the only network created for the current tenant.", - "ports": "Create and assign additional ports to instances", - "floatingIP": "floatingIP specifies a floating IP to be associated with the machine. Note that it is not safe to use this parameter in a MachineSet, as only one Machine may be assigned the same floating IP.\n\nDeprecated: floatingIP will be removed in a future release as it cannot be implemented correctly.", - "availabilityZone": "The availability zone from which to launch the server.", - "securityGroups": "The names of the security groups to assign to the instance", - "userDataSecret": "The name of the secret containing the user data (startup script in most cases)", - "trunk": "Whether the server instance is created on a trunk port or not.", - "tags": "Machine tags Requires Nova api 2.52 minimum!", - "serverMetadata": "Metadata mapping. Allows you to create a map of key value pairs to add to the server instance.", - "configDrive": "Config Drive support", - "rootVolume": "The volume metadata to boot from", - "serverGroupID": "The server group to assign the machine to.", - "serverGroupName": "The server group to assign the machine to. A server group with that name will be created if it does not exist. If both ServerGroupID and ServerGroupName are non-empty, they must refer to the same OpenStack resource.", - "primarySubnet": "The subnet that a set of machines will get ingress/egress traffic from", + "": "OpenstackProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an OpenStack Instance. It is used by the Openstack machine actuator to create a single machine instance. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "cloudsSecret": "The name of the secret containing the openstack credentials", + "cloudName": "The name of the cloud to use from the clouds secret", + "flavor": "The flavor reference for the flavor for your server instance.", + "image": "The name of the image to use for your server instance. If the RootVolume is specified, this will be ignored and use rootVolume directly.", + "keyName": "The ssh key to inject in the instance", + "sshUserName": "The machine ssh username", + "networks": "A networks object. Required parameter when there are multiple networks defined for the tenant. When you do not specify the networks parameter, the server attaches to the only network created for the current tenant.", + "ports": "Create and assign additional ports to instances", + "floatingIP": "floatingIP specifies a floating IP to be associated with the machine. Note that it is not safe to use this parameter in a MachineSet, as only one Machine may be assigned the same floating IP.\n\nDeprecated: floatingIP will be removed in a future release as it cannot be implemented correctly.", + "availabilityZone": "The availability zone from which to launch the server.", + "securityGroups": "The names of the security groups to assign to the instance", + "userDataSecret": "The name of the secret containing the user data (startup script in most cases)", + "trunk": "Whether the server instance is created on a trunk port or not.", + "tags": "Machine tags Requires Nova api 2.52 minimum!", + "serverMetadata": "Metadata mapping. Allows you to create a map of key value pairs to add to the server instance.", + "configDrive": "Config Drive support", + "rootVolume": "The volume metadata to boot from", + "additionalBlockDevices": "additionalBlockDevices is a list of specifications for additional block devices to attach to the server instance", + "serverGroupID": "The server group to assign the machine to.", + "serverGroupName": "The server group to assign the machine to. A server group with that name will be created if it does not exist. If both ServerGroupID and ServerGroupName are non-empty, they must refer to the same OpenStack resource.", + "primarySubnet": "The subnet that a set of machines will get ingress/egress traffic from", } func (OpenstackProviderSpec) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig.crd.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig.crd.yaml index ee49210bc5..d725ef8850 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig.crd.yaml +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig.crd.yaml @@ -283,6 +283,45 @@ spec: baremetal: description: BareMetal contains settings specific to the BareMetal platform. type: object + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + type: array + maxItems: 2 + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + type: array + maxItems: 2 + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + type: array + maxItems: 32 + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + message: apiServerInternalIPs list is required once set + - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + message: ingressIPs list is required once set equinixMetal: description: EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. type: object @@ -313,6 +352,80 @@ spec: - prismCentral - prismElements properties: + failureDomains: + description: failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster. + type: array + items: + description: NutanixFailureDomain configures failure domain information for the Nutanix platform. + type: object + required: + - cluster + - name + - subnets + properties: + cluster: + description: cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API. + type: object + required: + - type + properties: + name: + description: name is the resource name in the PC. It cannot be empty if the type is Name. + type: string + type: + description: type is the identifier type to use for this resource. + type: string + enum: + - UUID + - Name + uuid: + description: uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID. + type: string + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) : !has(self.uuid)' + message: uuid configuration is required when type is UUID, and forbidden otherwise + - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) : !has(self.name)' + message: name configuration is required when type is Name, and forbidden otherwise + name: + description: name defines the unique name of a failure domain. Name is required and must be at most 64 characters in length. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. This value is arbitrary and is used to identify the failure domain within the platform. + type: string + maxLength: 64 + minLength: 1 + pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' + subnets: + description: subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API. + type: array + maxItems: 1 + minItems: 1 + items: + description: NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.) + type: object + required: + - type + properties: + name: + description: name is the resource name in the PC. It cannot be empty if the type is Name. + type: string + type: + description: type is the identifier type to use for this resource. + type: string + enum: + - UUID + - Name + uuid: + description: uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID. + type: string + x-kubernetes-validations: + - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) : !has(self.uuid)' + message: uuid configuration is required when type is UUID, and forbidden otherwise + - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) : !has(self.name)' + message: name configuration is required when type is Name, and forbidden otherwise + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map prismCentral: description: prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list. type: object @@ -367,6 +480,45 @@ spec: openstack: description: OpenStack contains settings specific to the OpenStack infrastructure provider. type: object + properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + type: array + maxItems: 2 + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + type: array + maxItems: 2 + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + type: array + maxItems: 32 + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + message: apiServerInternalIPs list is required once set + - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + message: ingressIPs list is required once set ovirt: description: Ovirt contains settings specific to the oVirt infrastructure provider. type: object @@ -421,6 +573,18 @@ spec: description: VSphere contains settings specific to the VSphere infrastructure provider. type: object properties: + apiServerInternalIPs: + description: apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + type: array + maxItems: 2 + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + message: apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address failureDomains: description: failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used. type: array @@ -494,6 +658,27 @@ spec: type: string maxLength: 80 minLength: 1 + ingressIPs: + description: ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can). + type: array + maxItems: 2 + items: + description: IP is an IP address (for example, "10.0.0.0" or "fd00::"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) + x-kubernetes-list-type: set + x-kubernetes-validations: + - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) : true' + message: ingressIPs must contain at most one IPv4 address and at most one IPv6 address + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". + type: array + maxItems: 32 + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + x-kubernetes-list-type: set nodeNetworking: description: nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found. type: object @@ -560,6 +745,11 @@ spec: description: server is the fully-qualified domain name or the IP address of the vCenter server. --- type: string maxLength: 255 + x-kubernetes-validations: + - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' + message: apiServerInternalIPs list is required once set + - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' + message: ingressIPs list is required once set status: description: status holds observed values from the cluster. They may not be overridden. type: object @@ -782,6 +972,15 @@ spec: maxItems: 2 items: type: string + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + type: array + maxItems: 32 + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string @@ -859,10 +1058,20 @@ spec: - url properties: name: - description: name is the name of the IBM Cloud service. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com` + description: 'name is the name of the IBM Cloud service. Possible values are: CIS, COS, DNSServices, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`' type: string - maxLength: 32 - pattern: ^[a-zA-Z0-9-]+$ + enum: + - CIS + - COS + - DNSServices + - GlobalSearch + - GlobalTagging + - HyperProtect + - IAM + - KeyProtect + - ResourceController + - ResourceManager + - VPC url: description: url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. type: string @@ -949,6 +1158,15 @@ spec: x-kubernetes-validations: - rule: oldSelf == '' || self == oldSelf message: type is immutable once set + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + type: array + maxItems: 32 + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string @@ -1070,6 +1288,15 @@ spec: maxItems: 2 items: type: string + machineNetworks: + description: machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + type: array + maxItems: 32 + items: + description: CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). + type: string + pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + x-kubernetes-list-type: set nodeDNSIP: description: nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster. type: string @@ -1224,8 +1451,6 @@ spec: type: object required: - bundleFile - - notAfter - - notBefore - signer - subject properties: diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_kubeletconfig.crd.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_kubeletconfig.crd.yaml index 06c7b22c02..7171973b00 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_kubeletconfig.crd.yaml +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_kubeletconfig.crd.yaml @@ -83,11 +83,11 @@ spec: type: string x-kubernetes-map-type: atomic tlsSecurityProfile: - description: If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that only Old and Intermediate profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12. + description: If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that only Old and Intermediate profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12. type: object properties: custom: - description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1" + description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: VersionTLS11" type: object properties: ciphers: @@ -96,7 +96,7 @@ spec: items: type: string minTLSVersion: - description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" + description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" type: string enum: - VersionTLS10 @@ -105,15 +105,15 @@ spec: - VersionTLS13 nullable: true intermediate: - description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2" + description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12" type: object nullable: true modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: VersionTLS13 \n NOTE: Currently unsupported." type: object nullable: true old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10" type: object nullable: true type: diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_machineconfigpool.crd.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_machineconfigpool.crd.yaml index 3d6b81934b..f2afeef4a3 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_machineconfigpool.crd.yaml +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_machineconfigpool.crd.yaml @@ -227,7 +227,6 @@ spec: type: object required: - bundle - - expiry - subject properties: bundle: diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/types.go b/vendor/github.com/openshift/api/machineconfiguration/v1/types.go index eba56a9429..3b00b134d4 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/types.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/types.go @@ -193,6 +193,7 @@ type ControllerConfigStatus struct { // +listType=atomic // +optional Conditions []ControllerConfigStatusCondition `json:"conditions"` + // controllerCertificates represents the latest available observations of the automatically rotating certificates in the MCO. // +listType=atomic // +optional @@ -210,11 +211,11 @@ type ControllerCertificate struct { Signer string `json:"signer"` // notBefore is the lower boundary for validity - // +kubebuilder:validation:Required + // +optional NotBefore *metav1.Time `json:"notBefore"` // notAfter is the upper boundary for validity - // +kubebuilder:validation:Required + // +optional NotAfter *metav1.Time `json:"notAfter"` // bundleFile is the larger bundle a cert comes from @@ -445,7 +446,7 @@ type CertExpiry struct { // +kubebuilder:validation:Required Subject string `json:"subject"` // expiry is the date after which the certificate will no longer be valid - // +kubebuilder:validation:Required + // +optional Expiry *metav1.Time `json:"expiry"` } @@ -569,7 +570,7 @@ type KubeletConfigSpec struct { // If unset, the default is based on the apiservers.config.openshift.io/cluster resource. // Note that only Old and Intermediate profiles are currently supported, and - // the maximum available MinTLSVersions is VersionTLS12. + // the maximum available minTLSVersion is VersionTLS12. // +optional TLSSecurityProfile *configv1.TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` } @@ -678,12 +679,12 @@ type ContainerRuntimeConfiguration struct { // Negative numbers indicate that no size limit is imposed. // If it is positive, it must be >= 8192 to match/exceed conmon's read buffer. // +optional - LogSizeMax resource.Quantity `json:"logSizeMax,omitempty"` + LogSizeMax *resource.Quantity `json:"logSizeMax,omitempty"` // overlaySize specifies the maximum size of a container image. // This flag can be used to set quota on the size of container images. (default: 10GB) // +optional - OverlaySize resource.Quantity `json:"overlaySize,omitempty"` + OverlaySize *resource.Quantity `json:"overlaySize,omitempty"` // defaultRuntime is the name of the OCI runtime to be used as the default. // +optional diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go index 25fc281146..180027a84e 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go @@ -168,8 +168,16 @@ func (in *ContainerRuntimeConfiguration) DeepCopyInto(out *ContainerRuntimeConfi *out = new(int64) **out = **in } - out.LogSizeMax = in.LogSizeMax.DeepCopy() - out.OverlaySize = in.OverlaySize.DeepCopy() + if in.LogSizeMax != nil { + in, out := &in.LogSizeMax, &out.LogSizeMax + x := (*in).DeepCopy() + *out = &x + } + if in.OverlaySize != nil { + in, out := &in.OverlaySize, &out.OverlaySize + x := (*in).DeepCopy() + *out = &x + } return } diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go index 407b990cf8..d1151c23b4 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go @@ -210,7 +210,7 @@ var map_KubeletConfigSpec = map[string]string{ "": "KubeletConfigSpec defines the desired state of KubeletConfig", "machineConfigPoolSelector": "MachineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. A nil selector will result in no pools being selected.", "kubeletConfig": "kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable.", - "tlsSecurityProfile": "If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that only Old and Intermediate profiles are currently supported, and the maximum available MinTLSVersions is VersionTLS12.", + "tlsSecurityProfile": "If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that only Old and Intermediate profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12.", } func (KubeletConfigSpec) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/0000_80_machineconfignode-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/0000_80_machineconfignode-CustomNoUpgrade.crd.yaml new file mode 100644 index 0000000000..ee68c07f86 --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/0000_80_machineconfignode-CustomNoUpgrade.crd.yaml @@ -0,0 +1,203 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: machineconfignodes.machineconfiguration.openshift.io + labels: + "openshift.io/operator-managed": "" + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1596 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade +spec: + # group name to use for REST API: /apis// + group: machineconfiguration.openshift.io + scope: Cluster + names: + kind: MachineConfigNode + singular: machineconfignode + plural: machineconfignodes + versions: + - name: v1alpha1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Updated")].status + name: Updated + type: string + - jsonPath: .status.conditions[?(@.type=="UpdatePrepared")].status + name: UpdatePrepared + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateExecuted")].status + name: UpdateExecuted + type: string + - jsonPath: .status.conditions[?(@.type=="UpdatePostActionComplete")].status + name: UpdatePostActionComplete + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateComplete")].status + name: UpdateComplete + type: string + - jsonPath: .status.conditions[?(@.type=="Resumed")].status + name: Resumed + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateCompatible")].status + name: UpdateCompatible + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="AppliedFilesAndOS")].status + name: UpdatedFilesAndOS + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Cordoned")].status + name: CordonedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Drained")].status + name: DrainedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="RebootedNode")].status + name: RebootedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="ReloadedCRIO")].status + name: ReloadedCRIO + priority: 1 + type: string + schema: + openAPIV3Schema: + description: 'MachineConfigNode describes the health of the Machines on the system Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.' + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec describes the configuration of the machine config node. + type: object + required: + - configVersion + - node + - pool + properties: + configVersion: + description: configVersion holds the desired config version for the node targeted by this machine config node resource. The desired version represents the machine config the node will attempt to update to. This gets set before the machine config operator validates the new machine config against the current machine config. + type: object + required: + - desired + properties: + desired: + description: desired is the name of the machine config that the the node should be upgraded to. This value is set when the machine config pool generates a new version of its rendered configuration. When this value is changed, the machine config daemon starts the node upgrade process. This value gets set in the machine config node spec once the machine config has been targeted for upgrade and before it is validated. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + node: + description: node contains a reference to the node for this machine config node. + type: object + required: + - name + properties: + name: + description: name is the object name. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + pool: + description: pool contains a reference to the machine config pool that this machine config node's referenced node belongs to. + type: object + required: + - name + properties: + name: + description: name is the object name. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + status: + description: status describes the last observed state of this machine config node. + type: object + required: + - configVersion + properties: + conditions: + description: conditions represent the observations of a machine config node's current state. + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + configVersion: + description: configVersion describes the current and desired machine config for this node. The current version represents the current machine config for the node and is updated after a successful update. The desired version represents the machine config the node will attempt to update to. This desired machine config has been compared to the current machine config and has been validated by the machine config operator as one that is valid and that exists. + type: object + required: + - desired + properties: + current: + description: current is the name of the machine config currently in use on the node. This value is updated once the machine config daemon has completed the update of the configuration for the node. This value should match the desired version unless an upgrade is in progress. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + desired: + description: desired is the MachineConfig the node wants to upgrade to. This value gets set in the machine config node status once the machine config has been validated against the current machine config. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + observedGeneration: + description: observedGeneration represents the generation observed by the controller. This field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec. + type: integer + format: int64 + x-kubernetes-validations: + - rule: self.metadata.name == self.spec.node.name + message: spec.node.name should match metadata.name diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/0000_80_machineconfignode-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/0000_80_machineconfignode-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 0000000000..74a01199f2 --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/0000_80_machineconfignode-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,203 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: machineconfignodes.machineconfiguration.openshift.io + labels: + "openshift.io/operator-managed": "" + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1596 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade +spec: + # group name to use for REST API: /apis// + group: machineconfiguration.openshift.io + scope: Cluster + names: + kind: MachineConfigNode + singular: machineconfignode + plural: machineconfignodes + versions: + - name: v1alpha1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Updated")].status + name: Updated + type: string + - jsonPath: .status.conditions[?