From 4dfa3d06a4f30fb81ffc5d09703ba107735cb404 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Fri, 26 Apr 2024 05:33:52 +0000 Subject: [PATCH 1/9] update last_rebase.sh --- scripts/auto-rebase/last_rebase.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/auto-rebase/last_rebase.sh b/scripts/auto-rebase/last_rebase.sh index 840c99c1d0..e9cbb96762 100755 --- a/scripts/auto-rebase/last_rebase.sh +++ b/scripts/auto-rebase/last_rebase.sh @@ -1,2 +1,2 @@ #!/bin/bash -x -./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.16.0-0.nightly-2024-04-15-184947" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.16.0-0.nightly-arm64-2024-04-15-184946" +./scripts/auto-rebase/rebase.sh to "registry.ci.openshift.org/ocp/release:4.16.0-0.nightly-2024-04-23-032717" "registry.ci.openshift.org/ocp-arm64/release-arm64:4.16.0-0.nightly-arm64-2024-04-25-160158" From 491f9f38ed3a443135ca6fa0c5a96942e42e3104 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Fri, 26 Apr 2024 05:33:53 +0000 Subject: [PATCH 2/9] update changelog --- scripts/auto-rebase/changelog.txt | 313 ++++++++++++++++++++++++++++++ scripts/auto-rebase/commits.txt | 32 +-- 2 files changed, 329 insertions(+), 16 deletions(-) diff --git a/scripts/auto-rebase/changelog.txt b/scripts/auto-rebase/changelog.txt index e69de29bb2..6921d2c87a 100644 --- a/scripts/auto-rebase/changelog.txt +++ b/scripts/auto-rebase/changelog.txt @@ -0,0 +1,313 @@ +- cluster-csi-snapshot-controller-operator embedded-component a9b0c1c1b0bc031572e6f5029f672e58347c0648 to 661409f25dd18cdfc508568a30740b173538049c + - 0aa1e91 2024-02-06T10:06:17-05:00 OCPBUGS-28230: add FallbackToLogsOnError for easier debugging + +- cluster-ingress-operator embedded-component 81fffa0a15f82deafd97b84e1f5cb2efe1bd9d62 to bca2dff6a401500f1eae2847289c1e8ca2e993a2 + - 9bf38aa 2024-04-19T20:58:04+02:00 NE-1317: manifests - adding ingress capability annotations + - 65dcb3f 2024-04-17T13:08:54-04:00 Bump openshift/api, and update CRD generation + +- cluster-kube-apiserver-operator embedded-component b16e36ca91558fb1f562ebf15d4d4ee3760ef6f6 to 65eb450da8c1c674c106d4856fb6a28474ca089d + - a448c4c 2024-04-11T09:57:56-03:00 WRKLDS-1015: tolerate node-role.kubernetes.io/control-plane:NoExecute + +- cluster-kube-controller-manager-operator embedded-component f5ea706c4378d74d1a46ed0eec624bc6cc207dbc to f0f485f3c1d70416c242e3159820331a36fb2d2a + - 6eb697a 2024-04-15T16:38:00+02:00 bindata: convert SecretTypeTLS secrets + +- cluster-network-operator embedded-component d98d330298330a9f181965e9bc5a821b349084bf to 6e245a07ee3d81fd91d72f49b55ddf0c7cc7c549 + - 255929b 2024-04-21T12:42:35+03:00 Improved prometheus rule for ipsec metric + - b4980a4 2024-04-18T18:29:27+02:00 Fix shellcheck warnings on ipsec bash scripts + - 3e813ca 2024-04-18T18:29:27+02:00 Fix wait logic for ipsec certificate signing request + - f0ccd42 2024-04-18T15:01:15+02:00 Improve IPsec MachineConfig readiness check + - ac7ba19 2024-04-17T02:48:51+09:00 OCPBUGS-28230: enforce termination message policy on all platform pods + - 424182b 2024-04-16T09:51:32+02:00 ANP: Add RBAC for cluster-manager + - 07fd8f1 2024-04-16T10:30:30+03:00 Add ipsec state metric + - aab035e 2024-04-15T18:29:12+05:30 Avoid updating networkDiagnostics field to cluster config + - d95ab1c 2024-04-15T18:29:12+05:30 Add ability to configure transit and join switch subnet + - d5032b8 2024-04-15T18:29:12+05:30 Configure CNO as per new API changes for join and transit switch subnet + - 6b0e01e 2024-04-12T14:24:59-04:00 OCPBUGS-28230: enforce termination message policy on all platform pods + - bcb1282 2024-04-11T12:14:26+05:30 API bump in CNO + - 4de77fc 2024-02-05T09:49:21-05:00 use v1 for flowcontrol API + +- kubernetes embedded-component 6b4d6cb58038fc1bd4da50fde0164a8872e60703 to d9d45306df052aa5824fd8b2dab4e61f5ecc481c + - 93a2209cd 2024-04-18T07:43:24+05:30 UPSTREAM: : hack/update-vendor.sh, make update and update image + - e40b9c41b 2024-04-18T07:22:22+05:30 UPSTREAM: : manually resolve conflicts + - facd3b186 2024-04-16T11:41:03-04:00 UPSTREAM: : featureset validation moved to CEL + - 55019c83b 2024-04-16T15:00:24+00:00 Release commit for Kubernetes v1.29.4 + - 406ffc35f 2024-04-16T10:45:38-04:00 UPSTREAM: : create readyz event for kubeapi server + - 410ba701b 2024-04-16T00:37:27+05:30 UPSTREAM: : Fix incorrect type casting in admission validate_apiserver + - 1448e1c3f 2024-04-16T00:37:08+05:30 UPSTREAM: : Add RouteExternalCertificate validation in Route ObjectValidator + - 34546f472 2024-04-15T09:15:06-07:00 Add envFrom to serviceaccount admission plugin + - 34ab3fd19 2024-04-11T16:36:40-04:00 UPSTREAM: : react to library-go changes + - 8240a5ec8 2024-04-11T16:36:40-04:00 UPSTREAM: : bump library-go + - c652a1dae 2024-04-09T18:20:48-04:00 UPSTREAM: : add support for cpu limits into management workloads + - b635fd628 2024-04-05T15:56:44+02:00 update debian-base to bookworm-v1.0.2 + - 1fded9c76 2024-04-05T15:56:34+02:00 [go] Bump images, dependencies and versions to go 1.21.9 and distroless iptables / set-cap + - f10341af5 2024-04-04T14:20:20+05:30 [CVE-2023-45288] .*: bump x/net to v0.23.0 + - efd8578ac 2024-04-03T14:54:16-04:00 Keep streams from being set up after closeAllStreamReaders is called + - 4499c3fad 2024-04-03T14:54:08-04:00 Make websocket heartbeat test timing less flaky + - d7258c313 2024-04-03T14:54:02-04:00 Avoid logging binary junk for frame write failure + - 2b621fe7b 2024-04-01T15:29:59-03:00 Use the right feature gate when updating uncertain volumes + - aa6c13575 2024-04-01T16:49:17+08:00 fix panic with SIGSEGV in kubeadm certs check-expiration + - cd9f65388 2024-03-29T10:01:39-04:00 retry policy creation for CRD type checking E2E test + - cf2a33715 2024-03-19T23:16:57+01:00 Undo double run of the TestWatchSemantics test to avoid hitting timeout + - d9ca30059 2024-03-19T09:06:53+01:00 apiserver/storage/cacher: decrease the running time of tests in the cacher package. + - f8f08542c 2024-03-19T09:06:33+01:00 Serve watch without resourceVersion from cache and introduce a WatchFromStorageWithoutResourceVersion feature gate to allow serving watch from storage. + - ff2189b7c 2024-03-19T08:52:31+01:00 Ensure that initial events are sorted for WatchList + - dee895d7f 2024-03-15T00:33:33+00:00 Update CHANGELOG/CHANGELOG-1.29.md for v1.29.3 + - 93cafce2f 2024-03-08T12:57:08-05:00 fix aggregator path filtering to include / + - a3ac0b48c 2024-03-01T17:17:23-05:00 Filter aggregated apiservice gv + - beb7bf347 2024-01-10T12:19:46+01:00 Use DBG=1 for conformance verification + - 437f2cfce 2024-01-10T12:19:46+01:00 build: use -trimpath in non-DBG mode + - 0af609a29 2023-11-24T18:30:50+01:00 UPSTREAM: : kube-controller-manager: allow running bare kube-controller-manager + +- machine-config-operator embedded-component 509a97df24be851ee8c11247dbd840c927f02137 to 52e618e80e1ac6cd00ac7a41b19d354b6b254488 + - fb604458 2024-04-18T10:39:09+02:00 cleanup: update references in docs from machine-os-contenet to rhel-coreos + - 335da0ad 2024-04-17T15:47:10-04:00 use caching to speed up incremental builds + - 2be5e47f 2024-04-17T10:50:42-04:00 msbic: nit cleanups + - 6923d564 2024-04-16T18:54:20-04:00 msbic: update e2e to use API + - 2b9c00f0 2024-04-16T18:54:20-04:00 msbic: inject managed stub into machineset + - 537d958f 2024-04-16T18:54:20-04:00 msbic: error on machineset with an owner reference + - 4fce32f6 2024-04-16T18:54:20-04:00 msbic: add support for boot image opt-in API + - 9f8844d2 2024-04-16T18:54:20-04:00 operator: add syncMachineConfiguration + - cea6d50d 2024-04-16T05:50:10-04:00 update crd-sync script to include missing CRDs + - bdf34886 2024-04-16T15:07:36+05:30 bug: Fix configure-ip-forwarding.sh + - 0862f41c 2024-04-15T16:08:18-04:00 operator: sync validatingadmissionpolicy manifests + - ef3d914e 2024-04-13T07:57:17-04:00 make go-deps for library-go + - 6969efaa 2024-04-12T14:17:37-04:00 OCPBUGS-28230: enforce termination message policy on all platform pods + +- operator-framework-olm embedded-component 0d40488558ed03b817755c2f95567fcf68dc9cba to 773439e5842d3b7ba480c6e097c7aa6da3c92df5 + - 8aafc6c0 2024-04-18T00:02:51+00:00 Fix unpack job cache issue (#3204) + - 7c5825f4 2024-04-16T00:03:54+00:00 Update if AlreadyExists (#3202) + - 98991290 2024-04-16T00:02:18+00:00 catalog-operator: delete catalog pods stuck in Terminating state due to unreachable node (#3201) + - 1658453a 2024-04-12T16:59:48-04:00 OCPBUGS-28230: update manifest generation to enforce termination message policy on all platform pods + - 3b110b7f 2024-04-12T15:41:54-04:00 OCPBUGS-28230: enforce termination message policy on all platform pods + +- oc image-amd64 46db7c2bce5a57e3c3d9347e7e1e107e61dbd306 to 057cfc567e03e1470e6122fc4a3c765c4deed8b5 + - 101031b8 2024-04-22T18:10:53+08:00 oc image extract: Print an error msg instead of panicking when all images are filtered out from the manifest list. + - 0df0f756 2024-04-20T11:37:50+02:00 oc adm must-gather: print timestamp when logging + - 24897fe4 2024-04-19T18:14:05-04:00 Changing the conditional risk to known issues + - 31b1c919 2024-04-19T01:05:08+02:00 `upgrade status`: always tabulate 'All is well' + - cff394b6 2024-04-19T01:05:08+02:00 `upgrade status`: ignore incomplete insights + - 3fd53d64 2024-04-19T01:05:08+02:00 `upgrade status`: pad linebreaks in descriptions + - e24767c4 2024-04-19T01:05:08+02:00 `upgrade status`: populate descriptions and refs for insights + - aada20af 2024-04-19T01:05:08+02:00 `upgrade status`: `--details=health` shows reference and description + - 38cd6c9e 2024-04-17T15:52:40+02:00 `upgrade status`: test `--detailed=all` in examples integration test + - 17c3c1fc 2024-04-17T15:44:25+02:00 `upgrade status`: add `--detailed=nodes` that shows all nodes + - cf8d1026 2024-04-16T10:02:17-06:00 add prune renderedmachineconfigs + - e4657909 2024-04-15T11:28:24-04:00 indicate how many tests each feature has + - eeaf9631 2024-04-15T11:09:11-04:00 update library-go for new api + - b0ce1a6b 2024-04-11T09:25:38-04:00 update API for test reporting types + - 7ff607c1 2024-04-03T13:26:25+02:00 OCPBUGS-20097: Migrate tools image to RHEL9 + +- router image-amd64 526f832abbd2c2926d6545b4a6f5c41579bc6a76 to 7ad7ec1d2390aeeb851874ec1ab7ba0dadbf1158 + - c22b003 2024-04-19T15:34:26-04:00 Add Upgrade Validation router plugin + - e8b2579 2024-04-19T15:34:26-04:00 Remove original condition clearing from recordIngressCondition + - e70ba93 2024-04-19T15:34:19-04:00 Fix recordIngressCondition changed=false issue. + - 79d80c4 2024-04-19T15:16:27-04:00 Bump openshift/api + - 6bec801 2024-04-19T15:16:27-04:00 Bump golang 1.21 + - 2c88170 2024-04-19T15:16:11-04:00 Regenerate certs for unit tests + - 7df65af 2024-04-18T13:38:20+02:00 OCPBUGS-32044: Introduce 'idle-close-on-response' option for frontends + - ce709bc 2024-02-02T14:07:28-05:00 Add .gitleaks.toml + +- ovn-kubernetes image-amd64 904635520714590ee15a1b70c09303266c4910fb to a7f09097a131adbbb01f861e20666eac49c087dd + - 90696a9 2024-04-20T16:54:26-04:00 Do per-pod MCS/metadata blocking with nftables rather than iptables + - 2afe7b8 2024-04-20T16:54:23-04:00 Import knftables package + - 6ca2748 2024-04-20T16:51:59-04:00 Install nftables in images + - cae032e 2024-04-17T23:25:53+02:00 Fix helm installation for ANP CRDs + - 1109289 2024-04-17T21:35:39+02:00 ANP Status: Fix bug around zone delete + - f95ea49 2024-04-17T21:35:39+02:00 Update version of e2e's to the latest: v0.1.3 + - 7a69306 2024-04-17T21:35:39+02:00 Do server-side-apply for ANP/BANP + - 648d83d 2024-04-17T21:35:39+02:00 Update the new namespace peer styling + - f20ee5d 2024-04-17T21:35:39+02:00 Update the vendoring of ANP yamls + - 977b256 2024-04-17T21:35:39+02:00 Bump network-policy-api to latest + - d0dbf01 2024-04-16T09:40:46+02:00 Add (B)ANP ACL/AddressSet count metrics + - 26eb4ae 2024-04-15T22:03:49-07:00 helm: Add GitHub Test Lane + - a4303fc 2024-04-15T22:03:49-07:00 symlink CRDs from helm chart to dist/templates + - 3bb4861 2024-04-15T22:03:49-07:00 helm: enable controllers and egress ip grpc by default + - 4ad0e39 2024-04-15T22:03:49-07:00 helm: add missing crds + - 88d582a 2024-04-15T22:03:49-07:00 helm: Move pod affinity to values.yaml + - e295a9d 2024-04-15T22:03:49-07:00 add Helm chart to deploy ovn-kubernetes + - 485b659 2024-04-15T13:54:40-07:00 Various fixes and improvements to iptables stuff + - e806cda 2024-04-15T13:54:40-07:00 Fixes iptables issue where SNAT rules were being added multiple times + - a2ee9d4 2024-04-15T13:54:40-07:00 Adds iptables-restore capability for service sync + - b77ea07 2024-04-15T13:54:40-07:00 Vendor trozet/go-iptables + - d8f7288 2024-04-15T13:54:40-07:00 Fixes inefficient service parsing + - 6ff1378 2024-04-15T13:54:40-07:00 Improves service iptables efficiency on start up + - d7f155d 2024-04-15T08:13:45-04:00 skip ipv6 'should listen on each host address test' + - a3c8570 2024-04-15T12:28:03+02:00 Fix endpoint selection for externalTrafficPolicy=local + - 156c329 2024-04-14T13:26:10+00:00 Bump golang.org/x/crypto from 0.16.0 to 0.17.0 in /test/e2e + - 91f38ec 2024-04-13T07:37:22+00:00 Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /test/e2e + - a336a90 2024-04-12T11:23:41-04:00 Update e2e to k8s 1.29 + - f9e9090 2024-04-12T11:23:41-04:00 Skip serviceCidr tests + - 26cff8d 2024-04-12T11:23:41-04:00 Kind changes + - 6b8ff6e 2024-04-12T15:57:16+01:00 Dockerfile.base: Bump OVN to ovn-23.09.0-139.el9fdp + - 9f43c6c 2024-04-11T20:13:56-07:00 Dockerfile.ubuntu : fix build issue + - b3fe49b 2024-04-11T08:15:07-07:00 control file is not same as sock file + - 34b1a4b 2024-04-11T15:57:55+01:00 Service E2Es: ensure pods can communicate using src port equal to node port + - 26bd3a7 2024-04-11T11:26:33+01:00 Dockerfile.fedora:bump OVN to 23.09.0-139 + - c4dc672 2024-04-10T12:01:43+02:00 incorrect OVS DB version is being scrapped + - ec50da8 2024-04-10T12:01:43+02:00 incorrect OVN DB version is being scrapped + - 87927a2 2024-04-09T18:12:01-07:00 remove ovn-{nb|sb}ctl CLI latency metrics and alerts + - c11bb83 2024-04-09T11:18:03-04:00 unskip ipv6 testing in local gateway mode + - ca614e2 2024-04-09T10:47:59-04:00 fix for ipv6 control plane test for nodePorts + - 67f3338 2024-04-09T10:47:59-04:00 fixes ipv6 control plane testing + - 54a40ac 2024-04-05T18:38:38+01:00 Bump K8s Z version to consume test fix + - 2579da6 2024-04-05T18:16:46+02:00 Add function for secondary controller name generation based on network name. + - 759b4bd 2024-04-05T18:16:46+02:00 Update sync functions for network policy to directly get port groups, and not ACLs. It wasn't possible before to get network policy related port groups for cleanup, and we had to find then via referencing ACLs. But now we can just filter them directly using new IDs. + - 5aa56d3 2024-04-05T18:16:46+02:00 Use owner-based ExternalIDs for port groups. Add port groups syncer. It is different from the previous syncers, since it updates port groups owned by different controllers. Leave only 1 buildPortGroup function that uses DbObjectIDs Wrap all Cluster[Rtr]PortGroup usage with getClusterPortGroupName. Add hashPrimaryID function to set portGroup name in libovsdbops. Introduce shared functionality to build and parse ObjectNameKey for namespaced objects. + - acdaa4a 2024-04-05T18:16:46+02:00 Update address set external_ids_sync to use batching package. + - 3171adb 2024-04-05T18:16:46+02:00 Make syncer types exported + - 8903abd 2024-04-05T10:44:18+01:00 Remove extra || in SKIP formatting + - 46333e0 2024-04-05T10:07:54+01:00 EIP docs: Add description for skipping IP rules when dst is a node IP in LGW mode + - a56feca 2024-02-02T11:56:30+00:00 EIP docs: replace confusing use of mark 1008 as routing table int + +- kubernetes image-amd64 6b4d6cb58038fc1bd4da50fde0164a8872e60703 to d9d45306df052aa5824fd8b2dab4e61f5ecc481c + - 93a2209cd 2024-04-18T07:43:24+05:30 UPSTREAM: : hack/update-vendor.sh, make update and update image + - e40b9c41b 2024-04-18T07:22:22+05:30 UPSTREAM: : manually resolve conflicts + - facd3b186 2024-04-16T11:41:03-04:00 UPSTREAM: : featureset validation moved to CEL + - 55019c83b 2024-04-16T15:00:24+00:00 Release commit for Kubernetes v1.29.4 + - 406ffc35f 2024-04-16T10:45:38-04:00 UPSTREAM: : create readyz event for kubeapi server + - 410ba701b 2024-04-16T00:37:27+05:30 UPSTREAM: : Fix incorrect type casting in admission validate_apiserver + - 1448e1c3f 2024-04-16T00:37:08+05:30 UPSTREAM: : Add RouteExternalCertificate validation in Route ObjectValidator + - 34546f472 2024-04-15T09:15:06-07:00 Add envFrom to serviceaccount admission plugin + - 34ab3fd19 2024-04-11T16:36:40-04:00 UPSTREAM: : react to library-go changes + - 8240a5ec8 2024-04-11T16:36:40-04:00 UPSTREAM: : bump library-go + - c652a1dae 2024-04-09T18:20:48-04:00 UPSTREAM: : add support for cpu limits into management workloads + - b635fd628 2024-04-05T15:56:44+02:00 update debian-base to bookworm-v1.0.2 + - 1fded9c76 2024-04-05T15:56:34+02:00 [go] Bump images, dependencies and versions to go 1.21.9 and distroless iptables / set-cap + - f10341af5 2024-04-04T14:20:20+05:30 [CVE-2023-45288] .*: bump x/net to v0.23.0 + - efd8578ac 2024-04-03T14:54:16-04:00 Keep streams from being set up after closeAllStreamReaders is called + - 4499c3fad 2024-04-03T14:54:08-04:00 Make websocket heartbeat test timing less flaky + - d7258c313 2024-04-03T14:54:02-04:00 Avoid logging binary junk for frame write failure + - 2b621fe7b 2024-04-01T15:29:59-03:00 Use the right feature gate when updating uncertain volumes + - aa6c13575 2024-04-01T16:49:17+08:00 fix panic with SIGSEGV in kubeadm certs check-expiration + - cd9f65388 2024-03-29T10:01:39-04:00 retry policy creation for CRD type checking E2E test + - cf2a33715 2024-03-19T23:16:57+01:00 Undo double run of the TestWatchSemantics test to avoid hitting timeout + - d9ca30059 2024-03-19T09:06:53+01:00 apiserver/storage/cacher: decrease the running time of tests in the cacher package. + - f8f08542c 2024-03-19T09:06:33+01:00 Serve watch without resourceVersion from cache and introduce a WatchFromStorageWithoutResourceVersion feature gate to allow serving watch from storage. + - ff2189b7c 2024-03-19T08:52:31+01:00 Ensure that initial events are sorted for WatchList + - dee895d7f 2024-03-15T00:33:33+00:00 Update CHANGELOG/CHANGELOG-1.29.md for v1.29.3 + - 93cafce2f 2024-03-08T12:57:08-05:00 fix aggregator path filtering to include / + - a3ac0b48c 2024-03-01T17:17:23-05:00 Filter aggregated apiservice gv + - beb7bf347 2024-01-10T12:19:46+01:00 Use DBG=1 for conformance verification + - 437f2cfce 2024-01-10T12:19:46+01:00 build: use -trimpath in non-DBG mode + - 0af609a29 2023-11-24T18:30:50+01:00 UPSTREAM: : kube-controller-manager: allow running bare kube-controller-manager + +- oc image-arm64 46db7c2bce5a57e3c3d9347e7e1e107e61dbd306 to f55e920172fc29bc01c7c889368dc6a4ffdc591e + - 385b9643 2024-04-24T13:25:53+02:00 `upgrade status`: hint at using `--details=health` + - 2e0ebfa7 2024-04-24T12:53:48+02:00 `upgrade status`: ellipsize (duplicate) long names in messages + - ef33f6e8 2024-04-24T12:53:37+02:00 `upgrade status --detailed=health`: show involved resources + - 925aeb24 2024-04-23T16:54:07+02:00 `update status`: Simplify CO status line + - 101031b8 2024-04-22T18:10:53+08:00 oc image extract: Print an error msg instead of panicking when all images are filtered out from the manifest list. + - 0df0f756 2024-04-20T11:37:50+02:00 oc adm must-gather: print timestamp when logging + - 24897fe4 2024-04-19T18:14:05-04:00 Changing the conditional risk to known issues + - 433daea9 2024-04-19T10:00:40-07:00 release: extract ccoctl.rhel8 and ccoctl.rhel9 + - 31b1c919 2024-04-19T01:05:08+02:00 `upgrade status`: always tabulate 'All is well' + - cff394b6 2024-04-19T01:05:08+02:00 `upgrade status`: ignore incomplete insights + - 3fd53d64 2024-04-19T01:05:08+02:00 `upgrade status`: pad linebreaks in descriptions + - e24767c4 2024-04-19T01:05:08+02:00 `upgrade status`: populate descriptions and refs for insights + - aada20af 2024-04-19T01:05:08+02:00 `upgrade status`: `--details=health` shows reference and description + - 38cd6c9e 2024-04-17T15:52:40+02:00 `upgrade status`: test `--detailed=all` in examples integration test + - 17c3c1fc 2024-04-17T15:44:25+02:00 `upgrade status`: add `--detailed=nodes` that shows all nodes + - cf8d1026 2024-04-16T10:02:17-06:00 add prune renderedmachineconfigs + - e4657909 2024-04-15T11:28:24-04:00 indicate how many tests each feature has + - eeaf9631 2024-04-15T11:09:11-04:00 update library-go for new api + - b0ce1a6b 2024-04-11T09:25:38-04:00 update API for test reporting types + - 7ff607c1 2024-04-03T13:26:25+02:00 OCPBUGS-20097: Migrate tools image to RHEL9 + +- router image-arm64 526f832abbd2c2926d6545b4a6f5c41579bc6a76 to d2d6892ca0bf71574a8f95579dfe7a848a5cf359 + - 0ff5da4 2024-04-22T22:05:36-04:00 Add Upgrade Validation force arguments for running E2E tests + - 423ea1e 2024-04-22T12:41:43-04:00 Remove SHA1 detection from Upgrade Validation + - 8e2bb02 2024-04-22T10:12:15-04:00 Reject routes with SHA1 certs + - c22b003 2024-04-19T15:34:26-04:00 Add Upgrade Validation router plugin + - e8b2579 2024-04-19T15:34:26-04:00 Remove original condition clearing from recordIngressCondition + - e70ba93 2024-04-19T15:34:19-04:00 Fix recordIngressCondition changed=false issue. + - 79d80c4 2024-04-19T15:16:27-04:00 Bump openshift/api + - 6bec801 2024-04-19T15:16:27-04:00 Bump golang 1.21 + - 2c88170 2024-04-19T15:16:11-04:00 Regenerate certs for unit tests + - 7df65af 2024-04-18T13:38:20+02:00 OCPBUGS-32044: Introduce 'idle-close-on-response' option for frontends + - ce709bc 2024-02-02T14:07:28-05:00 Add .gitleaks.toml + +- ovn-kubernetes image-arm64 904635520714590ee15a1b70c09303266c4910fb to a7f09097a131adbbb01f861e20666eac49c087dd + - 90696a9 2024-04-20T16:54:26-04:00 Do per-pod MCS/metadata blocking with nftables rather than iptables + - 2afe7b8 2024-04-20T16:54:23-04:00 Import knftables package + - 6ca2748 2024-04-20T16:51:59-04:00 Install nftables in images + - cae032e 2024-04-17T23:25:53+02:00 Fix helm installation for ANP CRDs + - 1109289 2024-04-17T21:35:39+02:00 ANP Status: Fix bug around zone delete + - f95ea49 2024-04-17T21:35:39+02:00 Update version of e2e's to the latest: v0.1.3 + - 7a69306 2024-04-17T21:35:39+02:00 Do server-side-apply for ANP/BANP + - 648d83d 2024-04-17T21:35:39+02:00 Update the new namespace peer styling + - f20ee5d 2024-04-17T21:35:39+02:00 Update the vendoring of ANP yamls + - 977b256 2024-04-17T21:35:39+02:00 Bump network-policy-api to latest + - d0dbf01 2024-04-16T09:40:46+02:00 Add (B)ANP ACL/AddressSet count metrics + - 26eb4ae 2024-04-15T22:03:49-07:00 helm: Add GitHub Test Lane + - a4303fc 2024-04-15T22:03:49-07:00 symlink CRDs from helm chart to dist/templates + - 3bb4861 2024-04-15T22:03:49-07:00 helm: enable controllers and egress ip grpc by default + - 4ad0e39 2024-04-15T22:03:49-07:00 helm: add missing crds + - 88d582a 2024-04-15T22:03:49-07:00 helm: Move pod affinity to values.yaml + - e295a9d 2024-04-15T22:03:49-07:00 add Helm chart to deploy ovn-kubernetes + - 485b659 2024-04-15T13:54:40-07:00 Various fixes and improvements to iptables stuff + - e806cda 2024-04-15T13:54:40-07:00 Fixes iptables issue where SNAT rules were being added multiple times + - a2ee9d4 2024-04-15T13:54:40-07:00 Adds iptables-restore capability for service sync + - b77ea07 2024-04-15T13:54:40-07:00 Vendor trozet/go-iptables + - d8f7288 2024-04-15T13:54:40-07:00 Fixes inefficient service parsing + - 6ff1378 2024-04-15T13:54:40-07:00 Improves service iptables efficiency on start up + - d7f155d 2024-04-15T08:13:45-04:00 skip ipv6 'should listen on each host address test' + - a3c8570 2024-04-15T12:28:03+02:00 Fix endpoint selection for externalTrafficPolicy=local + - 156c329 2024-04-14T13:26:10+00:00 Bump golang.org/x/crypto from 0.16.0 to 0.17.0 in /test/e2e + - 91f38ec 2024-04-13T07:37:22+00:00 Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /test/e2e + - a336a90 2024-04-12T11:23:41-04:00 Update e2e to k8s 1.29 + - f9e9090 2024-04-12T11:23:41-04:00 Skip serviceCidr tests + - 26cff8d 2024-04-12T11:23:41-04:00 Kind changes + - 6b8ff6e 2024-04-12T15:57:16+01:00 Dockerfile.base: Bump OVN to ovn-23.09.0-139.el9fdp + - 9f43c6c 2024-04-11T20:13:56-07:00 Dockerfile.ubuntu : fix build issue + - b3fe49b 2024-04-11T08:15:07-07:00 control file is not same as sock file + - 34b1a4b 2024-04-11T15:57:55+01:00 Service E2Es: ensure pods can communicate using src port equal to node port + - 26bd3a7 2024-04-11T11:26:33+01:00 Dockerfile.fedora:bump OVN to 23.09.0-139 + - c4dc672 2024-04-10T12:01:43+02:00 incorrect OVS DB version is being scrapped + - ec50da8 2024-04-10T12:01:43+02:00 incorrect OVN DB version is being scrapped + - 87927a2 2024-04-09T18:12:01-07:00 remove ovn-{nb|sb}ctl CLI latency metrics and alerts + - c11bb83 2024-04-09T11:18:03-04:00 unskip ipv6 testing in local gateway mode + - ca614e2 2024-04-09T10:47:59-04:00 fix for ipv6 control plane test for nodePorts + - 67f3338 2024-04-09T10:47:59-04:00 fixes ipv6 control plane testing + - 54a40ac 2024-04-05T18:38:38+01:00 Bump K8s Z version to consume test fix + - 2579da6 2024-04-05T18:16:46+02:00 Add function for secondary controller name generation based on network name. + - 759b4bd 2024-04-05T18:16:46+02:00 Update sync functions for network policy to directly get port groups, and not ACLs. It wasn't possible before to get network policy related port groups for cleanup, and we had to find then via referencing ACLs. But now we can just filter them directly using new IDs. + - 5aa56d3 2024-04-05T18:16:46+02:00 Use owner-based ExternalIDs for port groups. Add port groups syncer. It is different from the previous syncers, since it updates port groups owned by different controllers. Leave only 1 buildPortGroup function that uses DbObjectIDs Wrap all Cluster[Rtr]PortGroup usage with getClusterPortGroupName. Add hashPrimaryID function to set portGroup name in libovsdbops. Introduce shared functionality to build and parse ObjectNameKey for namespaced objects. + - acdaa4a 2024-04-05T18:16:46+02:00 Update address set external_ids_sync to use batching package. + - 3171adb 2024-04-05T18:16:46+02:00 Make syncer types exported + - 8903abd 2024-04-05T10:44:18+01:00 Remove extra || in SKIP formatting + - 46333e0 2024-04-05T10:07:54+01:00 EIP docs: Add description for skipping IP rules when dst is a node IP in LGW mode + - a56feca 2024-02-02T11:56:30+00:00 EIP docs: replace confusing use of mark 1008 as routing table int + +- kubernetes image-arm64 6b4d6cb58038fc1bd4da50fde0164a8872e60703 to 094c9310af029925b53541b09e84e9af1a47638e + - 7dd12ef32 2024-04-23T12:41:20+02:00 UPSTREAM: : Add OpenShift tooling, images, configs and docs + - 93a2209cd 2024-04-18T07:43:24+05:30 UPSTREAM: : hack/update-vendor.sh, make update and update image + - e40b9c41b 2024-04-18T07:22:22+05:30 UPSTREAM: : manually resolve conflicts + - facd3b186 2024-04-16T11:41:03-04:00 UPSTREAM: : featureset validation moved to CEL + - 55019c83b 2024-04-16T15:00:24+00:00 Release commit for Kubernetes v1.29.4 + - 406ffc35f 2024-04-16T10:45:38-04:00 UPSTREAM: : create readyz event for kubeapi server + - 410ba701b 2024-04-16T00:37:27+05:30 UPSTREAM: : Fix incorrect type casting in admission validate_apiserver + - 1448e1c3f 2024-04-16T00:37:08+05:30 UPSTREAM: : Add RouteExternalCertificate validation in Route ObjectValidator + - 34546f472 2024-04-15T09:15:06-07:00 Add envFrom to serviceaccount admission plugin + - 34ab3fd19 2024-04-11T16:36:40-04:00 UPSTREAM: : react to library-go changes + - 8240a5ec8 2024-04-11T16:36:40-04:00 UPSTREAM: : bump library-go + - c652a1dae 2024-04-09T18:20:48-04:00 UPSTREAM: : add support for cpu limits into management workloads + - b635fd628 2024-04-05T15:56:44+02:00 update debian-base to bookworm-v1.0.2 + - 1fded9c76 2024-04-05T15:56:34+02:00 [go] Bump images, dependencies and versions to go 1.21.9 and distroless iptables / set-cap + - f10341af5 2024-04-04T14:20:20+05:30 [CVE-2023-45288] .*: bump x/net to v0.23.0 + - efd8578ac 2024-04-03T14:54:16-04:00 Keep streams from being set up after closeAllStreamReaders is called + - 4499c3fad 2024-04-03T14:54:08-04:00 Make websocket heartbeat test timing less flaky + - d7258c313 2024-04-03T14:54:02-04:00 Avoid logging binary junk for frame write failure + - 2b621fe7b 2024-04-01T15:29:59-03:00 Use the right feature gate when updating uncertain volumes + - aa6c13575 2024-04-01T16:49:17+08:00 fix panic with SIGSEGV in kubeadm certs check-expiration + - cd9f65388 2024-03-29T10:01:39-04:00 retry policy creation for CRD type checking E2E test + - cf2a33715 2024-03-19T23:16:57+01:00 Undo double run of the TestWatchSemantics test to avoid hitting timeout + - d9ca30059 2024-03-19T09:06:53+01:00 apiserver/storage/cacher: decrease the running time of tests in the cacher package. + - f8f08542c 2024-03-19T09:06:33+01:00 Serve watch without resourceVersion from cache and introduce a WatchFromStorageWithoutResourceVersion feature gate to allow serving watch from storage. + - ff2189b7c 2024-03-19T08:52:31+01:00 Ensure that initial events are sorted for WatchList + - dee895d7f 2024-03-15T00:33:33+00:00 Update CHANGELOG/CHANGELOG-1.29.md for v1.29.3 + - 93cafce2f 2024-03-08T12:57:08-05:00 fix aggregator path filtering to include / + - a3ac0b48c 2024-03-01T17:17:23-05:00 Filter aggregated apiservice gv + - beb7bf347 2024-01-10T12:19:46+01:00 Use DBG=1 for conformance verification + - 437f2cfce 2024-01-10T12:19:46+01:00 build: use -trimpath in non-DBG mode + - 0af609a29 2023-11-24T18:30:50+01:00 UPSTREAM: : kube-controller-manager: allow running bare kube-controller-manager + diff --git a/scripts/auto-rebase/commits.txt b/scripts/auto-rebase/commits.txt index 11b0f86a6e..8d198c4860 100644 --- a/scripts/auto-rebase/commits.txt +++ b/scripts/auto-rebase/commits.txt @@ -1,38 +1,38 @@ -https://github.com/openshift/cluster-csi-snapshot-controller-operator embedded-component a9b0c1c1b0bc031572e6f5029f672e58347c0648 +https://github.com/openshift/cluster-csi-snapshot-controller-operator embedded-component 661409f25dd18cdfc508568a30740b173538049c https://github.com/openshift/cluster-dns-operator embedded-component 2d77b099cd229949067d7de843b9d1538aab7403 -https://github.com/openshift/cluster-ingress-operator embedded-component 81fffa0a15f82deafd97b84e1f5cb2efe1bd9d62 -https://github.com/openshift/cluster-kube-apiserver-operator embedded-component b16e36ca91558fb1f562ebf15d4d4ee3760ef6f6 -https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component f5ea706c4378d74d1a46ed0eec624bc6cc207dbc +https://github.com/openshift/cluster-ingress-operator embedded-component bca2dff6a401500f1eae2847289c1e8ca2e993a2 +https://github.com/openshift/cluster-kube-apiserver-operator embedded-component 65eb450da8c1c674c106d4856fb6a28474ca089d +https://github.com/openshift/cluster-kube-controller-manager-operator embedded-component f0f485f3c1d70416c242e3159820331a36fb2d2a https://github.com/openshift/cluster-kube-scheduler-operator embedded-component 630f63bc7a30d2662bbb5115233144079de6eef6 -https://github.com/openshift/cluster-network-operator embedded-component d98d330298330a9f181965e9bc5a821b349084bf +https://github.com/openshift/cluster-network-operator embedded-component 6e245a07ee3d81fd91d72f49b55ddf0c7cc7c549 https://github.com/openshift/cluster-openshift-controller-manager-operator embedded-component d291c51f0becf065fbe740cf7b113b81378ee34a https://github.com/openshift/cluster-policy-controller embedded-component eaea543f4c845a7b65705f12e162cc121bb12f88 https://github.com/openshift/csi-external-snapshotter embedded-component 5315d37a1e5415e8b6870f23e50238681979cc28 https://github.com/openshift/etcd embedded-component aa0c441f97e070fed62cc3e1423537eb42c661a3 -https://github.com/openshift/kubernetes embedded-component 6b4d6cb58038fc1bd4da50fde0164a8872e60703 +https://github.com/openshift/kubernetes embedded-component d9d45306df052aa5824fd8b2dab4e61f5ecc481c https://github.com/openshift/kubernetes-kube-storage-version-migrator embedded-component 969a60e9e2466c44f5b3ffd43fe3ecab11bf1e51 -https://github.com/openshift/machine-config-operator embedded-component 509a97df24be851ee8c11247dbd840c927f02137 +https://github.com/openshift/machine-config-operator embedded-component 52e618e80e1ac6cd00ac7a41b19d354b6b254488 https://github.com/openshift/openshift-controller-manager embedded-component 0c7b9d051c5dc2497c6bc5317ba522b85e47827f -https://github.com/openshift/operator-framework-olm embedded-component 0d40488558ed03b817755c2f95567fcf68dc9cba +https://github.com/openshift/operator-framework-olm embedded-component 773439e5842d3b7ba480c6e097c7aa6da3c92df5 https://github.com/openshift/route-controller-manager embedded-component 3112b458983c6fca6f77d5a945fb0026186dace6 https://github.com/openshift/service-ca-operator embedded-component cb3093f23618be6898e540b97855450cc198db2d -https://github.com/openshift/oc image-amd64 46db7c2bce5a57e3c3d9347e7e1e107e61dbd306 +https://github.com/openshift/oc image-amd64 057cfc567e03e1470e6122fc4a3c765c4deed8b5 https://github.com/openshift/coredns image-amd64 f937ebfb6b8a31fc194597a1ade0e93e73e474b5 https://github.com/openshift/csi-external-snapshotter image-amd64 5315d37a1e5415e8b6870f23e50238681979cc28 https://github.com/openshift/csi-external-snapshotter image-amd64 5315d37a1e5415e8b6870f23e50238681979cc28 https://github.com/openshift/csi-external-snapshotter image-amd64 5315d37a1e5415e8b6870f23e50238681979cc28 -https://github.com/openshift/router image-amd64 526f832abbd2c2926d6545b4a6f5c41579bc6a76 +https://github.com/openshift/router image-amd64 7ad7ec1d2390aeeb851874ec1ab7ba0dadbf1158 https://github.com/openshift/kube-rbac-proxy image-amd64 04d0a78154b45ce300e176836bd47c6004603e88 -https://github.com/openshift/ovn-kubernetes image-amd64 904635520714590ee15a1b70c09303266c4910fb -https://github.com/openshift/kubernetes image-amd64 6b4d6cb58038fc1bd4da50fde0164a8872e60703 +https://github.com/openshift/ovn-kubernetes image-amd64 a7f09097a131adbbb01f861e20666eac49c087dd +https://github.com/openshift/kubernetes image-amd64 d9d45306df052aa5824fd8b2dab4e61f5ecc481c https://github.com/openshift/service-ca-operator image-amd64 cb3093f23618be6898e540b97855450cc198db2d -https://github.com/openshift/oc image-arm64 46db7c2bce5a57e3c3d9347e7e1e107e61dbd306 +https://github.com/openshift/oc image-arm64 f55e920172fc29bc01c7c889368dc6a4ffdc591e https://github.com/openshift/coredns image-arm64 f937ebfb6b8a31fc194597a1ade0e93e73e474b5 https://github.com/openshift/csi-external-snapshotter image-arm64 5315d37a1e5415e8b6870f23e50238681979cc28 https://github.com/openshift/csi-external-snapshotter image-arm64 5315d37a1e5415e8b6870f23e50238681979cc28 https://github.com/openshift/csi-external-snapshotter image-arm64 5315d37a1e5415e8b6870f23e50238681979cc28 -https://github.com/openshift/router image-arm64 526f832abbd2c2926d6545b4a6f5c41579bc6a76 +https://github.com/openshift/router image-arm64 d2d6892ca0bf71574a8f95579dfe7a848a5cf359 https://github.com/openshift/kube-rbac-proxy image-arm64 04d0a78154b45ce300e176836bd47c6004603e88 -https://github.com/openshift/ovn-kubernetes image-arm64 904635520714590ee15a1b70c09303266c4910fb -https://github.com/openshift/kubernetes image-arm64 6b4d6cb58038fc1bd4da50fde0164a8872e60703 +https://github.com/openshift/ovn-kubernetes image-arm64 a7f09097a131adbbb01f861e20666eac49c087dd +https://github.com/openshift/kubernetes image-arm64 094c9310af029925b53541b09e84e9af1a47638e https://github.com/openshift/service-ca-operator image-arm64 cb3093f23618be6898e540b97855450cc198db2d From e970220e07db6806eff924d91e232404b64fca28 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Fri, 26 Apr 2024 05:34:31 +0000 Subject: [PATCH 3/9] update microshift/go.mod --- go.mod | 79 +++++++++++++++++----------------- go.sum | 134 ++++++++++++++++++++++++++++----------------------------- 2 files changed, 105 insertions(+), 108 deletions(-) diff --git a/go.mod b/go.mod index 8193ff2384..65c0784728 100644 --- a/go.mod +++ b/go.mod @@ -7,11 +7,11 @@ require ( github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e // openshift-controller-manager github.com/google/go-cmp v0.6.0 github.com/miekg/dns v1.1.35 // microshift - github.com/openshift/api v0.0.0-20240207185517-ae973131190e + github.com/openshift/api v0.0.0-20240405095747-3e50337fcaea github.com/openshift/build-machinery-go v0.0.0-20231128094528-1e9b1b0595c8 - github.com/openshift/client-go v0.0.0-20240115204758-e6bf7d631d5e + github.com/openshift/client-go v0.0.0-20240405120947-c67c8325cdd8 github.com/openshift/cluster-policy-controller v0.0.0-20240311102810-eaea543f4c84 - github.com/openshift/library-go v0.0.0-20240207105404-126b47137408 + github.com/openshift/library-go v0.0.0-20240411091851-558ed29cc1dd github.com/openshift/route-controller-manager v0.0.0-20240306200724-3112b458983c github.com/pkg/errors v0.9.1 // indirect github.com/spf13/cobra v1.7.0 @@ -20,7 +20,7 @@ require ( github.com/vishvananda/netlink v1.1.0 go.etcd.io/etcd/client/pkg/v3 v3.5.13 go.etcd.io/etcd/client/v3 v3.5.10 - golang.org/x/sys v0.16.0 + golang.org/x/sys v0.18.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.29.1 k8s.io/apiextensions-apiserver v0.29.0 @@ -42,6 +42,7 @@ require ( k8s.io/utils v0.0.0-20240102154912-e7106e64919e sigs.k8s.io/kube-storage-version-migrator v0.0.6-0.20230721195810-5c8923c5ff96 sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 + sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 ) require github.com/google/s2a-go v0.1.7 // indirect @@ -71,7 +72,6 @@ require ( github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e // indirect github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect @@ -187,13 +187,13 @@ require ( go.uber.org/atomic v1.10.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.19.0 // indirect - golang.org/x/crypto v0.18.0 // indirect + golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.20.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.11.0 // indirect golang.org/x/sync v0.5.0 // indirect - golang.org/x/term v0.16.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.16.1 // indirect @@ -228,42 +228,41 @@ require ( k8s.io/pod-security-admission v0.29.1 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) replace ( github.com/onsi/ginkgo/v2 => github.com/openshift/ginkgo/v2 v2.6.1-0.20231031162821-c5e24be53ea7 // from kubernetes - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20240411182632-6b4d6cb58038 // release kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20240420191847-d9d45306df05 // release kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20240420191847-d9d45306df05 // from kubernetes ) replace ( @@ -274,4 +273,4 @@ replace ( replace sigs.k8s.io/kube-storage-version-migrator => github.com/openshift/kubernetes-kube-storage-version-migrator v0.0.3-0.20240125051406-969a60e9e246 // release kube-storage-version-migrator via kubernetes-kube-storage-version-migrator -replace k8s.io/endpointslice => github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes +replace k8s.io/endpointslice => github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240420191847-d9d45306df05 // staging kubernetes diff --git a/go.sum b/go.sum index b6e60a1787..58532faac9 100644 --- a/go.sum +++ b/go.sum @@ -110,8 +110,6 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= -github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= @@ -486,14 +484,14 @@ github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 h1:R github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/openshift/api v0.0.0-20240207185517-ae973131190e h1:Iv005XrzYnrIl8ptQFI32t2IBgMOx1kkBrqWO3pCp+E= -github.com/openshift/api v0.0.0-20240207185517-ae973131190e/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4= +github.com/openshift/api v0.0.0-20240405095747-3e50337fcaea h1:cjCo7sUIjL+Q2ZGMfLXzFb70K+77R52GVjh10fRhA1M= +github.com/openshift/api v0.0.0-20240405095747-3e50337fcaea/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4= github.com/openshift/apiserver-library-go v0.0.0-20240313131158-facc40cc7688 h1:E7U+i+BKXjzH1bZsB5a9ueSxF/8QeLxA9ZncCb0vecs= github.com/openshift/apiserver-library-go v0.0.0-20240313131158-facc40cc7688/go.mod h1:a6meSr6htNKfmmZ8ixLmnim/JL7NkgW7rX7J2vczMp4= github.com/openshift/build-machinery-go v0.0.0-20231128094528-1e9b1b0595c8 h1:cu3YUMVGsKIyFyJGO3F6BZKGYQZpCKxAv9cBPgQAca8= github.com/openshift/build-machinery-go v0.0.0-20231128094528-1e9b1b0595c8/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= -github.com/openshift/client-go v0.0.0-20240115204758-e6bf7d631d5e h1:qGjfKX8i0h4efMNEnhgTdxcdx6gwwOwhTfBJ20WFqA8= -github.com/openshift/client-go v0.0.0-20240115204758-e6bf7d631d5e/go.mod h1:2am3qrggh9LlDCf/MDGzcFWMhdaushxFQi0+ZZDhdVk= +github.com/openshift/client-go v0.0.0-20240405120947-c67c8325cdd8 h1:HGfbllzRcrJBSiwzNjBCs7sExLUxC5/1evnvlNGB0Cg= +github.com/openshift/client-go v0.0.0-20240405120947-c67c8325cdd8/go.mod h1:+VvvaMSTUhOt+rBq7NwRLSNxq06hTeRCBqm0j0PQEq8= github.com/openshift/cluster-policy-controller v0.0.0-20240311102810-eaea543f4c84 h1:aGtVz0VmcWvTx7cUIN8+38RdttDQJy2pqnVSX96DaXY= github.com/openshift/cluster-policy-controller v0.0.0-20240311102810-eaea543f4c84/go.mod h1:xGUXh6jWYgH/ihR5MIBZ/FgTEdftTlUaiPYg7a8SduY= github.com/openshift/etcd/api/v3 v3.5.1-0.20240408095611-aa0c441f97e0 h1:Qz8nq7v3hwkvyrS6scwQSGKiLwcw7hDQRzlilbXv0pA= @@ -504,62 +502,62 @@ github.com/openshift/etcd/client/v3 v3.5.1-0.20240408095611-aa0c441f97e0 h1:0zR2 github.com/openshift/etcd/client/v3 v3.5.1-0.20240408095611-aa0c441f97e0/go.mod h1:cqiAeY8b5DEEcpxvgWKsbLIWNM/8Wy2xJSDMtioMcoI= github.com/openshift/ginkgo/v2 v2.6.1-0.20231031162821-c5e24be53ea7 h1:jUM9Fdf+fT0LTccN58jrypOyzcfQUs1v2UH6f8vdBTA= github.com/openshift/ginkgo/v2 v2.6.1-0.20231031162821-c5e24be53ea7/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= -github.com/openshift/kubernetes v0.0.0-20240411182632-6b4d6cb58038 h1:QZP0j+wLbeGg967KHwuESkUZ8F73fTECFAIzhOhun6Q= -github.com/openshift/kubernetes v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:UYblPCA+uY3ZUvHhgeK6EZHUcAAug04LLdFYgwFEIBw= +github.com/openshift/kubernetes v0.0.0-20240420191847-d9d45306df05 h1:j6CBvNvlpaOdPM9/q9HphzlM4rFrDD/f6rKPfpynWCA= +github.com/openshift/kubernetes v0.0.0-20240420191847-d9d45306df05/go.mod h1:3rcdbfeE+i0PHNxarDfvhzAYwbqDH0b3Rbj8gDh+hIw= github.com/openshift/kubernetes-kube-storage-version-migrator v0.0.3-0.20240125051406-969a60e9e246 h1:XbvnIzWITQAGkucBNg+7fCBF0ysRySNSOkTvYWFU6fA= github.com/openshift/kubernetes-kube-storage-version-migrator v0.0.3-0.20240125051406-969a60e9e246/go.mod h1:XvsDWvUXlITs6q4deif+DIbomfUhxf6igCMjFiP6jHU= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240411182632-6b4d6cb58038 h1:rKGQWNelsI5Yc9VXDifIX0QecVNjNcnUl9NZfDZ8Coc= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:TmaiXv9Cp++OTEqmCdI5k4wczjBgG5cfzeePPDQwMQY= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240411182632-6b4d6cb58038 h1:qvbGhZ0mYR3Z9Xi4aoE3VjCBKpKxN8+Ef8fcaPPjnlc= -github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:gLOmq3Jye7+kwiuKZD8kgxe+JI41eQug81BHrkbLMHE= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240411182632-6b4d6cb58038 h1:C+P9p3oHkhm4BWvGqhA7DZ1A5k0jNiOqCBEUVvVFWEM= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:M+j+5LA62rPH2S0hz+D7E2ErGzUc16Y1jTFR1BkP9cw= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240411182632-6b4d6cb58038 h1:7I47BKTyzKxSDD43Mj4YpvkrkVSwqyoD2QP0oLdrH6A= -github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:mCmcHoAfgJibkT0iWke83QLLxVkk65VKwAwPgUbQ+14= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240411182632-6b4d6cb58038 h1:qMEWE3KGJqzg1hxzxPX9jMFVbjL6FGCQXOcAPKP7cQU= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:sEQO/bfEeG8InvkctwFaCrrlRh67bF1L8fAu2IJOna4= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240411182632-6b4d6cb58038 h1:Qm+rG6ku6vg8EqXbFOWLXJDwADqsvvAfZH5hpUEQ+m0= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:wcaoSGTS0oWs9p6L2ZZKmsKKGM6I2Og8hdzQ27Ate4c= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240411182632-6b4d6cb58038 h1:s0tOny3elJ2OVSXQcWonbAmmzxXj615zWLVkXjRHA0A= -github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:snnIit7bfNNJvjy+AZ28mXeEw6eondBCKx7A3SgEFf8= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240411182632-6b4d6cb58038 h1:KGAuSUftQqf2SfX98F+XYaNQpuA058Ubw6n6FxuwpO0= -github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:N8eF95+HnyUWbXD3mX+hfIlkq/zBIMrwGY7xkg0LBDI= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240411182632-6b4d6cb58038 h1:VigatC9+x6SaCLWjC7HEx/LPgbwe1D0+HHObITTUwrY= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:uMZxP661ATTVxrN/iB2PZv1akCshKCiNIFV5k7KXaLo= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240411182632-6b4d6cb58038 h1:fqP1OkOG+yvQSK40/BAqPBMuKVFf71hYL5h8CGwQmOc= -github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:wNpnXrhndmTOwIBO9ElYzB8W7HTwsYHWM7d1aeXF4hU= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240411182632-6b4d6cb58038 h1:sEDbSd5AeM18h3b79O8QrShBj/CejKAPyTg61BqjNEo= -github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:4eAglCcwNU8egIUkFWDZ3vrC9guwmd4w5+oQNsFwCho= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240411182632-6b4d6cb58038 h1:8VmV9zc2kXFF0b+c+9BxccA8YkxBD53cEbiE+gUA/qg= -github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:0PgWsSztLGgo6zUIUlXZ+J4xAazIlgVKgoAO1xvLNvA= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240411182632-6b4d6cb58038 h1:ZqBuUwSoOTij9JnuPwwrj3lZekMjo/luiMzzdxizRSg= -github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:zxAYUaJs3noit3gobfQJCtLXc+9plp4trt/8RMfRtns= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240411182632-6b4d6cb58038 h1:At+GSiELXPUGbffrqCWozWoMMRr27XhRwGPVJs272bQ= -github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:wawYAYmsXky6AifmxP7A51R0XQf9ZLRYUdPyCkaTyM4= -github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240411182632-6b4d6cb58038 h1:NeOZY3owjJS6lubBYsNcmnkZaNRh6Q92iLIy+pXF8Mc= -github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:b4+1mrx2AH52X8lh8bUOdtIHD3DxZj5ZTBeqId4VzGM= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240411182632-6b4d6cb58038 h1:3OjshKQM1YfsbPer39RA+xSbZhLvm6Yc2PVTIfdfHlE= -github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:sorMMTvAz5OHPulkE1BtMuLF0myjWDOmaOV+L72YoWQ= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240411182632-6b4d6cb58038 h1:WVWf2t+2QtdkLWjL7XU5guLIBS4pAhI/L1zNcKQ0ckU= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:89OiOFZagz4PBmy0F17qsu4Czzt0b2KGLiLllPThjbA= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240411182632-6b4d6cb58038 h1:bYotqJtB6zlSKpDNuyt4wd/zDpVTXZRnJ0wHCs+8+qM= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:F0SOAqpoI+ANE81MkGODiyn9+tA+CkBBM4YcqKc5ZOw= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240411182632-6b4d6cb58038 h1:dBuP1h9Lku+wYp8/PUDzugbJ8hcas38aErj9nPmF2W8= -github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:U27VzJSm8+/Rcq92Rt76KWVDGZQlJJqpOvfMWsNdfIQ= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240411182632-6b4d6cb58038 h1:tR9XVEiwQOFmgkGb7XGlLb4SPsBcRDIkxAdM3VUM0y0= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:0CwEJ2ZbolznQwiegk1OQHCP1NcQVMguYDjrGOwIHC8= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240411182632-6b4d6cb58038 h1:ts5rm38N6qfTWyPnie1DKT4rs5wxEuR0Y8gEBgeo/gE= -github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:nRkJZ9w4IgzUoAmlq+4ICCxInXgqSRcTuqFboq2LKp8= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240411182632-6b4d6cb58038 h1:yPI2Sjqz1nCuqOuJlK2741Wdguq2ZGRBLk4zMDXHto8= -github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:pFiuxK+L3qTVCmpI1t3uxClX5L0n6hlw2cbkaVYUcFg= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240411182632-6b4d6cb58038 h1:eQd25ofkwTg1/Fd+qex1t6dzO+KSiZKlnvaui8YkDYc= -github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:9JIeXvd7k0HnsAJPkI/jFjyiwMNc6M7v0dqTxNF4Lsg= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240411182632-6b4d6cb58038 h1:UChslX+VAKKcgAdqb65YuR7cp+QWwA3qeU8IvoaLhRc= -github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:6PUWfpRhx/A8aRuFIntAVJjxcnLWyqircvt5UQpbbWg= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240411182632-6b4d6cb58038 h1:QKDuO7C9ng2ab8NkPN1/KJei7oqnAhGV5GYJs2UUxew= -github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:CGTTg/p6bZqFYTkcNrzv4kz7AbTwNAI2KoaA2L6U7Nw= -github.com/openshift/library-go v0.0.0-20240207105404-126b47137408 h1:Evg6GEvEuyj9toFX14YenXI6hGRnhLWqYx/rHO7VnQ4= -github.com/openshift/library-go v0.0.0-20240207105404-126b47137408/go.mod h1:ePlaOqUiPplRc++6aYdMe+2FmXb2xTNS9Nz5laG2YmI= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240420191847-d9d45306df05 h1:JEWCsnwnQOsjjNAKZdnqYjcxI9ZVpRbtPYrhuvoqasM= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240420191847-d9d45306df05/go.mod h1:oIThoHpI6Q+T3cndFnOnKY4n2GzS7mYQvvBIQ/VvI8M= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240420191847-d9d45306df05 h1:hf8ILVy/LwOyASw84a2AefwCG8Cj8CBMRp3yRqlFLqM= +github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240420191847-d9d45306df05/go.mod h1:/prwKRpRqI92hcIMKh4/iMZ6R/Ac2m2WR6xOwLWFEO4= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240420191847-d9d45306df05 h1:6QQfxXHET/L1c5HXRpXzoDyYGrT7R+PA9SOOE0YwCno= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240420191847-d9d45306df05/go.mod h1:IhHRRF080N9VU1QEEJ5zTYAQkPElZ84OH08nPyo0Lw0= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240420191847-d9d45306df05 h1:qYVckSwSzpQ6EujgV2xnVFtPYTheKR/Pf5d16Ud6Up0= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240420191847-d9d45306df05/go.mod h1:ry6KC66wtRKz9OEJXTpLj9OKjC5wZkMTM8Y/dMRAoVA= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240420191847-d9d45306df05 h1:vro9IL2dbnC53H7N9a5zmgg87NpNbP0pyepxdZk4fc0= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240420191847-d9d45306df05/go.mod h1:eq1ArtMJ3o/VUDn7NTP/eryQG8pTGjtattESXd5g42U= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240420191847-d9d45306df05 h1:okctlJNSQuMwGbkSkylt0WwgCaINrCs5/5Cg1aMQ8qM= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240420191847-d9d45306df05/go.mod h1:68E0AiovGRxyJ30s/QzLPLardQJCx/gm2GhdaAzJ10M= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240420191847-d9d45306df05 h1:K/2xzFdf7LPcvqVM+5i4mI3QGdJTwEcCii7f74kDcIg= +github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240420191847-d9d45306df05/go.mod h1:ahEk+ldnrgcZAWbVc8MoM88Ej58R1yO3pRgEJscso8c= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240420191847-d9d45306df05 h1:Op9dgdq8/skQ1AvmnMzMBhlyoDH4hDpIOSK6PsBJvig= +github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240420191847-d9d45306df05/go.mod h1:NMIqLZ1bjJKn/OxQs/urOq9Mo7o4Z9SgaEkDi8r0iDQ= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240420191847-d9d45306df05 h1:zKwiMRlXmnXeXs9OhWZcdzSOB7SzXbIDn9SQswCEeBw= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240420191847-d9d45306df05/go.mod h1:JnCQWqQaTRtB1Mp/WKNpwndJeyVDa0DX0XfjeQlmB1M= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240420191847-d9d45306df05 h1:Y5kxSVcpYcnbibFVzLTADcbEOL/Ply6wwjfnK1fJJ78= +github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240420191847-d9d45306df05/go.mod h1:Ken1KocNhJBJHBCvzeByTlXNO+oxxh982ieimC6KX4g= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240420191847-d9d45306df05 h1:G43fazbE17mJUAGZ7jIg8Qr5HIuMr0O5Bf+YCRGevDU= +github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240420191847-d9d45306df05/go.mod h1:lP4RyYBciOkhbVCTb5MbSN0/GOauZTwGgpbTkwb7kEw= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240420191847-d9d45306df05 h1:mF9NZgcRXvJvvdWk4QKo00bic7BTiTSxba+QviAFyNA= +github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240420191847-d9d45306df05/go.mod h1:9Tgle7RkZOzgRM2VCSvvXZZjsQqOC6dxLtYy6BF+5PE= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240420191847-d9d45306df05 h1:L+bysfxLuCjEtPyrtv48qWi3O18f0JAICGnPHAwo4cM= +github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240420191847-d9d45306df05/go.mod h1:bKXDOUmiy/juOoPYsnxt3RbUKZKx+LFKsfCZw8nxsos= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240420191847-d9d45306df05 h1:sIN76JSa8hEtF4VRjJ+eiqEhtPUvj1ORB+WdczxrBkY= +github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240420191847-d9d45306df05/go.mod h1:ia6wL8kICRq0a6Zj2idep1RncpGA/8/qdTbL5rYqxz0= +github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240420191847-d9d45306df05 h1:WoCjMV7KmpFz/DsctaAi5iqCK1dSdGKSHMmhZ+I36Lk= +github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240420191847-d9d45306df05/go.mod h1:O/HKBFPaFbGb++MLSF/NSRMvksaQ3yfgOgXLuykggQA= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240420191847-d9d45306df05 h1:/18z6hrAUYNv1YqPjjbTrlcdB2G1Uv+qUyeYz7Atc1Y= +github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240420191847-d9d45306df05/go.mod h1:4pCpiW+pKMCqRLVoGPw11lrvEriSyd8o7DSvCw2u9vY= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240420191847-d9d45306df05 h1:OjrmR+9URhI9PXuNaaj0ImRqSqOR8APXWpn47q9wWMM= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240420191847-d9d45306df05/go.mod h1:s6LCMoQlCajfzAFIaRcxCImDJf0vsuSW7YYZ6crPUYM= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240420191847-d9d45306df05 h1:SVbiQTF7AkAbrjIALZaOY0Et46JpFWH8QSl7ZqsWFNw= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240420191847-d9d45306df05/go.mod h1:GzLfPndMG5N4amYe78K2d9Y32Dtdz7IxAsR+jvYNAxM= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240420191847-d9d45306df05 h1:Ki8PfhorR/TXkkywzyC0PlSvO76MlZH0MG0WtENIdJY= +github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240420191847-d9d45306df05/go.mod h1:iCnLhShFPbA6+0cBJHMIC8osA4ukveEZbQweXjn+oXo= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240420191847-d9d45306df05 h1:CINu9BKje3Xh5wqYjkuSGOtc1nczvd6Rcr3ZcIJN3Ps= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240420191847-d9d45306df05/go.mod h1:L0N5ONv4vn8oIGy8gjX0ZzkLT7GLQxP2G9R2+K/osEM= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240420191847-d9d45306df05 h1:NC+trUi1Cfi262ePFlXMYLAvskfwqMz/UxGwN0ZWADg= +github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240420191847-d9d45306df05/go.mod h1:KvraWPlwZlgVhDnR3yjrAQTIPAk2Qia7iA6f7MWmZ6k= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240420191847-d9d45306df05 h1:Vd042o7+4dshrbEJE0ZzZpT28YKH2YddPCiGVlOFEH4= +github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240420191847-d9d45306df05/go.mod h1:W4g9/bUJ1/X01jOJGx395Ob4wKV2R58OrGvDhVdZSjw= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240420191847-d9d45306df05 h1:4OTIfim7V8pnsoenFS3hpMJCPnGgUd5a70GNqbLRsc8= +github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240420191847-d9d45306df05/go.mod h1:wcQC0ObNu0HtMRBaJJL6OJgg+DzcrdgW9ek5i7AncbE= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240420191847-d9d45306df05 h1:rzT+ld71MBBPwM4ppZkcC6h3z4ZW5MXG3l6fB77C1wM= +github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240420191847-d9d45306df05/go.mod h1:4KmkE88Y4LDYrotr6iqMrolXDcWWY7UqmroXTO/sxFw= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240420191847-d9d45306df05 h1:oC/FKXMXZWFP0m9JuhCMz0g1+V3YUZhBT7ZrwHIrDjk= +github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240420191847-d9d45306df05/go.mod h1:bWoqYVgriw8l8YZVL64Vwj0eDheLGIbgxWRU/dUycJ0= +github.com/openshift/library-go v0.0.0-20240411091851-558ed29cc1dd h1:svnVGaIsBgNRW/6FRRxIWOyYmpL7jL7LkkRYiYS8OFk= +github.com/openshift/library-go v0.0.0-20240411091851-558ed29cc1dd/go.mod h1:m/HsttSi90vSixwoy5mPUBHcZid2YRw/QbsLErLxF9s= github.com/openshift/route-controller-manager v0.0.0-20240306200724-3112b458983c h1:Y+CdtMBqLmL5RQAYzugn3O5xsKC6y0oYpqY9Ds/PMr8= github.com/openshift/route-controller-manager v0.0.0-20240306200724-3112b458983c/go.mod h1:bKMzHzOveoSMWypzUHrHxf62Oq8BOnNhwjTeDp/lgDg= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= @@ -745,8 +743,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= -golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -829,8 +827,8 @@ golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -924,14 +922,14 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= -golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 3c9db8d7ae43429319d819518fb1404b2dc4f5e4 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Fri, 26 Apr 2024 05:34:56 +0000 Subject: [PATCH 4/9] update microshift/vendor --- vendor/github.com/blang/semver/.travis.yml | 21 - vendor/github.com/blang/semver/LICENSE | 22 - vendor/github.com/blang/semver/README.md | 194 -- vendor/github.com/blang/semver/json.go | 23 - vendor/github.com/blang/semver/package.json | 17 - vendor/github.com/blang/semver/range.go | 416 --- vendor/github.com/blang/semver/semver.go | 418 --- vendor/github.com/blang/semver/sort.go | 28 - vendor/github.com/blang/semver/sql.go | 30 - vendor/github.com/openshift/api/Makefile | 3 +- vendor/github.com/openshift/api/README.md | 243 +- ...piserver.openshift.io_apirequestcount.yaml | 328 --- .../v1/stable.apirequestcount.testsuite.yaml | 15 - .../api/apiserver/v1/types_apirequestcount.go | 11 +- ..._generated.featuregated-crd-manifests.yaml | 34 + ...enshift_01_rolebindingrestriction.crd.yaml | 215 -- .../api/authorization/v1/generated.proto | 4 + ...able.rolebindingrestriction.testsuite.yaml | 14 - .../openshift/api/authorization/v1/types.go | 4 + ..._generated.featuregated-crd-manifests.yaml | 21 + vendor/github.com/openshift/api/build/OWNERS | 5 +- .../openshift/api/cloudnetwork/.codegen.yaml | 0 .../v1/001-cloudprivateipconfig.crd.yaml | 151 -- .../001-cloudprivateipconfig.crd.yaml-patch | 10 - .../api/cloudnetwork/v1/generated.proto | 2 + ...stable.cloudprivateipconfig.testsuite.yaml | 18 - .../openshift/api/cloudnetwork/v1/types.go | 2 + ..._generated.featuregated-crd-manifests.yaml | 21 + .../openshift/api/config/.codegen.yaml | 6 - ...rsion-operator_01_clusteroperator.crd.yaml | 167 -- ...01_clusterversion-CustomNoUpgrade.crd.yaml | 775 ------ ...perator_01_clusterversion-Default.crd.yaml | 722 ----- ...usterversion-TechPreviewNoUpgrade.crd.yaml | 775 ------ .../0000_03_config-operator_01_proxy.crd.yaml | 106 - ...rketplace-operator_01_operatorhub.crd.yaml | 109 - ...ator_01_apiserver-CustomNoUpgrade.crd.yaml | 312 --- ...fig-operator_01_apiserver-Default.crd.yaml | 312 --- ...01_apiserver-TechPreviewNoUpgrade.crd.yaml | 312 --- ...01_authentication.crd-CustomNoUpgrade.yaml | 553 ---- ...authentication.crd-Default-Hypershift.yaml | 551 ---- ...tication.crd-Default-Hypershift.yaml-patch | 284 -- ...perator_01_authentication.crd-Default.yaml | 171 -- ...thentication.crd-TechPreviewNoUpgrade.yaml | 554 ---- ...000_10_config-operator_01_console.crd.yaml | 75 - ...g-operator_01_dns-CustomNoUpgrade.crd.yaml | 159 -- ...10_config-operator_01_dns-Default.crd.yaml | 159 -- ...rator_01_dns-TechPreviewNoUpgrade.crd.yaml | 159 -- ...10_config-operator_01_featuregate.crd.yaml | 213 -- .../0000_10_config-operator_01_image.crd.yaml | 162 -- ...ig-operator_01_imagecontentpolicy.crd.yaml | 112 - ...-operator_01_imagedigestmirrorset.crd.yaml | 141 - ...fig-operator_01_imagetagmirrorset.crd.yaml | 144 - ...01_infrastructure-CustomNoUpgrade.crd.yaml | 2089 --------------- ...rastructure-CustomNoUpgrade.crd.yaml-patch | 24 - ...perator_01_infrastructure-Default.crd.yaml | 1745 ------------ ...r_01_infrastructure-Default.crd.yaml-patch | 24 - ...frastructure-TechPreviewNoUpgrade.crd.yaml | 2089 --------------- ...ucture-TechPreviewNoUpgrade.crd.yaml-patch | 24 - ...000_10_config-operator_01_ingress.crd.yaml | 553 ---- ...erator_01_network-CustomNoUpgrade.crd.yaml | 284 -- ...onfig-operator_01_network-Default.crd.yaml | 284 -- ...r_01_network-TechPreviewNoUpgrade.crd.yaml | 284 -- .../0000_10_config-operator_01_node.crd.yaml | 66 - .../0000_10_config-operator_01_oauth.crd.yaml | 698 ----- ...000_10_config-operator_01_project.crd.yaml | 68 - ...0_10_config-operator_01_scheduler.crd.yaml | 108 - ...troller-manager-operator_01_build.crd.yaml | 431 --- .../config/v1/custom.apiserver.testsuite.yaml | 35 - .../v1/custom.authentication.testsuite.yaml | 284 -- .../v1/custom.clusterversion.testsuite.yaml | 472 ---- .../api/config/v1/custom.dns.testsuite.yaml | 104 - .../v1/custom.infrastructure.testsuite.yaml | 321 --- .../config/v1/custom.network.testsuite.yaml | 28 - .../github.com/openshift/api/config/v1/doc.go | 1 + .../openshift/api/config/v1/feature_gates.go | 942 ++++--- .../config/v1/stable.apiserver.testsuite.yaml | 36 - .../v1/stable.authentication.testsuite.yaml | 21 - .../api/config/v1/stable.build.testsuite.yaml | 14 - .../v1/stable.clusteroperator.testsuite.yaml | 14 - .../v1/stable.clusterversion.testsuite.yaml | 418 --- .../config/v1/stable.console.testsuite.yaml | 14 - .../api/config/v1/stable.dns.testsuite.yaml | 105 - .../v1/stable.featuregate.testsuite.yaml | 14 - ...e.hypershift.authentication.testsuite.yaml | 298 --- .../api/config/v1/stable.image.testsuite.yaml | 14 - .../stable.imagecontentpolicy.testsuite.yaml | 14 - ...stable.imagedigestmirrorset.testsuite.yaml | 14 - .../stable.imagetagmirrorset.testsuite.yaml | 14 - .../v1/stable.infrastructure.testsuite.yaml | 1262 --------- .../config/v1/stable.ingress.testsuite.yaml | 14 - .../config/v1/stable.network.testsuite.yaml | 37 - .../api/config/v1/stable.node.testsuite.yaml | 14 - .../api/config/v1/stable.oauth.testsuite.yaml | 14 - .../v1/stable.operatorhub.testsuite.yaml | 14 - .../config/v1/stable.project.testsuite.yaml | 14 - .../api/config/v1/stable.proxy.testsuite.yaml | 14 - .../config/v1/stable.scheduler.testsuite.yaml | 14 - .../v1/techpreview.apiserver.testsuite.yaml | 35 - .../techpreview.authentication.testsuite.yaml | 298 --- .../techpreview.clusterversion.testsuite.yaml | 472 ---- .../config/v1/techpreview.dns.testsuite.yaml | 14 - .../techpreview.infrastructure.testsuite.yaml | 749 ------ .../v1/techpreview.network.testsuite.yaml | 28 - .../api/config/v1/types_apiserver.go | 5 + .../api/config/v1/types_authentication.go | 19 +- .../openshift/api/config/v1/types_build.go | 6 + .../api/config/v1/types_cluster_operator.go | 11 + .../api/config/v1/types_cluster_version.go | 65 +- .../openshift/api/config/v1/types_console.go | 5 + .../openshift/api/config/v1/types_dns.go | 5 + .../openshift/api/config/v1/types_feature.go | 180 +- .../openshift/api/config/v1/types_image.go | 5 + .../config/v1/types_image_content_policy.go | 5 + .../v1/types_image_digest_mirror_set.go | 5 + .../config/v1/types_image_tag_mirror_set.go | 5 + .../api/config/v1/types_infrastructure.go | 25 +- .../openshift/api/config/v1/types_ingress.go | 33 +- .../openshift/api/config/v1/types_network.go | 113 +- .../openshift/api/config/v1/types_node.go | 3 + .../openshift/api/config/v1/types_oauth.go | 5 + .../api/config/v1/types_operatorhub.go | 5 + .../openshift/api/config/v1/types_project.go | 5 + .../openshift/api/config/v1/types_proxy.go | 5 + .../api/config/v1/types_scheduling.go | 33 + .../api/config/v1/types_tlssecurityprofile.go | 55 +- .../api/config/v1/zz_generated.deepcopy.go | 96 + ..._generated.featuregated-crd-manifests.yaml | 490 ++++ .../v1/zz_generated.swagger_doc_generated.go | 61 +- ...or_01_backup-TechPreviewNoUpgrade.crd.yaml | 142 - ...lusterimagepolicy-CustomNoUpgrade.crd.yaml | 394 --- ...rimagepolicy-TechPreviewNoUpgrade.crd.yaml | 394 --- ...or_01_imagepolicy-CustomNoUpgrade.crd.yaml | 394 --- ..._imagepolicy-TechPreviewNoUpgrade.crd.yaml | 394 --- ...ig-operator_01_insightsdatagather.crd.yaml | 88 - .../custom.clusterimagepolicy.testsuite.yaml | 451 ---- .../custom.imagepolicy.testsuite.yaml | 451 ---- .../techpreview.backup.testsuite.yaml | 202 -- ...hpreview.clusterimagepolicy.testsuite.yaml | 451 ---- .../techpreview.imagepolicy.testsuite.yaml | 451 ---- ...hpreview.insightsdatagather.testsuite.yaml | 14 - .../api/config/v1alpha1/types_backup.go | 6 + .../v1alpha1/types_cluster_image_policy.go | 6 + .../api/config/v1alpha1/types_image_policy.go | 14 +- .../api/config/v1alpha1/types_insights.go | 6 + .../config/v1alpha1/zz_generated.deepcopy.go | 24 +- ..._generated.featuregated-crd-manifests.yaml | 92 + .../console/v1/00_consoleclidownload.crd.yaml | 88 - .../v1/00_consoleexternalloglink.crd.yaml | 92 - .../api/console/v1/00_consolelink.crd.yaml | 162 -- .../v1/00_consolenotification.crd.yaml | 95 - .../console/v1/00_consolequickstart.crd.yaml | 207 -- .../api/console/v1/00_consolesample.crd.yaml | 241 -- .../console/v1/00_consoleyamlsample.crd.yaml | 91 - .../api/console/v1/90_consoleplugin.crd.yaml | 374 --- .../stable.consoleclidownload.testsuite.yaml | 20 - ...able.consoleexternalloglink.testsuite.yaml | 18 - .../v1/stable.consolelink.testsuite.yaml | 20 - .../stable.consolenotification.testsuite.yaml | 16 - .../v1/stable.consoleplugin.testsuite.yaml | 88 - .../stable.consolequickstart.testsuite.yaml | 28 - .../v1/stable.consolesample.testsuite.yaml | 183 -- .../stable.consoleyamlsample.testsuite.yaml | 26 - .../console/v1/types_console_cli_download.go | 10 + .../v1/types_console_external_log_links.go | 11 + .../api/console/v1/types_console_link.go | 12 + .../console/v1/types_console_notification.go | 11 + .../api/console/v1/types_console_plugin.go | 8 + .../console/v1/types_console_quick_start.go | 7 + .../api/console/v1/types_console_sample.go | 7 + .../console/v1/types_console_yaml_sample.go | 7 + ..._generated.featuregated-crd-manifests.yaml | 225 ++ .../v1alpha1/90_consoleplugin.crd.yaml | 374 --- .../stable.consoleplugin.testsuite.yaml | 23 - .../console/v1alpha1/types_console_plugin.go | 8 + ..._generated.featuregated-crd-manifests.yaml | 24 + vendor/github.com/openshift/api/features.md | 60 + .../v1beta1/00_helm-chart-repository.crd.yaml | 174 -- .../00_project-helm-chart-repository.crd.yaml | 192 -- .../stable.helmchartrepository.testsuite.yaml | 14 - ....projecthelmchartrepository.testsuite.yaml | 14 - .../v1beta1/types_helm_chart_repository.go | 5 + .../types_project_helm_chart_repository.go | 5 + ..._generated.featuregated-crd-manifests.yaml | 42 + .../v1/00_imageregistry.crd.yaml | 2363 ----------------- .../v1/00_imageregistry.crd.yaml-patch | 13 - .../imageregistry/v1/01_imagepruner.crd.yaml | 1210 --------- .../v1/stable.config.testsuite.yaml | 109 - .../v1/stable.imagepruner.testsuite.yaml | 15 - .../openshift/api/imageregistry/v1/types.go | 5 + .../api/imageregistry/v1/types_imagepruner.go | 5 + ..._generated.featuregated-crd-manifests.yaml | 42 + .../openshift/api/machine/.codegen.yaml | 7 +- ...olplanemachineset-CustomNoUpgrade.crd.yaml | 955 ------- ...10_controlplanemachineset-Default.crd.yaml | 955 ------- ...nemachineset-TechPreviewNoUpgrade.crd.yaml | 955 ------- ...stom.controlplanemachineset.testsuite.yaml | 50 - ....controlplanemachineset.aws.testsuite.yaml | 368 --- ...ontrolplanemachineset.azure.testsuite.yaml | 74 - ....controlplanemachineset.gcp.testsuite.yaml | 74 - ...olplanemachineset.openstack.testsuite.yaml | 632 ----- ...able.controlplanemachineset.testsuite.yaml | 488 ---- ...view.controlplanemachineset.testsuite.yaml | 50 - .../v1/types_controlplanemachineset.go | 12 +- ..._generated.featuregated-crd-manifests.yaml | 51 + .../machine/v1beta1/0000_10_machine.crd.yaml | 492 ---- .../v1beta1/0000_10_machinehealthcheck.yaml | 270 -- .../v1beta1/0000_10_machineset.crd.yaml | 562 ---- .../v1beta1/stable.machine.testsuite.yaml | 14 - .../stable.machinehealthcheck.testsuite.yaml | 16 - .../v1beta1/stable.machineset.testsuite.yaml | 15 - .../api/machine/v1beta1/types_machine.go | 7 + .../v1beta1/types_machinehealthcheck.go | 8 +- .../api/machine/v1beta1/types_machineset.go | 7 + ..._generated.featuregated-crd-manifests.yaml | 138 + ...00_50_monitoring_01_alertingrules.crd.yaml | 205 -- ...monitoring_02_alertrelabelconfigs.crd.yaml | 195 -- .../techpreview.alertingrule.testsuite.yaml | 24 - ...hpreview.alertrelabelconfig.testsuite.yaml | 20 - .../api/monitoring/v1alpha1/types.go | 13 + ..._generated.featuregated-crd-manifests.yaml | 48 + .../openshift/api/network/.codegen.yaml | 5 - .../network/v1/001-clusternetwork-crd.yaml | 130 - .../api/network/v1/002-hostsubnet-crd.yaml | 107 - .../api/network/v1/003-netnamespace-crd.yaml | 81 - .../v1/004-egressnetworkpolicy-crd.yaml | 90 - .../openshift/api/network/v1/generated.proto | 37 +- .../v1/stable.clusternetwork.testsuite.yaml | 16 - .../stable.egressnetworkpolicy.testsuite.yaml | 16 - .../v1/stable.hostsubnet.testsuite.yaml | 18 - .../v1/stable.netnamespace.testsuite.yaml | 16 - .../openshift/api/network/v1/types.go | 37 +- ..._generated.featuregated-crd-manifests.yaml | 126 + ...nsnameresolver_00-customnoupgrade.crd.yaml | 245 -- ...resolver_00-customnoupgrade.crd.yaml-patch | 5 - ...70_dnsnameresolver_00-techpreview.crd.yaml | 245 -- ...nameresolver_00-techpreview.crd.yaml-patch | 5 - .../custom.dnsnameresolver.testsuite.yaml | 402 --- ...techpreview.dnsnameresolver.testsuite.yaml | 402 --- .../network/v1alpha1/types_dnsnameresolver.go | 5 +- ..._generated.featuregated-crd-manifests.yaml | 23 + .../v1/001-egressrouter.crd.yaml | 250 -- .../v1/001-egressrouter.crd.yaml-patch | 26 - .../api/networkoperator/v1/generated.proto | 7 +- .../v1/stable.egressrouter.testsuite.yaml | 23 - .../networkoperator/v1/types_egressrouter.go | 7 +- ..._generated.featuregated-crd-manifests.yaml | 29 + .../openshift/api/operator/.codegen.yaml | 8 +- ...0000_10_config-operator_01_config.crd.yaml | 171 -- ...or_01_config-TechPreviewNoUpgrade.crd.yaml | 264 -- .../0000_12_etcd-operator_01_config.crd.yaml | 252 -- ...kube-apiserver-operator_01_config.crd.yaml | 266 -- ...piserver-operator_01_config.crd.yaml-patch | 3 - ...roller-manager-operator_01_config.crd.yaml | 257 -- ...