(@.type=="UpdatePrepared")].status + name: UpdatePrepared + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateExecuted")].status + name: UpdateExecuted + type: string + - jsonPath: .status.conditions[?(@.type=="UpdatePostActionComplete")].status + name: UpdatePostActionComplete + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateComplete")].status + name: UpdateComplete + type: string + - jsonPath: .status.conditions[?(@.type=="Resumed")].status + name: Resumed + type: string + - jsonPath: .status.conditions[?(@.type=="UpdateCompatible")].status + name: UpdateCompatible + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="AppliedFilesAndOS")].status + name: UpdatedFilesAndOS + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Cordoned")].status + name: CordonedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="Drained")].status + name: DrainedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="RebootedNode")].status + name: RebootedNode + priority: 1 + type: string + - jsonPath: .status.conditions[?(@.type=="ReloadedCRIO")].status + name: ReloadedCRIO + priority: 1 + type: string + schema: + openAPIV3Schema: + description: 'MachineConfigNode describes the health of the Machines on the system Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.' + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec describes the configuration of the machine config node. + type: object + required: + - configVersion + - node + - pool + properties: + configVersion: + description: configVersion holds the desired config version for the node targeted by this machine config node resource. The desired version represents the machine config the node will attempt to update to. This gets set before the machine config operator validates the new machine config against the current machine config. + type: object + required: + - desired + properties: + desired: + description: desired is the name of the machine config that the the node should be upgraded to. This value is set when the machine config pool generates a new version of its rendered configuration. When this value is changed, the machine config daemon starts the node upgrade process. This value gets set in the machine config node spec once the machine config has been targeted for upgrade and before it is validated. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + node: + description: node contains a reference to the node for this machine config node. + type: object + required: + - name + properties: + name: + description: name is the object name. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + pool: + description: pool contains a reference to the machine config pool that this machine config node's referenced node belongs to. + type: object + required: + - name + properties: + name: + description: name is the object name. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + status: + description: status describes the last observed state of this machine config node. + type: object + required: + - configVersion + properties: + conditions: + description: conditions represent the observations of a machine config node's current state. + type: array + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + configVersion: + description: configVersion describes the current and desired machine config for this node. The current version represents the current machine config for the node and is updated after a successful update. The desired version represents the machine config the node will attempt to update to. This desired machine config has been compared to the current machine config and has been validated by the machine config operator as one that is valid and that exists. + type: object + required: + - desired + properties: + current: + description: current is the name of the machine config currently in use on the node. This value is updated once the machine config daemon has completed the update of the configuration for the node. This value should match the desired version unless an upgrade is in progress. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + desired: + description: desired is the MachineConfig the node wants to upgrade to. This value gets set in the machine config node status once the machine config has been validated against the current machine config. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length. + type: string + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + observedGeneration: + description: observedGeneration represents the generation observed by the controller. This field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec. + type: integer + format: int64 + x-kubernetes-validations: + - rule: self.metadata.name == self.spec.node.name + message: spec.node.name should match metadata.name diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/Makefile b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/Makefile new file mode 100644 index 0000000000..5943b2583a --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="machineconfiguration.openshift.io/v1alpha1" diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/custom.machineconfignode.testsuite.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/custom.machineconfignode.testsuite.yaml new file mode 100644 index 0000000000..3b12d072af --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/custom.machineconfignode.testsuite.yaml @@ -0,0 +1,80 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Custom] MachineConfigNode" +crd: 0000_80_machineconfignode-CustomNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal MachineConfigNode + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: MachineConfigNode + metadata: + name: foobar + spec: + node: + name: foobar + pool: + name: worker + configVersion: + desired: rendered-worker-abc + expected: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: MachineConfigNode + metadata: + name: foobar + spec: + node: + name: foobar + pool: + name: worker + configVersion: + desired: rendered-worker-abc + - name: Node name must match the Object name. + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: MachineConfigNode + metadata: + name: foobar + spec: + node: + name: barfoo + pool: + name: worker + configVersion: + desired: rendered-worker-abc + expectedError: "Invalid value: \"object\": spec.node.name should match metadata.name" + - name: Pool is required. + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: MachineConfigNode + metadata: + name: foobar + spec: + node: + name: barfoo + configVersion: + desired: rendered-worker-abc + expectedError: "spec.pool: Required value, : Invalid value: \"null\"" + - name: Node is required. + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: MachineConfigNode + metadata: + name: foobar + spec: + pool: + name: barfoo + configVersion: + desired: rendered-worker-abc + expectedError: "spec.node: Required value, : Invalid value: \"null\"" + - name: ConfigVersion is required. + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: MachineConfigNode + metadata: + name: foobar + spec: + pool: + name: barfoo + node: + name: foobar + expectedError: "spec.configVersion: Required value, : Invalid value: \"null\"" diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/doc.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/doc.go new file mode 100644 index 0000000000..5876803877 --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/doc.go @@ -0,0 +1,7 @@ +// +k8s:deepcopy-gen=package,register +// +groupName=machineconfiguration.openshift.io +// +k8s:defaulter-gen=TypeMeta +// +k8s:openapi-gen=true + +// Package v1alpha1 is the v1alpha1 version of the API. +package v1alpha1 diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/register.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/register.go new file mode 100644 index 0000000000..b18dfac66e --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/register.go @@ -0,0 +1,43 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + GroupName = "machineconfiguration.openshift.io" + GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + // Install is a function which adds this version to a scheme + Install = schemeBuilder.AddToScheme + + // SchemeGroupVersion generated code relies on this name + // Deprecated + SchemeGroupVersion = GroupVersion + // AddToScheme exists solely to keep the old generators creating valid code + // DEPRECATED + AddToScheme = schemeBuilder.AddToScheme +) + +// Adds the list of known types to api.Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(GroupVersion, + &MachineConfigNode{}, + &MachineConfigNodeList{}, + ) + metav1.AddToGroupVersion(scheme, GroupVersion) + return nil +} + +// Resource generated code relies on this being here, but it logically belongs to the group +// DEPRECATED +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +// Kind is used to validate existence of a resource kind in this API group +func Kind(kind string) schema.GroupKind { + return schema.GroupKind{Group: GroupName, Kind: kind} +} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/techpreview.machineconfignode.testsuite.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/techpreview.machineconfignode.testsuite.yaml new file mode 100644 index 0000000000..eec4192e2e --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/techpreview.machineconfignode.testsuite.yaml @@ -0,0 +1,80 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[TechPreview] MachineConfigNode" +crd: 0000_80_machineconfignode-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal MachineConfigNode + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: MachineConfigNode + metadata: + name: foobar + spec: + node: + name: foobar + pool: + name: worker + configVersion: + desired: rendered-worker-abc + expected: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: MachineConfigNode + metadata: + name: foobar + spec: + node: + name: foobar + pool: + name: worker + configVersion: + desired: rendered-worker-abc + - name: Node name must match the Object name. + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: MachineConfigNode + metadata: + name: foobar + spec: + node: + name: barfoo + pool: + name: worker + configVersion: + desired: rendered-worker-abc + expectedError: "Invalid value: \"object\": spec.node.name should match metadata.name" + - name: Pool is required. + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: MachineConfigNode + metadata: + name: foobar + spec: + node: + name: barfoo + configVersion: + desired: rendered-worker-abc + expectedError: "spec.pool: Required value, : Invalid value: \"null\"" + - name: Node is required. + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: MachineConfigNode + metadata: + name: foobar + spec: + pool: + name: barfoo + configVersion: + desired: rendered-worker-abc + expectedError: "spec.node: Required value, : Invalid value: \"null\"" + - name: ConfigVersion is required. + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: MachineConfigNode + metadata: + name: foobar + spec: + pool: + name: barfoo + node: + name: foobar + expectedError: "spec.configVersion: Required value, : Invalid value: \"null\"" diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineconfignode.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineconfignode.go new file mode 100644 index 0000000000..06cddaaf63 --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_machineconfignode.go @@ -0,0 +1,168 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// MachineConfigNode describes the health of the Machines on the system +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +kubebuilder:validation:XValidation:rule="self.metadata.name == self.spec.node.name",message="spec.node.name should match metadata.name" +type MachineConfigNode struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec describes the configuration of the machine config node. + // +kubebuilder:validation:Required + Spec MachineConfigNodeSpec `json:"spec"` + + // status describes the last observed state of this machine config node. + // +optional + Status MachineConfigNodeStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// MachineConfigNodeList describes all of the MachinesStates on the system +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type MachineConfigNodeList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []MachineConfigNode `json:"items"` +} + +// MCOObjectReference holds information about an object the MCO either owns +// or modifies in some way +type MCOObjectReference struct { + // name is the object name. + // Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + // It may consist of only alphanumeric characters, hyphens (-) and periods (.) + // and must be at most 253 characters in length. + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` + // +kubebuilder:validation:Required + Name string `json:"name"` +} + +// MachineConfigNodeSpec describes the MachineConfigNode we are managing. +type MachineConfigNodeSpec struct { + // node contains a reference to the node for this machine config node. + // +kubebuilder:validation:Required + Node MCOObjectReference `json:"node"` + + // pool contains a reference to the machine config pool that this machine config node's + // referenced node belongs to. + // +kubebuilder:validation:Required + Pool MCOObjectReference `json:"pool"` + + // configVersion holds the desired config version for the node targeted by this machine config node resource. + // The desired version represents the machine config the node will attempt to update to. This gets set before the machine config operator validates + // the new machine config against the current machine config. + // +kubebuilder:validation:Required + ConfigVersion MachineConfigNodeSpecMachineConfigVersion `json:"configVersion"` +} + +// MachineConfigNodeStatus holds the reported information on a particular machine config node. +type MachineConfigNodeStatus struct { + // conditions represent the observations of a machine config node's current state. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + // observedGeneration represents the generation observed by the controller. + // This field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec. + // +kubebuilder:validation:Required + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + // configVersion describes the current and desired machine config for this node. + // The current version represents the current machine config for the node and is updated after a successful update. + // The desired version represents the machine config the node will attempt to update to. + // This desired machine config has been compared to the current machine config and has been validated by the machine config operator as one that is valid and that exists. + // +kubebuilder:validation:Required + ConfigVersion MachineConfigNodeStatusMachineConfigVersion `json:"configVersion"` +} + +// MachineConfigNodeStatusMachineConfigVersion holds the current and desired config versions as last updated in the MCN status. +// When the current and desired versions are not matched, the machine config pool is processing an upgrade and the machine config node will +// monitor the upgrade process. +// When the current and desired versions do not match, +// the machine config node will ignore these events given that certain operations happen both during the MCO's upgrade mode and the daily operations mode. +type MachineConfigNodeStatusMachineConfigVersion struct { + // current is the name of the machine config currently in use on the node. + // This value is updated once the machine config daemon has completed the update of the configuration for the node. + // This value should match the desired version unless an upgrade is in progress. + // Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + // It may consist of only alphanumeric characters, hyphens (-) and periods (.) + // and must be at most 253 characters in length. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` + // +optional + Current string `json:"current"` + // desired is the MachineConfig the node wants to upgrade to. + // This value gets set in the machine config node status once the machine config has been validated + // against the current machine config. + // Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + // It may consist of only alphanumeric characters, hyphens (-) and periods (.) + // and must be at most 253 characters in length. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` + // +kubebuilder:validation:Required + Desired string `json:"desired"` +} + +// MachineConfigNodeSpecMachineConfigVersion holds the desired config version for the current observed machine config node. +// When Current is not equal to Desired; the MachineConfigOperator is in an upgrade phase and the machine config node will +// take account of upgrade related events. Otherwise they will be ignored given that certain operations +// happen both during the MCO's upgrade mode and the daily operations mode. +type MachineConfigNodeSpecMachineConfigVersion struct { + // desired is the name of the machine config that the the node should be upgraded to. + // This value is set when the machine config pool generates a new version of its rendered configuration. + // When this value is changed, the machine config daemon starts the node upgrade process. + // This value gets set in the machine config node spec once the machine config has been targeted for upgrade and before it is validated. + // Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) + // It may consist of only alphanumeric characters, hyphens (-) and periods (.) + // and must be at most 253 characters in length. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` + // +kubebuilder:validation:Required + Desired string `json:"desired"` +} + +// StateProgress is each possible state for each possible MachineConfigNodeType +// UpgradeProgression Kind will only use the "MachinConfigPoolUpdate..." types for example +// Please note: These conditions are subject to change. Both additions and deletions may be made. +type StateProgress string + +const ( + // MachineConfigNodeUpdatePrepared describes a machine that is preparing in the daemon to trigger an update + MachineConfigNodeUpdatePrepared StateProgress = "UpdatePrepared" + // MachineConfigNodeUpdateExecuted describes a machine that has executed the body of the upgrade + MachineConfigNodeUpdateExecuted StateProgress = "UpdateExecuted" + // MachineConfigNodeUpdatePostActionComplete describes a machine that has executed its post update action + MachineConfigNodeUpdatePostActionComplete StateProgress = "UpdatePostActionComplete" + // MachineConfigNodeUpdateComplete describes a machine that has completed the core parts of an upgrade. + MachineConfigNodeUpdateComplete StateProgress = "UpdateComplete" + // MachineConfigNodeUpdated describes a machine that has a matching desired and current config after executing an update + MachineConfigNodeUpdated StateProgress = "Updated" + // MachineConfigNodeUpdateResumed describes a machine that has resumed normal processes + MachineConfigNodeResumed StateProgress = "Resumed" + // MachineConfigNodeUpdateCompatible the part of the preparing phase where the mco decides whether it can update + MachineConfigNodeUpdateCompatible StateProgress = "UpdateCompatible" + // MachineConfigNodeUpdateDrained describes the part of the inprogress phase where the node drains + MachineConfigNodeUpdateDrained StateProgress = "Drained" + // MachineConfigNodeUpdateFilesAndOS describes the part of the inprogress phase where the nodes file and OS config change + MachineConfigNodeUpdateFilesAndOS StateProgress = "AppliedFilesAndOS" + // MachineConfigNodeUpdateCordoned describes the part of the completing phase where the node cordons + MachineConfigNodeUpdateCordoned StateProgress = "Cordoned" + // MachineConfigNodeUpdateRebooted describes the part of the post action phase where the node reboots itself + MachineConfigNodeUpdateRebooted StateProgress = "RebootedNode" + // MachineConfigNodeUpdateReloaded describes the part of the post action phase where the node reloads its CRIO service + MachineConfigNodeUpdateReloaded StateProgress = "ReloadedCRIO" +) diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 0000000000..d2ab9b91af --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,163 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MCOObjectReference) DeepCopyInto(out *MCOObjectReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MCOObjectReference. +func (in *MCOObjectReference) DeepCopy() *MCOObjectReference { + if in == nil { + return nil + } + out := new(MCOObjectReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigNode) DeepCopyInto(out *MachineConfigNode) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigNode. +func (in *MachineConfigNode) DeepCopy() *MachineConfigNode { + if in == nil { + return nil + } + out := new(MachineConfigNode) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *MachineConfigNode) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigNodeList) DeepCopyInto(out *MachineConfigNodeList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]MachineConfigNode, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigNodeList. +func (in *MachineConfigNodeList) DeepCopy() *MachineConfigNodeList { + if in == nil { + return nil + } + out := new(MachineConfigNodeList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *MachineConfigNodeList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigNodeSpec) DeepCopyInto(out *MachineConfigNodeSpec) { + *out = *in + out.Node = in.Node + out.Pool = in.Pool + out.ConfigVersion = in.ConfigVersion + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigNodeSpec. +func (in *MachineConfigNodeSpec) DeepCopy() *MachineConfigNodeSpec { + if in == nil { + return nil + } + out := new(MachineConfigNodeSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigNodeSpecMachineConfigVersion) DeepCopyInto(out *MachineConfigNodeSpecMachineConfigVersion) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigNodeSpecMachineConfigVersion. +func (in *MachineConfigNodeSpecMachineConfigVersion) DeepCopy() *MachineConfigNodeSpecMachineConfigVersion { + if in == nil { + return nil + } + out := new(MachineConfigNodeSpecMachineConfigVersion) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigNodeStatus) DeepCopyInto(out *MachineConfigNodeStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.ConfigVersion = in.ConfigVersion + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigNodeStatus. +func (in *MachineConfigNodeStatus) DeepCopy() *MachineConfigNodeStatus { + if in == nil { + return nil + } + out := new(MachineConfigNodeStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigNodeStatusMachineConfigVersion) DeepCopyInto(out *MachineConfigNodeStatusMachineConfigVersion) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigNodeStatusMachineConfigVersion. +func (in *MachineConfigNodeStatusMachineConfigVersion) DeepCopy() *MachineConfigNodeStatusMachineConfigVersion { + if in == nil { + return nil + } + out := new(MachineConfigNodeStatusMachineConfigVersion) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go new file mode 100644 index 0000000000..0044c9c4b6 --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go @@ -0,0 +1,82 @@ +package v1alpha1 + +// This file contains a collection of methods that can be used from go-restful to +// generate Swagger API documentation for its models. Please read this PR for more +// information on the implementation: https://github.com/emicklei/go-restful/pull/215 +// +// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if +// they are on one line! For multiple line or blocks that you want to ignore use ---. +// Any context after a --- is ignored. +// +// Those methods can be generated by using hack/update-swagger-docs.sh + +// AUTO-GENERATED FUNCTIONS START HERE +var map_MCOObjectReference = map[string]string{ + "": "MCOObjectReference holds information about an object the MCO either owns or modifies in some way", + "name": "name is the object name. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length.", +} + +func (MCOObjectReference) SwaggerDoc() map[string]string { + return map_MCOObjectReference +} + +var map_MachineConfigNode = map[string]string{ + "": "MachineConfigNode describes the health of the Machines on the system Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "spec": "spec describes the configuration of the machine config node.", + "status": "status describes the last observed state of this machine config node.", +} + +func (MachineConfigNode) SwaggerDoc() map[string]string { + return map_MachineConfigNode +} + +var map_MachineConfigNodeList = map[string]string{ + "": "MachineConfigNodeList describes all of the MachinesStates on the system\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", +} + +func (MachineConfigNodeList) SwaggerDoc() map[string]string { + return map_MachineConfigNodeList +} + +var map_MachineConfigNodeSpec = map[string]string{ + "": "MachineConfigNodeSpec describes the MachineConfigNode we are managing.", + "node": "node contains a reference to the node for this machine config node.", + "pool": "pool contains a reference to the machine config pool that this machine config node's referenced node belongs to.", + "configVersion": "configVersion holds the desired config version for the node targeted by this machine config node resource. The desired version represents the machine config the node will attempt to update to. This gets set before the machine config operator validates the new machine config against the current machine config.", +} + +func (MachineConfigNodeSpec) SwaggerDoc() map[string]string { + return map_MachineConfigNodeSpec +} + +var map_MachineConfigNodeSpecMachineConfigVersion = map[string]string{ + "": "MachineConfigNodeSpecMachineConfigVersion holds the desired config version for the current observed machine config node. When Current is not equal to Desired; the MachineConfigOperator is in an upgrade phase and the machine config node will take account of upgrade related events. Otherwise they will be ignored given that certain operations happen both during the MCO's upgrade mode and the daily operations mode.", + "desired": "desired is the name of the machine config that the the node should be upgraded to. This value is set when the machine config pool generates a new version of its rendered configuration. When this value is changed, the machine config daemon starts the node upgrade process. This value gets set in the machine config node spec once the machine config has been targeted for upgrade and before it is validated. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length.", +} + +func (MachineConfigNodeSpecMachineConfigVersion) SwaggerDoc() map[string]string { + return map_MachineConfigNodeSpecMachineConfigVersion +} + +var map_MachineConfigNodeStatus = map[string]string{ + "": "MachineConfigNodeStatus holds the reported information on a particular machine config node.", + "conditions": "conditions represent the observations of a machine config node's current state.", + "observedGeneration": "observedGeneration represents the generation observed by the controller. This field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec.", + "configVersion": "configVersion describes the current and desired machine config for this node. The current version represents the current machine config for the node and is updated after a successful update. The desired version represents the machine config the node will attempt to update to. This desired machine config has been compared to the current machine config and has been validated by the machine config operator as one that is valid and that exists.", +} + +func (MachineConfigNodeStatus) SwaggerDoc() map[string]string { + return map_MachineConfigNodeStatus +} + +var map_MachineConfigNodeStatusMachineConfigVersion = map[string]string{ + "": "MachineConfigNodeStatusMachineConfigVersion holds the current and desired config versions as last updated in the MCN status. When the current and desired versions are not matched, the machine config pool is processing an upgrade and the machine config node will monitor the upgrade process. When the current and desired versions do not match, the machine config node will ignore these events given that certain operations happen both during the MCO's upgrade mode and the daily operations mode.", + "current": "current is the name of the machine config currently in use on the node. This value is updated once the machine config daemon has completed the update of the configuration for the node. This value should match the desired version unless an upgrade is in progress. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length.", + "desired": "desired is the MachineConfig the node wants to upgrade to. This value gets set in the machine config node status once the machine config has been validated against the current machine config. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) It may consist of only alphanumeric characters, hyphens (-) and periods (.) and must be at most 253 characters in length.", +} + +func (MachineConfigNodeStatusMachineConfigVersion) SwaggerDoc() map[string]string { + return map_MachineConfigNodeStatusMachineConfigVersion +} + +// AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/network/.codegen.yaml b/vendor/github.com/openshift/api/network/.codegen.yaml new file mode 100644 index 0000000000..55f3a272c8 --- /dev/null +++ b/vendor/github.com/openshift/api/network/.codegen.yaml @@ -0,0 +1,6 @@ +schemapatch: + requiredFeatureSets: + - "" + - "Default" + - "TechPreviewNoUpgrade" + - "CustomNoUpgrade" diff --git a/vendor/github.com/openshift/api/network/install.go b/vendor/github.com/openshift/api/network/install.go index 85bc706236..fbaa079b3f 100644 --- a/vendor/github.com/openshift/api/network/install.go +++ b/vendor/github.com/openshift/api/network/install.go @@ -5,6 +5,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" networkv1 "github.com/openshift/api/network/v1" + networkv1alpha1 "github.com/openshift/api/network/v1alpha1" ) const ( @@ -12,7 +13,7 @@ const ( ) var ( - schemeBuilder = runtime.NewSchemeBuilder(networkv1.Install) + schemeBuilder = runtime.NewSchemeBuilder(networkv1.Install, networkv1alpha1.Install) // Install is a function which adds every version of this group to a scheme Install = schemeBuilder.AddToScheme ) diff --git a/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml b/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml new file mode 100644 index 0000000000..19ad00b875 --- /dev/null +++ b/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml @@ -0,0 +1,154 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1524 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade + name: dnsnameresolvers.network.openshift.io +spec: + group: network.openshift.io + names: + kind: DNSNameResolver + listKind: DNSNameResolverList + plural: dnsnameresolvers + singular: dnsnameresolver + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "DNSNameResolver stores the DNS name resolution information of a DNS name. It can be enabled by the TechPreviewNoUpgrade feature set. It can also be enabled by the feature gate DNSNameResolver when using CustomNoUpgrade feature set. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the DNSNameResolver. + properties: + name: + description: name is the DNS name for which the DNS name resolution information will be stored. For a regular DNS name, only the DNS name resolution information of the regular DNS name will be stored. For a wildcard DNS name, the DNS name resolution information of all the DNS names that match the wildcard DNS name will be stored. For a wildcard DNS name, the '*' will match only one label. Additionally, only a single '*' can be used at the beginning of the wildcard DNS name. For example, '*.example.com.' will match 'sub1.example.com.' but won't match 'sub2.sub1.example.com.' + maxLength: 254 + pattern: ^(\*\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\.){2,}$ + type: string + x-kubernetes-validations: + - message: spec.name is immutable + rule: self == oldSelf + required: + - name + type: object + status: + description: status is the most recently observed status of the DNSNameResolver. + properties: + resolvedNames: + description: resolvedNames contains a list of matching DNS names and their corresponding IP addresses along with their TTL and last DNS lookup times. + items: + description: DNSNameResolverResolvedName describes the details of a resolved DNS name. + properties: + conditions: + description: 'conditions provide information about the state of the DNS name. Known .status.conditions.type is: "Degraded". "Degraded" is true when the last resolution failed for the DNS name, and false otherwise.' + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + dnsName: + description: dnsName is the resolved DNS name matching the name field of DNSNameResolverSpec. This field can store both regular and wildcard DNS names which match the spec.name field. When the spec.name field contains a regular DNS name, this field will store the same regular DNS name after it is successfully resolved. When the spec.name field contains a wildcard DNS name, each resolvedName.dnsName will store the regular DNS names which match the wildcard DNS name and have been successfully resolved. If the wildcard DNS name can also be successfully resolved, then this field will store the wildcard DNS name as well. + maxLength: 254 + pattern: ^(\*\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\.){2,}$ + type: string + resolutionFailures: + description: resolutionFailures keeps the count of how many consecutive times the DNS resolution failed for the dnsName. If the DNS resolution succeeds then the field will be set to zero. Upon every failure, the value of the field will be incremented by one. The details about the DNS name will be removed, if the value of resolutionFailures reaches 5 and the TTL of all the associated IP addresses have expired. + format: int32 + type: integer + resolvedAddresses: + description: resolvedAddresses gives the list of associated IP addresses and their corresponding TTLs and last lookup times for the dnsName. + items: + description: DNSNameResolverResolvedAddress describes the details of an IP address for a resolved DNS name. + properties: + ip: + anyOf: + - format: ipv4 + - format: ipv6 + description: ip is an IP address associated with the dnsName. The validity of the IP address expires after lastLookupTime + ttlSeconds. To refresh the information, a DNS lookup will be performed upon the expiration of the IP address's validity. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity. + type: string + lastLookupTime: + description: lastLookupTime is the timestamp when the last DNS lookup was completed successfully. The validity of the IP address expires after lastLookupTime + ttlSeconds. The value of this field will be updated to the current time on a successful DNS lookup. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity. + format: date-time + type: string + ttlSeconds: + description: ttlSeconds is the time-to-live value of the IP address. The validity of the IP address expires after lastLookupTime + ttlSeconds. On a successful DNS lookup the value of this field will be updated with the current time-to-live value. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity. + format: int32 + type: integer + required: + - ip + - lastLookupTime + - ttlSeconds + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + required: + - dnsName + - resolvedAddresses + type: object + type: array + x-kubernetes-list-map-keys: + - dnsName + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml-patch b/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml-patch new file mode 100644 index 0000000000..975ae7c93f --- /dev/null +++ b/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml-patch @@ -0,0 +1,5 @@ +- op: add + path: /spec/versions/name=v1alpha1/schema/openAPIV3Schema/properties/status/properties/resolvedNames/items/properties/resolvedAddresses/items/properties/ip/anyOf + value: + - format: ipv4 + - format: ipv6 diff --git a/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml b/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml new file mode 100644 index 0000000000..e4c3c25412 --- /dev/null +++ b/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml @@ -0,0 +1,154 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1524 + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: dnsnameresolvers.network.openshift.io +spec: + group: network.openshift.io + names: + kind: DNSNameResolver + listKind: DNSNameResolverList + plural: dnsnameresolvers + singular: dnsnameresolver + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "DNSNameResolver stores the DNS name resolution information of a DNS name. It can be enabled by the TechPreviewNoUpgrade feature set. It can also be enabled by the feature gate DNSNameResolver when using CustomNoUpgrade feature set. \n Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the DNSNameResolver. + properties: + name: + description: name is the DNS name for which the DNS name resolution information will be stored. For a regular DNS name, only the DNS name resolution information of the regular DNS name will be stored. For a wildcard DNS name, the DNS name resolution information of all the DNS names that match the wildcard DNS name will be stored. For a wildcard DNS name, the '*' will match only one label. Additionally, only a single '*' can be used at the beginning of the wildcard DNS name. For example, '*.example.com.' will match 'sub1.example.com.' but won't match 'sub2.sub1.example.com.' + maxLength: 254 + pattern: ^(\*\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\.){2,}$ + type: string + x-kubernetes-validations: + - message: spec.name is immutable + rule: self == oldSelf + required: + - name + type: object + status: + description: status is the most recently observed status of the DNSNameResolver. + properties: + resolvedNames: + description: resolvedNames contains a list of matching DNS names and their corresponding IP addresses along with their TTL and last DNS lookup times. + items: + description: DNSNameResolverResolvedName describes the details of a resolved DNS name. + properties: + conditions: + description: 'conditions provide information about the state of the DNS name. Known .status.conditions.type is: "Degraded". "Degraded" is true when the last resolution failed for the DNS name, and false otherwise.' + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + dnsName: + description: dnsName is the resolved DNS name matching the name field of DNSNameResolverSpec. This field can store both regular and wildcard DNS names which match the spec.name field. When the spec.name field contains a regular DNS name, this field will store the same regular DNS name after it is successfully resolved. When the spec.name field contains a wildcard DNS name, each resolvedName.dnsName will store the regular DNS names which match the wildcard DNS name and have been successfully resolved. If the wildcard DNS name can also be successfully resolved, then this field will store the wildcard DNS name as well. + maxLength: 254 + pattern: ^(\*\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\.){2,}$ + type: string + resolutionFailures: + description: resolutionFailures keeps the count of how many consecutive times the DNS resolution failed for the dnsName. If the DNS resolution succeeds then the field will be set to zero. Upon every failure, the value of the field will be incremented by one. The details about the DNS name will be removed, if the value of resolutionFailures reaches 5 and the TTL of all the associated IP addresses have expired. + format: int32 + type: integer + resolvedAddresses: + description: resolvedAddresses gives the list of associated IP addresses and their corresponding TTLs and last lookup times for the dnsName. + items: + description: DNSNameResolverResolvedAddress describes the details of an IP address for a resolved DNS name. + properties: + ip: + anyOf: + - format: ipv4 + - format: ipv6 + description: ip is an IP address associated with the dnsName. The validity of the IP address expires after lastLookupTime + ttlSeconds. To refresh the information, a DNS lookup will be performed upon the expiration of the IP address's validity. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity. + type: string + lastLookupTime: + description: lastLookupTime is the timestamp when the last DNS lookup was completed successfully. The validity of the IP address expires after lastLookupTime + ttlSeconds. The value of this field will be updated to the current time on a successful DNS lookup. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity. + format: date-time + type: string + ttlSeconds: + description: ttlSeconds is the time-to-live value of the IP address. The validity of the IP address expires after lastLookupTime + ttlSeconds. On a successful DNS lookup the value of this field will be updated with the current time-to-live value. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity. + format: int32 + type: integer + required: + - ip + - lastLookupTime + - ttlSeconds + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + required: + - dnsName + - resolvedAddresses + type: object + type: array + x-kubernetes-list-map-keys: + - dnsName + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml-patch b/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml-patch new file mode 100644 index 0000000000..975ae7c93f --- /dev/null +++ b/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml-patch @@ -0,0 +1,5 @@ +- op: add + path: /spec/versions/name=v1alpha1/schema/openAPIV3Schema/properties/status/properties/resolvedNames/items/properties/resolvedAddresses/items/properties/ip/anyOf + value: + - format: ipv4 + - format: ipv6 diff --git a/vendor/github.com/openshift/api/network/v1alpha1/Makefile b/vendor/github.com/openshift/api/network/v1alpha1/Makefile new file mode 100644 index 0000000000..376fee2dc0 --- /dev/null +++ b/vendor/github.com/openshift/api/network/v1alpha1/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="network.openshift.io/v1alpha1" diff --git a/vendor/github.com/openshift/api/network/v1alpha1/custom.dnsnameresolver.testsuite.yaml b/vendor/github.com/openshift/api/network/v1alpha1/custom.dnsnameresolver.testsuite.yaml new file mode 100644 index 0000000000..24175b6d73 --- /dev/null +++ b/vendor/github.com/openshift/api/network/v1alpha1/custom.dnsnameresolver.testsuite.yaml @@ -0,0 +1,402 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[CustomNoUpgrade] DNSNameResolver" +crd: 0000_70_dnsnameresolver_00-techpreview.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal DNSNameResolver with a regular DNS name + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + spec: + name: www.example.com. + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + spec: + name: www.example.com. + - name: Should be able to create a minimal DNSNameResolver with a wildcard DNS name + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + spec: + name: "*.example.com." + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + spec: + name: "*.example.com." + - name: Should be able to specify DNS name with a '-' in a label + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + spec: + name: www.example-domain.com. + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + spec: + name: www.example-domain.com. + - name: Should not be able to specify invalid DNS name + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www_example_com + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"www_example_com\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should not be able to specify DNS name with a label starting with '-' + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: -example.com. + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"-example.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should not be able to specify DNS name with a label ending with '-' + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: example-.com. + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"example-.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should not be able to specify DNS name without a trailing period + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"www.example.com\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should not be able to specify just the TLD in a DNS name + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: com. + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should not be able to specify a wildcard before TLD in DNS name + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: "*.com." + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"*.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should not be able to specify a DNS name with a label containing uppercase letters + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: ABCD.com. + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"ABCD.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should not be able to specify a DNS name with a label containing more than 63 characters + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz123456789012.com. + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz123456789012.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should be able to specify a DNS name with a label containing 63 characters + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz12345678901.com. + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + spec: + name: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz12345678901.com. + onUpdate: + - name: Should not be able to update spec.name field + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.newexample.com. + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"string\": spec.name is immutable" + - name: Should be able to add valid IPv4 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "192.168.1.1" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "192.168.1.1" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + - name: Should be able to add lowest valid IPv4 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "0.0.0.0" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "0.0.0.0" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + - name: Should be able to add highest valid IPv4 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "255.255.255.255" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "255.255.255.255" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + - name: Should not be able to add invalid IPv4 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "256.256.256.256" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expectedStatusError: "DNSNameResolver.network.openshift.io \"example\" is invalid: [: Invalid value: \"\": \"status.resolvedNames[0].resolvedAddresses[0].ip\" must validate at least one schema (anyOf), status.resolvedNames[0].resolvedAddresses[0].ip: Invalid value: \"256.256.256.256\": status.resolvedNames[0].resolvedAddresses[0].ip in body must be of type ipv4: \"256.256.256.256\", : Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]" + - name: Should be able to add valid IPv6 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "2001:db8:3333:4444:5555:6666:7777:8888" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "2001:db8:3333:4444:5555:6666:7777:8888" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + - name: Should be able to add lowest valid IPv6 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "::" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "::" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + - name: Should be able to add highest valid IPv6 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + - name: Should not be able to add invalid IPv6 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "10000:10000:10000:10000:10000:10000:10000:10000" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expectedStatusError: "DNSNameResolver.network.openshift.io \"example\" is invalid: [: Invalid value: \"\": \"status.resolvedNames[0].resolvedAddresses[0].ip\" must validate at least one schema (anyOf), status.resolvedNames[0].resolvedAddresses[0].ip: Invalid value: \"10000:10000:10000:10000:10000:10000:10000:10000\": status.resolvedNames[0].resolvedAddresses[0].ip in body must be of type ipv4: \"10000:10000:10000:10000:10000:10000:10000:10000\", : Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]" diff --git a/vendor/github.com/openshift/api/network/v1alpha1/doc.go b/vendor/github.com/openshift/api/network/v1alpha1/doc.go new file mode 100644 index 0000000000..35539c458c --- /dev/null +++ b/vendor/github.com/openshift/api/network/v1alpha1/doc.go @@ -0,0 +1,6 @@ +// +k8s:deepcopy-gen=package,register +// +k8s:defaulter-gen=TypeMeta +// +k8s:openapi-gen=true + +// +groupName=network.openshift.io +package v1alpha1 diff --git a/vendor/github.com/openshift/api/network/v1alpha1/register.go b/vendor/github.com/openshift/api/network/v1alpha1/register.go new file mode 100644 index 0000000000..6d80c234ba --- /dev/null +++ b/vendor/github.com/openshift/api/network/v1alpha1/register.go @@ -0,0 +1,40 @@ +package v1alpha1 + +import ( + configv1 "github.com/openshift/api/config/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + GroupName = "network.openshift.io" + GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes, configv1.Install) + // Install is a function which adds this version to a scheme + Install = schemeBuilder.AddToScheme + + // SchemeGroupVersion generated code relies on this name + // Deprecated + SchemeGroupVersion = GroupVersion + // AddToScheme exists solely to keep the old generators creating valid code + // DEPRECATED + AddToScheme = schemeBuilder.AddToScheme +) + +// Resource generated code relies on this being here, but it logically belongs to the group +// DEPRECATED +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +func addKnownTypes(scheme *runtime.Scheme) error { + metav1.AddToGroupVersion(scheme, GroupVersion) + + scheme.AddKnownTypes(GroupVersion, + &DNSNameResolver{}, + &DNSNameResolverList{}, + ) + + return nil +} diff --git a/vendor/github.com/openshift/api/network/v1alpha1/techpreview.dnsnameresolver.testsuite.yaml b/vendor/github.com/openshift/api/network/v1alpha1/techpreview.dnsnameresolver.testsuite.yaml new file mode 100644 index 0000000000..411e5ffcdc --- /dev/null +++ b/vendor/github.com/openshift/api/network/v1alpha1/techpreview.dnsnameresolver.testsuite.yaml @@ -0,0 +1,402 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[TechPreviewNoUpgrade] DNSNameResolver" +crd: 0000_70_dnsnameresolver_00-techpreview.