-manager-operator_01_config.crd.yaml-patch | 3 - ...kube-scheduler-operator_01_config.crd.yaml | 247 -- ...cheduler-operator_01_config.crd.yaml-patch | 3 - ...hift-apiserver-operator_01_config.crd.yaml | 176 -- ...oud-credential-operator_00_config.crd.yaml | 185 -- ...rsion-migrator-operator_00_config.crd.yaml | 165 -- ...authentication-operator_01_config.crd.yaml | 173 -- ...roller-manager-operator_02_config.crd.yaml | 166 -- ...00_50_cluster_storage_operator_01_crd.yaml | 182 -- ...ess-operator_00-ingresscontroller.crd.yaml | 2237 ---------------- ...erator_00-ingresscontroller.crd.yaml-patch | 32 - ...ghts-operator_00-insightsoperator.crd.yaml | 350 --- .../0000_50_service-ca-operator_02_crd.yaml | 167 -- ...twork-operator_01-CustomNoUpgrade.crd.yaml | 890 ------- ...uster-network-operator_01-Default.crd.yaml | 885 ------ ...-operator_01-TechPreviewNoUpgrade.crd.yaml | 890 ------- .../v1/0000_70_dns-operator_00.crd.yaml | 575 ---- .../v1/0000_70_dns-operator_00.crd.yaml-patch | 21 - ...i_snapshot_controller_operator_01_crd.yaml | 167 -- ...machine-config-operator_01_config.crd.yaml | 246 -- ...0_90_cluster_csi_driver_01_config.crd.yaml | 367 --- ...luster_csi_driver_01_config.crd.yaml-patch | 23 - .../operator/v1/00_console-operator.crd.yaml | 636 ----- .../operator/v1/custom.network.testsuite.yaml | 100 - .../v1/stable.authentication.testsuite.yaml | 16 - .../v1/stable.cloudcredential.testsuite.yaml | 16 - .../v1/stable.clustercsidriver.testsuite.yaml | 41 - .../operator/v1/stable.config.testsuite.yaml | 16 - .../operator/v1/stable.console.testsuite.yaml | 157 -- ...table.csisnapshotcontroller.testsuite.yaml | 16 - .../api/operator/v1/stable.dns.testsuite.yaml | 21 - .../operator/v1/stable.etcd.testsuite.yaml | 16 - .../stable.ingresscontroller.testsuite.yaml | 478 ---- .../v1/stable.insightsoperator.testsuite.yaml | 16 - .../v1/stable.kubeapiserver.testsuite.yaml | 16 - ...table.kubecontrollermanager.testsuite.yaml | 17 - .../v1/stable.kubescheduler.testsuite.yaml | 16 - ....kubestorageversionmigrator.testsuite.yaml | 16 - ...stable.machineconfiguration.testsuite.yaml | 16 - .../operator/v1/stable.network.testsuite.yaml | 409 --- .../stable.openshiftapiserver.testsuite.yaml | 16 - ....openshiftcontrollermanager.testsuite.yaml | 16 - .../v1/stable.serviceca.testsuite.yaml | 16 - .../operator/v1/stable.storage.testsuite.yaml | 113 - .../v1/techpreview.etcd.testsuite.yaml | 62 - .../v1/techpreview.network.testsuite.yaml | 100 - .../openshift/api/operator/v1/types.go | 8 + .../api/operator/v1/types_authentication.go | 6 + .../api/operator/v1/types_cloudcredential.go | 6 + .../openshift/api/operator/v1/types_config.go | 5 + .../api/operator/v1/types_console.go | 5 + .../operator/v1/types_csi_cluster_driver.go | 8 +- .../api/operator/v1/types_csi_snapshot.go | 6 +- .../openshift/api/operator/v1/types_dns.go | 13 +- .../openshift/api/operator/v1/types_etcd.go | 7 +- .../api/operator/v1/types_ingress.go | 5 +- .../api/operator/v1/types_insights.go | 5 + .../api/operator/v1/types_kubeapiserver.go | 5 + .../v1/types_kubecontrollermanager.go | 5 + .../v1/types_kubestorageversionmigrator.go | 5 + .../operator/v1/types_machineconfiguration.go | 409 ++- .../api/operator/v1/types_network.go | 92 +- .../operator/v1/types_openshiftapiserver.go | 5 + .../v1/types_openshiftcontrollermanager.go | 5 + .../api/operator/v1/types_scheduler.go | 5 + .../api/operator/v1/types_serviceca.go | 5 + .../api/operator/v1/types_storage.go | 6 +- .../api/operator/v1/zz_generated.deepcopy.go | 428 +++ ..._generated.featuregated-crd-manifests.yaml | 426 +++ .../v1/zz_generated.swagger_doc_generated.go | 202 +- ...1_etcdbackup-TechPreviewNoUpgrade.crd.yaml | 158 -- ...rator_01_imagecontentsourcepolicy.crd.yaml | 97 - ...g-operator_01_olm-CustomNoUpgrade.crd.yaml | 173 -- ...rator_01_olm-TechPreviewNoUpgrade.crd.yaml | 173 -- .../v1alpha1/custom.olm.testsuite.yaml | 28 - ...le.imagecontentsourcepolicy.testsuite.yaml | 14 - .../techpreview.etcdbackup.testsuite.yaml | 38 - .../v1alpha1/techpreview.olm.testsuite.yaml | 28 - .../api/operator/v1alpha1/types_etcdbackup.go | 7 +- .../types_image_content_source_policy.go | 5 + .../api/operator/v1alpha1/types_olm.go | 6 + ..._generated.featuregated-crd-manifests.yaml | 67 + ...10-pod-network-connectivity-check.crd.yaml | 262 -- ...podnetworkconnectivitycheck.testsuite.yaml | 18 - .../v1alpha1/types_conditioncheck.go | 5 + ..._generated.featuregated-crd-manifests.yaml | 22 + ...openshift_01_clusterresourcequota.crd.yaml | 252 -- .../openshift/api/quota/v1/generated.proto | 5 + ...stable.clusterresourcequota.testsuite.yaml | 18 - .../openshift/api/quota/v1/types.go | 5 + ..._generated.featuregated-crd-manifests.yaml | 21 + .../openshift/api/route/.codegen.yaml | 5 - .../api/route/v1/custom.route.testsuite.yaml | 103 - .../openshift/api/route/v1/generated.proto | 4 +- .../route/v1/route-CustomNoUpgrade.crd.yaml | 618 ----- .../v1/route-TechPreviewNoUpgrade.crd.yaml | 618 ----- .../openshift/api/route/v1/route.crd.yaml | 655 ----- .../api/route/v1/route.crd.yaml-patch | 67 - .../api/route/v1/stable.route.testsuite.yaml | 675 ----- .../route/v1/techpreview.route.testsuite.yaml | 103 - .../openshift/api/route/v1/types.go | 10 +- ..._generated.featuregated-crd-manifests.yaml | 34 + .../api/samples/v1/00_samplesconfig.crd.yaml | 180 -- .../openshift/api/samples/v1/generated.pb.go | 154 +- .../openshift/api/samples/v1/generated.proto | 26 + .../samples/v1/stable.config.testsuite.yaml | 14 - .../openshift/api/samples/v1/types_config.go | 31 + .../api/samples/v1/zz_generated.deepcopy.go | 5 + ..._generated.featuregated-crd-manifests.yaml | 23 + .../v1/zz_generated.swagger_doc_generated.go | 1 + ...0000_03_security-openshift_01_scc.crd.yaml | 365 --- .../openshift/api/security/v1/generated.proto | 22 +- ....securitycontextconstraints.testsuite.yaml | 36 - .../openshift/api/security/v1/types.go | 22 +- ..._generated.featuregated-crd-manifests.yaml | 58 + ...rnal-openshift_02_rangeallocation.crd.yaml | 50 - ...penshift_02_rangeallocation.crd.yaml-patch | 2 - .../v1/stable.rangeallocation.testsuite.yaml | 13 - .../api/securityinternal/v1/types.go | 4 + ..._generated.featuregated-crd-manifests.yaml | 21 + .../v1alpha1/0000_10_sharedconfigmap.crd.yaml | 155 -- .../v1alpha1/0000_10_sharedsecret.crd.yaml | 155 -- .../stable.sharedconfigmap.testsuite.yaml | 20 - .../stable.sharedsecret.testsuite.yaml | 20 - .../v1alpha1/types_shared_configmap.go | 7 +- .../v1alpha1/types_shared_secret.go | 6 +- ..._generated.featuregated-crd-manifests.yaml | 46 + .../v1/localresourceaccessreview.go | 149 -- .../v1/localsubjectaccessreview.go | 178 -- .../authorization/v1/resourceaccessreview.go | 149 -- .../authorization/v1/subjectaccessreview.go | 178 -- .../config/v1/profilecustomizations.go | 27 + .../config/v1/schedulerspec.go | 17 +- .../config/v1alpha1/fulciocawithrekor.go | 28 +- .../config/v1alpha1/publickey.go | 28 +- .../applyconfigurations/internal/internal.go | 14 +- .../personal_subjectaccessreview.go | 6 +- .../openshift/library-go/pkg/certs/pem.go | 5 +- .../pkg/config/client/client_config.go | 7 +- .../library-go/pkg/config/helpers/client.go | 4 +- .../pkg/config/helpers/readresource.go | 5 +- .../config/leaderelection/leaderelection.go | 3 +- .../pkg/config/validation/general.go | 2 +- .../pkg/config/validation/serving_info.go | 2 +- .../pkg/controller/controllercmd/builder.go | 3 +- .../pkg/controller/controllercmd/cmd.go | 7 +- .../pkg/controller/controllercmd/flags.go | 6 +- .../controller/factory/controller_context.go | 2 +- .../pkg/controller/factory/eventfilters.go | 2 +- .../pkg/controller/factory/factory.go | 24 +- .../openshift/library-go/pkg/crypto/crypto.go | 16 +- .../library-go/pkg/image/imageutil/helpers.go | 2 +- .../library-go/pkg/monitor/health/prober.go | 36 +- .../pkg/operator/certrotation/annotations.go | 2 +- .../client_cert_rotation_controller.go | 2 +- .../pkg/operator/certrotation/metadata.go | 36 + .../pkg/operator/certrotation/signer.go | 55 +- .../pkg/operator/certrotation/target.go | 67 +- .../pkg/operator/csr/csr_approver.go | 16 +- .../resourceapply/admissionregistration.go | 12 +- .../resource/resourceapply/apiextensions.go | 6 +- .../resource/resourceapply/apiregistration.go | 6 +- .../operator/resource/resourceapply/apps.go | 12 +- .../operator/resource/resourceapply/core.go | 68 +- .../resource/resourceapply/migration.go | 6 +- .../operator/resource/resourceapply/policy.go | 6 +- .../operator/resource/resourceapply/rbac.go | 24 +- .../resource/resourceapply/storage.go | 12 +- .../resource/resourcemerge/apiextensions.go | 4 +- .../resource/resourcemerge/object_merger.go | 36 +- .../resource/resourceread/admission.go | 20 + .../pkg/operator/v1helpers/informers.go | 6 +- .../pkg/quota/clusterquotamapping/mapper.go | 20 +- .../openshift/library-go/pkg/route/OWNERS | 16 + .../openshift/library-go/pkg/route/common.go | 60 + .../pkg/route/hostassignment/assignment.go | 67 +- .../hostassignment/externalcertificate.go | 35 + .../pkg/route/validation/validation.go | 193 +- .../x/crypto/internal/poly1305/sum_ppc64le.s | 14 +- vendor/golang.org/x/net/html/token.go | 12 +- vendor/golang.org/x/net/http2/frame.go | 42 +- vendor/golang.org/x/net/http2/pipe.go | 11 +- vendor/golang.org/x/net/http2/server.go | 13 +- vendor/golang.org/x/net/http2/testsync.go | 331 +++ vendor/golang.org/x/net/http2/transport.go | 307 ++- vendor/golang.org/x/net/websocket/client.go | 55 +- vendor/golang.org/x/net/websocket/dial.go | 11 +- vendor/golang.org/x/sys/unix/aliases.go | 2 +- vendor/golang.org/x/sys/unix/mkerrors.sh | 2 +- .../x/sys/unix/syscall_darwin_libSystem.go | 2 +- .../golang.org/x/sys/unix/syscall_freebsd.go | 12 +- vendor/golang.org/x/sys/unix/syscall_linux.go | 99 + vendor/golang.org/x/sys/unix/zerrors_linux.go | 36 +- .../x/sys/unix/zerrors_linux_386.go | 3 + .../x/sys/unix/zerrors_linux_amd64.go | 3 + .../x/sys/unix/zerrors_linux_arm.go | 3 + .../x/sys/unix/zerrors_linux_arm64.go | 3 + .../x/sys/unix/zerrors_linux_loong64.go | 3 + .../x/sys/unix/zerrors_linux_mips.go | 3 + .../x/sys/unix/zerrors_linux_mips64.go | 3 + .../x/sys/unix/zerrors_linux_mips64le.go | 3 + .../x/sys/unix/zerrors_linux_mipsle.go | 3 + .../x/sys/unix/zerrors_linux_ppc.go | 3 + .../x/sys/unix/zerrors_linux_ppc64.go | 3 + .../x/sys/unix/zerrors_linux_ppc64le.go | 3 + .../x/sys/unix/zerrors_linux_riscv64.go | 3 + .../x/sys/unix/zerrors_linux_s390x.go | 3 + .../x/sys/unix/zerrors_linux_sparc64.go | 3 + .../golang.org/x/sys/unix/zsyscall_linux.go | 10 + .../x/sys/unix/zsysnum_linux_386.go | 4 + .../x/sys/unix/zsysnum_linux_amd64.go | 3 + .../x/sys/unix/zsysnum_linux_arm.go | 4 + .../x/sys/unix/zsysnum_linux_arm64.go | 4 + .../x/sys/unix/zsysnum_linux_loong64.go | 4 + .../x/sys/unix/zsysnum_linux_mips.go | 4 + .../x/sys/unix/zsysnum_linux_mips64.go | 4 + .../x/sys/unix/zsysnum_linux_mips64le.go | 4 + .../x/sys/unix/zsysnum_linux_mipsle.go | 4 + .../x/sys/unix/zsysnum_linux_ppc.go | 4 + .../x/sys/unix/zsysnum_linux_ppc64.go | 4 + .../x/sys/unix/zsysnum_linux_ppc64le.go | 4 + .../x/sys/unix/zsysnum_linux_riscv64.go | 4 + .../x/sys/unix/zsysnum_linux_s390x.go | 4 + .../x/sys/unix/zsysnum_linux_sparc64.go | 4 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 185 +- .../golang.org/x/sys/windows/env_windows.go | 17 +- .../x/sys/windows/syscall_windows.go | 3 +- .../pkg/util/httpstream/wsstream/conn.go | 2 +- .../apiserver/pkg/features/kube_features.go | 8 + vendor/k8s.io/apiserver/pkg/server/healthz.go | 2 + .../apiserver/pkg/storage/cacher/cacher.go | 2 +- .../storage/cacher/watch_cache_interval.go | 17 + .../tools/remotecommand/websocket.go | 23 +- .../openapi/aggregator/aggregator.go | 4 +- .../kube-controller-manager/app/patch_gc.go | 8 +- .../managementcpusoverride/admission.go | 72 +- .../apiserver/validation_wrapper.go | 4 - .../features/validate_features.go | 42 - .../route/validate_route.go | 25 +- .../route/validation_opts.go | 31 + .../route/validation_wrapper.go | 92 + .../route/hostassignment/admission.go | 14 +- .../kubernetes/pkg/features/kube_features.go | 2 + .../kubernetes/pkg/kubelet/managed/managed.go | 6 + .../k8s.io/kubernetes/pkg/volume/plugins.go | 2 +- .../pkg/admission/serviceaccount/admission.go | 21 + vendor/modules.txt | 132 +- 500 files changed, 7347 insertions(+), 60497 deletions(-) delete mode 100644 vendor/github.com/blang/semver/.travis.yml delete mode 100644 vendor/github.com/blang/semver/LICENSE delete mode 100644 vendor/github.com/blang/semver/README.md delete mode 100644 vendor/github.com/blang/semver/json.go delete mode 100644 vendor/github.com/blang/semver/package.json delete mode 100644 vendor/github.com/blang/semver/range.go delete mode 100644 vendor/github.com/blang/semver/semver.go delete mode 100644 vendor/github.com/blang/semver/sort.go delete mode 100644 vendor/github.com/blang/semver/sql.go delete mode 100644 vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml delete mode 100644 vendor/github.com/openshift/api/apiserver/v1/stable.apirequestcount.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/apiserver/v1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml delete mode 100644 vendor/github.com/openshift/api/authorization/v1/stable.rolebindingrestriction.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/authorization/v1/zz_generated.featuregated-crd-manifests.yaml create mode 100644 vendor/github.com/openshift/api/cloudnetwork/.codegen.yaml delete mode 100644 vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml delete mode 100644 vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/cloudnetwork/v1/stable.cloudprivateipconfig.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-Default.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-Default.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-CustomNoUpgrade.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default-Hypershift.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default-Hypershift.yaml-patch delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-TechPreviewNoUpgrade.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-Default.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-Default.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.apiserver.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.authentication.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.clusterversion.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.dns.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.network.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.hypershift.authentication.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.apiserver.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.authentication.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.clusterversion.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.dns.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.network.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/custom.clusterimagepolicy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/custom.imagepolicy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/techpreview.backup.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/techpreview.clusterimagepolicy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/techpreview.imagepolicy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/techpreview.insightsdatagather.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/00_consoleclidownload.crd.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/00_consoleexternalloglink.crd.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/00_consolelink.crd.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/00_consolenotification.crd.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/00_consolequickstart.crd.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/00_consolesample.crd.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/00_consoleyamlsample.crd.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/90_consoleplugin.crd.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consoleclidownload.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consoleexternalloglink.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consolelink.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consolenotification.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consoleplugin.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consolequickstart.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consolesample.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consoleyamlsample.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1alpha1/90_consoleplugin.crd.yaml delete mode 100644 vendor/github.com/openshift/api/console/v1alpha1/stable.consoleplugin.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/console/v1alpha1/zz_generated.featuregated-crd-manifests.yaml create mode 100644 vendor/github.com/openshift/api/features.md delete mode 100644 vendor/github.com/openshift/api/helm/v1beta1/00_helm-chart-repository.crd.yaml delete mode 100644 vendor/github.com/openshift/api/helm/v1beta1/00_project-helm-chart-repository.crd.yaml delete mode 100644 vendor/github.com/openshift/api/helm/v1beta1/stable.helmchartrepository.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/helm/v1beta1/stable.projecthelmchartrepository.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/helm/v1beta1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml delete mode 100644 vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/imageregistry/v1/01_imagepruner.crd.yaml delete mode 100644 vendor/github.com/openshift/api/imageregistry/v1/stable.config.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/imageregistry/v1/stable.imagepruner.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/imageregistry/v1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-Default.crd.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/custom.controlplanemachineset.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.aws.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.azure.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.gcp.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/techpreview.controlplanemachineset.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/0000_10_machine.crd.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/0000_10_machinehealthcheck.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/0000_10_machineset.crd.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/stable.machine.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/stable.machinehealthcheck.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/stable.machineset.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/machine/v1beta1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/monitoring/v1alpha1/0000_50_monitoring_01_alertingrules.crd.yaml delete mode 100644 vendor/github.com/openshift/api/monitoring/v1alpha1/0000_50_monitoring_02_alertrelabelconfigs.crd.yaml delete mode 100644 vendor/github.com/openshift/api/monitoring/v1alpha1/techpreview.alertingrule.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/monitoring/v1alpha1/techpreview.alertrelabelconfig.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/monitoring/v1alpha1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/network/v1/001-clusternetwork-crd.yaml delete mode 100644 vendor/github.com/openshift/api/network/v1/002-hostsubnet-crd.yaml delete mode 100644 vendor/github.com/openshift/api/network/v1/003-netnamespace-crd.yaml delete mode 100644 vendor/github.com/openshift/api/network/v1/004-egressnetworkpolicy-crd.yaml delete mode 100644 vendor/github.com/openshift/api/network/v1/stable.clusternetwork.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/network/v1/stable.egressnetworkpolicy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/network/v1/stable.hostsubnet.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/network/v1/stable.netnamespace.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/network/v1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml delete mode 100644 vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/network/v1alpha1/custom.dnsnameresolver.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/network/v1alpha1/techpreview.dnsnameresolver.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/network/v1alpha1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml delete mode 100644 vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/networkoperator/v1/stable.egressrouter.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/networkoperator/v1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_insights-operator_00-insightsoperator.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-Default.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/operator/v1/00_console-operator.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/custom.network.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.authentication.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.cloudcredential.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.clustercsidriver.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.config.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.csisnapshotcontroller.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.dns.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.etcd.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.insightsoperator.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.kubeapiserver.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.kubecontrollermanager.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.kubescheduler.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.kubestorageversionmigrator.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.machineconfiguration.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.openshiftapiserver.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.serviceca.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.storage.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/techpreview.network.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/custom.olm.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/stable.imagecontentsourcepolicy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/techpreview.etcdbackup.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/techpreview.olm.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/stable.podnetworkconnectivitycheck.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml delete mode 100644 vendor/github.com/openshift/api/quota/v1/stable.clusterresourcequota.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/route/v1/custom.route.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/route/v1/route.crd.yaml delete mode 100644 vendor/github.com/openshift/api/route/v1/route.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/route/v1/techpreview.route.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/samples/v1/00_samplesconfig.crd.yaml delete mode 100644 vendor/github.com/openshift/api/samples/v1/stable.config.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/samples/v1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml delete mode 100644 vendor/github.com/openshift/api/security/v1/stable.securitycontextconstraints.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/securityinternal/v1/0000_03_securityinternal-openshift_02_rangeallocation.crd.yaml delete mode 100644 vendor/github.com/openshift/api/securityinternal/v1/0000_03_securityinternal-openshift_02_rangeallocation.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/securityinternal/v1/stable.rangeallocation.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/securityinternal/v1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/sharedresource/v1alpha1/0000_10_sharedconfigmap.crd.yaml delete mode 100644 vendor/github.com/openshift/api/sharedresource/v1alpha1/0000_10_sharedsecret.crd.yaml delete mode 100644 vendor/github.com/openshift/api/sharedresource/v1alpha1/stable.sharedconfigmap.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/sharedresource/v1alpha1/stable.sharedsecret.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/sharedresource/v1alpha1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/localresourceaccessreview.go delete mode 100644 vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/localsubjectaccessreview.go delete mode 100644 vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/resourceaccessreview.go delete mode 100644 vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/subjectaccessreview.go create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go create mode 100644 vendor/github.com/openshift/library-go/pkg/operator/certrotation/metadata.go create mode 100644 vendor/github.com/openshift/library-go/pkg/route/OWNERS create mode 100644 vendor/github.com/openshift/library-go/pkg/route/common.go create mode 100644 vendor/github.com/openshift/library-go/pkg/route/hostassignment/externalcertificate.go create mode 100644 vendor/golang.org/x/net/http2/testsync.go create mode 100644 vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route/validation_opts.go create mode 100644 vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route/validation_wrapper.go diff --git a/vendor/github.com/blang/semver/.travis.yml b/vendor/github.com/blang/semver/.travis.yml deleted file mode 100644 index 102fb9a691..0000000000 --- a/vendor/github.com/blang/semver/.travis.yml +++ /dev/null @@ -1,21 +0,0 @@ -language: go -matrix: - include: - - go: 1.4.3 - - go: 1.5.4 - - go: 1.6.3 - - go: 1.7 - - go: tip - allow_failures: - - go: tip -install: -- go get golang.org/x/tools/cmd/cover -- go get github.com/mattn/goveralls -script: -- echo "Test and track coverage" ; $HOME/gopath/bin/goveralls -package "." -service=travis-ci - -repotoken $COVERALLS_TOKEN -- echo "Build examples" ; cd examples && go build -- echo "Check if gofmt'd" ; diff -u <(echo -n) <(gofmt -d -s .) -env: - global: - secure: HroGEAUQpVq9zX1b1VIkraLiywhGbzvNnTZq2TMxgK7JHP8xqNplAeF1izrR2i4QLL9nsY+9WtYss4QuPvEtZcVHUobw6XnL6radF7jS1LgfYZ9Y7oF+zogZ2I5QUMRLGA7rcxQ05s7mKq3XZQfeqaNts4bms/eZRefWuaFZbkw= diff --git a/vendor/github.com/blang/semver/LICENSE b/vendor/github.com/blang/semver/LICENSE deleted file mode 100644 index 5ba5c86fcb..0000000000 --- a/vendor/github.com/blang/semver/LICENSE +++ /dev/null @@ -1,22 +0,0 @@ -The MIT License - -Copyright (c) 2014 Benedikt Lang - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. - diff --git a/vendor/github.com/blang/semver/README.md b/vendor/github.com/blang/semver/README.md deleted file mode 100644 index 08b2e4a3d7..0000000000 --- a/vendor/github.com/blang/semver/README.md +++ /dev/null @@ -1,194 +0,0 @@ -semver for golang [![Build Status](https://travis-ci.org/blang/semver.svg?branch=master)](https://travis-ci.org/blang/semver) [![GoDoc](https://godoc.org/github.com/blang/semver?status.png)](https://godoc.org/github.com/blang/semver) [![Coverage Status](https://img.shields.io/coveralls/blang/semver.svg)](https://coveralls.io/r/blang/semver?branch=master) -====== - -semver is a [Semantic Versioning](http://semver.org/) library written in golang. It fully covers spec version `2.0.0`. - -Usage ------ -```bash -$ go get github.com/blang/semver -``` -Note: Always vendor your dependencies or fix on a specific version tag. - -```go -import github.com/blang/semver -v1, err := semver.Make("1.0.0-beta") -v2, err := semver.Make("2.0.0-beta") -v1.Compare(v2) -``` - -Also check the [GoDocs](http://godoc.org/github.com/blang/semver). - -Why should I use this lib? ------ - -- Fully spec compatible -- No reflection -- No regex -- Fully tested (Coverage >99%) -- Readable parsing/validation errors -- Fast (See [Benchmarks](#benchmarks)) -- Only Stdlib -- Uses values instead of pointers -- Many features, see below - - -Features ------ - -- Parsing and validation at all levels -- Comparator-like comparisons -- Compare Helper Methods -- InPlace manipulation -- Ranges `>=1.0.0 <2.0.0 || >=3.0.0 !3.0.1-beta.1` -- Wildcards `>=1.x`, `<=2.5.x` -- Sortable (implements sort.Interface) -- database/sql compatible (sql.Scanner/Valuer) -- encoding/json compatible (json.Marshaler/Unmarshaler) - -Ranges ------- - -A `Range` is a set of conditions which specify which versions satisfy the range. - -A condition is composed of an operator and a version. The supported operators are: - -- `<1.0.0` Less than `1.0.0` -- `<=1.0.0` Less than or equal to `1.0.0` -- `>1.0.0` Greater than `1.0.0` -- `>=1.0.0` Greater than or equal to `1.0.0` -- `1.0.0`, `=1.0.0`, `==1.0.0` Equal to `1.0.0` -- `!1.0.0`, `!