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal DNSNameResolver + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + spec: + name: www.example.com. + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + spec: + name: www.example.com. + - name: Should be able to create a minimal DNSNameResolver with a wildcard DNS name + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + spec: + name: "*.example.com." + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + spec: + name: "*.example.com." + - name: Should be able to specify DNS name with a '-' in a label + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + spec: + name: www.example-domain.com. + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + spec: + name: www.example-domain.com. + - name: Should not be able to specify invalid DNS name + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www_example_com + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"www_example_com\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should not be able to specify DNS name with a label starting with '-' + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: -example.com. + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"-example.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should not be able to specify DNS name with a label ending with '-' + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: example-.com. + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"example-.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should not be able to specify DNS name without a trailing period + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"www.example.com\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should not be able to specify just the TLD in a DNS name + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: com. + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should not be able to specify a wildcard before TLD in DNS name + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: "*.com." + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"*.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should not be able to specify a DNS name with a label containing uppercase letters + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: ABCD.com. + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"ABCD.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should not be able to specify a DNS name with a label containing more than 63 characters + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz123456789012.com. + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz123456789012.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" + - name: Should be able to specify a DNS name with a label containing 63 characters + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz12345678901.com. + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + spec: + name: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz12345678901.com. + onUpdate: + - name: Should not be able to update spec.name field + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.newexample.com. + expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"string\": spec.name is immutable" + - name: Should be able to add valid IPv4 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "192.168.1.1" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "192.168.1.1" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + - name: Should be able to add lowest valid IPv4 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "0.0.0.0" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "0.0.0.0" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + - name: Should be able to add highest valid IPv4 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "255.255.255.255" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "255.255.255.255" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + - name: Should not be able to add invalid IPv4 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "256.256.256.256" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expectedStatusError: "DNSNameResolver.network.openshift.io \"example\" is invalid: [: Invalid value: \"\": \"status.resolvedNames[0].resolvedAddresses[0].ip\" must validate at least one schema (anyOf), status.resolvedNames[0].resolvedAddresses[0].ip: Invalid value: \"256.256.256.256\": status.resolvedNames[0].resolvedAddresses[0].ip in body must be of type ipv4: \"256.256.256.256\", : Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]" + - name: Should be able to add valid IPv6 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "2001:db8:3333:4444:5555:6666:7777:8888" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "2001:db8:3333:4444:5555:6666:7777:8888" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + - name: Should be able to add lowest valid IPv6 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "::" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "::" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + - name: Should be able to add highest valid IPv6 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expected: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + - name: Should not be able to add invalid IPv6 address + initial: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + updated: | + apiVersion: network.openshift.io/v1alpha1 + kind: DNSNameResolver + metadata: + name: example + spec: + name: www.example.com. + status: + resolvedNames: + - dnsName: www.example.com. + resolvedAddresses: + - ip: "10000:10000:10000:10000:10000:10000:10000:10000" + ttlSeconds: 60 + lastLookupTime: "2023-08-08T15:07:04Z" + expectedStatusError: "DNSNameResolver.network.openshift.io \"example\" is invalid: [: Invalid value: \"\": \"status.resolvedNames[0].resolvedAddresses[0].ip\" must validate at least one schema (anyOf), status.resolvedNames[0].resolvedAddresses[0].ip: Invalid value: \"10000:10000:10000:10000:10000:10000:10000:10000\": status.resolvedNames[0].resolvedAddresses[0].ip in body must be of type ipv4: \"10000:10000:10000:10000:10000:10000:10000:10000\", : Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]" diff --git a/vendor/github.com/openshift/api/network/v1alpha1/types_dnsnameresolver.go b/vendor/github.com/openshift/api/network/v1alpha1/types_dnsnameresolver.go new file mode 100644 index 0000000000..4e0199d7e7 --- /dev/null +++ b/vendor/github.com/openshift/api/network/v1alpha1/types_dnsnameresolver.go @@ -0,0 +1,139 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +openshift:compatibility-gen:level=4 + +// DNSNameResolver stores the DNS name resolution information of a DNS name. It can be enabled by the TechPreviewNoUpgrade feature set. +// It can also be enabled by the feature gate DNSNameResolver when using CustomNoUpgrade feature set. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +type DNSNameResolver struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec is the specification of the desired behavior of the DNSNameResolver. + // +kubebuilder:validation:Required + Spec DNSNameResolverSpec `json:"spec"` + // status is the most recently observed status of the DNSNameResolver. + // +optional + Status DNSNameResolverStatus `json:"status,omitempty"` +} + +// DNSName is used for validation of a DNS name. +// +kubebuilder:validation:Pattern=`^(\*\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\.){2,}$` +// +kubebuilder:validation:MaxLength=254 +type DNSName string + +// DNSNameResolverSpec is a desired state description of DNSNameResolver. +type DNSNameResolverSpec struct { + // name is the DNS name for which the DNS name resolution information will be stored. + // For a regular DNS name, only the DNS name resolution information of the regular DNS + // name will be stored. For a wildcard DNS name, the DNS name resolution information + // of all the DNS names that match the wildcard DNS name will be stored. + // For a wildcard DNS name, the '*' will match only one label. Additionally, only a single + // '*' can be used at the beginning of the wildcard DNS name. For example, '*.example.com.' + // will match 'sub1.example.com.' but won't match 'sub2.sub1.example.com.' + // +kubebuilder:validation:Required + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="spec.name is immutable" + Name DNSName `json:"name"` +} + +// DNSNameResolverStatus defines the observed status of DNSNameResolver. +type DNSNameResolverStatus struct { + // resolvedNames contains a list of matching DNS names and their corresponding IP addresses + // along with their TTL and last DNS lookup times. + // +listType=map + // +listMapKey=dnsName + // +patchMergeKey=dnsName + // +patchStrategy=merge + // +optional + ResolvedNames []DNSNameResolverResolvedName `json:"resolvedNames,omitempty" patchStrategy:"merge" patchMergeKey:"dnsName"` +} + +// DNSNameResolverResolvedName describes the details of a resolved DNS name. +type DNSNameResolverResolvedName struct { + // conditions provide information about the state of the DNS name. + // Known .status.conditions.type is: "Degraded". + // "Degraded" is true when the last resolution failed for the DNS name, + // and false otherwise. + // +optional + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // dnsName is the resolved DNS name matching the name field of DNSNameResolverSpec. This field can + // store both regular and wildcard DNS names which match the spec.name field. When the spec.name + // field contains a regular DNS name, this field will store the same regular DNS name after it is + // successfully resolved. When the spec.name field contains a wildcard DNS name, each resolvedName.dnsName + // will store the regular DNS names which match the wildcard DNS name and have been successfully resolved. + // If the wildcard DNS name can also be successfully resolved, then this field will store the wildcard + // DNS name as well. + // +kubebuilder:validation:Required + DNSName DNSName `json:"dnsName"` + + // resolvedAddresses gives the list of associated IP addresses and their corresponding TTLs and last + // lookup times for the dnsName. + // +kubebuilder:validation:Required + // +listType=map + // +listMapKey=ip + ResolvedAddresses []DNSNameResolverResolvedAddress `json:"resolvedAddresses"` + + // resolutionFailures keeps the count of how many consecutive times the DNS resolution failed + // for the dnsName. If the DNS resolution succeeds then the field will be set to zero. Upon + // every failure, the value of the field will be incremented by one. The details about the DNS + // name will be removed, if the value of resolutionFailures reaches 5 and the TTL of all the + // associated IP addresses have expired. + ResolutionFailures int32 `json:"resolutionFailures,omitempty"` +} + +// DNSNameResolverResolvedAddress describes the details of an IP address for a resolved DNS name. +type DNSNameResolverResolvedAddress struct { + // ip is an IP address associated with the dnsName. The validity of the IP address expires after + // lastLookupTime + ttlSeconds. To refresh the information, a DNS lookup will be performed upon + // the expiration of the IP address's validity. If the information is not refreshed then it will + // be removed with a grace period after the expiration of the IP address's validity. + // +kubebuilder:validation:Required + IP string `json:"ip"` + + // ttlSeconds is the time-to-live value of the IP address. The validity of the IP address expires after + // lastLookupTime + ttlSeconds. On a successful DNS lookup the value of this field will be updated with + // the current time-to-live value. If the information is not refreshed then it will be removed with a + // grace period after the expiration of the IP address's validity. + // +kubebuilder:validation:Required + TTLSeconds int32 `json:"ttlSeconds"` + + // lastLookupTime is the timestamp when the last DNS lookup was completed successfully. The validity of + // the IP address expires after lastLookupTime + ttlSeconds. The value of this field will be updated to + // the current time on a successful DNS lookup. If the information is not refreshed then it will be + // removed with a grace period after the expiration of the IP address's validity. + // +kubebuilder:validation:Required + LastLookupTime *metav1.Time `json:"lastLookupTime"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +openshift:compatibility-gen:level=4 + +// DNSNameResolverList contains a list of DNSNameResolvers. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +type DNSNameResolverList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata,omitempty"` + + // items gives the list of DNSNameResolvers. + Items []DNSNameResolver `json:"items"` +} diff --git a/vendor/github.com/openshift/api/network/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/network/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 0000000000..b8308c3f83 --- /dev/null +++ b/vendor/github.com/openshift/api/network/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,161 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSNameResolver) DeepCopyInto(out *DNSNameResolver) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSNameResolver. +func (in *DNSNameResolver) DeepCopy() *DNSNameResolver { + if in == nil { + return nil + } + out := new(DNSNameResolver) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *DNSNameResolver) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSNameResolverList) DeepCopyInto(out *DNSNameResolverList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]DNSNameResolver, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSNameResolverList. +func (in *DNSNameResolverList) DeepCopy() *DNSNameResolverList { + if in == nil { + return nil + } + out := new(DNSNameResolverList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *DNSNameResolverList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSNameResolverResolvedAddress) DeepCopyInto(out *DNSNameResolverResolvedAddress) { + *out = *in + if in.LastLookupTime != nil { + in, out := &in.LastLookupTime, &out.LastLookupTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSNameResolverResolvedAddress. +func (in *DNSNameResolverResolvedAddress) DeepCopy() *DNSNameResolverResolvedAddress { + if in == nil { + return nil + } + out := new(DNSNameResolverResolvedAddress) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSNameResolverResolvedName) DeepCopyInto(out *DNSNameResolverResolvedName) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ResolvedAddresses != nil { + in, out := &in.ResolvedAddresses, &out.ResolvedAddresses + *out = make([]DNSNameResolverResolvedAddress, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSNameResolverResolvedName. +func (in *DNSNameResolverResolvedName) DeepCopy() *DNSNameResolverResolvedName { + if in == nil { + return nil + } + out := new(DNSNameResolverResolvedName) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSNameResolverSpec) DeepCopyInto(out *DNSNameResolverSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSNameResolverSpec. +func (in *DNSNameResolverSpec) DeepCopy() *DNSNameResolverSpec { + if in == nil { + return nil + } + out := new(DNSNameResolverSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSNameResolverStatus) DeepCopyInto(out *DNSNameResolverStatus) { + *out = *in + if in.ResolvedNames != nil { + in, out := &in.ResolvedNames, &out.ResolvedNames + *out = make([]DNSNameResolverResolvedName, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSNameResolverStatus. +func (in *DNSNameResolverStatus) DeepCopy() *DNSNameResolverStatus { + if in == nil { + return nil + } + out := new(DNSNameResolverStatus) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/openshift/api/network/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/network/v1alpha1/zz_generated.swagger_doc_generated.go new file mode 100644 index 0000000000..e5018a9736 --- /dev/null +++ b/vendor/github.com/openshift/api/network/v1alpha1/zz_generated.swagger_doc_generated.go @@ -0,0 +1,76 @@ +package v1alpha1 + +// This file contains a collection of methods that can be used from go-restful to +// generate Swagger API documentation for its models. Please read this PR for more +// information on the implementation: https://github.com/emicklei/go-restful/pull/215 +// +// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if +// they are on one line! For multiple line or blocks that you want to ignore use ---. +// Any context after a --- is ignored. +// +// Those methods can be generated by using hack/update-swagger-docs.sh + +// AUTO-GENERATED FUNCTIONS START HERE +var map_DNSNameResolver = map[string]string{ + "": "DNSNameResolver stores the DNS name resolution information of a DNS name. It can be enabled by the TechPreviewNoUpgrade feature set. It can also be enabled by the feature gate DNSNameResolver when using CustomNoUpgrade feature set.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the specification of the desired behavior of the DNSNameResolver.", + "status": "status is the most recently observed status of the DNSNameResolver.", +} + +func (DNSNameResolver) SwaggerDoc() map[string]string { + return map_DNSNameResolver +} + +var map_DNSNameResolverList = map[string]string{ + "": "DNSNameResolverList contains a list of DNSNameResolvers.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "items": "items gives the list of DNSNameResolvers.", +} + +func (DNSNameResolverList) SwaggerDoc() map[string]string { + return map_DNSNameResolverList +} + +var map_DNSNameResolverResolvedAddress = map[string]string{ + "": "DNSNameResolverResolvedAddress describes the details of an IP address for a resolved DNS name.", + "ip": "ip is an IP address associated with the dnsName. The validity of the IP address expires after lastLookupTime + ttlSeconds. To refresh the information, a DNS lookup will be performed upon the expiration of the IP address's validity. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", + "ttlSeconds": "ttlSeconds is the time-to-live value of the IP address. The validity of the IP address expires after lastLookupTime + ttlSeconds. On a successful DNS lookup the value of this field will be updated with the current time-to-live value. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", + "lastLookupTime": "lastLookupTime is the timestamp when the last DNS lookup was completed successfully. The validity of the IP address expires after lastLookupTime + ttlSeconds. The value of this field will be updated to the current time on a successful DNS lookup. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", +} + +func (DNSNameResolverResolvedAddress) SwaggerDoc() map[string]string { + return map_DNSNameResolverResolvedAddress +} + +var map_DNSNameResolverResolvedName = map[string]string{ + "": "DNSNameResolverResolvedName describes the details of a resolved DNS name.", + "conditions": "conditions provide information about the state of the DNS name. Known .status.conditions.type is: \"Degraded\". \"Degraded\" is true when the last resolution failed for the DNS name, and false otherwise.", + "dnsName": "dnsName is the resolved DNS name matching the name field of DNSNameResolverSpec. This field can store both regular and wildcard DNS names which match the spec.name field. When the spec.name field contains a regular DNS name, this field will store the same regular DNS name after it is successfully resolved. When the spec.name field contains a wildcard DNS name, each resolvedName.dnsName will store the regular DNS names which match the wildcard DNS name and have been successfully resolved. If the wildcard DNS name can also be successfully resolved, then this field will store the wildcard DNS name as well.", + "resolvedAddresses": "resolvedAddresses gives the list of associated IP addresses and their corresponding TTLs and last lookup times for the dnsName.", + "resolutionFailures": "resolutionFailures keeps the count of how many consecutive times the DNS resolution failed for the dnsName. If the DNS resolution succeeds then the field will be set to zero. Upon every failure, the value of the field will be incremented by one. The details about the DNS name will be removed, if the value of resolutionFailures reaches 5 and the TTL of all the associated IP addresses have expired.", +} + +func (DNSNameResolverResolvedName) SwaggerDoc() map[string]string { + return map_DNSNameResolverResolvedName +} + +var map_DNSNameResolverSpec = map[string]string{ + "": "DNSNameResolverSpec is a desired state description of DNSNameResolver.", + "name": "name is the DNS name for which the DNS name resolution information will be stored. For a regular DNS name, only the DNS name resolution information of the regular DNS name will be stored. For a wildcard DNS name, the DNS name resolution information of all the DNS names that match the wildcard DNS name will be stored. For a wildcard DNS name, the '*' will match only one label. Additionally, only a single '*' can be used at the beginning of the wildcard DNS name. For example, '*.example.com.' will match 'sub1.example.com.' but won't match 'sub2.sub1.example.com.'", +} + +func (DNSNameResolverSpec) SwaggerDoc() map[string]string { + return map_DNSNameResolverSpec +} + +var map_DNSNameResolverStatus = map[string]string{ + "": "DNSNameResolverStatus defines the observed status of DNSNameResolver.", + "resolvedNames": "resolvedNames contains a list of matching DNS names and their corresponding IP addresses along with their TTL and last DNS lookup times.", +} + +func (DNSNameResolverStatus) SwaggerDoc() map[string]string { + return map_DNSNameResolverStatus +} + +// AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go index 05f0d795de..be364a5e37 100644 --- a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go +++ b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go @@ -200,19 +200,21 @@ const ( OpenShiftServiceAccountController OpenShiftControllerName = "openshift.io/serviceaccount" OpenShiftDefaultRoleBindingsController OpenShiftControllerName = "openshift.io/default-rolebindings" OpenShiftServiceAccountPullSecretsController OpenShiftControllerName = "openshift.io/serviceaccount-pull-secrets" - OpenshiftOriginNamespaceController OpenShiftControllerName = "openshift.io/origin-namespace" - OpenshiftBuildController OpenShiftControllerName = "openshift.io/build" - OpenshiftBuildConfigChangeController OpenShiftControllerName = "openshift.io/build-config-change" + OpenShiftOriginNamespaceController OpenShiftControllerName = "openshift.io/origin-namespace" + OpenShiftBuildController OpenShiftControllerName = "openshift.io/build" + OpenShiftBuildConfigChangeController OpenShiftControllerName = "openshift.io/build-config-change" OpenShiftBuilderServiceAccountController OpenShiftControllerName = "openshift.io/builder-serviceaccount" - OpenshiftDeployerController OpenShiftControllerName = "openshift.io/deployer" + OpenShiftDeployerController OpenShiftControllerName = "openshift.io/deployer" OpenShiftDeployerServiceAccountController OpenShiftControllerName = "openshift.io/deployer-serviceaccount" - OpenshiftDeploymentConfigController OpenShiftControllerName = "openshift.io/deploymentconfig" - OpenshiftImageTriggerController OpenShiftControllerName = "openshift.io/image-trigger" - OpenshiftImageImportController OpenShiftControllerName = "openshift.io/image-import" - OpenshiftImageSignatureImportController OpenShiftControllerName = "openshift.io/image-signature-import" - OpenshiftTemplateInstanceController OpenShiftControllerName = "openshift.io/templateinstance" - OpenshiftTemplateInstanceFinalizerController OpenShiftControllerName = "openshift.io/templateinstancefinalizer" - OpenshiftUnidlingController OpenShiftControllerName = "openshift.io/unidling" + OpenShiftDeploymentConfigController OpenShiftControllerName = "openshift.io/deploymentconfig" + OpenShiftImageTriggerController OpenShiftControllerName = "openshift.io/image-trigger" + OpenShiftImageImportController OpenShiftControllerName = "openshift.io/image-import" + OpenShiftImageSignatureImportController OpenShiftControllerName = "openshift.io/image-signature-import" + OpenShiftTemplateInstanceController OpenShiftControllerName = "openshift.io/templateinstance" + OpenShiftTemplateInstanceFinalizerController OpenShiftControllerName = "openshift.io/templateinstancefinalizer" + OpenShiftUnidlingController OpenShiftControllerName = "openshift.io/unidling" + OpenShiftIngressIPController OpenShiftControllerName = "openshift.io/ingress-ip" + OpenShiftIngressToRouteController OpenShiftControllerName = "openshift.io/ingress-to-route" ) // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml index 4ff57e35a3..c5188cc078 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml @@ -742,7 +742,7 @@ spec: description: "tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. \n If unset, the default is based on the apiservers.config.openshift.io/cluster resource. \n Note that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout." properties: custom: - description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: TLSv1.1" + description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this: \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 minTLSVersion: VersionTLS11" nullable: true properties: ciphers: @@ -751,7 +751,7 @@ spec: type: string type: array minTLSVersion: - description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" + description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" enum: - VersionTLS10 - VersionTLS11 @@ -760,15 +760,15 @@ spec: type: string type: object intermediate: - description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: TLSv1.2" + description: "intermediate is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12" nullable: true type: object modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: VersionTLS13 \n NOTE: Currently unsupported." nullable: true type: object old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10" nullable: true type: object type: @@ -1117,7 +1117,7 @@ spec: type: string type: array minTLSVersion: - description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" + description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: currently the highest minTLSVersion allowed is VersionTLS12" enum: - VersionTLS10 - VersionTLS11 diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml index 83222ab78c..f2c9f1241a 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml @@ -254,21 +254,21 @@ spec: message: IPv6 addresses must contain at most one '::' and may only be shortened once - rule: 'self.contains(''::'') ? self.split(''/'')[0].split('':'').size() <= 8 : self.split(''/'')[0].split('':'').size() == 8' message: a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments - - rule: 'self.split(''/'')[0].split('':'').size() >=1 ? [self.split(''/'')[0].split('':'', 8)[0]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + - rule: 'self.split(''/'')[0].split('':'').size() >=1 ? [self.split(''/'')[0].split('':'', 8)[0]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true' message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 1 - - rule: 'self.split(''/'')[0].split('':'').size() >=2 ? [self.split(''/'')[0].split('':'', 8)[1]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + - rule: 'self.split(''/'')[0].split('':'').size() >=2 ? [self.split(''/'')[0].split('':'', 8)[1]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true' message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 2 - - rule: 'self.split(''/'')[0].split('':'').size() >=3 ? [self.split(''/'')[0].split('':'', 8)[2]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + - rule: 'self.split(''/'')[0].split('':'').size() >=3 ? [self.split(''/'')[0].split('':'', 8)[2]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true' message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 3 - - rule: 'self.split(''/'')[0].split('':'').size() >=4 ? [self.split(''/'')[0].split('':'', 8)[3]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + - rule: 'self.split(''/'')[0].split('':'').size() >=4 ? [self.split(''/'')[0].split('':'', 8)[3]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true' message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 4 - - rule: 'self.split(''/'')[0].split('':'').size() >=5 ? [self.split(''/'')[0].split('':'', 8)[4]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + - rule: 'self.split(''/'')[0].split('':'').size() >=5 ? [self.split(''/'')[0].split('':'', 8)[4]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true' message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 5 - - rule: 'self.split(''/'')[0].split('':'').size() >=6 ? [self.split(''/'')[0].split('':'', 8)[5]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + - rule: 'self.split(''/'')[0].split('':'').size() >=6 ? [self.split(''/'')[0].split('':'', 8)[5]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true' message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 6 - - rule: 'self.split(''/'')[0].split('':'').size() >=7 ? [self.split(''/'')[0].split('':'', 8)[6]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + - rule: 'self.split(''/'')[0].split('':'').size() >=7 ? [self.split(''/'')[0].split('':'', 8)[6]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true' message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 7 - - rule: 'self.split(''/'')[0].split('':'').size() >=8 ? [self.split(''/'')[0].split('':'', 8)[7]].all(x, x == '''' || x.matches(''[0-9A-Fa-f]{1,4}'')) : true' + - rule: 'self.split(''/'')[0].split('':'').size() >=8 ? [self.split(''/'')[0].split('':'', 8)[7]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true' message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 8 - rule: '!self.contains(''.'')' message: IPv6 dual addresses are not permitted, value should not contain `.` characters diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml index d90a135578..93e34a5dfc 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml @@ -90,12 +90,13 @@ spec: type: object type: object driverType: - description: 'driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, vSphere and omitted. Consumers should treat unknown values as a NO-OP.' + description: 'driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP.' enum: - "" - AWS - Azure - GCP + - IBMCloud - vSphere type: string gcp: @@ -132,6 +133,18 @@ spec: - projectID type: object type: object + ibmcloud: + description: ibmcloud is used to configure the IBM Cloud CSI driver. + properties: + encryptionKeyCRN: + description: encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use for disk encryption of volumes for the default storage classes. + maxLength: 154 + minLength: 144 + pattern: ^crn:v[0-9]+:bluemix:(public|private):(kms|hs-crypto):[a-z-]+:a/[0-9a-f]+:[0-9a-f-]{36}:key:[0-9a-f-]{36}$ + type: string + required: + - encryptionKeyCRN + type: object vSphere: description: vsphere is used to configure the vsphere CSI driver. properties: @@ -144,6 +157,9 @@ spec: required: - driverType type: object + x-kubernetes-validations: + - message: ibmcloud must be set if driverType is 'IBMCloud', but remain unset otherwise + rule: 'has(self.driverType) && self.driverType == ''IBMCloud'' ? has(self.ibmcloud) : !has(self.ibmcloud)' logLevel: default: Normal description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." diff --git a/vendor/github.com/openshift/api/operator/v1/stable.clustercsidriver.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.clustercsidriver.testsuite.yaml index dd43c63e1a..7a159da860 100644 --- a/vendor/github.com/openshift/api/operator/v1/stable.clustercsidriver.testsuite.yaml +++ b/vendor/github.com/openshift/api/operator/v1/stable.clustercsidriver.testsuite.yaml @@ -18,3 +18,24 @@ tests: spec: logLevel: Normal operatorLogLevel: Normal + - name: IBM Cloud CSIDriverType must have a defined IBM Cloud spec + initial: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: csi.sharedresource.openshift.io + spec: + driverConfig: + driverType: IBMCloud + expectedError: "Invalid value: \"object\": ibmcloud must be set if driverType is 'IBMCloud', but remain unset otherwise" + - name: IBM Cloud spec must have an EncryptionKeyCRN defined + initial: | + apiVersion: operator.openshift.io/v1 + kind: ClusterCSIDriver + metadata: + name: csi.sharedresource.openshift.io + spec: + driverConfig: + driverType: IBMCloud + ibmcloud: {} + expectedError: "spec.driverConfig.ibmcloud.encryptionKeyCRN: Required value, : Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation" diff --git a/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml index 698e4bf48c..cfdadb7096 100644 --- a/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml +++ b/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml @@ -227,4 +227,26 @@ tests: ipv6: internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345::/125" expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + - name: "Should not be able to pass an invalid IPV6 CIDR with a segment that contains invalid values" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "xbcd:ef01:2345:6789::2345:6789/20" + expectedError: "Invalid value: \"string\": each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 1" + - name: "Should not be able to pass an invalid IPV6 CIDR with a segment that is 5 characters long" + initial: | + apiVersion: operator.openshift.io/v1 + kind: Network + spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipv6: + internalMasqueradeSubnet: "abcd:eff01:2345:6789::2345:6789/20" + expectedError: "Invalid value: \"string\": each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 2" \ No newline at end of file diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index d2f0589103..8e9853b06f 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -109,23 +109,25 @@ type ClusterCSIDriverSpec struct { } // CSIDriverType indicates type of CSI driver being configured. -// +kubebuilder:validation:Enum="";AWS;Azure;GCP;vSphere +// +kubebuilder:validation:Enum="";AWS;Azure;GCP;IBMCloud;vSphere type CSIDriverType string const ( - AWSDriverType CSIDriverType = "AWS" - AzureDriverType CSIDriverType = "Azure" - GCPDriverType CSIDriverType = "GCP" - VSphereDriverType CSIDriverType = "vSphere" + AWSDriverType CSIDriverType = "AWS" + AzureDriverType CSIDriverType = "Azure" + GCPDriverType CSIDriverType = "GCP" + IBMCloudDriverType CSIDriverType = "IBMCloud" + VSphereDriverType CSIDriverType = "vSphere" ) // CSIDriverConfigSpec defines configuration spec that can be // used to optionally configure a specific CSI Driver. +// +kubebuilder:validation:XValidation:rule="has(self.driverType) && self.driverType == 'IBMCloud' ? has(self.ibmcloud) : !has(self.ibmcloud)",message="ibmcloud must be set if driverType is 'IBMCloud', but remain unset otherwise" // +union type CSIDriverConfigSpec struct { // driverType indicates type of CSI driver for which the // driverConfig is being applied to. - // Valid values are: AWS, Azure, GCP, vSphere and omitted. + // Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. // Consumers should treat unknown values as a NO-OP. // +kubebuilder:validation:Required // +unionDiscriminator @@ -143,6 +145,10 @@ type CSIDriverConfigSpec struct { // +optional GCP *GCPCSIDriverConfigSpec `json:"gcp,omitempty"` + // ibmcloud is used to configure the IBM Cloud CSI driver. + // +optional + IBMCloud *IBMCloudCSIDriverConfigSpec `json:"ibmcloud,omitempty"` + // vsphere is used to configure the vsphere CSI driver. // +optional VSphere *VSphereCSIDriverConfigSpec `json:"vSphere,omitempty"` @@ -248,6 +254,17 @@ type GCPCSIDriverConfigSpec struct { KMSKey *GCPKMSKeyReference `json:"kmsKey,omitempty"` } +// IBMCloudCSIDriverConfigSpec defines the properties that can be configured for the IBM Cloud CSI driver. +type IBMCloudCSIDriverConfigSpec struct { + // encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use + // for disk encryption of volumes for the default storage classes. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength:=154 + // +kubebuilder:validation:MinLength:=144 + // +kubebuilder:validation:Pattern:=`^crn:v[0-9]+:bluemix:(public|private):(kms|hs-crypto):[a-z-]+:a/[0-9a-f]+:[0-9a-f-]{36}:key:[0-9a-f-]{36}$` + EncryptionKeyCRN string `json:"encryptionKeyCRN"` +} + // VSphereCSIDriverConfigSpec defines properties that // can be configured for vsphere CSI driver. type VSphereCSIDriverConfigSpec struct { diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index 17fbbed0dc..52e9d53f7f 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -553,14 +553,14 @@ type IPv6GatewayConfig struct { // +kubebuilder:validation:XValidation:rule="self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, x <= 125 && x >= 0)",message="subnet must be in the range /0 to /125 inclusive" // +kubebuilder:validation:XValidation:rule="self.indexOf('::') == self.lastIndexOf('::')",message="IPv6 addresses must contain at most one '::' and may only be shortened once" // +kubebuilder:validation:XValidation:rule="self.contains('::') ? self.split('/')[0].split(':').size() <= 8 : self.split('/')[0].split(':').size() == 8",message="a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=1 ? [self.split('/')[0].split(':', 8)[0]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 1" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=2 ? [self.split('/')[0].split(':', 8)[1]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 2" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=3 ? [self.split('/')[0].split(':', 8)[2]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 3" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=4 ? [self.split('/')[0].split(':', 8)[3]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 4" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=5 ? [self.split('/')[0].split(':', 8)[4]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 5" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=6 ? [self.split('/')[0].split(':', 8)[5]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 6" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=7 ? [self.split('/')[0].split(':', 8)[6]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 7" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=8 ? [self.split('/')[0].split(':', 8)[7]].all(x, x == '' || x.matches('[0-9A-Fa-f]{1,4}')) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 8" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=1 ? [self.split('/')[0].split(':', 8)[0]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 1" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=2 ? [self.split('/')[0].split(':', 8)[1]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 2" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=3 ? [self.split('/')[0].split(':', 8)[2]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 3" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=4 ? [self.split('/')[0].split(':', 8)[3]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 4" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=5 ? [self.split('/')[0].split(':', 8)[4]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 5" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=6 ? [self.split('/')[0].split(':', 8)[5]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 6" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=7 ? [self.split('/')[0].split(':', 8)[6]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 7" + // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=8 ? [self.split('/')[0].split(':', 8)[7]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 8" // +kubebuilder:validation:XValidation:rule="!self.contains('.')",message="IPv6 dual addresses are not permitted, value should not contain `.` characters" // +optional InternalMasqueradeSubnet string `json:"internalMasqueradeSubnet,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index f93762e4a0..290dd2f3a6 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -304,6 +304,11 @@ func (in *CSIDriverConfigSpec) DeepCopyInto(out *CSIDriverConfigSpec) { *out = new(GCPCSIDriverConfigSpec) (*in).DeepCopyInto(*out) } + if in.IBMCloud != nil { + in, out := &in.IBMCloud, &out.IBMCloud + *out = new(IBMCloudCSIDriverConfigSpec) + **out = **in + } if in.VSphere != nil { in, out := &in.VSphere, &out.VSphere *out = new(VSphereCSIDriverConfigSpec) @@ -1692,6 +1697,22 @@ func (in *HybridOverlayConfig) DeepCopy() *HybridOverlayConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IBMCloudCSIDriverConfigSpec) DeepCopyInto(out *IBMCloudCSIDriverConfigSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMCloudCSIDriverConfigSpec. +func (in *IBMCloudCSIDriverConfigSpec) DeepCopy() *IBMCloudCSIDriverConfigSpec { + if in == nil { + return nil + } + out := new(IBMCloudCSIDriverConfigSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IBMLoadBalancerParameters) DeepCopyInto(out *IBMLoadBalancerParameters) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index adf062fd28..544f81e621 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -420,10 +420,11 @@ func (AzureDiskEncryptionSet) SwaggerDoc() map[string]string { var map_CSIDriverConfigSpec = map[string]string{ "": "CSIDriverConfigSpec defines configuration spec that can be used to optionally configure a specific CSI Driver.", - "driverType": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, vSphere and omitted. Consumers should treat unknown values as a NO-OP.", + "driverType": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP.", "aws": "aws is used to configure the AWS CSI driver.", "azure": "azure is used to configure the Azure CSI driver.", "gcp": "gcp is used to configure the GCP CSI driver.", + "ibmcloud": "ibmcloud is used to configure the IBM Cloud CSI driver.", "vSphere": "vsphere is used to configure the vsphere CSI driver.", } @@ -490,6 +491,15 @@ func (GCPKMSKeyReference) SwaggerDoc() map[string]string { return map_GCPKMSKeyReference } +var map_IBMCloudCSIDriverConfigSpec = map[string]string{ + "": "IBMCloudCSIDriverConfigSpec defines the properties that can be configured for the IBM Cloud CSI driver.", + "encryptionKeyCRN": "encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use for disk encryption of volumes for the default storage classes.", +} + +func (IBMCloudCSIDriverConfigSpec) SwaggerDoc() map[string]string { + return map_IBMCloudCSIDriverConfigSpec +} + var map_VSphereCSIDriverConfigSpec = map[string]string{ "": "VSphereCSIDriverConfigSpec defines properties that can be configured for vsphere CSI driver.", "topologyCategories": "topologyCategories indicates tag categories with which vcenter resources such as hostcluster or datacenter were tagged with. If cluster Infrastructure object has a topology, values specified in Infrastructure object will be used and modifications to topologyCategories will be rejected.", diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go index 56ebbfc013..f152d261a8 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go @@ -14,6 +14,7 @@ type AuthenticationSpecApplyConfiguration struct { WebhookTokenAuthenticators []DeprecatedWebhookTokenAuthenticatorApplyConfiguration `json:"webhookTokenAuthenticators,omitempty"` WebhookTokenAuthenticator *WebhookTokenAuthenticatorApplyConfiguration `json:"webhookTokenAuthenticator,omitempty"` ServiceAccountIssuer *string `json:"serviceAccountIssuer,omitempty"` + OIDCProviders []OIDCProviderApplyConfiguration `json:"oidcProviders,omitempty"` } // AuthenticationSpecApplyConfiguration constructs an declarative configuration of the AuthenticationSpec type for use with @@ -66,3 +67,16 @@ func (b *AuthenticationSpecApplyConfiguration) WithServiceAccountIssuer(value st b.ServiceAccountIssuer = &value return b } + +// WithOIDCProviders adds the given value to the OIDCProviders field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OIDCProviders field. +func (b *AuthenticationSpecApplyConfiguration) WithOIDCProviders(values ...*OIDCProviderApplyConfiguration) *AuthenticationSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOIDCProviders") + } + b.OIDCProviders = append(b.OIDCProviders, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go new file mode 100644 index 0000000000..c554a26624 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go @@ -0,0 +1,55 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// OIDCProviderApplyConfiguration represents an declarative configuration of the OIDCProvider type for use +// with apply. +type OIDCProviderApplyConfiguration struct { + Name *string `json:"name,omitempty"` + Issuer *TokenIssuerApplyConfiguration `json:"issuer,omitempty"` + ClaimMappings *TokenClaimMappingsApplyConfiguration `json:"claimMappings,omitempty"` + ClaimValidationRules []TokenClaimValidationRuleApplyConfiguration `json:"claimValidationRules,omitempty"` +} + +// OIDCProviderApplyConfiguration constructs an declarative configuration of the OIDCProvider type for use with +// apply. +func OIDCProvider() *OIDCProviderApplyConfiguration { + return &OIDCProviderApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *OIDCProviderApplyConfiguration) WithName(value string) *OIDCProviderApplyConfiguration { + b.Name = &value + return b +} + +// WithIssuer sets the Issuer field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Issuer field is set to the value of the last call. +func (b *OIDCProviderApplyConfiguration) WithIssuer(value *TokenIssuerApplyConfiguration) *OIDCProviderApplyConfiguration { + b.Issuer = value + return b +} + +// WithClaimMappings sets the ClaimMappings field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClaimMappings field is set to the value of the last call. +func (b *OIDCProviderApplyConfiguration) WithClaimMappings(value *TokenClaimMappingsApplyConfiguration) *OIDCProviderApplyConfiguration { + b.ClaimMappings = value + return b +} + +// WithClaimValidationRules adds the given value to the ClaimValidationRules field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the ClaimValidationRules field. +func (b *OIDCProviderApplyConfiguration) WithClaimValidationRules(values ...