=1.0.0` Not equal to `1.0.0`. Excludes version `1.0.0`. - -Note that spaces between the operator and the version will be gracefully tolerated. - -A `Range` can link multiple `Ranges` separated by space: - -Ranges can be linked by logical AND: - - - `>1.0.0 <2.0.0` would match between both ranges, so `1.1.1` and `1.8.7` but not `1.0.0` or `2.0.0` - - `>1.0.0 <3.0.0 !2.0.3-beta.2` would match every version between `1.0.0` and `3.0.0` except `2.0.3-beta.2` - -Ranges can also be linked by logical OR: - - - `<2.0.0 || >=3.0.0` would match `1.x.x` and `3.x.x` but not `2.x.x` - -AND has a higher precedence than OR. It's not possible to use brackets. - -Ranges can be combined by both AND and OR - - - `>1.0.0 <2.0.0 || >3.0.0 !4.2.1` would match `1.2.3`, `1.9.9`, `3.1.1`, but not `4.2.1`, `2.1.1` - -Range usage: - -``` -v, err := semver.Parse("1.2.3") -range, err := semver.ParseRange(">1.0.0 <2.0.0 || >=3.0.0") -if range(v) { - //valid -} - -``` - -Example ------ - -Have a look at full examples in [examples/main.go](examples/main.go) - -```go -import github.com/blang/semver - -v, err := semver.Make("0.0.1-alpha.preview+123.github") -fmt.Printf("Major: %d\n", v.Major) -fmt.Printf("Minor: %d\n", v.Minor) -fmt.Printf("Patch: %d\n", v.Patch) -fmt.Printf("Pre: %s\n", v.Pre) -fmt.Printf("Build: %s\n", v.Build) - -// Prerelease versions array -if len(v.Pre) > 0 { - fmt.Println("Prerelease versions:") - for i, pre := range v.Pre { - fmt.Printf("%d: %q\n", i, pre) - } -} - -// Build meta data array -if len(v.Build) > 0 { - fmt.Println("Build meta data:") - for i, build := range v.Build { - fmt.Printf("%d: %q\n", i, build) - } -} - -v001, err := semver.Make("0.0.1") -// Compare using helpers: v.GT(v2), v.LT, v.GTE, v.LTE -v001.GT(v) == true -v.LT(v001) == true -v.GTE(v) == true -v.LTE(v) == true - -// Or use v.Compare(v2) for comparisons (-1, 0, 1): -v001.Compare(v) == 1 -v.Compare(v001) == -1 -v.Compare(v) == 0 - -// Manipulate Version in place: -v.Pre[0], err = semver.NewPRVersion("beta") -if err != nil { - fmt.Printf("Error parsing pre release version: %q", err) -} - -fmt.Println("\nValidate versions:") -v.Build[0] = "?" - -err = v.Validate() -if err != nil { - fmt.Printf("Validation failed: %s\n", err) -} -``` - - -Benchmarks ------ - - BenchmarkParseSimple-4 5000000 390 ns/op 48 B/op 1 allocs/op - BenchmarkParseComplex-4 1000000 1813 ns/op 256 B/op 7 allocs/op - BenchmarkParseAverage-4 1000000 1171 ns/op 163 B/op 4 allocs/op - BenchmarkStringSimple-4 20000000 119 ns/op 16 B/op 1 allocs/op - BenchmarkStringLarger-4 10000000 206 ns/op 32 B/op 2 allocs/op - BenchmarkStringComplex-4 5000000 324 ns/op 80 B/op 3 allocs/op - BenchmarkStringAverage-4 5000000 273 ns/op 53 B/op 2 allocs/op - BenchmarkValidateSimple-4 200000000 9.33 ns/op 0 B/op 0 allocs/op - BenchmarkValidateComplex-4 3000000 469 ns/op 0 B/op 0 allocs/op - BenchmarkValidateAverage-4 5000000 256 ns/op 0 B/op 0 allocs/op - BenchmarkCompareSimple-4 100000000 11.8 ns/op 0 B/op 0 allocs/op - BenchmarkCompareComplex-4 50000000 30.8 ns/op 0 B/op 0 allocs/op - BenchmarkCompareAverage-4 30000000 41.5 ns/op 0 B/op 0 allocs/op - BenchmarkSort-4 3000000 419 ns/op 256 B/op 2 allocs/op - BenchmarkRangeParseSimple-4 2000000 850 ns/op 192 B/op 5 allocs/op - BenchmarkRangeParseAverage-4 1000000 1677 ns/op 400 B/op 10 allocs/op - BenchmarkRangeParseComplex-4 300000 5214 ns/op 1440 B/op 30 allocs/op - BenchmarkRangeMatchSimple-4 50000000 25.6 ns/op 0 B/op 0 allocs/op - BenchmarkRangeMatchAverage-4 30000000 56.4 ns/op 0 B/op 0 allocs/op - BenchmarkRangeMatchComplex-4 10000000 153 ns/op 0 B/op 0 allocs/op - -See benchmark cases at [semver_test.go](semver_test.go) - - -Motivation ------ - -I simply couldn't find any lib supporting the full spec. Others were just wrong or used reflection and regex which i don't like. - - -Contribution ------ - -Feel free to make a pull request. For bigger changes create a issue first to discuss about it. - - -License ------ - -See [LICENSE](LICENSE) file. diff --git a/vendor/github.com/blang/semver/json.go b/vendor/github.com/blang/semver/json.go deleted file mode 100644 index a74bf7c449..0000000000 --- a/vendor/github.com/blang/semver/json.go +++ /dev/null @@ -1,23 +0,0 @@ -package semver - -import ( - "encoding/json" -) - -// MarshalJSON implements the encoding/json.Marshaler interface. -func (v Version) MarshalJSON() ([]byte, error) { - return json.Marshal(v.String()) -} - -// UnmarshalJSON implements the encoding/json.Unmarshaler interface. -func (v *Version) UnmarshalJSON(data []byte) (err error) { - var versionString string - - if err = json.Unmarshal(data, &versionString); err != nil { - return - } - - *v, err = Parse(versionString) - - return -} diff --git a/vendor/github.com/blang/semver/package.json b/vendor/github.com/blang/semver/package.json deleted file mode 100644 index 1cf8ebdd9c..0000000000 --- a/vendor/github.com/blang/semver/package.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "author": "blang", - "bugs": { - "URL": "https://github.com/blang/semver/issues", - "url": "https://github.com/blang/semver/issues" - }, - "gx": { - "dvcsimport": "github.com/blang/semver" - }, - "gxVersion": "0.10.0", - "language": "go", - "license": "MIT", - "name": "semver", - "releaseCmd": "git commit -a -m \"gx publish $VERSION\"", - "version": "3.5.1" -} - diff --git a/vendor/github.com/blang/semver/range.go b/vendor/github.com/blang/semver/range.go deleted file mode 100644 index fca406d479..0000000000 --- a/vendor/github.com/blang/semver/range.go +++ /dev/null @@ -1,416 +0,0 @@ -package semver - -import ( - "fmt" - "strconv" - "strings" - "unicode" -) - -type wildcardType int - -const ( - noneWildcard wildcardType = iota - majorWildcard wildcardType = 1 - minorWildcard wildcardType = 2 - patchWildcard wildcardType = 3 -) - -func wildcardTypefromInt(i int) wildcardType { - switch i { - case 1: - return majorWildcard - case 2: - return minorWildcard - case 3: - return patchWildcard - default: - return noneWildcard - } -} - -type comparator func(Version, Version) bool - -var ( - compEQ comparator = func(v1 Version, v2 Version) bool { - return v1.Compare(v2) == 0 - } - compNE = func(v1 Version, v2 Version) bool { - return v1.Compare(v2) != 0 - } - compGT = func(v1 Version, v2 Version) bool { - return v1.Compare(v2) == 1 - } - compGE = func(v1 Version, v2 Version) bool { - return v1.Compare(v2) >= 0 - } - compLT = func(v1 Version, v2 Version) bool { - return v1.Compare(v2) == -1 - } - compLE = func(v1 Version, v2 Version) bool { - return v1.Compare(v2) <= 0 - } -) - -type versionRange struct { - v Version - c comparator -} - -// rangeFunc creates a Range from the given versionRange. -func (vr *versionRange) rangeFunc() Range { - return Range(func(v Version) bool { - return vr.c(v, vr.v) - }) -} - -// Range represents a range of versions. -// A Range can be used to check if a Version satisfies it: -// -// range, err := semver.ParseRange(">1.0.0 <2.0.0") -// range(semver.MustParse("1.1.1") // returns true -type Range func(Version) bool - -// OR combines the existing Range with another Range using logical OR. -func (rf Range) OR(f Range) Range { - return Range(func(v Version) bool { - return rf(v) || f(v) - }) -} - -// AND combines the existing Range with another Range using logical AND. -func (rf Range) AND(f Range) Range { - return Range(func(v Version) bool { - return rf(v) && f(v) - }) -} - -// ParseRange parses a range and returns a Range. -// If the range could not be parsed an error is returned. -// -// Valid ranges are: -// - "<1.0.0" -// - "<=1.0.0" -// - ">1.0.0" -// - ">=1.0.0" -// - "1.0.0", "=1.0.0", "==1.0.0" -// - "!1.0.0", "!=1.0.0" -// -// A Range can consist of multiple ranges separated by space: -// Ranges can be linked by logical AND: -// - ">1.0.0 <2.0.0" would match between both ranges, so "1.1.1" and "1.8.7" but not "1.0.0" or "2.0.0" -// - ">1.0.0 <3.0.0 !2.0.3-beta.2" would match every version between 1.0.0 and 3.0.0 except 2.0.3-beta.2 -// -// Ranges can also be linked by logical OR: -// - "<2.0.0 || >=3.0.0" would match "1.x.x" and "3.x.x" but not "2.x.x" -// -// AND has a higher precedence than OR. It's not possible to use brackets. -// -// Ranges can be combined by both AND and OR -// -// - `>1.0.0 <2.0.0 || >3.0.0 !4.2.1` would match `1.2.3`, `1.9.9`, `3.1.1`, but not `4.2.1`, `2.1.1` -func ParseRange(s string) (Range, error) { - parts := splitAndTrim(s) - orParts, err := splitORParts(parts) - if err != nil { - return nil, err - } - expandedParts, err := expandWildcardVersion(orParts) - if err != nil { - return nil, err - } - var orFn Range - for _, p := range expandedParts { - var andFn Range - for _, ap := range p { - opStr, vStr, err := splitComparatorVersion(ap) - if err != nil { - return nil, err - } - vr, err := buildVersionRange(opStr, vStr) - if err != nil { - return nil, fmt.Errorf("Could not parse Range %q: %s", ap, err) - } - rf := vr.rangeFunc() - - // Set function - if andFn == nil { - andFn = rf - } else { // Combine with existing function - andFn = andFn.AND(rf) - } - } - if orFn == nil { - orFn = andFn - } else { - orFn = orFn.OR(andFn) - } - - } - return orFn, nil -} - -// splitORParts splits the already cleaned parts by '||'. -// Checks for invalid positions of the operator and returns an -// error if found. -func splitORParts(parts []string) ([][]string, error) { - var ORparts [][]string - last := 0 - for i, p := range parts { - if p == "||" { - if i == 0 { - return nil, fmt.Errorf("First element in range is '||'") - } - ORparts = append(ORparts, parts[last:i]) - last = i + 1 - } - } - if last == len(parts) { - return nil, fmt.Errorf("Last element in range is '||'") - } - ORparts = append(ORparts, parts[last:]) - return ORparts, nil -} - -// buildVersionRange takes a slice of 2: operator and version -// and builds a versionRange, otherwise an error. -func buildVersionRange(opStr, vStr string) (*versionRange, error) { - c := parseComparator(opStr) - if c == nil { - return nil, fmt.Errorf("Could not parse comparator %q in %q", opStr, strings.Join([]string{opStr, vStr}, "")) - } - v, err := Parse(vStr) - if err != nil { - return nil, fmt.Errorf("Could not parse version %q in %q: %s", vStr, strings.Join([]string{opStr, vStr}, ""), err) - } - - return &versionRange{ - v: v, - c: c, - }, nil - -} - -// inArray checks if a byte is contained in an array of bytes -func inArray(s byte, list []byte) bool { - for _, el := range list { - if el == s { - return true - } - } - return false -} - -// splitAndTrim splits a range string by spaces and cleans whitespaces -func splitAndTrim(s string) (result []string) { - last := 0 - var lastChar byte - excludeFromSplit := []byte{'>', '<', '='} - for i := 0; i < len(s); i++ { - if s[i] == ' ' && !inArray(lastChar, excludeFromSplit) { - if last < i-1 { - result = append(result, s[last:i]) - } - last = i + 1 - } else if s[i] != ' ' { - lastChar = s[i] - } - } - if last < len(s)-1 { - result = append(result, s[last:]) - } - - for i, v := range result { - result[i] = strings.Replace(v, " ", "", -1) - } - - // parts := strings.Split(s, " ") - // for _, x := range parts { - // if s := strings.TrimSpace(x); len(s) != 0 { - // result = append(result, s) - // } - // } - return -} - -// splitComparatorVersion splits the comparator from the version. -// Input must be free of leading or trailing spaces. -func splitComparatorVersion(s string) (string, string, error) { - i := strings.IndexFunc(s, unicode.IsDigit) - if i == -1 { - return "", "", fmt.Errorf("Could not get version from string: %q", s) - } - return strings.TrimSpace(s[0:i]), s[i:], nil -} - -// getWildcardType will return the type of wildcard that the -// passed version contains -func getWildcardType(vStr string) wildcardType { - parts := strings.Split(vStr, ".") - nparts := len(parts) - wildcard := parts[nparts-1] - - possibleWildcardType := wildcardTypefromInt(nparts) - if wildcard == "x" { - return possibleWildcardType - } - - return noneWildcard -} - -// createVersionFromWildcard will convert a wildcard version -// into a regular version, replacing 'x's with '0's, handling -// special cases like '1.x.x' and '1.x' -func createVersionFromWildcard(vStr string) string { - // handle 1.x.x - vStr2 := strings.Replace(vStr, ".x.x", ".x", 1) - vStr2 = strings.Replace(vStr2, ".x", ".0", 1) - parts := strings.Split(vStr2, ".") - - // handle 1.x - if len(parts) == 2 { - return vStr2 + ".0" - } - - return vStr2 -} - -// incrementMajorVersion will increment the major version -// of the passed version -func incrementMajorVersion(vStr string) (string, error) { - parts := strings.Split(vStr, ".") - i, err := strconv.Atoi(parts[0]) - if err != nil { - return "", err - } - parts[0] = strconv.Itoa(i + 1) - - return strings.Join(parts, "."), nil -} - -// incrementMajorVersion will increment the minor version -// of the passed version -func incrementMinorVersion(vStr string) (string, error) { - parts := strings.Split(vStr, ".") - i, err := strconv.Atoi(parts[1]) - if err != nil { - return "", err - } - parts[1] = strconv.Itoa(i + 1) - - return strings.Join(parts, "."), nil -} - -// expandWildcardVersion will expand wildcards inside versions -// following these rules: -// -// * when dealing with patch wildcards: -// >= 1.2.x will become >= 1.2.0 -// <= 1.2.x will become < 1.3.0 -// > 1.2.x will become >= 1.3.0 -// < 1.2.x will become < 1.2.0 -// != 1.2.x will become < 1.2.0 >= 1.3.0 -// -// * when dealing with minor wildcards: -// >= 1.x will become >= 1.0.0 -// <= 1.x will become < 2.0.0 -// > 1.x will become >= 2.0.0 -// < 1.0 will become < 1.0.0 -// != 1.x will become < 1.0.0 >= 2.0.0 -// -// * when dealing with wildcards without -// version operator: -// 1.2.x will become >= 1.2.0 < 1.3.0 -// 1.x will become >= 1.0.0 < 2.0.0 -func expandWildcardVersion(parts [][]string) ([][]string, error) { - var expandedParts [][]string - for _, p := range parts { - var newParts []string - for _, ap := range p { - if strings.Index(ap, "x") != -1 { - opStr, vStr, err := splitComparatorVersion(ap) - if err != nil { - return nil, err - } - - versionWildcardType := getWildcardType(vStr) - flatVersion := createVersionFromWildcard(vStr) - - var resultOperator string - var shouldIncrementVersion bool - switch opStr { - case ">": - resultOperator = ">=" - shouldIncrementVersion = true - case ">=": - resultOperator = ">=" - case "<": - resultOperator = "<" - case "<=": - resultOperator = "<" - shouldIncrementVersion = true - case "", "=", "==": - newParts = append(newParts, ">="+flatVersion) - resultOperator = "<" - shouldIncrementVersion = true - case "!=", "!": - newParts = append(newParts, "<"+flatVersion) - resultOperator = ">=" - shouldIncrementVersion = true - } - - var resultVersion string - if shouldIncrementVersion { - switch versionWildcardType { - case patchWildcard: - resultVersion, _ = incrementMinorVersion(flatVersion) - case minorWildcard: - resultVersion, _ = incrementMajorVersion(flatVersion) - } - } else { - resultVersion = flatVersion - } - - ap = resultOperator + resultVersion - } - newParts = append(newParts, ap) - } - expandedParts = append(expandedParts, newParts) - } - - return expandedParts, nil -} - -func parseComparator(s string) comparator { - switch s { - case "==": - fallthrough - case "": - fallthrough - case "=": - return compEQ - case ">": - return compGT - case ">=": - return compGE - case "<": - return compLT - case "<=": - return compLE - case "!": - fallthrough - case "!=": - return compNE - } - - return nil -} - -// MustParseRange is like ParseRange but panics if the range cannot be parsed. -func MustParseRange(s string) Range { - r, err := ParseRange(s) - if err != nil { - panic(`semver: ParseRange(` + s + `): ` + err.Error()) - } - return r -} diff --git a/vendor/github.com/blang/semver/semver.go b/vendor/github.com/blang/semver/semver.go deleted file mode 100644 index 8ee0842e6a..0000000000 --- a/vendor/github.com/blang/semver/semver.go +++ /dev/null @@ -1,418 +0,0 @@ -package semver - -import ( - "errors" - "fmt" - "strconv" - "strings" -) - -const ( - numbers string = "0123456789" - alphas = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-" - alphanum = alphas + numbers -) - -// SpecVersion is the latest fully supported spec version of semver -var SpecVersion = Version{ - Major: 2, - Minor: 0, - Patch: 0, -} - -// Version represents a semver compatible version -type Version struct { - Major uint64 - Minor uint64 - Patch uint64 - Pre []PRVersion - Build []string //No Precendence -} - -// Version to string -func (v Version) String() string { - b := make([]byte, 0, 5) - b = strconv.AppendUint(b, v.Major, 10) - b = append(b, '.') - b = strconv.AppendUint(b, v.Minor, 10) - b = append(b, '.') - b = strconv.AppendUint(b, v.Patch, 10) - - if len(v.Pre) > 0 { - b = append(b, '-') - b = append(b, v.Pre[0].String()...) - - for _, pre := range v.Pre[1:] { - b = append(b, '.') - b = append(b, pre.String()...) - } - } - - if len(v.Build) > 0 { - b = append(b, '+') - b = append(b, v.Build[0]...) - - for _, build := range v.Build[1:] { - b = append(b, '.') - b = append(b, build...) - } - } - - return string(b) -} - -// Equals checks if v is equal to o. -func (v Version) Equals(o Version) bool { - return (v.Compare(o) == 0) -} - -// EQ checks if v is equal to o. -func (v Version) EQ(o Version) bool { - return (v.Compare(o) == 0) -} - -// NE checks if v is not equal to o. -func (v Version) NE(o Version) bool { - return (v.Compare(o) != 0) -} - -// GT checks if v is greater than o. -func (v Version) GT(o Version) bool { - return (v.Compare(o) == 1) -} - -// GTE checks if v is greater than or equal to o. -func (v Version) GTE(o Version) bool { - return (v.Compare(o) >= 0) -} - -// GE checks if v is greater than or equal to o. -func (v Version) GE(o Version) bool { - return (v.Compare(o) >= 0) -} - -// LT checks if v is less than o. -func (v Version) LT(o Version) bool { - return (v.Compare(o) == -1) -} - -// LTE checks if v is less than or equal to o. -func (v Version) LTE(o Version) bool { - return (v.Compare(o) <= 0) -} - -// LE checks if v is less than or equal to o. -func (v Version) LE(o Version) bool { - return (v.Compare(o) <= 0) -} - -// Compare compares Versions v to o: -// -1 == v is less than o -// 0 == v is equal to o -// 1 == v is greater than o -func (v Version) Compare(o Version) int { - if v.Major != o.Major { - if v.Major > o.Major { - return 1 - } - return -1 - } - if v.Minor != o.Minor { - if v.Minor > o.Minor { - return 1 - } - return -1 - } - if v.Patch != o.Patch { - if v.Patch > o.Patch { - return 1 - } - return -1 - } - - // Quick comparison if a version has no prerelease versions - if len(v.Pre) == 0 && len(o.Pre) == 0 { - return 0 - } else if len(v.Pre) == 0 && len(o.Pre) > 0 { - return 1 - } else if len(v.Pre) > 0 && len(o.Pre) == 0 { - return -1 - } - - i := 0 - for ; i < len(v.Pre) && i < len(o.Pre); i++ { - if comp := v.Pre[i].Compare(o.Pre[i]); comp == 0 { - continue - } else if comp == 1 { - return 1 - } else { - return -1 - } - } - - // If all pr versions are the equal but one has further prversion, this one greater - if i == len(v.Pre) && i == len(o.Pre) { - return 0 - } else if i == len(v.Pre) && i < len(o.Pre) { - return -1 - } else { - return 1 - } - -} - -// Validate validates v and returns error in case -func (v Version) Validate() error { - // Major, Minor, Patch already validated using uint64 - - for _, pre := range v.Pre { - if !pre.IsNum { //Numeric prerelease versions already uint64 - if len(pre.VersionStr) == 0 { - return fmt.Errorf("Prerelease can not be empty %q", pre.VersionStr) - } - if !containsOnly(pre.VersionStr, alphanum) { - return fmt.Errorf("Invalid character(s) found in prerelease %q", pre.VersionStr) - } - } - } - - for _, build := range v.Build { - if len(build) == 0 { - return fmt.Errorf("Build meta data can not be empty %q", build) - } - if !containsOnly(build, alphanum) { - return fmt.Errorf("Invalid character(s) found in build meta data %q", build) - } - } - - return nil -} - -// New is an alias for Parse and returns a pointer, parses version string and returns a validated Version or error -func New(s string) (vp *Version, err error) { - v, err := Parse(s) - vp = &v - return -} - -// Make is an alias for Parse, parses version string and returns a validated Version or error -func Make(s string) (Version, error) { - return Parse(s) -} - -// ParseTolerant allows for certain version specifications that do not strictly adhere to semver -// specs to be parsed by this library. It does so by normalizing versions before passing them to -// Parse(). It currently trims spaces, removes a "v" prefix, and adds a 0 patch number to versions -// with only major and minor components specified -func ParseTolerant(s string) (Version, error) { - s = strings.TrimSpace(s) - s = strings.TrimPrefix(s, "v") - - // Split into major.minor.(patch+pr+meta) - parts := strings.SplitN(s, ".", 3) - if len(parts) < 3 { - if strings.ContainsAny(parts[len(parts)-1], "+-") { - return Version{}, errors.New("Short version cannot contain PreRelease/Build meta data") - } - for len(parts) < 3 { - parts = append(parts, "0") - } - s = strings.Join(parts, ".") - } - - return Parse(s) -} - -// Parse parses version string and returns a validated Version or error -func Parse(s string) (Version, error) { - if len(s) == 0 { - return Version{}, errors.New("Version string empty") - } - - // Split into major.minor.(patch+pr+meta) - parts := strings.SplitN(s, ".", 3) - if len(parts) != 3 { - return Version{}, errors.New("No Major.Minor.Patch elements found") - } - - // Major - if !containsOnly(parts[0], numbers) { - return Version{}, fmt.Errorf("Invalid character(s) found in major number %q", parts[0]) - } - if hasLeadingZeroes(parts[0]) { - return Version{}, fmt.Errorf("Major number must not contain leading zeroes %q", parts[0]) - } - major, err := strconv.ParseUint(parts[0], 10, 64) - if err != nil { - return Version{}, err - } - - // Minor - if !containsOnly(parts[1], numbers) { - return Version{}, fmt.Errorf("Invalid character(s) found in minor number %q", parts[1]) - } - if hasLeadingZeroes(parts[1]) { - return Version{}, fmt.Errorf("Minor number must not contain leading zeroes %q", parts[1]) - } - minor, err := strconv.ParseUint(parts[1], 10, 64) - if err != nil { - return Version{}, err - } - - v := Version{} - v.Major = major - v.Minor = minor - - var build, prerelease []string - patchStr := parts[2] - - if buildIndex := strings.IndexRune(patchStr, '+'); buildIndex != -1 { - build = strings.Split(patchStr[buildIndex+1:], ".") - patchStr = patchStr[:buildIndex] - } - - if preIndex := strings.IndexRune(patchStr, '-'); preIndex != -1 { - prerelease = strings.Split(patchStr[preIndex+1:], ".") - patchStr = patchStr[:preIndex] - } - - if !containsOnly(patchStr, numbers) { - return Version{}, fmt.Errorf("Invalid character(s) found in patch number %q", patchStr) - } - if hasLeadingZeroes(patchStr) { - return Version{}, fmt.Errorf("Patch number must not contain leading zeroes %q", patchStr) - } - patch, err := strconv.ParseUint(patchStr, 10, 64) - if err != nil { - return Version{}, err - } - - v.Patch = patch - - // Prerelease - for _, prstr := range prerelease { - parsedPR, err := NewPRVersion(prstr) - if err != nil { - return Version{}, err - } - v.Pre = append(v.Pre, parsedPR) - } - - // Build meta data - for _, str := range build { - if len(str) == 0 { - return Version{}, errors.New("Build meta data is empty") - } - if !containsOnly(str, alphanum) { - return Version{}, fmt.Errorf("Invalid character(s) found in build meta data %q", str) - } - v.Build = append(v.Build, str) - } - - return v, nil -} - -// MustParse is like Parse but panics if the version cannot be parsed. -func MustParse(s string) Version { - v, err := Parse(s) - if err != nil { - panic(`semver: Parse(` + s + `): ` + err.Error()) - } - return v -} - -// PRVersion represents a PreRelease Version -type PRVersion struct { - VersionStr string - VersionNum uint64 - IsNum bool -} - -// NewPRVersion creates a new valid prerelease version -func NewPRVersion(s string) (PRVersion, error) { - if len(s) == 0 { - return PRVersion{}, errors.New("Prerelease is empty") - } - v := PRVersion{} - if containsOnly(s, numbers) { - if hasLeadingZeroes(s) { - return PRVersion{}, fmt.Errorf("Numeric PreRelease version must not contain leading zeroes %q", s) - } - num, err := strconv.ParseUint(s, 10, 64) - - // Might never be hit, but just in case - if err != nil { - return PRVersion{}, err - } - v.VersionNum = num - v.IsNum = true - } else if containsOnly(s, alphanum) { - v.VersionStr = s - v.IsNum = false - } else { - return PRVersion{}, fmt.Errorf("Invalid character(s) found in prerelease %q", s) - } - return v, nil -} - -// IsNumeric checks if prerelease-version is numeric -func (v PRVersion) IsNumeric() bool { - return v.IsNum -} - -// Compare compares two PreRelease Versions v and o: -// -1 == v is less than o -// 0 == v is equal to o -// 1 == v is greater than o -func (v PRVersion) Compare(o PRVersion) int { - if v.IsNum && !o.IsNum { - return -1 - } else if !v.IsNum && o.IsNum { - return 1 - } else if v.IsNum && o.IsNum { - if v.VersionNum == o.VersionNum { - return 0 - } else if v.VersionNum > o.VersionNum { - return 1 - } else { - return -1 - } - } else { // both are Alphas - if v.VersionStr == o.VersionStr { - return 0 - } else if v.VersionStr > o.VersionStr { - return 1 - } else { - return -1 - } - } -} - -// PreRelease version to string -func (v PRVersion) String() string { - if v.IsNum { - return strconv.FormatUint(v.VersionNum, 10) - } - return v.VersionStr -} - -func containsOnly(s string, set string) bool { - return strings.IndexFunc(s, func(r rune) bool { - return !strings.ContainsRune(set, r) - }) == -1 -} - -func hasLeadingZeroes(s string) bool { - return len(s) > 1 && s[0] == '0' -} - -// NewBuildVersion creates a new valid build version -func NewBuildVersion(s string) (string, error) { - if len(s) == 0 { - return "", errors.New("Buildversion is empty") - } - if !containsOnly(s, alphanum) { - return "", fmt.Errorf("Invalid character(s) found in build meta data %q", s) - } - return s, nil -} diff --git a/vendor/github.com/blang/semver/sort.go b/vendor/github.com/blang/semver/sort.go deleted file mode 100644 index e18f880826..0000000000 --- a/vendor/github.com/blang/semver/sort.go +++ /dev/null @@ -1,28 +0,0 @@ -package semver - -import ( - "sort" -) - -// Versions represents multiple versions. -type Versions []Version - -// Len returns length of version collection -func (s Versions) Len() int { - return len(s) -} - -// Swap swaps two versions inside the collection by its indices -func (s Versions) Swap(i, j int) { - s[i], s[j] = s[j], s[i] -} - -// Less checks if version at index i is less than version at index j -func (s Versions) Less(i, j int) bool { - return s[i].LT(s[j]) -} - -// Sort sorts a slice of versions -func Sort(versions []Version) { - sort.Sort(Versions(versions)) -} diff --git a/vendor/github.com/blang/semver/sql.go b/vendor/github.com/blang/semver/sql.go deleted file mode 100644 index eb4d802666..0000000000 --- a/vendor/github.com/blang/semver/sql.go +++ /dev/null @@ -1,30 +0,0 @@ -package semver - -import ( - "database/sql/driver" - "fmt" -) - -// Scan implements the database/sql.Scanner interface. -func (v *Version) Scan(src interface{}) (err error) { - var str string - switch src := src.(type) { - case string: - str = src - case []byte: - str = string(src) - default: - return fmt.Errorf("Version.Scan: cannot convert %T to string.", src) - } - - if t, err := Parse(str); err == nil { - *v = t - } - - return -} - -// Value implements the database/sql/driver.Valuer interface. -func (v Version) Value() (driver.Value, error) { - return v.String(), nil -} diff --git a/vendor/github.com/openshift/api/Makefile b/vendor/github.com/openshift/api/Makefile index 30ce998bd4..3b3c94edce 100644 --- a/vendor/github.com/openshift/api/Makefile +++ b/vendor/github.com/openshift/api/Makefile @@ -153,7 +153,8 @@ write-available-featuresets: .PHONY: clean clean: - rm render write-available-featuresets + rm -f render write-available-featuresets models-schema + rm -rf tools/_output VERSION ?= $(shell git describe --always --abbrev=7) MUTABLE_TAG ?= latest diff --git a/vendor/github.com/openshift/api/README.md b/vendor/github.com/openshift/api/README.md index 3d13b8c985..b46693a108 100644 --- a/vendor/github.com/openshift/api/README.md +++ b/vendor/github.com/openshift/api/README.md @@ -3,6 +3,91 @@ The canonical location of the OpenShift API definition. This repo holds the API type definitions and serialization code used by [openshift/client-go](https://github.com/openshift/client-go) APIs in this repo ship inside OCP payloads. +## Adding new FeatureGates +Add your FeatureGate to feature_gates.go. +The threshold for merging a fully disabled or TechPreview FeatureGate is an open enhancement. +To promote to Default on any ClusterProfile, the threshold is 99% passing tests on all platforms or QE sign off. + +### Adding new TechPreview FeatureGate to all ClusterProfiles (Hypershift and SelfManaged) +```go +FeatureGateMyFeatureName = newFeatureGate("MyFeatureName"). + reportProblemsToJiraComponent("my-jira-component"). + contactPerson("my-team-lead"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() +``` + +### Adding new TechPreview FeatureGate to all only Hypershift +This will be enabled in TechPreview on Hypershift, but never enabled on SelfManaged +```go +FeatureGateMyFeatureName = newFeatureGate("MyFeatureName"). + reportProblemsToJiraComponent("my-jira-component"). + contactPerson("my-team-lead"). + productScope(ocpSpecific). + enableForClusterProfile(Hypershift, TechPreviewNoUpgrade). + mustRegister() +``` + +### Promoting to Default, but only on Hypershift +This will be enabled in TechPreview on all ClusterProfiles and also by Default on Hypershift. +It will be disabled in Default on SelfManaged. +```go +FeatureGateMyFeatureName = newFeatureGate("MyFeatureName"). + reportProblemsToJiraComponent("my-jira-component"). + contactPerson("my-team-lead"). + productScope([ocpSpecific|kubernetes]). + enableIn(TechPreviewNoUpgrade). + enableForClusterProfile(Hypershift, Default). + mustRegister() +``` + +### Promoting to Default on all ClusterProfiles +```go +FeatureGateMyFeatureName = newFeatureGate("MyFeatureName"). + reportProblemsToJiraComponent("my-jira-component"). + contactPerson("my-team-lead"). + productScope([ocpSpecific|kubernetes]). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() +``` + +### defining tests +Tests are logically associated with FeatureGates. +When adding any FeatureGated functionality a new test file is required. +The test files are located in `//tests//FeatureGate.yaml`: +``` +route/ + v1/ + tests/ + routes.route.openshift.io/ + AAA_ungated.yaml + ExternalRouteCertificate.yaml +``` +Here's an `AAA_ungated.yaml` example: +```yaml +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this. +name: Route +crdName: routes.route.openshift.io +tests: +``` + +Here's an `ExternalRouteCertificate.yaml` example: +```yaml +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this. +name: Route +crdName: routes.route.openshift.io +featureGate: ExternalRouteCertificate +tests: +``` + +The integration tests use the crdName and featureGate to determine which tests apply to which manifests and automatically +react to changes when the FeatureGates are enabled/disabled on various FeatureSets and ClusterProfiles. + +[`gen-minimal-test.sh`](tests/hack/gen-minimal-test.sh) can still function to stub out files if you don't want to +copy/paste an existing one. + + ## defining new APIs When defining a new API, please follow [the OpenShift API @@ -10,6 +95,89 @@ conventions](https://github.com/openshift/enhancements/blob/master/CONVENTIONS.m and then follow the instructions below to regenerate CRDs (if necessary) and submit a pull request with your new API definitions and generated files. +### Adding a new stable API (v1) +When copying, it matters which `// +foo` markers are two comments blocks up and which are one comment block up. + +```go +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// the next line of whitespace matters + +// MyAPI is amazing, let me describe it! +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=my-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=myapis,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/ +// +openshift:capability=IfYouHaveOne +// +kubebuilder:printcolumn:name=Column Name,JSONPath=.status.something,type=string,description=how users should interpret this. +// +kubebuilder:metadata:annotations=key=value +// +kubebuilder:metadata:labels=key=value +// +kubebuilder:validation:XValidation:rule= +type MyAPI struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec is the desired state of the cluster version - the operator will work + // to ensure that the desired version is applied to the cluster. + // +kubebuilder:validation:Required + Spec MyAPISpec `json:"spec"` + // status contains information about the available updates and any in-progress + // updates. + // +optional + Status MyAPIStatus `json:"status"` +} + +``` + +### Adding a new unstable API (v1alpha) +First, add a FeatureGate as described above. + +Like above, but there's an additional + +```go +// +kubebuilder:validation:XValidation:rule= +// +openshift:enable:FeatureGate=MyFeatureGate +type MyAPI struct { + ... +} +``` + +### Adding new fields +Here are few other use-cases for convenience, but have a look in `./example` for other possibilities. + + +```go +// +openshift:validation:FeatureGateAwareXValidation:featureGate=MyFeatureGate,rule="has(oldSelf.coolNewField) ? has(self.coolNewField) : true",message="coolNewField may not be removed once set" +type MyAPI struct { + // +openshift:enable:FeatureGate=MyFeatureGate + // +optional + CoolNewField string `json:"coolNewField"` +} + +// EvolvingDiscriminator defines the audit policy profile type. +// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum="";StableValue +// +openshift:validation:FeatureGateAwareEnum:featureGate=MyFeatureGate,enum="";StableValue;TechPreviewOnlyValue +type EvolvingDiscriminator string + +const ( + // "StableValue" is always present. + StableValue EvolvingDiscriminator = "StableValue" + + // "TechPreviewOnlyValue" should only be allowed when TechPreviewNoUpgrade is set in the cluster + TechPreviewOnlyValue EvolvingDiscriminator = "TechPreviewOnlyValue" +) + +``` + + ### required labels In addition to the standard `lgtm` and `approved` labels this repository requires either: @@ -40,6 +208,18 @@ No, signing a team up to be a no-FF team includes some basic education on the pr participants are aware the team is moving to that model. If you'd like to sign your team up, please speak with Gina Hargan who will be happy to help on-board your team. +## vendoring generated manifests into other repositories +If your repository relies on vendoring and copying CRD manifests (good job!), you'll need have an import line that +depends on the package that contains the CRD manifests. +For example, adding +```go +import ( + _ "github.com/openshift/api/operatoringress/v1/zz_generated.crd-manifests" +) +``` +to any .go file will work, but some commonly chosen files are `tools/tools.go` or `pkg/dependencymagnet/doc.go`. +Once added, a `go mod vendor` will pick up the package containing the manifests for you to copy. + ## generating CRD schemas Since Kubernetes 1.16, every CRD created in `apiextensions.k8s.io/v1` is required to have a [structural OpenAPIV3 schema](https://kubernetes.io/blog/2019/06/20/crd-structural-schema/). The schemas provide server-side validation for fields, as well as providing the descriptions for `oc explain`. Moreover, schemas ensure structural consistency of data in etcd. Without it anything can be stored in a resource which can have security implications. As we host many of our CRDs in this repo along with their corresponding Go types we also require them to have schemas. However, the following instructions apply for CRDs that are not hosted here as well. @@ -78,13 +258,60 @@ After this, calling `make update-codegen-crds` should generate a new structural For more information on the API markers to add to your Go types, see the [Kubebuilder book](https://book.kubebuilder.io/reference/markers.html) -### Post-schema-generation Patches +### Order of generation +`make update-codegen-crds` does roughly this: + +1. Run the `empty-partial-schema` tool. This creates empty CRD manifests in `zz_generated.featuregated-crd-manifests` for each FeatureGate. +2. Run the `schemapatch` tool. This fills in the schema for each per-FeatureGate CRD manifest. +3. Run the `manifest-merge` tool. This combines all the per-FeatureGate CRD manifests and `manual-overrides` + +#### empty-partial-schema +This tool is gengo based and scans all types for a `// +kubebuilder:object:root=true` marker. +For each type match, the type is navigated and all tags that include a `featureGate` +(`// +openshift:enable:FeatureGate`, `// +openshift:validation:FeatureGateAwareEnum`, and `// +openshift:validation:FeatureGateAwareXValidation`) +are tracked. +For each type, for each FeatureGate, a file CRD manifest is created in `zz_generated.featuregated-crd-manifests`. +The most common kube-builder tags are re-implemented in this stage to fill in the non-schema portion of the CRD manifests. +This includes things like metadata, resource, and some custom openshift tags as well. + +The generator ignores the schema when doing verify, so it doesn't fail on needing to run `schemapatch`. +The generator should clean up old FeatureGated manifests when the gate is removed. +Ungated files are created for resources that are sometimes ungated. +Annotations are injected to indicate which FeatureGate a manifest is for: this is later read by `schemapatch` and `manifest-merge`. + +#### schemapatch +This tool is kubebuilder based with patches to handle FeatureGated types, members, and validation. +It reads the injected annotation from `empty-partial-schema` to decide which FeatureGate should be considered enabled when +creating the schema that needs to be injected. +It has no knowledge of whether the FeatureGate is enabled or disabled in particular ClusterProfile,FeatureSet tuples. +It only needs a single pass over all the FeatureGated partial manifests. + +If the schema generation isn't doing what you want, `manual-override-crd-manifests` allows partially overlaying bits of the CRD manifest. +`yamlpatch` is no longer supported. +The format is just "write the CRD you want and delete the stuff the generator sets properly". +More specifically, it is the partial manifest that server-side-apply (structured merge diff) would properly merge on top of +the CRD that is generated otherwise. +Caveat, you cannot test this with a kube-apiserver because the CRD schema uses atomic lists and we had to patch that +schema to indicate map lists keyed by version. + +#### manifest-merge +This tool is gengo based and it combines the files in `zz_generated.featuregated-crd-manifests` and `manual-override-crd-manifests` +on a per ClusterProfile,FeatureSet tuple. +This tool takes as input all possible ClusterProfiles and all possible FeatureSets. +It then maps from ClusterProfile,FeatureSet tuple to the set of enabled and disabled FeatureGates. +Then for each CRD,ClusterProfile,Feature tuple, it merges the pertinent input using structured-merge-diff (SSA) logic +based on the CRD schema plus a patch to make atomic fields map-lists. +Pertinence is determined based on +1. does this manifest have preferred ClusterProfile annotations: if so, honor them; if not, include everywhere. +2. does this manifest have FeatureGate annotations: if so, match against the enabled set for the ClusterProfile,FeatureSet tuple. + Note that CustomNoUpgrade selects everything -Schema generation features might be limited or fall behind what CRD schemas supports in the latest Kubernetes version. -To work around this, there are two patch mechanisms implemented by the `add-crd-gen` target. Basic idea is that you -place a patch file next to the CRD yaml manifest with either `yaml-merge-patch` or `yaml-patch` as extension, -but with the same base name. The `update-codegen-crds` Makefile target will apply these **after** calling -kubebuilder's controller-gen: +Once we have CRD for each ClusterProfile,FeatureSet tuple we choose what to serialize. +This roughly follows: +1. if all the CRDs are the same, write a single file and annotate with no FeatureSet and every ClusterProfile. Done. +2. if all the CRDs are the same across all ClusterProfiles for each FeatureSet, create one file per FeatureSet and + annotate with one FeatureSet and all ClusterProfiles. Done. +3. if all the CRDs are the same across all FeatureSets for one ClusterProfile, create one file and annotate + with no FeatureSet and one ClusterProfile. Continue to 4. +4. for all remaining ClusterProfile,FeatureSet tuples, serialize a file with one FeatureSet and one ClusterProfile. -- `yaml-merge-patch`: these are applied via `yq m -x ` compare https://mikefarah.gitbook.io/yq/commands/merge#overwrite-values. -- `yaml-patch`: these are applied via `yaml-patch -o < ` using https://github.com/krishicks/yaml-patch. diff --git a/vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml b/vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml deleted file mode 100644 index c5a96ac0c3..0000000000 --- a/vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml +++ /dev/null @@ -1,328 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/897 - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: apirequestcounts.apiserver.openshift.io -spec: - group: apiserver.openshift.io - names: - kind: APIRequestCount - listKind: APIRequestCountList - plural: apirequestcounts - singular: apirequestcount - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Release in which an API will be removed. - jsonPath: .status.removedInRelease - name: RemovedInRelease - type: string - - description: Number of requests in the current hour. - jsonPath: .status.currentHour.requestCount - name: RequestsInCurrentHour - type: integer - - description: Number of requests in the last 24h. - jsonPath: .status.requestCount - name: RequestsInLast24h - type: integer - name: v1 - schema: - openAPIV3Schema: - description: "APIRequestCount tracks requests made to an API. The instance - name must be of the form `resource.version.group`, matching the resource. - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec defines the characteristics of the resource. - properties: - numberOfUsersToReport: - default: 10 - description: numberOfUsersToReport is the number of users to include - in the report. If unspecified or zero, the default is ten. This - is default is subject to change. - format: int64 - maximum: 100 - minimum: 0 - type: integer - type: object - status: - description: status contains the observed state of the resource. - properties: - conditions: - description: conditions contains details of the current status of - this API Resource. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - currentHour: - description: currentHour contains request history for the current - hour. This is porcelain to make the API easier to read by humans - seeing if they addressed a problem. This field is reset on the hour. - properties: - byNode: - description: byNode contains logs of requests per node. - items: - description: PerNodeAPIRequestLog contains logs of requests - to a certain node. - properties: - byUser: - description: byUser contains request details by top .spec.numberOfUsersToReport - users. Note that because in the case of an apiserver, - restart the list of top users is determined on a best-effort - basis, the list might be imprecise. In addition, some - system users may be explicitly included in the list. - items: - description: PerUserAPIRequestCount contains logs of a - user's requests. - properties: - byVerb: - description: byVerb details by verb. - items: - description: PerVerbAPIRequestCount requestCounts - requests by API request verb. - properties: - requestCount: - description: requestCount of requests for verb. - format: int64 - minimum: 0 - type: integer - verb: - description: verb of API request (get, list, - create, etc...) - maxLength: 20 - type: string - type: object - maxItems: 10 - type: array - requestCount: - description: requestCount of requests by the user - across all verbs. - format: int64 - minimum: 0 - type: integer - userAgent: - description: userAgent that made the request. The - same user often has multiple binaries which connect - (pods with many containers). The different binaries - will have different userAgents, but the same user. In - addition, we have userAgents with version information - embedded and the userName isn't likely to change. - maxLength: 1024 - type: string - username: - description: userName that made the request. - maxLength: 512 - type: string - type: object - maxItems: 500 - type: array - nodeName: - description: nodeName where the request are being handled. - maxLength: 512 - minLength: 1 - type: string - requestCount: - description: requestCount is a sum of all requestCounts - across all users, even those outside of the top 10 users. - format: int64 - minimum: 0 - type: integer - type: object - maxItems: 512 - type: array - requestCount: - description: requestCount is a sum of all requestCounts across - nodes. - format: int64 - minimum: 0 - type: integer - type: object - last24h: - description: last24h contains request history for the last 24 hours, - indexed by the hour, so 12:00AM-12:59 is in index 0, 6am-6:59am - is index 6, etc. The index of the current hour is updated live and - then duplicated into the requestsLastHour field. - items: - description: PerResourceAPIRequestLog logs request for various nodes. - properties: - byNode: - description: byNode contains logs of requests per node. - items: - description: PerNodeAPIRequestLog contains logs of requests - to a certain node. - properties: - byUser: - description: byUser contains request details by top .spec.numberOfUsersToReport - users. Note that because in the case of an apiserver, - restart the list of top users is determined on a best-effort - basis, the list might be imprecise. In addition, some - system users may be explicitly included in the list. - items: - description: PerUserAPIRequestCount contains logs of - a user's requests. - properties: - byVerb: - description: byVerb details by verb. - items: - description: PerVerbAPIRequestCount requestCounts - requests by API request verb. - properties: - requestCount: - description: requestCount of requests for - verb. - format: int64 - minimum: 0 - type: integer - verb: - description: verb of API request (get, list, - create, etc...) - maxLength: 20 - type: string - type: object - maxItems: 10 - type: array - requestCount: - description: requestCount of requests by the user - across all verbs. - format: int64 - minimum: 0 - type: integer - userAgent: - description: userAgent that made the request. The - same user often has multiple binaries which connect - (pods with many containers). The different binaries - will have different userAgents, but the same user. In - addition, we have userAgents with version information - embedded and the userName isn't likely to change. - maxLength: 1024 - type: string - username: - description: userName that made the request. - maxLength: 512 - type: string - type: object - maxItems: 500 - type: array - nodeName: - description: nodeName where the request are being handled. - maxLength: 512 - minLength: 1 - type: string - requestCount: - description: requestCount is a sum of all requestCounts - across all users, even those outside of the top 10 users. - format: int64 - minimum: 0 - type: integer - type: object - maxItems: 512 - type: array - requestCount: - description: requestCount is a sum of all requestCounts across - nodes. - format: int64 - minimum: 0 - type: integer - type: object - maxItems: 24 - type: array - removedInRelease: - description: removedInRelease is when the API will be removed. - maxLength: 64 - minLength: 0 - pattern: ^[0-9][0-9]*\.[0-9][0-9]*$ - type: string - requestCount: - description: requestCount is a sum of all requestCounts across all - current hours, nodes, and users. - format: int64 - minimum: 0 - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/apiserver/v1/stable.apirequestcount.testsuite.yaml b/vendor/github.com/openshift/api/apiserver/v1/stable.apirequestcount.testsuite.yaml deleted file mode 100644 index f1e61eaff2..0000000000 --- a/vendor/github.com/openshift/api/apiserver/v1/stable.apirequestcount.testsuite.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] API Server" -crd: apiserver.openshift.io_apirequestcount.yaml -tests: - onCreate: - - name: Should be able to create a minimal RoleBindingRestriction - initial: | - apiVersion: apiserver.openshift.io/v1 - kind: APIRequestCount - spec: {} # No spec is required for a APIRequestCount - expected: | - apiVersion: apiserver.openshift.io/v1 - kind: APIRequestCount - spec: - numberOfUsersToReport: 10 diff --git a/vendor/github.com/openshift/api/apiserver/v1/types_apirequestcount.go b/vendor/github.com/openshift/api/apiserver/v1/types_apirequestcount.go index 492c48b88d..eb4918a661 100644 --- a/vendor/github.com/openshift/api/apiserver/v1/types_apirequestcount.go +++ b/vendor/github.com/openshift/api/apiserver/v1/types_apirequestcount.go @@ -11,8 +11,6 @@ const ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:resource:scope="Cluster" -// +kubebuilder:subresource:status // +genclient:nonNamespaced // +openshift:compatibility-gen:level=1 @@ -20,6 +18,15 @@ const ( // be of the form `resource.version.group`, matching the resource. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=apirequestcounts,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/897 +// +openshift:file-pattern=operatorName=kube-apiserver +// +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true +// +kubebuilder:printcolumn:name=RemovedInRelease,JSONPath=.status.removedInRelease,type=string,description=Release in which an API will be removed. +// +kubebuilder:printcolumn:name=RequestsInCurrentHour,JSONPath=.status.currentHour.requestCount,type=integer,description=Number of requests in the current hour. +// +kubebuilder:printcolumn:name=RequestsInLast24h,JSONPath=.status.requestCount,type=integer,description=Number of requests in the last 24h. type APIRequestCount struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/apiserver/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/apiserver/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..f5ff911a2f --- /dev/null +++ b/vendor/github.com/openshift/api/apiserver/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,34 @@ +apirequestcounts.apiserver.openshift.io: + Annotations: + include.release.openshift.io/self-managed-high-availability: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/897 + CRDName: apirequestcounts.apiserver.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: kube-apiserver + FilenameOperatorOrdering: "" + FilenameRunLevel: "" + GroupName: apiserver.openshift.io + HasStatus: true + KindName: APIRequestCount + Labels: {} + PluralName: apirequestcounts + PrinterColumns: + - description: Release in which an API will be removed. + jsonPath: .status.removedInRelease + name: RemovedInRelease + type: string + - description: Number of requests in the current hour. + jsonPath: .status.currentHour.requestCount + name: RequestsInCurrentHour + type: integer + - description: Number of requests in the last 24h. + jsonPath: .status.requestCount + name: RequestsInLast24h + type: integer + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml b/vendor/github.com/openshift/api/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml deleted file mode 100644 index 597a9771ed..0000000000 --- a/vendor/github.com/openshift/api/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml +++ /dev/null @@ -1,215 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: rolebindingrestrictions.authorization.openshift.io -spec: - group: authorization.openshift.io - names: - kind: RoleBindingRestriction - listKind: RoleBindingRestrictionList - plural: rolebindingrestrictions - singular: rolebindingrestriction - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "RoleBindingRestriction is an object that can be matched against - a subject (user, group, or service account) to determine whether rolebindings - on that subject are allowed in the namespace to which the RoleBindingRestriction - belongs. If any one of those RoleBindingRestriction objects matches a subject, - rolebindings on that subject in the namespace are allowed. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the matcher. - properties: - grouprestriction: - description: GroupRestriction matches against group subjects. - nullable: true - properties: - groups: - description: Groups is a list of groups used to match against - an individual user's groups. If the user is a member of one - of the whitelisted groups, the user is allowed to be bound to - a role. - items: - type: string - nullable: true - type: array - labels: - description: Selectors specifies a list of label selectors over - group labels. - items: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - nullable: true - type: array - type: object - serviceaccountrestriction: - description: ServiceAccountRestriction matches against service-account - subjects. - nullable: true - properties: - namespaces: - description: Namespaces specifies a list of literal namespace - names. - items: - type: string - type: array - serviceaccounts: - description: ServiceAccounts specifies a list of literal service-account - names. - items: - description: ServiceAccountReference specifies a service account - and namespace by their names. - properties: - name: - description: Name is the name of the service account. - type: string - namespace: - description: Namespace is the namespace of the service account. Service - accounts from inside the whitelisted namespaces are allowed - to be bound to roles. If Namespace is empty, then the - namespace of the RoleBindingRestriction in which the ServiceAccountReference - is embedded is used. - type: string - type: object - type: array - type: object - userrestriction: - description: UserRestriction matches against user subjects. - nullable: true - properties: - groups: - description: Groups specifies a list of literal group names. - items: - type: string - nullable: true - type: array - labels: - description: Selectors specifies a list of label selectors over - user labels. - items: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - nullable: true - type: array - users: - description: Users specifies a list of literal user names. - items: - type: string - type: array - type: object - type: object - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/authorization/v1/generated.proto b/vendor/github.com/openshift/api/authorization/v1/generated.proto index 7d0abe95cf..4be3f6c762 100644 --- a/vendor/github.com/openshift/api/authorization/v1/generated.proto +++ b/vendor/github.com/openshift/api/authorization/v1/generated.proto @@ -367,6 +367,10 @@ message RoleBindingList { // a subject, rolebindings on that subject in the namespace are allowed. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=rolebindingrestrictions,scope=Namespaced +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 // +openshift:compatibility-gen:level=1 message RoleBindingRestriction { // metadata is the standard object's metadata. diff --git a/vendor/github.com/openshift/api/authorization/v1/stable.rolebindingrestriction.testsuite.yaml b/vendor/github.com/openshift/api/authorization/v1/stable.rolebindingrestriction.testsuite.yaml deleted file mode 100644 index 2b82115745..0000000000 --- a/vendor/github.com/openshift/api/authorization/v1/stable.rolebindingrestriction.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Authorization" -crd: 0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal RoleBindingRestriction - initial: | - apiVersion: authorization.openshift.io/v1 - kind: RoleBindingRestriction - spec: {} # No spec is required for a RoleBindingRestriction - expected: | - apiVersion: authorization.openshift.io/v1 - kind: RoleBindingRestriction - spec: {} diff --git a/vendor/github.com/openshift/api/authorization/v1/types.go b/vendor/github.com/openshift/api/authorization/v1/types.go index da229b3a88..11a71e65dd 100644 --- a/vendor/github.com/openshift/api/authorization/v1/types.go +++ b/vendor/github.com/openshift/api/authorization/v1/types.go @@ -532,6 +532,10 @@ type ClusterRoleList struct { // a subject, rolebindings on that subject in the namespace are allowed. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=rolebindingrestrictions,scope=Namespaced +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 // +openshift:compatibility-gen:level=1 type RoleBindingRestriction struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/authorization/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/authorization/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..4756252b9c --- /dev/null +++ b/vendor/github.com/openshift/api/authorization/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,21 @@ +rolebindingrestrictions.authorization.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: rolebindingrestrictions.authorization.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_03" + GroupName: authorization.openshift.io + HasStatus: false + KindName: RoleBindingRestriction + Labels: {} + PluralName: rolebindingrestrictions + PrinterColumns: [] + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/build/OWNERS b/vendor/github.com/openshift/api/build/OWNERS index c1ece8b213..e6d19c798d 100644 --- a/vendor/github.com/openshift/api/build/OWNERS +++ b/vendor/github.com/openshift/api/build/OWNERS @@ -1,4 +1,7 @@ reviewers: + - adambkaplan - bparees - - gabemontero + - sayan-biswas +emeritus_reviewers: - jim-minter + - gabemontero diff --git a/vendor/github.com/openshift/api/cloudnetwork/.codegen.yaml b/vendor/github.com/openshift/api/cloudnetwork/.codegen.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml b/vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml deleted file mode 100644 index b5e78bc381..0000000000 --- a/vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml +++ /dev/null @@ -1,151 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/859 - name: cloudprivateipconfigs.cloud.network.openshift.io -spec: - group: cloud.network.openshift.io - names: - kind: CloudPrivateIPConfig - listKind: CloudPrivateIPConfigList - plural: cloudprivateipconfigs - singular: cloudprivateipconfig - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "CloudPrivateIPConfig performs an assignment of a private IP - address to the primary NIC associated with cloud VMs. This is done by specifying - the IP and Kubernetes node which the IP should be assigned to. This CRD - is intended to be used by the network plugin which manages the cluster network. - The spec side represents the desired state requested by the network plugin, - and the status side represents the current state that this CRD's controller - has executed. No users will have permission to modify it, and if a cluster-admin - decides to edit it for some reason, their changes will be overwritten the - next time the network plugin reconciles the object. Note: the CR's name - must specify the requested private IP address (can be IPv4 or IPv6). \n - Compatibility level 1: Stable within a major release for a minimum of 12 - months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - properties: - name: - anyOf: - - format: ipv4 - - pattern: ^[0-9a-f]{4}(\.[0-9a-f]{4}){7}$ - type: string - type: object - spec: - description: spec is the definition of the desired private IP request. - properties: - node: - description: 'node is the node name, as specified by the Kubernetes - field: node.metadata.name' - type: string - type: object - status: - description: status is the observed status of the desired private IP request. - Read-only. - properties: - conditions: - description: condition is the assignment condition of the private - IP and its status - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - node: - description: 'node is the node name, as specified by the Kubernetes - field: node.metadata.name' - type: string - required: - - conditions - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml-patch b/vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml-patch deleted file mode 100644 index a11d1b82c9..0000000000 --- a/vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml-patch +++ /dev/null @@ -1,10 +0,0 @@ -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/metadata - value: - type: object - properties: - name: - type: string - anyOf: - - format: ipv4 - - pattern: '^[0-9a-f]{4}(\.[0-9a-f]{4}){7}$' diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto b/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto index 6c3688af6c..dc4557883f 100644 --- a/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto +++ b/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto @@ -31,6 +31,8 @@ option go_package = "github.com/openshift/api/cloudnetwork/v1"; // +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:resource:path=cloudprivateipconfigs,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/859 +// +openshift:file-pattern=operatorOrdering=001 // +openshift:compatibility-gen:level=1 message CloudPrivateIPConfig { // metadata is the standard object's metadata. diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/stable.cloudprivateipconfig.testsuite.yaml b/vendor/github.com/openshift/api/cloudnetwork/v1/stable.cloudprivateipconfig.testsuite.yaml deleted file mode 100644 index 9a65ba885f..0000000000 --- a/vendor/github.com/openshift/api/cloudnetwork/v1/stable.cloudprivateipconfig.testsuite.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Cloud Network" -crd: 001-cloudprivateipconfig.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal CloudPrivateIPConfig - initial: | - apiVersion: cloud.network.openshift.io/v1 - kind: CloudPrivateIPConfig - metadata: - name: 1.2.3.4 - spec: {} # No spec is required for a CloudPrivateIPConfig - expected: | - apiVersion: cloud.network.openshift.io/v1 - kind: CloudPrivateIPConfig - metadata: - name: 1.2.3.4 - spec: {} diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/types.go b/vendor/github.com/openshift/api/cloudnetwork/v1/types.go index 78dcae0921..4c19e44c3f 100644 --- a/vendor/github.com/openshift/api/cloudnetwork/v1/types.go +++ b/vendor/github.com/openshift/api/cloudnetwork/v1/types.go @@ -23,6 +23,8 @@ import ( // +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:resource:path=cloudprivateipconfigs,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/859 +// +openshift:file-pattern=operatorOrdering=001 // +openshift:compatibility-gen:level=1 type CloudPrivateIPConfig struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..18b16994d9 --- /dev/null +++ b/vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,21 @@ +cloudprivateipconfigs.cloud.network.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/859 + CRDName: cloudprivateipconfigs.cloud.network.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "001" + FilenameRunLevel: "" + GroupName: cloud.network.openshift.io + HasStatus: true + KindName: CloudPrivateIPConfig + Labels: {} + PluralName: cloudprivateipconfigs + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/config/.codegen.yaml b/vendor/github.com/openshift/api/config/.codegen.yaml index e799336feb..ffa2c8d9b2 100644 --- a/vendor/github.com/openshift/api/config/.codegen.yaml +++ b/vendor/github.com/openshift/api/config/.codegen.yaml @@ -1,8 +1,2 @@ -schemapatch: - requiredFeatureSets: - - "" - - "Default" - - "TechPreviewNoUpgrade" - - "CustomNoUpgrade" swaggerdocs: commentPolicy: Warn diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml deleted file mode 100644 index 3baf5a4565..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml +++ /dev/null @@ -1,167 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/497 - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: clusteroperators.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ClusterOperator - listKind: ClusterOperatorList - plural: clusteroperators - shortNames: - - co - singular: clusteroperator - scope: Cluster - versions: - - additionalPrinterColumns: - - description: The version the operator is at. - jsonPath: .status.versions[?(@.name=="operator")].version - name: Version - type: string - - description: Whether the operator is running and stable. - jsonPath: .status.conditions[?(@.type=="Available")].status - name: Available - type: string - - description: Whether the operator is processing changes. - jsonPath: .status.conditions[?(@.type=="Progressing")].status - name: Progressing - type: string - - description: Whether the operator is degraded. - jsonPath: .status.conditions[?(@.type=="Degraded")].status - name: Degraded - type: string - - description: The time the operator's Available status last changed. - jsonPath: .status.conditions[?(@.type=="Available")].lastTransitionTime - name: Since - type: date - name: v1 - schema: - openAPIV3Schema: - description: "ClusterOperator is the Custom Resource object which holds the - current state of an operator. This object is used by operators to convey - their state to the rest of the cluster. \n Compatibility level 1: Stable - within a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds configuration that could apply to any operator. - type: object - status: - description: status holds the information about the state of an operator. It - is consistent with status information across the Kubernetes ecosystem. - properties: - conditions: - description: conditions describes the state of the operator's managed - and monitored components. - items: - description: ClusterOperatorStatusCondition represents the state - of the operator's managed and monitored components. - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - format: date-time - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be - rendered as new lines. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - extension: - description: extension contains any additional status information - specific to the operator which owns this status object. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - relatedObjects: - description: 'relatedObjects is a list of objects that are "interesting" - or related to this operator. Common uses are: 1. the detailed resource - driving the operator 2. operator namespaces 3. operand namespaces' - items: - description: ObjectReference contains enough information to let - you inspect or modify the referred object. - properties: - group: - description: group of the referent. - type: string - name: - description: name of the referent. - type: string - namespace: - description: namespace of the referent. - type: string - resource: - description: resource of the referent. - type: string - required: - - group - - name - - resource - type: object - type: array - versions: - description: versions is a slice of operator and operand version tuples. Operators - which manage multiple operands will have multiple operand entries - in the array. Available operators must report the version of the - operator itself with the name "operator". An operator reports a - new "operator" version when it has rolled out the new version to - all of its operands. - items: - properties: - name: - description: name is the name of the particular operand this - version is for. It usually matches container images, not - operators. - type: string - version: - description: version indicates which version of a particular - operand is currently being managed. It must always match - the Available operand. If 1.0.0 is Available, then this must - indicate 1.0.0 even if the operator is trying to rollout 1.1.0 - type: string - required: - - name - - version - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-CustomNoUpgrade.crd.yaml deleted file mode 100644 index d86f1dc011..