*TokenClaimValidationRuleApplyConfiguration) *OIDCProviderApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithClaimValidationRules") + } + b.ClaimValidationRules = append(b.ClaimValidationRules, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go new file mode 100644 index 0000000000..fedc364e3f --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/prefixedclaimmapping.go @@ -0,0 +1,32 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// PrefixedClaimMappingApplyConfiguration represents an declarative configuration of the PrefixedClaimMapping type for use +// with apply. +type PrefixedClaimMappingApplyConfiguration struct { + TokenClaimMappingApplyConfiguration `json:",inline"` + Prefix *string `json:"prefix,omitempty"` +} + +// PrefixedClaimMappingApplyConfiguration constructs an declarative configuration of the PrefixedClaimMapping type for use with +// apply. +func PrefixedClaimMapping() *PrefixedClaimMappingApplyConfiguration { + return &PrefixedClaimMappingApplyConfiguration{} +} + +// WithClaim sets the Claim field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Claim field is set to the value of the last call. +func (b *PrefixedClaimMappingApplyConfiguration) WithClaim(value string) *PrefixedClaimMappingApplyConfiguration { + b.Claim = &value + return b +} + +// WithPrefix sets the Prefix field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Prefix field is set to the value of the last call. +func (b *PrefixedClaimMappingApplyConfiguration) WithPrefix(value string) *PrefixedClaimMappingApplyConfiguration { + b.Prefix = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go new file mode 100644 index 0000000000..91c29b61c4 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmapping.go @@ -0,0 +1,23 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// TokenClaimMappingApplyConfiguration represents an declarative configuration of the TokenClaimMapping type for use +// with apply. +type TokenClaimMappingApplyConfiguration struct { + Claim *string `json:"claim,omitempty"` +} + +// TokenClaimMappingApplyConfiguration constructs an declarative configuration of the TokenClaimMapping type for use with +// apply. +func TokenClaimMapping() *TokenClaimMappingApplyConfiguration { + return &TokenClaimMappingApplyConfiguration{} +} + +// WithClaim sets the Claim field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Claim field is set to the value of the last call. +func (b *TokenClaimMappingApplyConfiguration) WithClaim(value string) *TokenClaimMappingApplyConfiguration { + b.Claim = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmappings.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmappings.go new file mode 100644 index 0000000000..1a2fdb0953 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimmappings.go @@ -0,0 +1,32 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// TokenClaimMappingsApplyConfiguration represents an declarative configuration of the TokenClaimMappings type for use +// with apply. +type TokenClaimMappingsApplyConfiguration struct { + Username *UsernameClaimMappingApplyConfiguration `json:"username,omitempty"` + Groups *PrefixedClaimMappingApplyConfiguration `json:"groups,omitempty"` +} + +// TokenClaimMappingsApplyConfiguration constructs an declarative configuration of the TokenClaimMappings type for use with +// apply. +func TokenClaimMappings() *TokenClaimMappingsApplyConfiguration { + return &TokenClaimMappingsApplyConfiguration{} +} + +// WithUsername sets the Username field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Username field is set to the value of the last call. +func (b *TokenClaimMappingsApplyConfiguration) WithUsername(value *UsernameClaimMappingApplyConfiguration) *TokenClaimMappingsApplyConfiguration { + b.Username = value + return b +} + +// WithGroups sets the Groups field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Groups field is set to the value of the last call. +func (b *TokenClaimMappingsApplyConfiguration) WithGroups(value *PrefixedClaimMappingApplyConfiguration) *TokenClaimMappingsApplyConfiguration { + b.Groups = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationrule.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationrule.go new file mode 100644 index 0000000000..6793f93279 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenclaimvalidationrule.go @@ -0,0 +1,36 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/openshift/api/config/v1" +) + +// TokenClaimValidationRuleApplyConfiguration represents an declarative configuration of the TokenClaimValidationRule type for use +// with apply. +type TokenClaimValidationRuleApplyConfiguration struct { + Type *v1.TokenValidationRuleType `json:"type,omitempty"` + RequiredClaim *TokenRequiredClaimApplyConfiguration `json:"requiredClaim,omitempty"` +} + +// TokenClaimValidationRuleApplyConfiguration constructs an declarative configuration of the TokenClaimValidationRule type for use with +// apply. +func TokenClaimValidationRule() *TokenClaimValidationRuleApplyConfiguration { + return &TokenClaimValidationRuleApplyConfiguration{} +} + +// WithType sets the Type field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Type field is set to the value of the last call. +func (b *TokenClaimValidationRuleApplyConfiguration) WithType(value v1.TokenValidationRuleType) *TokenClaimValidationRuleApplyConfiguration { + b.Type = &value + return b +} + +// WithRequiredClaim sets the RequiredClaim field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RequiredClaim field is set to the value of the last call. +func (b *TokenClaimValidationRuleApplyConfiguration) WithRequiredClaim(value *TokenRequiredClaimApplyConfiguration) *TokenClaimValidationRuleApplyConfiguration { + b.RequiredClaim = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenissuer.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenissuer.go new file mode 100644 index 0000000000..808e61a1db --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenissuer.go @@ -0,0 +1,47 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/openshift/api/config/v1" +) + +// TokenIssuerApplyConfiguration represents an declarative configuration of the TokenIssuer type for use +// with apply. +type TokenIssuerApplyConfiguration struct { + URL *string `json:"issuerURL,omitempty"` + Audiences []v1.TokenAudience `json:"audiences,omitempty"` + CertificateAuthority *ConfigMapNameReferenceApplyConfiguration `json:"issuerCertificateAuthority,omitempty"` +} + +// TokenIssuerApplyConfiguration constructs an declarative configuration of the TokenIssuer type for use with +// apply. +func TokenIssuer() *TokenIssuerApplyConfiguration { + return &TokenIssuerApplyConfiguration{} +} + +// WithURL sets the URL field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the URL field is set to the value of the last call. +func (b *TokenIssuerApplyConfiguration) WithURL(value string) *TokenIssuerApplyConfiguration { + b.URL = &value + return b +} + +// WithAudiences adds the given value to the Audiences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Audiences field. +func (b *TokenIssuerApplyConfiguration) WithAudiences(values ...v1.TokenAudience) *TokenIssuerApplyConfiguration { + for i := range values { + b.Audiences = append(b.Audiences, values[i]) + } + return b +} + +// WithCertificateAuthority sets the CertificateAuthority field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CertificateAuthority field is set to the value of the last call. +func (b *TokenIssuerApplyConfiguration) WithCertificateAuthority(value *ConfigMapNameReferenceApplyConfiguration) *TokenIssuerApplyConfiguration { + b.CertificateAuthority = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenrequiredclaim.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenrequiredclaim.go new file mode 100644 index 0000000000..f7ae34d017 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tokenrequiredclaim.go @@ -0,0 +1,32 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// TokenRequiredClaimApplyConfiguration represents an declarative configuration of the TokenRequiredClaim type for use +// with apply. +type TokenRequiredClaimApplyConfiguration struct { + Claim *string `json:"claim,omitempty"` + RequiredValue *string `json:"requiredValue,omitempty"` +} + +// TokenRequiredClaimApplyConfiguration constructs an declarative configuration of the TokenRequiredClaim type for use with +// apply. +func TokenRequiredClaim() *TokenRequiredClaimApplyConfiguration { + return &TokenRequiredClaimApplyConfiguration{} +} + +// WithClaim sets the Claim field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Claim field is set to the value of the last call. +func (b *TokenRequiredClaimApplyConfiguration) WithClaim(value string) *TokenRequiredClaimApplyConfiguration { + b.Claim = &value + return b +} + +// WithRequiredValue sets the RequiredValue field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the RequiredValue field is set to the value of the last call. +func (b *TokenRequiredClaimApplyConfiguration) WithRequiredValue(value string) *TokenRequiredClaimApplyConfiguration { + b.RequiredValue = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go new file mode 100644 index 0000000000..641fb48b28 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameclaimmapping.go @@ -0,0 +1,45 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + configv1 "github.com/openshift/api/config/v1" +) + +// UsernameClaimMappingApplyConfiguration represents an declarative configuration of the UsernameClaimMapping type for use +// with apply. +type UsernameClaimMappingApplyConfiguration struct { + TokenClaimMappingApplyConfiguration `json:",inline"` + PrefixPolicy *configv1.UsernamePrefixPolicy `json:"prefixPolicy,omitempty"` + Prefix *UsernamePrefixApplyConfiguration `json:"prefix,omitempty"` +} + +// UsernameClaimMappingApplyConfiguration constructs an declarative configuration of the UsernameClaimMapping type for use with +// apply. +func UsernameClaimMapping() *UsernameClaimMappingApplyConfiguration { + return &UsernameClaimMappingApplyConfiguration{} +} + +// WithClaim sets the Claim field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Claim field is set to the value of the last call. +func (b *UsernameClaimMappingApplyConfiguration) WithClaim(value string) *UsernameClaimMappingApplyConfiguration { + b.Claim = &value + return b +} + +// WithPrefixPolicy sets the PrefixPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PrefixPolicy field is set to the value of the last call. +func (b *UsernameClaimMappingApplyConfiguration) WithPrefixPolicy(value configv1.UsernamePrefixPolicy) *UsernameClaimMappingApplyConfiguration { + b.PrefixPolicy = &value + return b +} + +// WithPrefix sets the Prefix field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Prefix field is set to the value of the last call. +func (b *UsernameClaimMappingApplyConfiguration) WithPrefix(value *UsernamePrefixApplyConfiguration) *UsernameClaimMappingApplyConfiguration { + b.Prefix = value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameprefix.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameprefix.go new file mode 100644 index 0000000000..b95bc9ba64 --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/usernameprefix.go @@ -0,0 +1,23 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// UsernamePrefixApplyConfiguration represents an declarative configuration of the UsernamePrefix type for use +// with apply. +type UsernamePrefixApplyConfiguration struct { + PrefixString *string `json:"prefixString,omitempty"` +} + +// UsernamePrefixApplyConfiguration constructs an declarative configuration of the UsernamePrefix type for use with +// apply. +func UsernamePrefix() *UsernamePrefixApplyConfiguration { + return &UsernamePrefixApplyConfiguration{} +} + +// WithPrefixString sets the PrefixString field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the PrefixString field is set to the value of the last call. +func (b *UsernamePrefixApplyConfiguration) WithPrefixString(value string) *UsernamePrefixApplyConfiguration { + b.PrefixString = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformtopology.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformtopology.go index 1e1d65169a..a16213812e 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformtopology.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformtopology.go @@ -11,6 +11,7 @@ type VSpherePlatformTopologyApplyConfiguration struct { Datastore *string `json:"datastore,omitempty"` ResourcePool *string `json:"resourcePool,omitempty"` Folder *string `json:"folder,omitempty"` + Template *string `json:"template,omitempty"` } // VSpherePlatformTopologyApplyConfiguration constructs an declarative configuration of the VSpherePlatformTopology type for use with @@ -68,3 +69,11 @@ func (b *VSpherePlatformTopologyApplyConfiguration) WithFolder(value string) *VS b.Folder = &value return b } + +// WithTemplate sets the Template field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Template field is set to the value of the last call. +func (b *VSpherePlatformTopologyApplyConfiguration) WithTemplate(value string) *VSpherePlatformTopologyApplyConfiguration { + b.Template = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go index ae75a55084..57a6ee38af 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go @@ -270,6 +270,14 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1.ConfigMapNameReference default: {} + - name: oidcProviders + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.OIDCProvider + elementRelationship: associative + keys: + - name - name: serviceAccountIssuer type: scalar: string @@ -2171,6 +2179,27 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.config.v1.SecretNameReference default: {} +- name: com.github.openshift.api.config.v1.OIDCProvider + map: + fields: + - name: claimMappings + type: + namedType: com.github.openshift.api.config.v1.TokenClaimMappings + default: {} + - name: claimValidationRules + type: + list: + elementType: + namedType: com.github.openshift.api.config.v1.TokenClaimValidationRule + elementRelationship: atomic + - name: issuer + type: + namedType: com.github.openshift.api.config.v1.TokenIssuer + default: {} + - name: name + type: + scalar: string + default: "" - name: com.github.openshift.api.config.v1.ObjectReference map: fields: @@ -2565,6 +2594,17 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" +- name: com.github.openshift.api.config.v1.PrefixedClaimMapping + map: + fields: + - name: claim + type: + scalar: string + default: "" + - name: prefix + type: + scalar: string + default: "" - name: com.github.openshift.api.config.v1.Project map: fields: @@ -2905,6 +2945,27 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" +- name: com.github.openshift.api.config.v1.TokenClaimMappings + map: + fields: + - name: groups + type: + namedType: com.github.openshift.api.config.v1.PrefixedClaimMapping + default: {} + - name: username + type: + namedType: com.github.openshift.api.config.v1.UsernameClaimMapping + default: {} +- name: com.github.openshift.api.config.v1.TokenClaimValidationRule + map: + fields: + - name: requiredClaim + type: + namedType: com.github.openshift.api.config.v1.TokenRequiredClaim + - name: type + type: + scalar: string + default: "" - name: com.github.openshift.api.config.v1.TokenConfig map: fields: @@ -2917,6 +2978,34 @@ var schemaYAML = typed.YAMLObject(`types: - name: accessTokenMaxAgeSeconds type: scalar: numeric +- name: com.github.openshift.api.config.v1.TokenIssuer + map: + fields: + - name: audiences + type: + list: + elementType: + scalar: string + elementRelationship: associative + - name: issuerCertificateAuthority + type: + namedType: com.github.openshift.api.config.v1.ConfigMapNameReference + default: {} + - name: issuerURL + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.TokenRequiredClaim + map: + fields: + - name: claim + type: + scalar: string + default: "" + - name: requiredValue + type: + scalar: string + default: "" - name: com.github.openshift.api.config.v1.Update map: fields: @@ -2965,6 +3054,27 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" +- name: com.github.openshift.api.config.v1.UsernameClaimMapping + map: + fields: + - name: claim + type: + scalar: string + default: "" + - name: prefix + type: + namedType: com.github.openshift.api.config.v1.UsernamePrefix + - name: prefixPolicy + type: + scalar: string + default: "" +- name: com.github.openshift.api.config.v1.UsernamePrefix + map: + fields: + - name: prefixString + type: + scalar: string + default: "" - name: com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec map: fields: @@ -3101,6 +3211,9 @@ var schemaYAML = typed.YAMLObject(`types: - name: resourcePool type: scalar: string + - name: template + type: + scalar: string - name: com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec map: fields: diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal/internal.go index d2a687f0fe..fe3397900a 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal/internal.go @@ -73,6 +73,239 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable +- name: com.github.openshift.api.machineconfiguration.v1alpha1.MCOObjectReference + map: + fields: + - name: name + type: + scalar: string + default: "" +- name: com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNode + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + default: {} + - name: spec + type: + namedType: com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatus + default: {} +- name: com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeSpec + map: + fields: + - name: configVersion + type: + namedType: com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeSpecMachineConfigVersion + default: {} + - name: node + type: + namedType: com.github.openshift.api.machineconfiguration.v1alpha1.MCOObjectReference + default: {} + - name: pool + type: + namedType: com.github.openshift.api.machineconfiguration.v1alpha1.MCOObjectReference + default: {} +- name: com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeSpecMachineConfigVersion + map: + fields: + - name: desired + type: + scalar: string + default: "" +- name: com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatus + map: + fields: + - name: conditions + type: + list: + elementType: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + elementRelationship: associative + keys: + - type + - name: configVersion + type: + namedType: com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatusMachineConfigVersion + default: {} + - name: observedGeneration + type: + scalar: numeric +- name: com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatusMachineConfigVersion + map: + fields: + - name: current + type: + scalar: string + default: "" + - name: desired + type: + scalar: string + default: "" +- name: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + map: + fields: + - name: lastTransitionTime + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + default: {} + - name: message + type: + scalar: string + default: "" + - name: observedGeneration + type: + scalar: numeric + - name: reason + type: + scalar: string + default: "" + - name: status + type: + scalar: string + default: "" + - name: type + type: + scalar: string + default: "" +- name: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry + map: + fields: + - name: apiVersion + type: + scalar: string + - name: fieldsType + type: + scalar: string + - name: fieldsV1 + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1 + - name: manager + type: + scalar: string + - name: operation + type: + scalar: string + - name: subresource + type: + scalar: string + - name: time + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time +- name: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + map: + fields: + - name: annotations + type: + map: + elementType: + scalar: string + - name: creationTimestamp + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + default: {} + - name: deletionGracePeriodSeconds + type: + scalar: numeric + - name: deletionTimestamp + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Time + - name: finalizers + type: + list: + elementType: + scalar: string + elementRelationship: associative + - name: generateName + type: + scalar: string + - name: generation + type: + scalar: numeric + - name: labels + type: + map: + elementType: + scalar: string + - name: managedFields + type: + list: + elementType: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry + elementRelationship: atomic + - name: name + type: + scalar: string + - name: namespace + type: + scalar: string + - name: ownerReferences + type: + list: + elementType: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference + elementRelationship: associative + keys: + - uid + - name: resourceVersion + type: + scalar: string + - name: selfLink + type: + scalar: string + - name: uid + type: + scalar: string +- name: io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference + map: + fields: + - name: apiVersion + type: + scalar: string + default: "" + - name: blockOwnerDeletion + type: + scalar: boolean + - name: controller + type: + scalar: boolean + - name: kind + type: + scalar: string + default: "" + - name: name + type: + scalar: string + default: "" + - name: uid + type: + scalar: string + default: "" + elementRelationship: atomic +- name: io.k8s.apimachinery.pkg.apis.meta.v1.Time + scalar: untyped - name: __untyped_atomic_ scalar: untyped list: diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignode.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignode.go new file mode 100644 index 0000000000..2f3cee6923 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignode.go @@ -0,0 +1,240 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + machineconfigurationv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + internal "github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// MachineConfigNodeApplyConfiguration represents an declarative configuration of the MachineConfigNode type for use +// with apply. +type MachineConfigNodeApplyConfiguration struct { + v1.TypeMetaApplyConfiguration `json:",inline"` + *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Spec *MachineConfigNodeSpecApplyConfiguration `json:"spec,omitempty"` + Status *MachineConfigNodeStatusApplyConfiguration `json:"status,omitempty"` +} + +// MachineConfigNode constructs an declarative configuration of the MachineConfigNode type for use with +// apply. +func MachineConfigNode(name string) *MachineConfigNodeApplyConfiguration { + b := &MachineConfigNodeApplyConfiguration{} + b.WithName(name) + b.WithKind("MachineConfigNode") + b.WithAPIVersion("machineconfiguration.openshift.io/v1alpha1") + return b +} + +// ExtractMachineConfigNode extracts the applied configuration owned by fieldManager from +// machineConfigNode. If no managedFields are found in machineConfigNode for fieldManager, a +// MachineConfigNodeApplyConfiguration is returned with only the Name, Namespace (if applicable), +// APIVersion and Kind populated. It is possible that no managed fields were found for because other +// field managers have taken ownership of all the fields previously owned by fieldManager, or because +// the fieldManager never owned fields any fields. +// machineConfigNode must be a unmodified MachineConfigNode API object that was retrieved from the Kubernetes API. +// ExtractMachineConfigNode provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +// Experimental! +func ExtractMachineConfigNode(machineConfigNode *machineconfigurationv1alpha1.MachineConfigNode, fieldManager string) (*MachineConfigNodeApplyConfiguration, error) { + return extractMachineConfigNode(machineConfigNode, fieldManager, "") +} + +// ExtractMachineConfigNodeStatus is the same as ExtractMachineConfigNode except +// that it extracts the status subresource applied configuration. +// Experimental! +func ExtractMachineConfigNodeStatus(machineConfigNode *machineconfigurationv1alpha1.MachineConfigNode, fieldManager string) (*MachineConfigNodeApplyConfiguration, error) { + return extractMachineConfigNode(machineConfigNode, fieldManager, "status") +} + +func extractMachineConfigNode(machineConfigNode *machineconfigurationv1alpha1.MachineConfigNode, fieldManager string, subresource string) (*MachineConfigNodeApplyConfiguration, error) { + b := &MachineConfigNodeApplyConfiguration{} + err := managedfields.ExtractInto(machineConfigNode, internal.Parser().Type("com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNode"), fieldManager, b, subresource) + if err != nil { + return nil, err + } + b.WithName(machineConfigNode.Name) + + b.WithKind("MachineConfigNode") + b.WithAPIVersion("machineconfiguration.openshift.io/v1alpha1") + return b, nil +} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *MachineConfigNodeApplyConfiguration) WithKind(value string) *MachineConfigNodeApplyConfiguration { + b.