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,775 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/495 - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: clusterversions.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ClusterVersion - plural: clusterversions - singular: clusterversion - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.history[?(@.state=="Completed")].version - name: Version - type: string - - jsonPath: .status.conditions[?(@.type=="Available")].status - name: Available - type: string - - jsonPath: .status.conditions[?(@.type=="Progressing")].status - name: Progressing - type: string - - jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime - name: Since - type: date - - jsonPath: .status.conditions[?(@.type=="Progressing")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: "ClusterVersion is the configuration for the ClusterVersionOperator. - This is where parameters related to automatic updates can be set. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the desired state of the cluster version - the operator - will work to ensure that the desired version is applied to the cluster. - properties: - capabilities: - description: capabilities configures the installation of optional, - core cluster components. A null value here is identical to an empty - object; see the child properties for default semantics. - properties: - additionalEnabledCapabilities: - description: additionalEnabledCapabilities extends the set of - managed capabilities beyond the baseline defined in baselineCapabilitySet. The - default is an empty set. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - type: string - type: array - x-kubernetes-list-type: atomic - baselineCapabilitySet: - description: baselineCapabilitySet selects an initial set of optional - capabilities to enable, which can be extended via additionalEnabledCapabilities. If - unset, the cluster will choose a default, and the default may - change over time. The current default is vCurrent. - enum: - - None - - v4.11 - - v4.12 - - v4.13 - - v4.14 - - v4.15 - - vCurrent - type: string - type: object - channel: - description: channel is an identifier for explicitly requesting that - a non-default set of updates be applied to this cluster. The default - channel will be contain stable updates that are appropriate for - production clusters. - type: string - clusterID: - description: clusterID uniquely identifies this cluster. This is expected - to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - in hexadecimal values). This is a required field. - type: string - desiredUpdate: - description: "desiredUpdate is an optional field that indicates the - desired value of the cluster version. Setting this value will trigger - an upgrade (if the current version does not match the desired version). - The set of recommended update values is listed as part of available - updates in status, and setting values outside that range may cause - the upgrade to fail. \n Some of the fields are inter-related with - restrictions and meanings described here. 1. image is specified, - version is specified, architecture is specified. API validation - error. 2. image is specified, version is specified, architecture - is not specified. You should not do this. version is silently ignored - and image is used. 3. image is specified, version is not specified, - architecture is specified. API validation error. 4. image is specified, - version is not specified, architecture is not specified. image is - used. 5. image is not specified, version is specified, architecture - is specified. version and desired architecture are used to select - an image. 6. image is not specified, version is specified, architecture - is not specified. version and current architecture are used to select - an image. 7. image is not specified, version is not specified, architecture - is specified. API validation error. 8. image is not specified, version - is not specified, architecture is not specified. API validation - error. \n If an upgrade fails the operator will halt and report - status about the failing component. Setting the desired update value - back to the previous version will cause a rollback to be attempted. - Not all rollbacks will succeed." - properties: - architecture: - description: architecture is an optional field that indicates - the desired value of the cluster architecture. In this context - cluster architecture means either a single architecture or a - multi architecture. architecture can only be set to Multi thereby - only allowing updates from single to multi architecture. If - architecture is set, image cannot be set and version must be - set. Valid values are 'Multi' and empty. - enum: - - Multi - - "" - type: string - force: - description: force allows an administrator to update to an image - that has failed verification or upgradeable checks. This option - should only be used when the authenticity of the provided image - has been verified out of band because the provided image will - run with full administrative access to the cluster. Do not use - this flag with images that comes from unknown or potentially - malicious sources. - type: boolean - image: - description: image is a container image location that contains - the update. image should be used when the desired version does - not exist in availableUpdates or history. When image is set, - version is ignored. When image is set, version should be empty. - When image is set, architecture cannot be specified. - type: string - version: - description: version is a semantic version identifying the update - version. version is ignored if image is specified and required - if architecture is specified. - type: string - type: object - x-kubernetes-validations: - - message: cannot set both Architecture and Image - rule: 'has(self.architecture) && has(self.image) ? (self.architecture - == '''' || self.image == '''') : true' - - message: Version must be set if Architecture is set - rule: 'has(self.architecture) && self.architecture != '''' ? self.version - != '''' : true' - overrides: - description: overrides is list of overides for components that are - managed by cluster version operator. Marking a component unmanaged - will prevent the operator from creating or updating the object. - items: - description: ComponentOverride allows overriding cluster version - operator's behavior for a component. - properties: - group: - description: group identifies the API group that the kind is - in. - type: string - kind: - description: kind indentifies which object to override. - type: string - name: - description: name is the component's name. - type: string - namespace: - description: namespace is the component's namespace. If the - resource is cluster scoped, the namespace should be empty. - type: string - unmanaged: - description: 'unmanaged controls if cluster version operator - should stop managing the resources in this cluster. Default: - false' - type: boolean - required: - - group - - kind - - name - - namespace - - unmanaged - type: object - type: array - x-kubernetes-list-map-keys: - - kind - - group - - namespace - - name - x-kubernetes-list-type: map - signatureStores: - description: "signatureStores contains the upstream URIs to verify - release signatures and optional reference to a config map by name - containing the PEM-encoded CA bundle. \n By default, CVO will use - existing signature stores if this property is empty. The CVO will - check the release signatures in the local ConfigMaps first. It will - search for a valid signature in these stores in parallel only when - local ConfigMaps did not include a valid signature. Validation will - fail if none of the signature stores reply with valid signature - before timeout. Setting signatureStores will replace the default - signature stores with custom signature stores. Default stores can - be used with custom signature stores by adding them manually. \n - A maximum of 32 signature stores may be configured." - items: - description: SignatureStore represents the URL of custom Signature - Store - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as a - trust anchor to validate the TLS certificate presented by - the remote server. The key "ca.crt" is used to locate the - data. If specified and the config map or expected key is not - found, the signature store is not honored. If the specified - ca data is not valid, the signature store is not honored. - If empty, we fall back to the CA configured via Proxy, which - is appended to the default system roots. The namespace for - this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - url: - description: url contains the upstream custom signature store - URL. url should be a valid absolute http/https URI of an upstream - signature store as per rfc1738. This must be provided and - cannot be empty. - type: string - x-kubernetes-validations: - - message: url must be a valid absolute URL - rule: isURL(self) - required: - - url - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - url - x-kubernetes-list-type: map - upstream: - description: upstream may be used to specify the preferred update - server. By default it will use the appropriate update server for - the cluster and region. - type: string - required: - - clusterID - type: object - status: - description: status contains information about the available updates and - any in-progress updates. - properties: - availableUpdates: - description: availableUpdates contains updates recommended for this - cluster. Updates which appear in conditionalUpdates but not in availableUpdates - may expose this cluster to known issues. This list may be empty - if no updates are recommended, if the update service is unavailable, - or if an invalid channel has been specified. - items: - description: Release represents an OpenShift release image and associated - metadata. - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or - the metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set - for test or nightly releases. - type: string - version: - description: version is a semantic version identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - type: object - nullable: true - type: array - x-kubernetes-list-type: atomic - capabilities: - description: capabilities describes the state of optional, core cluster - components. - properties: - enabledCapabilities: - description: enabledCapabilities lists all the capabilities that - are currently managed. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - type: string - type: array - x-kubernetes-list-type: atomic - knownCapabilities: - description: knownCapabilities lists all the capabilities known - to the current cluster. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - type: string - type: array - x-kubernetes-list-type: atomic - type: object - conditionalUpdates: - description: conditionalUpdates contains the list of updates that - may be recommended for this cluster if it meets specific required - conditions. Consumers interested in the set of updates that are - actually recommended for this cluster should use availableUpdates. - This list may be empty if no updates are recommended, if the update - service is unavailable, or if an empty or invalid channel has been - specified. - items: - description: ConditionalUpdate represents an update which is recommended - to some clusters on the version the current cluster is reconciling, - but which may not be recommended for the current cluster. - properties: - conditions: - description: 'conditions represents the observations of the - conditional update''s current status. Known types are: * Evaluating, - for whether the cluster-version operator will attempt to evaluate - any risks[].matchingRules. * Recommended, for whether the - update is recommended for the current cluster.' - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - release: - description: release is the target of the update. - properties: - channels: - description: channels is the set of Cincinnati channels - to which the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is - optional if version is specified and the availableUpdates - field contains a matching version. - type: string - url: - description: url contains information about this release. - This URL is set by the 'url' metadata property on a release - or the metadata returned by the update API and should - be displayed as a link in user interfaces. The URL field - may not be set for test or nightly releases. - type: string - version: - description: version is a semantic version identifying the - update version. When this field is part of spec, version - is optional if image is specified. - type: string - type: object - risks: - description: risks represents the range of issues associated - with updating to the target release. The cluster-version operator - will evaluate all entries, and only recommend the update if - there is at least one entry and all entries recommend the - update. - items: - description: ConditionalUpdateRisk represents a reason and - cluster-state for not recommending a conditional update. - properties: - matchingRules: - description: matchingRules is a slice of conditions for - deciding which clusters match the risk and which do - not. The slice is ordered by decreasing precedence. - The cluster-version operator will walk the slice in - order, and stop after the first it can successfully - evaluate. If no condition can be successfully evaluated, - the update will not be recommended. - items: - description: ClusterCondition is a union of typed cluster - conditions. The 'type' property determines which - of the type-specific properties are relevant. When - evaluated on a cluster, the condition may match, not - match, or fail to evaluate. - properties: - promql: - description: promQL represents a cluster condition - based on PromQL. - properties: - promql: - description: PromQL is a PromQL query classifying - clusters. This query query should return a - 1 in the match case and a 0 in the does-not-match - case. Queries which return no time series, - or which return values besides 0 or 1, are - evaluation failures. - type: string - required: - - promql - type: object - type: - description: type represents the cluster-condition - type. This defines the members and semantics of - any additional properties. - enum: - - Always - - PromQL - type: string - required: - - type - type: object - minItems: 1 - type: array - x-kubernetes-list-type: atomic - message: - description: message provides additional information about - the risk of updating, in the event that matchingRules - match the cluster state. This is only to be consumed - by humans. It may contain Line Feed characters (U+000A), - which should be rendered as new lines. - minLength: 1 - type: string - name: - description: name is the CamelCase reason for not recommending - a conditional update, in the event that matchingRules - match the cluster state. - minLength: 1 - type: string - url: - description: url contains information about this risk. - format: uri - minLength: 1 - type: string - required: - - matchingRules - - message - - name - - url - type: object - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - release - - risks - type: object - type: array - x-kubernetes-list-type: atomic - conditions: - description: conditions provides information about the cluster version. - The condition "Available" is set to true if the desiredUpdate has - been reached. The condition "Progressing" is set to true if an update - is being applied. The condition "Degraded" is set to true if an - update is currently blocked by a temporary or permanent error. Conditions - are only valid for the current desiredUpdate when metadata.generation - is equal to status.generation. - items: - description: ClusterOperatorStatusCondition represents the state - of the operator's managed and monitored components. - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - format: date-time - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be - rendered as new lines. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - desired: - description: desired is the version that the cluster is reconciling - towards. If the cluster is not yet fully initialized desired will - be set with the information available, which may be an image or - a tag. - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or the - metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set for - test or nightly releases. - type: string - version: - description: version is a semantic version identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - type: object - history: - description: history contains a list of the most recent versions applied - to the cluster. This value may be empty during cluster startup, - and then will be updated when a new update is being applied. The - newest update is first in the list and it is ordered by recency. - Updates in the history have state Completed if the rollout completed - - if an update was failing or halfway applied the state will be - Partial. Only a limited amount of update history is preserved. - items: - description: UpdateHistory is a single attempted update to the cluster. - properties: - acceptedRisks: - description: acceptedRisks records risks which were accepted - to initiate the update. For example, it may menition an Upgradeable=False - or missing signature that was overriden via desiredUpdate.force, - or an update that was initiated despite not being in the availableUpdates - set of recommended update targets. - type: string - completionTime: - description: completionTime, if set, is when the update was - fully applied. The update that is currently being applied - will have a null completion time. Completion time will always - be set for entries that are not the current update (usually - to the started time of the next update). - format: date-time - nullable: true - type: string - image: - description: image is a container image location that contains - the update. This value is always populated. - type: string - startedTime: - description: startedTime is the time at which the update was - started. - format: date-time - type: string - state: - description: state reflects whether the update was fully applied. - The Partial state indicates the update is not fully applied, - while the Completed state indicates the update was successfully - rolled out at least once (all parts of the update successfully - applied). - type: string - verified: - description: verified indicates whether the provided update - was properly verified before it was installed. If this is - false the cluster may not be trusted. Verified does not cover - upgradeable checks that depend on the cluster state at the - time when the update target was accepted. - type: boolean - version: - description: version is a semantic version identifying the update - version. If the requested image does not define a version, - or if a failure occurs retrieving the image, this value may - be empty. - type: string - required: - - completionTime - - image - - startedTime - - state - - verified - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration reports which version of the spec - is being synced. If this value is not equal to metadata.generation, - then the desired and conditions fields may represent a previous - version. - format: int64 - type: integer - versionHash: - description: versionHash is a fingerprint of the content that the - cluster will be updated with. It is used by the operator to avoid - unnecessary work and is for internal use only. - type: string - required: - - availableUpdates - - desired - - observedGeneration - - versionHash - type: object - required: - - spec - type: object - x-kubernetes-validations: - - message: the `baremetal` capability requires the `MachineAPI` capability, - which is neither explicitly or implicitly enabled in this cluster, please - enable the `MachineAPI` capability - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) - && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''baremetal'' - in self.spec.capabilities.additionalEnabledCapabilities ? ''MachineAPI'' - in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) - && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) - && ''MachineAPI'' in self.status.capabilities.enabledCapabilities) : true' - - message: the `marketplace` capability requires the `OperatorLifecycleManager` - capability, which is neither explicitly or implicitly enabled in this - cluster, please enable the `OperatorLifecycleManager` capability - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) - && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''marketplace'' - in self.spec.capabilities.additionalEnabledCapabilities ? ''OperatorLifecycleManager'' - in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) - && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) - && ''OperatorLifecycleManager'' in self.status.capabilities.enabledCapabilities) - : true' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-Default.crd.yaml deleted file mode 100644 index 45da62856c..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-Default.crd.yaml +++ /dev/null @@ -1,722 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/495 - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - name: clusterversions.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ClusterVersion - plural: clusterversions - singular: clusterversion - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.history[?(@.state=="Completed")].version - name: Version - type: string - - jsonPath: .status.conditions[?(@.type=="Available")].status - name: Available - type: string - - jsonPath: .status.conditions[?(@.type=="Progressing")].status - name: Progressing - type: string - - jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime - name: Since - type: date - - jsonPath: .status.conditions[?(@.type=="Progressing")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: "ClusterVersion is the configuration for the ClusterVersionOperator. - This is where parameters related to automatic updates can be set. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the desired state of the cluster version - the operator - will work to ensure that the desired version is applied to the cluster. - properties: - capabilities: - description: capabilities configures the installation of optional, - core cluster components. A null value here is identical to an empty - object; see the child properties for default semantics. - properties: - additionalEnabledCapabilities: - description: additionalEnabledCapabilities extends the set of - managed capabilities beyond the baseline defined in baselineCapabilitySet. The - default is an empty set. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - type: string - type: array - x-kubernetes-list-type: atomic - baselineCapabilitySet: - description: baselineCapabilitySet selects an initial set of optional - capabilities to enable, which can be extended via additionalEnabledCapabilities. If - unset, the cluster will choose a default, and the default may - change over time. The current default is vCurrent. - enum: - - None - - v4.11 - - v4.12 - - v4.13 - - v4.14 - - v4.15 - - vCurrent - type: string - type: object - channel: - description: channel is an identifier for explicitly requesting that - a non-default set of updates be applied to this cluster. The default - channel will be contain stable updates that are appropriate for - production clusters. - type: string - clusterID: - description: clusterID uniquely identifies this cluster. This is expected - to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - in hexadecimal values). This is a required field. - type: string - desiredUpdate: - description: "desiredUpdate is an optional field that indicates the - desired value of the cluster version. Setting this value will trigger - an upgrade (if the current version does not match the desired version). - The set of recommended update values is listed as part of available - updates in status, and setting values outside that range may cause - the upgrade to fail. \n Some of the fields are inter-related with - restrictions and meanings described here. 1. image is specified, - version is specified, architecture is specified. API validation - error. 2. image is specified, version is specified, architecture - is not specified. You should not do this. version is silently ignored - and image is used. 3. image is specified, version is not specified, - architecture is specified. API validation error. 4. image is specified, - version is not specified, architecture is not specified. image is - used. 5. image is not specified, version is specified, architecture - is specified. version and desired architecture are used to select - an image. 6. image is not specified, version is specified, architecture - is not specified. version and current architecture are used to select - an image. 7. image is not specified, version is not specified, architecture - is specified. API validation error. 8. image is not specified, version - is not specified, architecture is not specified. API validation - error. \n If an upgrade fails the operator will halt and report - status about the failing component. Setting the desired update value - back to the previous version will cause a rollback to be attempted. - Not all rollbacks will succeed." - properties: - architecture: - description: architecture is an optional field that indicates - the desired value of the cluster architecture. In this context - cluster architecture means either a single architecture or a - multi architecture. architecture can only be set to Multi thereby - only allowing updates from single to multi architecture. If - architecture is set, image cannot be set and version must be - set. Valid values are 'Multi' and empty. - enum: - - Multi - - "" - type: string - force: - description: force allows an administrator to update to an image - that has failed verification or upgradeable checks. This option - should only be used when the authenticity of the provided image - has been verified out of band because the provided image will - run with full administrative access to the cluster. Do not use - this flag with images that comes from unknown or potentially - malicious sources. - type: boolean - image: - description: image is a container image location that contains - the update. image should be used when the desired version does - not exist in availableUpdates or history. When image is set, - version is ignored. When image is set, version should be empty. - When image is set, architecture cannot be specified. - type: string - version: - description: version is a semantic version identifying the update - version. version is ignored if image is specified and required - if architecture is specified. - type: string - type: object - x-kubernetes-validations: - - message: cannot set both Architecture and Image - rule: 'has(self.architecture) && has(self.image) ? (self.architecture - == '''' || self.image == '''') : true' - - message: Version must be set if Architecture is set - rule: 'has(self.architecture) && self.architecture != '''' ? self.version - != '''' : true' - overrides: - description: overrides is list of overides for components that are - managed by cluster version operator. Marking a component unmanaged - will prevent the operator from creating or updating the object. - items: - description: ComponentOverride allows overriding cluster version - operator's behavior for a component. - properties: - group: - description: group identifies the API group that the kind is - in. - type: string - kind: - description: kind indentifies which object to override. - type: string - name: - description: name is the component's name. - type: string - namespace: - description: namespace is the component's namespace. If the - resource is cluster scoped, the namespace should be empty. - type: string - unmanaged: - description: 'unmanaged controls if cluster version operator - should stop managing the resources in this cluster. Default: - false' - type: boolean - required: - - group - - kind - - name - - namespace - - unmanaged - type: object - type: array - x-kubernetes-list-map-keys: - - kind - - group - - namespace - - name - x-kubernetes-list-type: map - upstream: - description: upstream may be used to specify the preferred update - server. By default it will use the appropriate update server for - the cluster and region. - type: string - required: - - clusterID - type: object - status: - description: status contains information about the available updates and - any in-progress updates. - properties: - availableUpdates: - description: availableUpdates contains updates recommended for this - cluster. Updates which appear in conditionalUpdates but not in availableUpdates - may expose this cluster to known issues. This list may be empty - if no updates are recommended, if the update service is unavailable, - or if an invalid channel has been specified. - items: - description: Release represents an OpenShift release image and associated - metadata. - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or - the metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set - for test or nightly releases. - type: string - version: - description: version is a semantic version identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - type: object - nullable: true - type: array - x-kubernetes-list-type: atomic - capabilities: - description: capabilities describes the state of optional, core cluster - components. - properties: - enabledCapabilities: - description: enabledCapabilities lists all the capabilities that - are currently managed. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - type: string - type: array - x-kubernetes-list-type: atomic - knownCapabilities: - description: knownCapabilities lists all the capabilities known - to the current cluster. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - type: string - type: array - x-kubernetes-list-type: atomic - type: object - conditionalUpdates: - description: conditionalUpdates contains the list of updates that - may be recommended for this cluster if it meets specific required - conditions. Consumers interested in the set of updates that are - actually recommended for this cluster should use availableUpdates. - This list may be empty if no updates are recommended, if the update - service is unavailable, or if an empty or invalid channel has been - specified. - items: - description: ConditionalUpdate represents an update which is recommended - to some clusters on the version the current cluster is reconciling, - but which may not be recommended for the current cluster. - properties: - conditions: - description: 'conditions represents the observations of the - conditional update''s current status. Known types are: * Evaluating, - for whether the cluster-version operator will attempt to evaluate - any risks[].matchingRules. * Recommended, for whether the - update is recommended for the current cluster.' - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - release: - description: release is the target of the update. - properties: - channels: - description: channels is the set of Cincinnati channels - to which the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is - optional if version is specified and the availableUpdates - field contains a matching version. - type: string - url: - description: url contains information about this release. - This URL is set by the 'url' metadata property on a release - or the metadata returned by the update API and should - be displayed as a link in user interfaces. The URL field - may not be set for test or nightly releases. - type: string - version: - description: version is a semantic version identifying the - update version. When this field is part of spec, version - is optional if image is specified. - type: string - type: object - risks: - description: risks represents the range of issues associated - with updating to the target release. The cluster-version operator - will evaluate all entries, and only recommend the update if - there is at least one entry and all entries recommend the - update. - items: - description: ConditionalUpdateRisk represents a reason and - cluster-state for not recommending a conditional update. - properties: - matchingRules: - description: matchingRules is a slice of conditions for - deciding which clusters match the risk and which do - not. The slice is ordered by decreasing precedence. - The cluster-version operator will walk the slice in - order, and stop after the first it can successfully - evaluate. If no condition can be successfully evaluated, - the update will not be recommended. - items: - description: ClusterCondition is a union of typed cluster - conditions. The 'type' property determines which - of the type-specific properties are relevant. When - evaluated on a cluster, the condition may match, not - match, or fail to evaluate. - properties: - promql: - description: promQL represents a cluster condition - based on PromQL. - properties: - promql: - description: PromQL is a PromQL query classifying - clusters. This query query should return a - 1 in the match case and a 0 in the does-not-match - case. Queries which return no time series, - or which return values besides 0 or 1, are - evaluation failures. - type: string - required: - - promql - type: object - type: - description: type represents the cluster-condition - type. This defines the members and semantics of - any additional properties. - enum: - - Always - - PromQL - type: string - required: - - type - type: object - minItems: 1 - type: array - x-kubernetes-list-type: atomic - message: - description: message provides additional information about - the risk of updating, in the event that matchingRules - match the cluster state. This is only to be consumed - by humans. It may contain Line Feed characters (U+000A), - which should be rendered as new lines. - minLength: 1 - type: string - name: - description: name is the CamelCase reason for not recommending - a conditional update, in the event that matchingRules - match the cluster state. - minLength: 1 - type: string - url: - description: url contains information about this risk. - format: uri - minLength: 1 - type: string - required: - - matchingRules - - message - - name - - url - type: object - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - release - - risks - type: object - type: array - x-kubernetes-list-type: atomic - conditions: - description: conditions provides information about the cluster version. - The condition "Available" is set to true if the desiredUpdate has - been reached. The condition "Progressing" is set to true if an update - is being applied. The condition "Degraded" is set to true if an - update is currently blocked by a temporary or permanent error. Conditions - are only valid for the current desiredUpdate when metadata.generation - is equal to status.generation. - items: - description: ClusterOperatorStatusCondition represents the state - of the operator's managed and monitored components. - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - format: date-time - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be - rendered as new lines. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - desired: - description: desired is the version that the cluster is reconciling - towards. If the cluster is not yet fully initialized desired will - be set with the information available, which may be an image or - a tag. - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or the - metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set for - test or nightly releases. - type: string - version: - description: version is a semantic version identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - type: object - history: - description: history contains a list of the most recent versions applied - to the cluster. This value may be empty during cluster startup, - and then will be updated when a new update is being applied. The - newest update is first in the list and it is ordered by recency. - Updates in the history have state Completed if the rollout completed - - if an update was failing or halfway applied the state will be - Partial. Only a limited amount of update history is preserved. - items: - description: UpdateHistory is a single attempted update to the cluster. - properties: - acceptedRisks: - description: acceptedRisks records risks which were accepted - to initiate the update. For example, it may menition an Upgradeable=False - or missing signature that was overriden via desiredUpdate.force, - or an update that was initiated despite not being in the availableUpdates - set of recommended update targets. - type: string - completionTime: - description: completionTime, if set, is when the update was - fully applied. The update that is currently being applied - will have a null completion time. Completion time will always - be set for entries that are not the current update (usually - to the started time of the next update). - format: date-time - nullable: true - type: string - image: - description: image is a container image location that contains - the update. This value is always populated. - type: string - startedTime: - description: startedTime is the time at which the update was - started. - format: date-time - type: string - state: - description: state reflects whether the update was fully applied. - The Partial state indicates the update is not fully applied, - while the Completed state indicates the update was successfully - rolled out at least once (all parts of the update successfully - applied). - type: string - verified: - description: verified indicates whether the provided update - was properly verified before it was installed. If this is - false the cluster may not be trusted. Verified does not cover - upgradeable checks that depend on the cluster state at the - time when the update target was accepted. - type: boolean - version: - description: version is a semantic version identifying the update - version. If the requested image does not define a version, - or if a failure occurs retrieving the image, this value may - be empty. - type: string - required: - - completionTime - - image - - startedTime - - state - - verified - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration reports which version of the spec - is being synced. If this value is not equal to metadata.generation, - then the desired and conditions fields may represent a previous - version. - format: int64 - type: integer - versionHash: - description: versionHash is a fingerprint of the content that the - cluster will be updated with. It is used by the operator to avoid - unnecessary work and is for internal use only. - type: string - required: - - availableUpdates - - desired - - observedGeneration - - versionHash - type: object - required: - - spec - type: object - x-kubernetes-validations: - - message: the `baremetal` capability requires the `MachineAPI` capability, - which is neither explicitly or implicitly enabled in this cluster, please - enable the `MachineAPI` capability - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) - && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''baremetal'' - in self.spec.capabilities.additionalEnabledCapabilities ? ''MachineAPI'' - in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) - && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) - && ''MachineAPI'' in self.status.capabilities.enabledCapabilities) : true' - - message: the `marketplace` capability requires the `OperatorLifecycleManager` - capability, which is neither explicitly or implicitly enabled in this - cluster, please enable the `OperatorLifecycleManager` capability - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) - && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''marketplace'' - in self.spec.capabilities.additionalEnabledCapabilities ? ''OperatorLifecycleManager'' - in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) - && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) - && ''OperatorLifecycleManager'' in self.status.capabilities.enabledCapabilities) - : true' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index e301850c79..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,775 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/495 - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: clusterversions.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ClusterVersion - plural: clusterversions - singular: clusterversion - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.history[?(@.state=="Completed")].version - name: Version - type: string - - jsonPath: .status.conditions[?(@.type=="Available")].status - name: Available - type: string - - jsonPath: .status.conditions[?(@.type=="Progressing")].status - name: Progressing - type: string - - jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime - name: Since - type: date - - jsonPath: .status.conditions[?(@.type=="Progressing")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: "ClusterVersion is the configuration for the ClusterVersionOperator. - This is where parameters related to automatic updates can be set. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the desired state of the cluster version - the operator - will work to ensure that the desired version is applied to the cluster. - properties: - capabilities: - description: capabilities configures the installation of optional, - core cluster components. A null value here is identical to an empty - object; see the child properties for default semantics. - properties: - additionalEnabledCapabilities: - description: additionalEnabledCapabilities extends the set of - managed capabilities beyond the baseline defined in baselineCapabilitySet. The - default is an empty set. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - type: string - type: array - x-kubernetes-list-type: atomic - baselineCapabilitySet: - description: baselineCapabilitySet selects an initial set of optional - capabilities to enable, which can be extended via additionalEnabledCapabilities. If - unset, the cluster will choose a default, and the default may - change over time. The current default is vCurrent. - enum: - - None - - v4.11 - - v4.12 - - v4.13 - - v4.14 - - v4.15 - - vCurrent - type: string - type: object - channel: - description: channel is an identifier for explicitly requesting that - a non-default set of updates be applied to this cluster. The default - channel will be contain stable updates that are appropriate for - production clusters. - type: string - clusterID: - description: clusterID uniquely identifies this cluster. This is expected - to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - in hexadecimal values). This is a required field. - type: string - desiredUpdate: - description: "desiredUpdate is an optional field that indicates the - desired value of the cluster version. Setting this value will trigger - an upgrade (if the current version does not match the desired version). - The set of recommended update values is listed as part of available - updates in status, and setting values outside that range may cause - the upgrade to fail. \n Some of the fields are inter-related with - restrictions and meanings described here. 1. image is specified, - version is specified, architecture is specified. API validation - error. 2. image is specified, version is specified, architecture - is not specified. You should not do this. version is silently ignored - and image is used. 3. image is specified, version is not specified, - architecture is specified. API validation error. 4. image is specified, - version is not specified, architecture is not specified. image is - used. 5. image is not specified, version is specified, architecture - is specified. version and desired architecture are used to select - an image. 6. image is not specified, version is specified, architecture - is not specified. version and current architecture are used to select - an image. 7. image is not specified, version is not specified, architecture - is specified. API validation error. 8. image is not specified, version - is not specified, architecture is not specified. API validation - error. \n If an upgrade fails the operator will halt and report - status about the failing component. Setting the desired update value - back to the previous version will cause a rollback to be attempted. - Not all rollbacks will succeed." - properties: - architecture: - description: architecture is an optional field that indicates - the desired value of the cluster architecture. In this context - cluster architecture means either a single architecture or a - multi architecture. architecture can only be set to Multi thereby - only allowing updates from single to multi architecture. If - architecture is set, image cannot be set and version must be - set. Valid values are 'Multi' and empty. - enum: - - Multi - - "" - type: string - force: - description: force allows an administrator to update to an image - that has failed verification or upgradeable checks. This option - should only be used when the authenticity of the provided image - has been verified out of band because the provided image will - run with full administrative access to the cluster. Do not use - this flag with images that comes from unknown or potentially - malicious sources. - type: boolean - image: - description: image is a container image location that contains - the update. image should be used when the desired version does - not exist in availableUpdates or history. When image is set, - version is ignored. When image is set, version should be empty. - When image is set, architecture cannot be specified. - type: string - version: - description: version is a semantic version identifying the update - version. version is ignored if image is specified and required - if architecture is specified. - type: string - type: object - x-kubernetes-validations: - - message: cannot set both Architecture and Image - rule: 'has(self.architecture) && has(self.image) ? (self.architecture - == '''' || self.image == '''') : true' - - message: Version must be set if Architecture is set - rule: 'has(self.architecture) && self.architecture != '''' ? self.version - != '''' : true' - overrides: - description: overrides is list of overides for components that are - managed by cluster version operator. Marking a component unmanaged - will prevent the operator from creating or updating the object. - items: - description: ComponentOverride allows overriding cluster version - operator's behavior for a component. - properties: - group: - description: group identifies the API group that the kind is - in. - type: string - kind: - description: kind indentifies which object to override. - type: string - name: - description: name is the component's name. - type: string - namespace: - description: namespace is the component's namespace. If the - resource is cluster scoped, the namespace should be empty. - type: string - unmanaged: - description: 'unmanaged controls if cluster version operator - should stop managing the resources in this cluster. Default: - false' - type: boolean - required: - - group - - kind - - name - - namespace - - unmanaged - type: object - type: array - x-kubernetes-list-map-keys: - - kind - - group - - namespace - - name - x-kubernetes-list-type: map - signatureStores: - description: "signatureStores contains the upstream URIs to verify - release signatures and optional reference to a config map by name - containing the PEM-encoded CA bundle. \n By default, CVO will use - existing signature stores if this property is empty. The CVO will - check the release signatures in the local ConfigMaps first. It will - search for a valid signature in these stores in parallel only when - local ConfigMaps did not include a valid signature. Validation will - fail if none of the signature stores reply with valid signature - before timeout. Setting signatureStores will replace the default - signature stores with custom signature stores. Default stores can - be used with custom signature stores by adding them manually. \n - A maximum of 32 signature stores may be configured." - items: - description: SignatureStore represents the URL of custom Signature - Store - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as a - trust anchor to validate the TLS certificate presented by - the remote server. The key "ca.crt" is used to locate the - data. If specified and the config map or expected key is not - found, the signature store is not honored. If the specified - ca data is not valid, the signature store is not honored. - If empty, we fall back to the CA configured via Proxy, which - is appended to the default system roots. The namespace for - this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - url: - description: url contains the upstream custom signature store - URL. url should be a valid absolute http/https URI of an upstream - signature store as per rfc1738. This must be provided and - cannot be empty. - type: string - x-kubernetes-validations: - - message: url must be a valid absolute URL - rule: isURL(self) - required: - - url - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - url - x-kubernetes-list-type: map - upstream: - description: upstream may be used to specify the preferred update - server. By default it will use the appropriate update server for - the cluster and region. - type: string - required: - - clusterID - type: object - status: - description: status contains information about the available updates and - any in-progress updates. - properties: - availableUpdates: - description: availableUpdates contains updates recommended for this - cluster. Updates which appear in conditionalUpdates but not in availableUpdates - may expose this cluster to known issues. This list may be empty - if no updates are recommended, if the update service is unavailable, - or if an invalid channel has been specified. - items: - description: Release represents an OpenShift release image and associated - metadata. - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or - the metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set - for test or nightly releases. - type: string - version: - description: version is a semantic version identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - type: object - nullable: true - type: array - x-kubernetes-list-type: atomic - capabilities: - description: capabilities describes the state of optional, core cluster - components. - properties: - enabledCapabilities: - description: enabledCapabilities lists all the capabilities that - are currently managed. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - type: string - type: array - x-kubernetes-list-type: atomic - knownCapabilities: - description: knownCapabilities lists all the capabilities known - to the current cluster. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - type: string - type: array - x-kubernetes-list-type: atomic - type: object - conditionalUpdates: - description: conditionalUpdates contains the list of updates that - may be recommended for this cluster if it meets specific required - conditions. Consumers interested in the set of updates that are - actually recommended for this cluster should use availableUpdates. - This list may be empty if no updates are recommended, if the update - service is unavailable, or if an empty or invalid channel has been - specified. - items: - description: ConditionalUpdate represents an update which is recommended - to some clusters on the version the current cluster is reconciling, - but which may not be recommended for the current cluster. - properties: - conditions: - description: 'conditions represents the observations of the - conditional update''s current status. Known types are: * Evaluating, - for whether the cluster-version operator will attempt to evaluate - any risks[].matchingRules. * Recommended, for whether the - update is recommended for the current cluster.' - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - release: - description: release is the target of the update. - properties: - channels: - description: channels is the set of Cincinnati channels - to which the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is - optional if version is specified and the availableUpdates - field contains a matching version. - type: string - url: - description: url contains information about this release. - This URL is set by the 'url' metadata property on a release - or the metadata returned by the update API and should - be displayed as a link in user interfaces. The URL field - may not be set for test or nightly releases. - type: string - version: - description: version is a semantic version identifying the - update version. When this field is part of spec, version - is optional if image is specified. - type: string - type: object - risks: - description: risks represents the range of issues associated - with updating to the target release. The cluster-version operator - will evaluate all entries, and only recommend the update if - there is at least one entry and all entries recommend the - update. - items: - description: ConditionalUpdateRisk represents a reason and - cluster-state for not recommending a conditional update. - properties: - matchingRules: - description: matchingRules is a slice of conditions for - deciding which clusters match the risk and which do - not. The slice is ordered by decreasing precedence. - The cluster-version operator will walk the slice in - order, and stop after the first it can successfully - evaluate. If no condition can be successfully evaluated, - the update will not be recommended. - items: - description: ClusterCondition is a union of typed cluster - conditions. The 'type' property determines which - of the type-specific properties are relevant. When - evaluated on a cluster, the condition may match, not - match, or fail to evaluate. - properties: - promql: - description: promQL represents a cluster condition - based on PromQL. - properties: - promql: - description: PromQL is a PromQL query classifying - clusters. This query query should return a - 1 in the match case and a 0 in the does-not-match - case. Queries which return no time series, - or which return values besides 0 or 1, are - evaluation failures. - type: string - required: - - promql - type: object - type: - description: type represents the cluster-condition - type. This defines the members and semantics of - any additional properties. - enum: - - Always - - PromQL - type: string - required: - - type - type: object - minItems: 1 - type: array - x-kubernetes-list-type: atomic - message: - description: message provides additional information about - the risk of updating, in the event that matchingRules - match the cluster state. This is only to be consumed - by humans. It may contain Line Feed characters (U+000A), - which should be rendered as new lines. - minLength: 1 - type: string - name: - description: name is the CamelCase reason for not recommending - a conditional update, in the event that matchingRules - match the cluster state. - minLength: 1 - type: string - url: - description: url contains information about this risk. - format: uri - minLength: 1 - type: string - required: - - matchingRules - - message - - name - - url - type: object - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - release - - risks - type: object - type: array - x-kubernetes-list-type: atomic - conditions: - description: conditions provides information about the cluster version. - The condition "Available" is set to true if the desiredUpdate has - been reached. The condition "Progressing" is set to true if an update - is being applied. The condition "Degraded" is set to true if an - update is currently blocked by a temporary or permanent error. Conditions - are only valid for the current desiredUpdate when metadata.generation - is equal to status.generation. - items: - description: ClusterOperatorStatusCondition represents the state - of the operator's managed and monitored components. - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - format: date-time - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be - rendered as new lines. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - desired: - description: desired is the version that the cluster is reconciling - towards. If the cluster is not yet fully initialized desired will - be set with the information available, which may be an image or - a tag. - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or the - metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set for - test or nightly releases. - type: string - version: - description: version is a semantic version identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - type: object - history: - description: history contains a list of the most recent versions applied - to the cluster. This value may be empty during cluster startup, - and then will be updated when a new update is being applied. The - newest update is first in the list and it is ordered by recency. - Updates in the history have state Completed if the rollout completed - - if an update was failing or halfway applied the state will be - Partial. Only a limited amount of update history is preserved. - items: - description: UpdateHistory is a single attempted update to the cluster. - properties: - acceptedRisks: - description: acceptedRisks records risks which were accepted - to initiate the update. For example, it may menition an Upgradeable=False - or missing signature that was overriden via desiredUpdate.force, - or an update that was initiated despite not being in the availableUpdates - set of recommended update targets. - type: string - completionTime: - description: completionTime, if set, is when the update was - fully applied. The update that is currently being applied - will have a null completion time. Completion time will always - be set for entries that are not the current update (usually - to the started time of the next update). - format: date-time - nullable: true - type: string - image: - description: image is a container image location that contains - the update. This value is always populated. - type: string - startedTime: - description: startedTime is the time at which the update was - started. - format: date-time - type: string - state: - description: state reflects whether the update was fully applied. - The Partial state indicates the update is not fully applied, - while the Completed state indicates the update was successfully - rolled out at least once (all parts of the update successfully - applied). - type: string - verified: - description: verified indicates whether the provided update - was properly verified before it was installed. If this is - false the cluster may not be trusted. Verified does not cover - upgradeable checks that depend on the cluster state at the - time when the update target was accepted. - type: boolean - version: - description: version is a semantic version identifying the update - version. If the requested image does not define a version, - or if a failure occurs retrieving the image, this value may - be empty. - type: string - required: - - completionTime - - image - - startedTime - - state - - verified - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration reports which version of the spec - is being synced. If this value is not equal to metadata.generation, - then the desired and conditions fields may represent a previous - version. - format: int64 - type: integer - versionHash: - description: versionHash is a fingerprint of the content that the - cluster will be updated with. It is used by the operator to avoid - unnecessary work and is for internal use only. - type: string - required: - - availableUpdates - - desired - - observedGeneration - - versionHash - type: object - required: - - spec - type: object - x-kubernetes-validations: - - message: the `baremetal` capability requires the `MachineAPI` capability, - which is neither explicitly or implicitly enabled in this cluster, please - enable the `MachineAPI` capability - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) - && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''baremetal'' - in self.spec.capabilities.additionalEnabledCapabilities ? ''MachineAPI'' - in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) - && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) - && ''MachineAPI'' in self.status.capabilities.enabledCapabilities) : true' - - message: the `marketplace` capability requires the `OperatorLifecycleManager` - capability, which is neither explicitly or implicitly enabled in this - cluster, please enable the `OperatorLifecycleManager` capability - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) - && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''marketplace'' - in self.spec.capabilities.additionalEnabledCapabilities ? ''OperatorLifecycleManager'' - in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) - && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) - && ''OperatorLifecycleManager'' in self.status.capabilities.enabledCapabilities) - : true' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml deleted file mode 100644 index b9cf439c5a..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml +++ /dev/null @@ -1,106 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: proxies.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Proxy - listKind: ProxyList - plural: proxies - singular: proxy - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Proxy holds cluster-wide information on how to configure default - proxies for the cluster. The canonical name is `cluster` \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds user-settable values for the proxy configuration - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. Empty - means unset and will not result in an env var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or - CIDRs and/or IPs for which the proxy should not be used. Empty means - unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used to verify - readiness of the proxy. - items: - type: string - type: array - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing a - CA certificate bundle. The trustedCA field should only be consumed - by a proxy validator. The validator is responsible for reading the - certificate bundle from the required key \"ca-bundle.crt\", merging - it with the system default trust bundle, and writing the merged - trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" - namespace. Clients that expect to make proxy connections must use - the trusted-ca-bundle for all HTTPS requests to the proxy, and may - use the trusted-ca-bundle for non-proxy HTTPS requests as well. - \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". - Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: - ConfigMap metadata: name: user-ca-bundle namespace: openshift-config - data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate - bundle. -----END CERTIFICATE-----" - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or - CIDRs for which the proxy should not be used. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml deleted file mode 100644 index cc42ea2906..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml +++ /dev/null @@ -1,109 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - capability.openshift.io/name: marketplace - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: operatorhubs.config.openshift.io -spec: - group: config.openshift.io - names: - kind: OperatorHub - listKind: OperatorHubList - plural: operatorhubs - singular: operatorhub - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "OperatorHub is the Schema for the operatorhubs API. It can be - used to change the state of the default hub sources for OperatorHub on the - cluster from enabled to disabled and vice versa. \n Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorHubSpec defines the desired state of OperatorHub - properties: - disableAllDefaultSources: - description: disableAllDefaultSources allows you to disable all the - default hub sources. If this is true, a specific entry in sources - can be used to enable a default source. If this is false, a specific - entry in sources can be used to disable or enable a default source. - type: boolean - sources: - description: sources is the list of default hub sources and their - configuration. If the list is empty, it implies that the default - hub sources are enabled on the cluster unless disableAllDefaultSources - is true. If disableAllDefaultSources is true and sources is not - empty, the configuration present in sources will take precedence. - The list of default hub sources and their current state will always - be reflected in the status block. - items: - description: HubSource is used to specify the hub source and its - configuration - properties: - disabled: - description: disabled is used to disable a default hub source - on cluster - type: boolean - name: - description: name is the name of one of the default hub sources - maxLength: 253 - minLength: 1 - type: string - type: object - type: array - type: object - status: - description: OperatorHubStatus defines the observed state of OperatorHub. - The current state of the default hub sources will always be reflected - here. - properties: - sources: - description: sources encapsulates the result of applying the configuration - for each hub source - items: - description: HubSourceStatus is used to reflect the current state - of applying the configuration to a default source - properties: - disabled: - description: disabled is used to disable a default hub source - on cluster - type: boolean - message: - description: message provides more information regarding failures - type: string - name: - description: name is the name of one of the default hub sources - maxLength: 253 - minLength: 1 - type: string - status: - description: status indicates success or failure in applying - the configuration - type: string - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml deleted file mode 100644 index 127d8f9050..