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *MachineConfigNodeApplyConfiguration) WithAPIVersion(value string) *MachineConfigNodeApplyConfiguration { + b.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *MachineConfigNodeApplyConfiguration) WithName(value string) *MachineConfigNodeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *MachineConfigNodeApplyConfiguration) WithGenerateName(value string) *MachineConfigNodeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *MachineConfigNodeApplyConfiguration) WithNamespace(value string) *MachineConfigNodeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *MachineConfigNodeApplyConfiguration) WithUID(value types.UID) *MachineConfigNodeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *MachineConfigNodeApplyConfiguration) WithResourceVersion(value string) *MachineConfigNodeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *MachineConfigNodeApplyConfiguration) WithGeneration(value int64) *MachineConfigNodeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *MachineConfigNodeApplyConfiguration) WithCreationTimestamp(value metav1.Time) *MachineConfigNodeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *MachineConfigNodeApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *MachineConfigNodeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *MachineConfigNodeApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *MachineConfigNodeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *MachineConfigNodeApplyConfiguration) WithLabels(entries map[string]string) *MachineConfigNodeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Labels == nil && len(entries) > 0 { + b.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *MachineConfigNodeApplyConfiguration) WithAnnotations(entries map[string]string) *MachineConfigNodeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.Annotations == nil && len(entries) > 0 { + b.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *MachineConfigNodeApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *MachineConfigNodeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.OwnerReferences = append(b.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *MachineConfigNodeApplyConfiguration) WithFinalizers(values ...string) *MachineConfigNodeApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.Finalizers = append(b.Finalizers, values[i]) + } + return b +} + +func (b *MachineConfigNodeApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *MachineConfigNodeApplyConfiguration) WithSpec(value *MachineConfigNodeSpecApplyConfiguration) *MachineConfigNodeApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *MachineConfigNodeApplyConfiguration) WithStatus(value *MachineConfigNodeStatusApplyConfiguration) *MachineConfigNodeApplyConfiguration { + b.Status = value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignodespec.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignodespec.go new file mode 100644 index 0000000000..ff7a6429dd --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignodespec.go @@ -0,0 +1,41 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// MachineConfigNodeSpecApplyConfiguration represents an declarative configuration of the MachineConfigNodeSpec type for use +// with apply. +type MachineConfigNodeSpecApplyConfiguration struct { + Node *MCOObjectReferenceApplyConfiguration `json:"node,omitempty"` + Pool *MCOObjectReferenceApplyConfiguration `json:"pool,omitempty"` + ConfigVersion *MachineConfigNodeSpecMachineConfigVersionApplyConfiguration `json:"configVersion,omitempty"` +} + +// MachineConfigNodeSpecApplyConfiguration constructs an declarative configuration of the MachineConfigNodeSpec type for use with +// apply. +func MachineConfigNodeSpec() *MachineConfigNodeSpecApplyConfiguration { + return &MachineConfigNodeSpecApplyConfiguration{} +} + +// WithNode sets the Node field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Node field is set to the value of the last call. +func (b *MachineConfigNodeSpecApplyConfiguration) WithNode(value *MCOObjectReferenceApplyConfiguration) *MachineConfigNodeSpecApplyConfiguration { + b.Node = value + return b +} + +// WithPool sets the Pool field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Pool field is set to the value of the last call. +func (b *MachineConfigNodeSpecApplyConfiguration) WithPool(value *MCOObjectReferenceApplyConfiguration) *MachineConfigNodeSpecApplyConfiguration { + b.Pool = value + return b +} + +// WithConfigVersion sets the ConfigVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ConfigVersion field is set to the value of the last call. +func (b *MachineConfigNodeSpecApplyConfiguration) WithConfigVersion(value *MachineConfigNodeSpecMachineConfigVersionApplyConfiguration) *MachineConfigNodeSpecApplyConfiguration { + b.ConfigVersion = value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignodespecmachineconfigversion.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignodespecmachineconfigversion.go new file mode 100644 index 0000000000..f3190fa89a --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignodespecmachineconfigversion.go @@ -0,0 +1,23 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// MachineConfigNodeSpecMachineConfigVersionApplyConfiguration represents an declarative configuration of the MachineConfigNodeSpecMachineConfigVersion type for use +// with apply. +type MachineConfigNodeSpecMachineConfigVersionApplyConfiguration struct { + Desired *string `json:"desired,omitempty"` +} + +// MachineConfigNodeSpecMachineConfigVersionApplyConfiguration constructs an declarative configuration of the MachineConfigNodeSpecMachineConfigVersion type for use with +// apply. +func MachineConfigNodeSpecMachineConfigVersion() *MachineConfigNodeSpecMachineConfigVersionApplyConfiguration { + return &MachineConfigNodeSpecMachineConfigVersionApplyConfiguration{} +} + +// WithDesired sets the Desired field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Desired field is set to the value of the last call. +func (b *MachineConfigNodeSpecMachineConfigVersionApplyConfiguration) WithDesired(value string) *MachineConfigNodeSpecMachineConfigVersionApplyConfiguration { + b.Desired = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignodestatus.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignodestatus.go new file mode 100644 index 0000000000..188c0352f8 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignodestatus.go @@ -0,0 +1,47 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// MachineConfigNodeStatusApplyConfiguration represents an declarative configuration of the MachineConfigNodeStatus type for use +// with apply. +type MachineConfigNodeStatusApplyConfiguration struct { + Conditions []v1.Condition `json:"conditions,omitempty"` + ObservedGeneration *int64 `json:"observedGeneration,omitempty"` + ConfigVersion *MachineConfigNodeStatusMachineConfigVersionApplyConfiguration `json:"configVersion,omitempty"` +} + +// MachineConfigNodeStatusApplyConfiguration constructs an declarative configuration of the MachineConfigNodeStatus type for use with +// apply. +func MachineConfigNodeStatus() *MachineConfigNodeStatusApplyConfiguration { + return &MachineConfigNodeStatusApplyConfiguration{} +} + +// WithConditions adds the given value to the Conditions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Conditions field. +func (b *MachineConfigNodeStatusApplyConfiguration) WithConditions(values ...v1.Condition) *MachineConfigNodeStatusApplyConfiguration { + for i := range values { + b.Conditions = append(b.Conditions, values[i]) + } + return b +} + +// WithObservedGeneration sets the ObservedGeneration field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ObservedGeneration field is set to the value of the last call. +func (b *MachineConfigNodeStatusApplyConfiguration) WithObservedGeneration(value int64) *MachineConfigNodeStatusApplyConfiguration { + b.ObservedGeneration = &value + return b +} + +// WithConfigVersion sets the ConfigVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ConfigVersion field is set to the value of the last call. +func (b *MachineConfigNodeStatusApplyConfiguration) WithConfigVersion(value *MachineConfigNodeStatusMachineConfigVersionApplyConfiguration) *MachineConfigNodeStatusApplyConfiguration { + b.ConfigVersion = value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignodestatusmachineconfigversion.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignodestatusmachineconfigversion.go new file mode 100644 index 0000000000..05b8110ed6 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/machineconfignodestatusmachineconfigversion.go @@ -0,0 +1,32 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// MachineConfigNodeStatusMachineConfigVersionApplyConfiguration represents an declarative configuration of the MachineConfigNodeStatusMachineConfigVersion type for use +// with apply. +type MachineConfigNodeStatusMachineConfigVersionApplyConfiguration struct { + Current *string `json:"current,omitempty"` + Desired *string `json:"desired,omitempty"` +} + +// MachineConfigNodeStatusMachineConfigVersionApplyConfiguration constructs an declarative configuration of the MachineConfigNodeStatusMachineConfigVersion type for use with +// apply. +func MachineConfigNodeStatusMachineConfigVersion() *MachineConfigNodeStatusMachineConfigVersionApplyConfiguration { + return &MachineConfigNodeStatusMachineConfigVersionApplyConfiguration{} +} + +// WithCurrent sets the Current field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Current field is set to the value of the last call. +func (b *MachineConfigNodeStatusMachineConfigVersionApplyConfiguration) WithCurrent(value string) *MachineConfigNodeStatusMachineConfigVersionApplyConfiguration { + b.Current = &value + return b +} + +// WithDesired sets the Desired field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Desired field is set to the value of the last call. +func (b *MachineConfigNodeStatusMachineConfigVersionApplyConfiguration) WithDesired(value string) *MachineConfigNodeStatusMachineConfigVersionApplyConfiguration { + b.Desired = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/mcoobjectreference.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/mcoobjectreference.go new file mode 100644 index 0000000000..7b45ffdf73 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/mcoobjectreference.go @@ -0,0 +1,23 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// MCOObjectReferenceApplyConfiguration represents an declarative configuration of the MCOObjectReference type for use +// with apply. +type MCOObjectReferenceApplyConfiguration struct { + Name *string `json:"name,omitempty"` +} + +// MCOObjectReferenceApplyConfiguration constructs an declarative configuration of the MCOObjectReference type for use with +// apply. +func MCOObjectReference() *MCOObjectReferenceApplyConfiguration { + return &MCOObjectReferenceApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *MCOObjectReferenceApplyConfiguration) WithName(value string) *MCOObjectReferenceApplyConfiguration { + b.Name = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/clientset.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/clientset.go index 28041f8f5b..f58c537850 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/clientset.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/clientset.go @@ -7,6 +7,7 @@ import ( "net/http" machineconfigurationv1 "github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1" + machineconfigurationv1alpha1 "github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" flowcontrol "k8s.io/client-go/util/flowcontrol" @@ -15,12 +16,14 @@ import ( type Interface interface { Discovery() discovery.DiscoveryInterface MachineconfigurationV1() machineconfigurationv1.MachineconfigurationV1Interface + MachineconfigurationV1alpha1() machineconfigurationv1alpha1.MachineconfigurationV1alpha1Interface } // Clientset contains the clients for groups. type Clientset struct { *discovery.DiscoveryClient - machineconfigurationV1 *machineconfigurationv1.MachineconfigurationV1Client + machineconfigurationV1 *machineconfigurationv1.MachineconfigurationV1Client + machineconfigurationV1alpha1 *machineconfigurationv1alpha1.MachineconfigurationV1alpha1Client } // MachineconfigurationV1 retrieves the MachineconfigurationV1Client @@ -28,6 +31,11 @@ func (c *Clientset) MachineconfigurationV1() machineconfigurationv1.Machineconfi return c.machineconfigurationV1 } +// MachineconfigurationV1alpha1 retrieves the MachineconfigurationV1alpha1Client +func (c *Clientset) MachineconfigurationV1alpha1() machineconfigurationv1alpha1.MachineconfigurationV1alpha1Interface { + return c.machineconfigurationV1alpha1 +} + // Discovery retrieves the DiscoveryClient func (c *Clientset) Discovery() discovery.DiscoveryInterface { if c == nil { @@ -76,6 +84,10 @@ func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset, if err != nil { return nil, err } + cs.machineconfigurationV1alpha1, err = machineconfigurationv1alpha1.NewForConfigAndClient(&configShallowCopy, httpClient) + if err != nil { + return nil, err + } cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfigAndClient(&configShallowCopy, httpClient) if err != nil { @@ -98,6 +110,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { func New(c rest.Interface) *Clientset { var cs Clientset cs.machineconfigurationV1 = machineconfigurationv1.New(c) + cs.machineconfigurationV1alpha1 = machineconfigurationv1alpha1.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) return &cs diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/fake/clientset_generated.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/fake/clientset_generated.go index 6d79f136ab..1eecf8fc6e 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/fake/clientset_generated.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/fake/clientset_generated.go @@ -6,6 +6,8 @@ import ( clientset "github.com/openshift/client-go/machineconfiguration/clientset/versioned" machineconfigurationv1 "github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1" fakemachineconfigurationv1 "github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/fake" + machineconfigurationv1alpha1 "github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1" + fakemachineconfigurationv1alpha1 "github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/fake" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/watch" "k8s.io/client-go/discovery" @@ -67,3 +69,8 @@ var ( func (c *Clientset) MachineconfigurationV1() machineconfigurationv1.MachineconfigurationV1Interface { return &fakemachineconfigurationv1.FakeMachineconfigurationV1{Fake: &c.Fake} } + +// MachineconfigurationV1alpha1 retrieves the MachineconfigurationV1alpha1Client +func (c *Clientset) MachineconfigurationV1alpha1() machineconfigurationv1alpha1.MachineconfigurationV1alpha1Interface { + return &fakemachineconfigurationv1alpha1.FakeMachineconfigurationV1alpha1{Fake: &c.Fake} +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/fake/register.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/fake/register.go index c49bc90a48..2714f8e4db 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/fake/register.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/fake/register.go @@ -4,6 +4,7 @@ package fake import ( machineconfigurationv1 "github.com/openshift/api/machineconfiguration/v1" + machineconfigurationv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -16,6 +17,7 @@ var codecs = serializer.NewCodecFactory(scheme) var localSchemeBuilder = runtime.SchemeBuilder{ machineconfigurationv1.AddToScheme, + machineconfigurationv1alpha1.AddToScheme, } // AddToScheme adds all types of this clientset into the given scheme. This allows composition diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/scheme/register.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/scheme/register.go index 522eedb9ad..9bda95eacb 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/scheme/register.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/scheme/register.go @@ -4,6 +4,7 @@ package scheme import ( machineconfigurationv1 "github.com/openshift/api/machineconfiguration/v1" + machineconfigurationv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -16,6 +17,7 @@ var Codecs = serializer.NewCodecFactory(Scheme) var ParameterCodec = runtime.NewParameterCodec(Scheme) var localSchemeBuilder = runtime.SchemeBuilder{ machineconfigurationv1.AddToScheme, + machineconfigurationv1alpha1.AddToScheme, } // AddToScheme adds all types of this clientset into the given scheme. This allows composition diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/doc.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/doc.go new file mode 100644 index 0000000000..93a7ca4e0e --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/doc.go @@ -0,0 +1,4 @@ +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/fake/doc.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/fake/doc.go new file mode 100644 index 0000000000..2b5ba4c8e4 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/fake/doc.go @@ -0,0 +1,4 @@ +// Code generated by client-gen. DO NOT EDIT. + +// Package fake has the automatically generated clients. +package fake diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/fake/fake_machineconfignode.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/fake/fake_machineconfignode.go new file mode 100644 index 0000000000..6a01842243 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/fake/fake_machineconfignode.go @@ -0,0 +1,162 @@ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + json "encoding/json" + "fmt" + + v1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + machineconfigurationv1alpha1 "github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeMachineConfigNodes implements MachineConfigNodeInterface +type FakeMachineConfigNodes struct { + Fake *FakeMachineconfigurationV1alpha1 +} + +var machineconfignodesResource = v1alpha1.SchemeGroupVersion.WithResource("machineconfignodes") + +var machineconfignodesKind = v1alpha1.SchemeGroupVersion.WithKind("MachineConfigNode") + +// Get takes name of the machineConfigNode, and returns the corresponding machineConfigNode object, and an error if there is any. +func (c *FakeMachineConfigNodes) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.MachineConfigNode, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootGetAction(machineconfignodesResource, name), &v1alpha1.MachineConfigNode{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.MachineConfigNode), err +} + +// List takes label and field selectors, and returns the list of MachineConfigNodes that match those selectors. +func (c *FakeMachineConfigNodes) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.MachineConfigNodeList, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootListAction(machineconfignodesResource, machineconfignodesKind, opts), &v1alpha1.MachineConfigNodeList{}) + if obj == nil { + return nil, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.MachineConfigNodeList{ListMeta: obj.(*v1alpha1.MachineConfigNodeList).ListMeta} + for _, item := range obj.(*v1alpha1.MachineConfigNodeList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested machineConfigNodes. +func (c *FakeMachineConfigNodes) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewRootWatchAction(machineconfignodesResource, opts)) +} + +// Create takes the representation of a machineConfigNode and creates it. Returns the server's representation of the machineConfigNode, and an error, if there is any. +func (c *FakeMachineConfigNodes) Create(ctx context.Context, machineConfigNode *v1alpha1.MachineConfigNode, opts v1.CreateOptions) (result *v1alpha1.MachineConfigNode, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootCreateAction(machineconfignodesResource, machineConfigNode), &v1alpha1.MachineConfigNode{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.MachineConfigNode), err +} + +// Update takes the representation of a machineConfigNode and updates it. Returns the server's representation of the machineConfigNode, and an error, if there is any. +func (c *FakeMachineConfigNodes) Update(ctx context.Context, machineConfigNode *v1alpha1.MachineConfigNode, opts v1.UpdateOptions) (result *v1alpha1.MachineConfigNode, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateAction(machineconfignodesResource, machineConfigNode), &v1alpha1.MachineConfigNode{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.MachineConfigNode), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeMachineConfigNodes) UpdateStatus(ctx context.Context, machineConfigNode *v1alpha1.MachineConfigNode, opts v1.UpdateOptions) (*v1alpha1.MachineConfigNode, error) { + obj, err := c.Fake. + Invokes(testing.NewRootUpdateSubresourceAction(machineconfignodesResource, "status", machineConfigNode), &v1alpha1.MachineConfigNode{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.MachineConfigNode), err +} + +// Delete takes name of the machineConfigNode and deletes it. Returns an error if one occurs. +func (c *FakeMachineConfigNodes) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewRootDeleteActionWithOptions(machineconfignodesResource, name, opts), &v1alpha1.MachineConfigNode{}) + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeMachineConfigNodes) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewRootDeleteCollectionAction(machineconfignodesResource, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.MachineConfigNodeList{}) + return err +} + +// Patch applies the patch and returns the patched machineConfigNode. +func (c *FakeMachineConfigNodes) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.MachineConfigNode, err error) { + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(machineconfignodesResource, name, pt, data, subresources...), &v1alpha1.MachineConfigNode{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.MachineConfigNode), err +} + +// Apply takes the given apply declarative configuration, applies it and returns the applied machineConfigNode. +func (c *FakeMachineConfigNodes) Apply(ctx context.Context, machineConfigNode *machineconfigurationv1alpha1.MachineConfigNodeApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.MachineConfigNode, err error) { + if machineConfigNode == nil { + return nil, fmt.Errorf("machineConfigNode provided to Apply must not be nil") + } + data, err := json.Marshal(machineConfigNode) + if err != nil { + return nil, err + } + name := machineConfigNode.Name + if name == nil { + return nil, fmt.Errorf("machineConfigNode.Name must be provided to Apply") + } + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(machineconfignodesResource, *name, types.ApplyPatchType, data), &v1alpha1.MachineConfigNode{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.MachineConfigNode), err +} + +// ApplyStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). +func (c *FakeMachineConfigNodes) ApplyStatus(ctx context.Context, machineConfigNode *machineconfigurationv1alpha1.MachineConfigNodeApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.MachineConfigNode, err error) { + if machineConfigNode == nil { + return nil, fmt.Errorf("machineConfigNode provided to Apply must not be nil") + } + data, err := json.Marshal(machineConfigNode) + if err != nil { + return nil, err + } + name := machineConfigNode.Name + if name == nil { + return nil, fmt.Errorf("machineConfigNode.Name must be provided to Apply") + } + obj, err := c.Fake. + Invokes(testing.NewRootPatchSubresourceAction(machineconfignodesResource, *name, types.ApplyPatchType, data, "status"), &v1alpha1.MachineConfigNode{}) + if obj == nil { + return nil, err + } + return obj.(*v1alpha1.MachineConfigNode), err +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/fake/fake_machineconfiguration_client.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/fake/fake_machineconfiguration_client.go new file mode 100644 index 0000000000..425ee2c28f --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/fake/fake_machineconfiguration_client.go @@ -0,0 +1,24 @@ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + v1alpha1 "github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1" + rest "k8s.io/client-go/rest" + testing "k8s.io/client-go/testing" +) + +type FakeMachineconfigurationV1alpha1 struct { + *testing.Fake +} + +func (c *FakeMachineconfigurationV1alpha1) MachineConfigNodes() v1alpha1.MachineConfigNodeInterface { + return &FakeMachineConfigNodes{c} +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *FakeMachineconfigurationV1alpha1) RESTClient() rest.Interface { + var ret *rest.RESTClient + return ret +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/generated_expansion.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/generated_expansion.go new file mode 100644 index 0000000000..37de120197 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/generated_expansion.go @@ -0,0 +1,5 @@ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type MachineConfigNodeExpansion interface{} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/machineconfignode.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/machineconfignode.go new file mode 100644 index 0000000000..cd4117043a --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/machineconfignode.go @@ -0,0 +1,227 @@ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + json "encoding/json" + "fmt" + "time" + + v1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + machineconfigurationv1alpha1 "github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1" + scheme "github.com/openshift/client-go/machineconfiguration/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// MachineConfigNodesGetter has a method to return a MachineConfigNodeInterface. +// A group's client should implement this interface. +type MachineConfigNodesGetter interface { + MachineConfigNodes() MachineConfigNodeInterface +} + +// MachineConfigNodeInterface has methods to work with MachineConfigNode resources. +type MachineConfigNodeInterface interface { + Create(ctx context.Context, machineConfigNode *v1alpha1.MachineConfigNode, opts v1.CreateOptions) (*v1alpha1.MachineConfigNode, error) + Update(ctx context.Context, machineConfigNode *v1alpha1.MachineConfigNode, opts v1.UpdateOptions) (*v1alpha1.MachineConfigNode, error) + UpdateStatus(ctx context.Context, machineConfigNode *v1alpha1.MachineConfigNode, opts v1.UpdateOptions) (*v1alpha1.MachineConfigNode, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.MachineConfigNode, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.MachineConfigNodeList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.MachineConfigNode, err error) + Apply(ctx context.Context, machineConfigNode *machineconfigurationv1alpha1.MachineConfigNodeApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.MachineConfigNode, err error) + ApplyStatus(ctx context.Context, machineConfigNode *machineconfigurationv1alpha1.MachineConfigNodeApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.MachineConfigNode, err error) + MachineConfigNodeExpansion +} + +// machineConfigNodes implements MachineConfigNodeInterface +type machineConfigNodes struct { + client rest.Interface +} + +// newMachineConfigNodes returns a MachineConfigNodes +func newMachineConfigNodes(c *MachineconfigurationV1alpha1Client) *machineConfigNodes { + return &machineConfigNodes{ + client: c.RESTClient(), + } +} + +// Get takes name of the machineConfigNode, and returns the corresponding machineConfigNode object, and an error if there is any. +func (c *machineConfigNodes) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.MachineConfigNode, err error) { + result = &v1alpha1.MachineConfigNode{} + err = c.client.Get(). + Resource("machineconfignodes"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(ctx). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of MachineConfigNodes that match those selectors. +func (c *machineConfigNodes) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.MachineConfigNodeList, err error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + result = &v1alpha1.MachineConfigNodeList{} + err = c.client.Get(). + Resource("machineconfignodes"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Do(ctx). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested machineConfigNodes. +func (c *machineConfigNodes) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + var timeout time.Duration + if opts.TimeoutSeconds != nil { + timeout = time.Duration(*opts.TimeoutSeconds) * time.Second + } + opts.Watch = true + return c.client.Get(). + Resource("machineconfignodes"). + VersionedParams(&opts, scheme.ParameterCodec). + Timeout(timeout). + Watch(ctx) +} + +// Create takes the representation of a machineConfigNode and creates it. Returns the server's representation of the machineConfigNode, and an error, if there is any. +func (c *machineConfigNodes) Create(ctx context.Context, machineConfigNode *v1alpha1.MachineConfigNode, opts v1.CreateOptions) (result *v1alpha1.MachineConfigNode, err error) { + result = &v1alpha1.MachineConfigNode{} + err = c.client.Post(). + Resource("machineconfignodes"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(machineConfigNode). + Do(ctx). + Into(result) + return +} + +// Update takes the representation of a machineConfigNode and updates it. Returns the server's representation of the machineConfigNode, and an error, if there is any. +func (c *machineConfigNodes) Update(ctx context.Context, machineConfigNode *v1alpha1.MachineConfigNode, opts v1.UpdateOptions) (result *v1alpha1.MachineConfigNode, err error) { + result = &v1alpha1.MachineConfigNode{} + err = c.client.Put(). + Resource("machineconfignodes"). + Name(machineConfigNode.Name). + VersionedParams(&opts, scheme.ParameterCodec). + Body(machineConfigNode). + Do(ctx). + Into(result) + return +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *machineConfigNodes) UpdateStatus(ctx context.Context, machineConfigNode *v1alpha1.MachineConfigNode, opts v1.UpdateOptions) (result *v1alpha1.MachineConfigNode, err error) { + result = &v1alpha1.MachineConfigNode{} + err = c.client.Put(). + Resource("machineconfignodes"). + Name(machineConfigNode.Name). + SubResource("status"). + VersionedParams(&opts, scheme.ParameterCodec). + Body(machineConfigNode). + Do(ctx). + Into(result) + return +} + +// Delete takes name of the machineConfigNode and deletes it. Returns an error if one occurs. +func (c *machineConfigNodes) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + return c.client.Delete(). + Resource("machineconfignodes"). + Name(name). + Body(&opts). + Do(ctx). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *machineConfigNodes) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + var timeout time.Duration + if listOpts.TimeoutSeconds != nil { + timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second + } + return c.client.Delete(). + Resource("machineconfignodes"). + VersionedParams(&listOpts, scheme.ParameterCodec). + Timeout(timeout). + Body(&opts). + Do(ctx). + Error() +} + +// Patch applies the patch and returns the patched machineConfigNode. +func (c *machineConfigNodes) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.MachineConfigNode, err error) { + result = &v1alpha1.MachineConfigNode{} + err = c.client.Patch(pt). + Resource("machineconfignodes"). + Name(name). + SubResource(subresources...). + VersionedParams(&opts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} + +// Apply takes the given apply declarative configuration, applies it and returns the applied machineConfigNode. +func (c *machineConfigNodes) Apply(ctx context.Context, machineConfigNode *machineconfigurationv1alpha1.MachineConfigNodeApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.MachineConfigNode, err error) { + if machineConfigNode == nil { + return nil, fmt.Errorf("machineConfigNode provided to Apply must not be nil") + } + patchOpts := opts.ToPatchOptions() + data, err := json.Marshal(machineConfigNode) + if err != nil { + return nil, err + } + name := machineConfigNode.Name + if name == nil { + return nil, fmt.Errorf("machineConfigNode.Name must be provided to Apply") + } + result = &v1alpha1.MachineConfigNode{} + err = c.client.Patch(types.ApplyPatchType). + Resource("machineconfignodes"). + Name(*name). + VersionedParams(&patchOpts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} + +// ApplyStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). +func (c *machineConfigNodes) ApplyStatus(ctx context.Context, machineConfigNode *machineconfigurationv1alpha1.MachineConfigNodeApplyConfiguration, opts v1.ApplyOptions) (result *v1alpha1.MachineConfigNode, err error) { + if machineConfigNode == nil { + return nil, fmt.Errorf("machineConfigNode provided to Apply must not be nil") + } + patchOpts := opts.ToPatchOptions() + data, err := json.Marshal(machineConfigNode) + if err != nil { + return nil, err + } + + name := machineConfigNode.Name + if name == nil { + return nil, fmt.Errorf("machineConfigNode.Name must be provided to Apply") + } + + result = &v1alpha1.MachineConfigNode{} + err = c.client.Patch(types.ApplyPatchType). + Resource("machineconfignodes"). + Name(*name). + SubResource("status"). + VersionedParams(&patchOpts, scheme.ParameterCodec). + Body(data). + Do(ctx). + Into(result) + return +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/machineconfiguration_client.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/machineconfiguration_client.go new file mode 100644 index 0000000000..1b717606f3 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/machineconfiguration_client.go @@ -0,0 +1,91 @@ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "net/http" + + v1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + "github.com/openshift/client-go/machineconfiguration/clientset/versioned/scheme" + rest "k8s.io/client-go/rest" +) + +type MachineconfigurationV1alpha1Interface interface { + RESTClient() rest.Interface + MachineConfigNodesGetter +} + +// MachineconfigurationV1alpha1Client is used to interact with features provided by the machineconfiguration.openshift.io group. +type MachineconfigurationV1alpha1Client struct { + restClient rest.Interface +} + +func (c *MachineconfigurationV1alpha1Client) MachineConfigNodes() MachineConfigNodeInterface { + return newMachineConfigNodes(c) +} + +// NewForConfig creates a new MachineconfigurationV1alpha1Client for the given config. +// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient), +// where httpClient was generated with rest.HTTPClientFor(c). +func NewForConfig(c *rest.Config) (*MachineconfigurationV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + httpClient, err := rest.HTTPClientFor(&config) + if err != nil { + return nil, err + } + return NewForConfigAndClient(&config, httpClient) +} + +// NewForConfigAndClient creates a new MachineconfigurationV1alpha1Client for the given config and http client. +// Note the http client provided takes precedence over the configured transport values. +func NewForConfigAndClient(c *rest.Config, h *http.Client) (*MachineconfigurationV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientForConfigAndClient(&config, h) + if err != nil { + return nil, err + } + return &MachineconfigurationV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new MachineconfigurationV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *MachineconfigurationV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new MachineconfigurationV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *MachineconfigurationV1alpha1Client { + return &MachineconfigurationV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *MachineconfigurationV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/generic.go b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/generic.go index 49d95ad7ee..ce9d5374b0 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/generic.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/generic.go @@ -6,6 +6,7 @@ import ( "fmt" v1 "github.com/openshift/api/machineconfiguration/v1" + v1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" ) @@ -48,6 +49,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource case v1.SchemeGroupVersion.WithResource("machineconfigpools"): return &genericInformer{resource: resource.GroupResource(), informer: f.Machineconfiguration().V1().MachineConfigPools().Informer()}, nil + // Group=machineconfiguration.openshift.io, Version=v1alpha1 + case v1alpha1.SchemeGroupVersion.WithResource("machineconfignodes"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Machineconfiguration().V1alpha1().MachineConfigNodes().Informer()}, nil + } return nil, fmt.Errorf("no informer found for %v", resource) diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/interface.go b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/interface.go index 6ccd6ae716..3e3e87e205 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/interface.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/interface.go @@ -5,12 +5,15 @@ package machineconfiguration import ( internalinterfaces "github.com/openshift/client-go/machineconfiguration/informers/externalversions/internalinterfaces" v1 "github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1" + v1alpha1 "github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1" ) // Interface provides access to each of this group's versions. type Interface interface { // V1 provides access to shared informers for resources in V1. V1() v1.Interface + // V1alpha1 provides access to shared informers for resources in V1alpha1. + V1alpha1() v1alpha1.Interface } type group struct { @@ -28,3 +31,8 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList func (g *group) V1() v1.Interface { return v1.New(g.factory, g.namespace, g.tweakListOptions) } + +// V1alpha1 returns a new v1alpha1.Interface. +func (g *group) V1alpha1() v1alpha1.Interface { + return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/interface.go b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/interface.go new file mode 100644 index 0000000000..89a69c9099 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/interface.go @@ -0,0 +1,29 @@ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + internalinterfaces "github.com/openshift/client-go/machineconfiguration/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // MachineConfigNodes returns a MachineConfigNodeInformer. + MachineConfigNodes() MachineConfigNodeInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// MachineConfigNodes returns a MachineConfigNodeInformer. +func (v *version) MachineConfigNodes() MachineConfigNodeInformer { + return &machineConfigNodeInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/machineconfignode.go b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/machineconfignode.go new file mode 100644 index 0000000000..57df7775b8 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/machineconfignode.go @@ -0,0 +1,73 @@ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + machineconfigurationv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + versioned "github.com/openshift/client-go/machineconfiguration/clientset/versioned" + internalinterfaces "github.com/openshift/client-go/machineconfiguration/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// MachineConfigNodeInformer provides access to a shared informer and lister for +// MachineConfigNodes. +type MachineConfigNodeInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.MachineConfigNodeLister +} + +type machineConfigNodeInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewMachineConfigNodeInformer constructs a new informer for MachineConfigNode type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewMachineConfigNodeInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredMachineConfigNodeInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredMachineConfigNodeInformer constructs a new informer for MachineConfigNode type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredMachineConfigNodeInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.MachineconfigurationV1alpha1().MachineConfigNodes().List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.MachineconfigurationV1alpha1().MachineConfigNodes().Watch(context.TODO(), options) + }, + }, + &machineconfigurationv1alpha1.MachineConfigNode{}, + resyncPeriod, + indexers, + ) +} + +func (f *machineConfigNodeInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredMachineConfigNodeInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *machineConfigNodeInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&machineconfigurationv1alpha1.MachineConfigNode{}, f.defaultInformer) +} + +func (f *machineConfigNodeInformer) Lister() v1alpha1.MachineConfigNodeLister { + return v1alpha1.NewMachineConfigNodeLister(f.Informer().GetIndexer()) +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/expansion_generated.go b/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/expansion_generated.go new file mode 100644 index 0000000000..4a0ca00a01 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/expansion_generated.go @@ -0,0 +1,7 @@ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +// MachineConfigNodeListerExpansion allows custom methods to be added to +// MachineConfigNodeLister. +type MachineConfigNodeListerExpansion interface{} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/machineconfignode.go b/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/machineconfignode.go new file mode 100644 index 0000000000..ab1f2ef044 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/machineconfignode.go @@ -0,0 +1,52 @@ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// MachineConfigNodeLister helps list MachineConfigNodes. +// All objects returned here must be treated as read-only. +type MachineConfigNodeLister interface { + // List lists all MachineConfigNodes in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.MachineConfigNode, err error) + // Get retrieves the MachineConfigNode from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.MachineConfigNode, error) + MachineConfigNodeListerExpansion +} + +// machineConfigNodeLister implements the MachineConfigNodeLister interface. +type machineConfigNodeLister struct { + indexer cache.Indexer +} + +// NewMachineConfigNodeLister returns a new MachineConfigNodeLister. +func NewMachineConfigNodeLister(indexer cache.Indexer) MachineConfigNodeLister { + return &machineConfigNodeLister{indexer: indexer} +} + +// List lists all MachineConfigNodes in the indexer. +func (s *machineConfigNodeLister) List(selector labels.Selector) (ret []*v1alpha1.MachineConfigNode, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.MachineConfigNode)) + }) + return ret, err +} + +// Get retrieves the MachineConfigNode from the index for a given name. +func (s *machineConfigNodeLister) Get(name string) (*v1alpha1.MachineConfigNode, error) { + obj, exists, err := s.indexer.GetByKey(name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("machineconfignode"), name) + } + return obj.(*v1alpha1.MachineConfigNode), nil +} diff --git a/vendor/k8s.io/kube-openapi/pkg/schemaconv/smd.go b/vendor/k8s.io/kube-openapi/pkg/schemaconv/smd.go index 799d866d51..9887d185b2 100644 --- a/vendor/k8s.io/kube-openapi/pkg/schemaconv/smd.go +++ b/vendor/k8s.io/kube-openapi/pkg/schemaconv/smd.go @@ -214,9 +214,6 @@ func makeUnion(extensions map[string]interface{}) (schema.Union, error) { } } - if union.Discriminator != nil && len(union.Fields) == 0 { - return schema.Union{}, fmt.Errorf("discriminator set to %v, but no fields in union", *union.Discriminator) - } return union, nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index 1d9f0d9c90..31bae84f73 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -324,7 +324,7 @@ github.com/esimonov/ifshort/pkg/analyzer # github.com/ettle/strcase v0.1.1 ## explicit; go 1.12 github.com/ettle/strcase -# github.com/evanphx/json-patch v4.12.0+incompatible +# github.com/evanphx/json-patch v5.6.0+incompatible ## explicit github.com/evanphx/json-patch # github.com/evanphx/json-patch/v5 v5.6.0 @@ -567,7 +567,7 @@ github.com/gostaticanalysis/forcetypeassert # github.com/gostaticanalysis/nilerr v0.1.1 ## explicit; go 1.15 github.com/gostaticanalysis/nilerr -# github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 +# github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 ## explicit github.com/gregjones/httpcache # github.com/hashicorp/errwrap v1.1.0 @@ -802,7 +802,7 @@ github.com/opencontainers/runc/libcontainer/user # github.com/opencontainers/runtime-spec v1.1.0-rc.3 ## explicit github.com/opencontainers/runtime-spec/specs-go -# github.com/openshift/api v0.0.0-20231013202211-096c446e7f60 +# github.com/openshift/api v0.0.0-20231128111040-e1845c5a7acd ## explicit; go 1.20 github.com/openshift/api github.com/openshift/api/apiserver @@ -837,10 +837,12 @@ github.com/openshift/api/machine/v1 github.com/openshift/api/machine/v1alpha1 github.com/openshift/api/machine/v1beta1 github.com/openshift/api/machineconfiguration/v1 +github.com/openshift/api/machineconfiguration/v1alpha1 github.com/openshift/api/monitoring github.com/openshift/api/monitoring/v1alpha1 github.com/openshift/api/network github.com/openshift/api/network/v1 +github.com/openshift/api/network/v1alpha1 github.com/openshift/api/networkoperator github.com/openshift/api/networkoperator/v1 github.com/openshift/api/oauth @@ -873,7 +875,7 @@ github.com/openshift/api/template github.com/openshift/api/template/v1 github.com/openshift/api/user github.com/openshift/api/user/v1 -# github.com/openshift/client-go v0.0.0-20231005121823-e81400b97c46 +# github.com/openshift/client-go v0.0.0-20231110140829-a6ca51f6d5ba ## explicit; go 1.20 github.com/openshift/client-go/build/applyconfigurations/build/v1 github.com/openshift/client-go/build/applyconfigurations/internal @@ -911,16 +913,21 @@ github.com/openshift/client-go/image/clientset/versioned/scheme github.com/openshift/client-go/image/clientset/versioned/typed/image/v1 github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1 +github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1 github.com/openshift/client-go/machineconfiguration/clientset/versioned github.com/openshift/client-go/machineconfiguration/clientset/versioned/fake github.com/openshift/client-go/machineconfiguration/clientset/versioned/scheme github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1 github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1/fake +github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1 +github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/fake github.com/openshift/client-go/machineconfiguration/informers/externalversions github.com/openshift/client-go/machineconfiguration/informers/externalversions/internalinterfaces github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1 +github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1 github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1 +github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1 github.com/openshift/client-go/operator/applyconfigurations/internal github.com/openshift/client-go/operator/applyconfigurations/operator/v1 github.com/openshift/client-go/operator/applyconfigurations/operator/v1alpha1 @@ -938,10 +945,10 @@ github.com/openshift/client-go/operator/informers/externalversions/operator/v1 github.com/openshift/client-go/operator/informers/externalversions/operator/v1alpha1 github.com/openshift/client-go/operator/listers/operator/v1 github.com/openshift/client-go/operator/listers/operator/v1alpha1 -# github.com/openshift/cluster-config-operator v0.0.0-alpha.0.0.20230516205036-088c6d48cc1a +# github.com/openshift/cluster-config-operator v0.0.0-alpha.0.0.20231110142214-403ea8439974 ## explicit; go 1.20 github.com/openshift/cluster-config-operator/pkg/operator/featuregates -# github.com/openshift/library-go v0.0.0-20231017173800-126f85ed0cc7 +# github.com/openshift/library-go v0.0.0-20231020125034-5a2d9fe760b3 ## explicit; go 1.20 github.com/openshift/library-go/pkg/cloudprovider github.com/openshift/library-go/pkg/config/clusteroperator/v1helpers @@ -2052,7 +2059,7 @@ k8s.io/kube-aggregator/pkg/apis/apiregistration/v1 k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1 k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/typed/apiregistration/v1 -# k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 +# k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f => github.com/openshift/kube-openapi v0.0.0-20230816122517-ffc8f001abb0 ## explicit; go 1.19 k8s.io/kube-openapi/cmd/openapi-gen/args k8s.io/kube-openapi/pkg/builder3/util @@ -2236,3 +2243,4 @@ sigs.k8s.io/structured-merge-diff/v4/value # sigs.k8s.io/yaml v1.3.0 ## explicit; go 1.12 sigs.k8s.io/yaml +# k8s.io/kube-openapi => github.com/openshift/kube-openapi v0.0.0-20230816122517-ffc8f001abb0