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,312 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: apiservers.config.openshift.io -spec: - group: config.openshift.io - names: - kind: APIServer - listKind: APIServerList - plural: apiservers - singular: apiserver - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "APIServer holds configuration (like serving certificates, client - CA and CORS domains) shared by all API servers in the system, among them - especially kube-apiserver and openshift-apiserver. The canonical name of - an instance is 'cluster'. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - additionalCORSAllowedOrigins: - description: additionalCORSAllowedOrigins lists additional, user-defined - regular expressions describing hosts for which the API server allows - access using the CORS headers. This may be needed to access the - API and the integrated OAuth server from JavaScript applications. - The values are regular expressions that correspond to the Golang - regular expression language. - items: - type: string - type: array - audit: - default: - profile: Default - description: audit specifies the settings for audit configuration - to be applied to all OpenShift-provided API servers in the cluster. - properties: - customRules: - description: customRules specify profiles per group. These profile - take precedence over the top-level profile field if they apply. - They are evaluation from top to bottom and the first one that - matches, applies. - items: - description: AuditCustomRule describes a custom rule for an - audit profile that takes precedence over the top-level profile. - properties: - group: - description: group is a name of group a request user must - be member of in order to this profile to apply. - minLength: 1 - type: string - profile: - description: "profile specifies the name of the desired - audit policy configuration to be deployed to all OpenShift-provided - API servers in the cluster. \n The following profiles - are provided: - Default: the existing default policy. - - WriteRequestBodies: like 'Default', but logs request - and response HTTP payloads for write requests (create, - update, patch). - AllRequestBodies: like 'WriteRequestBodies', - but also logs request and response HTTP payloads for read - requests (get, list). - None: no requests are logged at - all, not even oauthaccesstokens and oauthauthorizetokens. - \n If unset, the 'Default' profile is used as the default." - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - required: - - group - - profile - type: object - type: array - x-kubernetes-list-map-keys: - - group - x-kubernetes-list-type: map - profile: - default: Default - description: "profile specifies the name of the desired top-level - audit profile to be applied to all requests sent to any of the - OpenShift-provided API servers in the cluster (kube-apiserver, - openshift-apiserver and oauth-apiserver), with the exception - of those requests that match one or more of the customRules. - \n The following profiles are provided: - Default: default policy - which means MetaData level logging with the exception of events - (not logged at all), oauthaccesstokens and oauthauthorizetokens - (both logged at RequestBody level). - WriteRequestBodies: like - 'Default', but logs request and response HTTP payloads for write - requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', - but also logs request and response HTTP payloads for read requests - (get, list). - None: no requests are logged at all, not even - oauthaccesstokens and oauthauthorizetokens. \n Warning: It is - not recommended to disable audit logging by using the `None` - profile unless you are fully aware of the risks of not logging - data that can be beneficial when troubleshooting issues. If - you disable audit logging and a support situation arises, you - might need to enable audit logging and reproduce the issue in - order to troubleshoot properly. \n If unset, the 'Default' profile - is used as the default." - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - type: object - clientCA: - description: 'clientCA references a ConfigMap containing a certificate - bundle for the signers that will be recognized for incoming client - certificates in addition to the operator managed signers. If this - is empty, then only operator managed signers are valid. You usually - only have to set this if you have your own PKI you wish to honor - client certificates from. The ConfigMap must exist in the openshift-config - namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - - CA bundle.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - encryption: - description: encryption allows the configuration of encryption of - resources at the datastore layer. - properties: - type: - description: "type defines what encryption type should be used - to encrypt resources at the datastore layer. When this field - is unset (i.e. when it is set to the empty string), identity - is implied. The behavior of unset can and will change over time. - \ Even if encryption is enabled by default, the meaning of unset - may change to a different encryption type based on changes in - best practices. \n When encryption is enabled, all sensitive - resources shipped with the platform are encrypted. This list - of sensitive resources can and will change over time. The current - authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io - 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io" - enum: - - "" - - identity - - aescbc - - aesgcm - type: string - type: object - servingCerts: - description: servingCert is the TLS cert info for serving secure traffic. - If not specified, operator managed certificates will be used for - serving secure traffic. - properties: - namedCertificates: - description: namedCertificates references secrets containing the - TLS cert info for serving secure traffic to specific hostnames. - If no named certificates are provided, or no named certificates - match the server name as understood by a client, the defaultServingCertificate - will be used. - items: - description: APIServerNamedServingCert maps a server DNS name, - as understood by a client, to a certificate. - properties: - names: - description: names is a optional list of explicit DNS names - (leading wildcards allowed) that should use this certificate - to serve secure traffic. If no names are provided, the - implicit names will be extracted from the certificates. - Exact names trump over wildcard names. Explicit names - defined here trump over extracted implicit names. - items: - type: string - type: array - servingCertificate: - description: 'servingCertificate references a kubernetes.io/tls - type secret containing the TLS cert info for serving secure - traffic. The secret must exist in the openshift-config - namespace and contain the following required fields: - - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - - TLS certificate.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - type: object - tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections - for externally exposed servers. \n If unset, a default (which may - change between releases) is chosen. Note that only Old, Intermediate - and Custom profiles are currently supported, and the maximum available - minTLSVersion is VersionTLS12." - properties: - custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - minTLSVersion: VersionTLS11" - nullable: true - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators - may remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - items: - type: string - type: array - minTLSVersion: - description: "minTLSVersion is used to specify the minimal - version of the TLS protocol that is negotiated during the - TLS handshake. For example, to use TLS versions 1.1, 1.2 - and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: - currently the highest minTLSVersion allowed is VersionTLS12" - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: "intermediate is a TLS security profile based on: - \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12" - nullable: true - type: object - modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: - VersionTLS13 \n NOTE: Currently unsupported." - nullable: true - type: object - old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10" - nullable: true - type: object - type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found - to be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-Default.crd.yaml deleted file mode 100644 index 2265fd96bf..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-Default.crd.yaml +++ /dev/null @@ -1,312 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - name: apiservers.config.openshift.io -spec: - group: config.openshift.io - names: - kind: APIServer - listKind: APIServerList - plural: apiservers - singular: apiserver - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "APIServer holds configuration (like serving certificates, client - CA and CORS domains) shared by all API servers in the system, among them - especially kube-apiserver and openshift-apiserver. The canonical name of - an instance is 'cluster'. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - additionalCORSAllowedOrigins: - description: additionalCORSAllowedOrigins lists additional, user-defined - regular expressions describing hosts for which the API server allows - access using the CORS headers. This may be needed to access the - API and the integrated OAuth server from JavaScript applications. - The values are regular expressions that correspond to the Golang - regular expression language. - items: - type: string - type: array - audit: - default: - profile: Default - description: audit specifies the settings for audit configuration - to be applied to all OpenShift-provided API servers in the cluster. - properties: - customRules: - description: customRules specify profiles per group. These profile - take precedence over the top-level profile field if they apply. - They are evaluation from top to bottom and the first one that - matches, applies. - items: - description: AuditCustomRule describes a custom rule for an - audit profile that takes precedence over the top-level profile. - properties: - group: - description: group is a name of group a request user must - be member of in order to this profile to apply. - minLength: 1 - type: string - profile: - description: "profile specifies the name of the desired - audit policy configuration to be deployed to all OpenShift-provided - API servers in the cluster. \n The following profiles - are provided: - Default: the existing default policy. - - WriteRequestBodies: like 'Default', but logs request - and response HTTP payloads for write requests (create, - update, patch). - AllRequestBodies: like 'WriteRequestBodies', - but also logs request and response HTTP payloads for read - requests (get, list). - None: no requests are logged at - all, not even oauthaccesstokens and oauthauthorizetokens. - \n If unset, the 'Default' profile is used as the default." - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - required: - - group - - profile - type: object - type: array - x-kubernetes-list-map-keys: - - group - x-kubernetes-list-type: map - profile: - default: Default - description: "profile specifies the name of the desired top-level - audit profile to be applied to all requests sent to any of the - OpenShift-provided API servers in the cluster (kube-apiserver, - openshift-apiserver and oauth-apiserver), with the exception - of those requests that match one or more of the customRules. - \n The following profiles are provided: - Default: default policy - which means MetaData level logging with the exception of events - (not logged at all), oauthaccesstokens and oauthauthorizetokens - (both logged at RequestBody level). - WriteRequestBodies: like - 'Default', but logs request and response HTTP payloads for write - requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', - but also logs request and response HTTP payloads for read requests - (get, list). - None: no requests are logged at all, not even - oauthaccesstokens and oauthauthorizetokens. \n Warning: It is - not recommended to disable audit logging by using the `None` - profile unless you are fully aware of the risks of not logging - data that can be beneficial when troubleshooting issues. If - you disable audit logging and a support situation arises, you - might need to enable audit logging and reproduce the issue in - order to troubleshoot properly. \n If unset, the 'Default' profile - is used as the default." - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - type: object - clientCA: - description: 'clientCA references a ConfigMap containing a certificate - bundle for the signers that will be recognized for incoming client - certificates in addition to the operator managed signers. If this - is empty, then only operator managed signers are valid. You usually - only have to set this if you have your own PKI you wish to honor - client certificates from. The ConfigMap must exist in the openshift-config - namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - - CA bundle.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - encryption: - description: encryption allows the configuration of encryption of - resources at the datastore layer. - properties: - type: - description: "type defines what encryption type should be used - to encrypt resources at the datastore layer. When this field - is unset (i.e. when it is set to the empty string), identity - is implied. The behavior of unset can and will change over time. - \ Even if encryption is enabled by default, the meaning of unset - may change to a different encryption type based on changes in - best practices. \n When encryption is enabled, all sensitive - resources shipped with the platform are encrypted. This list - of sensitive resources can and will change over time. The current - authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io - 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io" - enum: - - "" - - identity - - aescbc - - aesgcm - type: string - type: object - servingCerts: - description: servingCert is the TLS cert info for serving secure traffic. - If not specified, operator managed certificates will be used for - serving secure traffic. - properties: - namedCertificates: - description: namedCertificates references secrets containing the - TLS cert info for serving secure traffic to specific hostnames. - If no named certificates are provided, or no named certificates - match the server name as understood by a client, the defaultServingCertificate - will be used. - items: - description: APIServerNamedServingCert maps a server DNS name, - as understood by a client, to a certificate. - properties: - names: - description: names is a optional list of explicit DNS names - (leading wildcards allowed) that should use this certificate - to serve secure traffic. If no names are provided, the - implicit names will be extracted from the certificates. - Exact names trump over wildcard names. Explicit names - defined here trump over extracted implicit names. - items: - type: string - type: array - servingCertificate: - description: 'servingCertificate references a kubernetes.io/tls - type secret containing the TLS cert info for serving secure - traffic. The secret must exist in the openshift-config - namespace and contain the following required fields: - - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - - TLS certificate.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - type: object - tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections - for externally exposed servers. \n If unset, a default (which may - change between releases) is chosen. Note that only Old, Intermediate - and Custom profiles are currently supported, and the maximum available - minTLSVersion is VersionTLS12." - properties: - custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - minTLSVersion: VersionTLS11" - nullable: true - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators - may remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - items: - type: string - type: array - minTLSVersion: - description: "minTLSVersion is used to specify the minimal - version of the TLS protocol that is negotiated during the - TLS handshake. For example, to use TLS versions 1.1, 1.2 - and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: - currently the highest minTLSVersion allowed is VersionTLS12" - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: "intermediate is a TLS security profile based on: - \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12" - nullable: true - type: object - modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: - VersionTLS13 \n NOTE: Currently unsupported." - nullable: true - type: object - old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10" - nullable: true - type: object - type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found - to be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index 1e6c9d5f5b..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,312 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: apiservers.config.openshift.io -spec: - group: config.openshift.io - names: - kind: APIServer - listKind: APIServerList - plural: apiservers - singular: apiserver - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "APIServer holds configuration (like serving certificates, client - CA and CORS domains) shared by all API servers in the system, among them - especially kube-apiserver and openshift-apiserver. The canonical name of - an instance is 'cluster'. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - additionalCORSAllowedOrigins: - description: additionalCORSAllowedOrigins lists additional, user-defined - regular expressions describing hosts for which the API server allows - access using the CORS headers. This may be needed to access the - API and the integrated OAuth server from JavaScript applications. - The values are regular expressions that correspond to the Golang - regular expression language. - items: - type: string - type: array - audit: - default: - profile: Default - description: audit specifies the settings for audit configuration - to be applied to all OpenShift-provided API servers in the cluster. - properties: - customRules: - description: customRules specify profiles per group. These profile - take precedence over the top-level profile field if they apply. - They are evaluation from top to bottom and the first one that - matches, applies. - items: - description: AuditCustomRule describes a custom rule for an - audit profile that takes precedence over the top-level profile. - properties: - group: - description: group is a name of group a request user must - be member of in order to this profile to apply. - minLength: 1 - type: string - profile: - description: "profile specifies the name of the desired - audit policy configuration to be deployed to all OpenShift-provided - API servers in the cluster. \n The following profiles - are provided: - Default: the existing default policy. - - WriteRequestBodies: like 'Default', but logs request - and response HTTP payloads for write requests (create, - update, patch). - AllRequestBodies: like 'WriteRequestBodies', - but also logs request and response HTTP payloads for read - requests (get, list). - None: no requests are logged at - all, not even oauthaccesstokens and oauthauthorizetokens. - \n If unset, the 'Default' profile is used as the default." - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - required: - - group - - profile - type: object - type: array - x-kubernetes-list-map-keys: - - group - x-kubernetes-list-type: map - profile: - default: Default - description: "profile specifies the name of the desired top-level - audit profile to be applied to all requests sent to any of the - OpenShift-provided API servers in the cluster (kube-apiserver, - openshift-apiserver and oauth-apiserver), with the exception - of those requests that match one or more of the customRules. - \n The following profiles are provided: - Default: default policy - which means MetaData level logging with the exception of events - (not logged at all), oauthaccesstokens and oauthauthorizetokens - (both logged at RequestBody level). - WriteRequestBodies: like - 'Default', but logs request and response HTTP payloads for write - requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', - but also logs request and response HTTP payloads for read requests - (get, list). - None: no requests are logged at all, not even - oauthaccesstokens and oauthauthorizetokens. \n Warning: It is - not recommended to disable audit logging by using the `None` - profile unless you are fully aware of the risks of not logging - data that can be beneficial when troubleshooting issues. If - you disable audit logging and a support situation arises, you - might need to enable audit logging and reproduce the issue in - order to troubleshoot properly. \n If unset, the 'Default' profile - is used as the default." - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - type: object - clientCA: - description: 'clientCA references a ConfigMap containing a certificate - bundle for the signers that will be recognized for incoming client - certificates in addition to the operator managed signers. If this - is empty, then only operator managed signers are valid. You usually - only have to set this if you have your own PKI you wish to honor - client certificates from. The ConfigMap must exist in the openshift-config - namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - - CA bundle.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - encryption: - description: encryption allows the configuration of encryption of - resources at the datastore layer. - properties: - type: - description: "type defines what encryption type should be used - to encrypt resources at the datastore layer. When this field - is unset (i.e. when it is set to the empty string), identity - is implied. The behavior of unset can and will change over time. - \ Even if encryption is enabled by default, the meaning of unset - may change to a different encryption type based on changes in - best practices. \n When encryption is enabled, all sensitive - resources shipped with the platform are encrypted. This list - of sensitive resources can and will change over time. The current - authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io - 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io" - enum: - - "" - - identity - - aescbc - - aesgcm - type: string - type: object - servingCerts: - description: servingCert is the TLS cert info for serving secure traffic. - If not specified, operator managed certificates will be used for - serving secure traffic. - properties: - namedCertificates: - description: namedCertificates references secrets containing the - TLS cert info for serving secure traffic to specific hostnames. - If no named certificates are provided, or no named certificates - match the server name as understood by a client, the defaultServingCertificate - will be used. - items: - description: APIServerNamedServingCert maps a server DNS name, - as understood by a client, to a certificate. - properties: - names: - description: names is a optional list of explicit DNS names - (leading wildcards allowed) that should use this certificate - to serve secure traffic. If no names are provided, the - implicit names will be extracted from the certificates. - Exact names trump over wildcard names. Explicit names - defined here trump over extracted implicit names. - items: - type: string - type: array - servingCertificate: - description: 'servingCertificate references a kubernetes.io/tls - type secret containing the TLS cert info for serving secure - traffic. The secret must exist in the openshift-config - namespace and contain the following required fields: - - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - - TLS certificate.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - type: object - tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections - for externally exposed servers. \n If unset, a default (which may - change between releases) is chosen. Note that only Old, Intermediate - and Custom profiles are currently supported, and the maximum available - minTLSVersion is VersionTLS12." - properties: - custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - minTLSVersion: VersionTLS11" - nullable: true - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators - may remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - items: - type: string - type: array - minTLSVersion: - description: "minTLSVersion is used to specify the minimal - version of the TLS protocol that is negotiated during the - TLS handshake. For example, to use TLS versions 1.1, 1.2 - and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: - currently the highest minTLSVersion allowed is VersionTLS12" - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: "intermediate is a TLS security profile based on: - \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12" - nullable: true - type: object - modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: - VersionTLS13 \n NOTE: Currently unsupported." - nullable: true - type: object - old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10" - nullable: true - type: object - type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found - to be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-CustomNoUpgrade.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-CustomNoUpgrade.yaml deleted file mode 100644 index c66791b45c..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-CustomNoUpgrade.yaml +++ /dev/null @@ -1,553 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: authentications.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Authentication - listKind: AuthenticationList - plural: authentications - singular: authentication - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an - instance is `cluster`. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" - is used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcProviders: - description: "OIDCProviders are OIDC identity providers that can issue - tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". - \n At most one provider can be configured." - items: - properties: - claimMappings: - description: ClaimMappings describes rules on how to transform - information from an ID token into a cluster identity - properties: - groups: - description: Groups is a name of the claim that should be - used to construct groups for the cluster identity. The - referenced claim must use array of strings values. - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - description: "Prefix is a string to prefix the value - from the token in the result of the claim mapping. - \n By default, no prefixing occurs. \n Example: if - `prefix` is set to \"myoidc:\"\" and the `claim` in - JWT contains an array of strings \"a\", \"b\" and - \ \"c\", the mapping will result in an array of string - \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"." - type: string - required: - - claim - type: object - username: - description: "Username is a name of the claim that should - be used to construct usernames for the cluster identity. - \n Default value: \"sub\"" - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - properties: - prefixString: - minLength: 1 - type: string - required: - - prefixString - type: object - prefixPolicy: - description: "PrefixPolicy specifies how a prefix should - apply. \n By default, claims other than `email` will - be prefixed with the issuer URL to prevent naming - clashes with other plugins. \n Set to \"NoPrefix\" - to disable prefixing. \n Example: (1) `prefix` is - set to \"myoidc:\" and `claim` is set to \"username\". - If the JWT claim `username` contains value `userA`, - the resulting mapped value will be \"myoidc:userA\". - (2) `prefix` is set to \"myoidc:\" and `claim` is - set to \"email\". If the JWT `email` claim contains - value \"userA@myoidc.tld\", the resulting mapped value - will be \"myoidc:userA@myoidc.tld\". (3) `prefix` - is unset, `issuerURL` is set to `https://myoidc.tld`, - the JWT claims include \"username\":\"userA\" and - \"email\":\"userA@myoidc.tld\", and `claim` is set - to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" - (b) \"email\": the mapped value will be \"userA@myoidc.tld\"" - enum: - - "" - - NoPrefix - - Prefix - type: string - required: - - claim - type: object - x-kubernetes-validations: - - message: prefix must be set if prefixPolicy is 'Prefix', - but must remain unset otherwise - rule: 'has(self.prefixPolicy) && self.prefixPolicy == - ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) - > 0) : !has(self.prefix)' - type: object - claimValidationRules: - description: ClaimValidationRules are rules that are applied - to validate token claims to authenticate users. - items: - properties: - requiredClaim: - description: RequiredClaim allows configuring a required - claim name and its expected value - properties: - claim: - description: Claim is a name of a required claim. - Only claims with string values are supported. - minLength: 1 - type: string - requiredValue: - description: RequiredValue is the required value for - the claim. - minLength: 1 - type: string - required: - - claim - - requiredValue - type: object - type: - default: RequiredClaim - description: Type sets the type of the validation rule - enum: - - RequiredClaim - type: string - type: object - type: array - x-kubernetes-list-type: atomic - issuer: - description: Issuer describes atributes of the OIDC token issuer - properties: - audiences: - description: Audiences is an array of audiences that the - token was issued for. Valid tokens must include at least - one of these values in their "aud" claim. Must be set - to exactly one value. - items: - minLength: 1 - type: string - maxItems: 1 - type: array - x-kubernetes-list-type: set - issuerCertificateAuthority: - description: CertificateAuthority is a reference to a config - map in the configuration namespace. The .data of the configMap - must contain the "ca-bundle.crt" key. If unset, system - trust is used instead. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - required: - - audiences - - issuerURL - type: object - name: - description: Name of the OIDC provider - minLength: 1 - type: string - oidcClients: - description: OIDCClients contains configuration for the platform's - clients that need to request tokens from the issuer - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - clientSecret: - description: ClientSecret refers to a secret in the `openshift-config` - namespace that contains the client secret in the `clientSecret` - key of the `.data` field - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - componentName: - description: ComponentName is the name of the component - that is supposed to consume this client configuration - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the - component that is supposed to consume this client configuration - maxLength: 63 - minLength: 1 - type: string - extraScopes: - description: ExtraScopes is an optional set of scopes - to request tokens with. - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - clientID - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - required: - - issuer - - name - type: object - maxItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceAccountIssuer: - description: 'serviceAccountIssuer is the identifier of the bound - service account token issuer. The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation - of all bound tokens with the previous issuer value. Instead, the - tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set - to 24h). This time period is subject to change over time. This allows - internal components to transition to use new service account issuer - without service distruption.' - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - enum: - - "" - - None - - IntegratedOAuth - - OIDC - type: string - webhookTokenAuthenticator: - description: "webhookTokenAuthenticator configures a remote token - reviewer. These remote authentication webhooks can be used to verify - bearer tokens via the tokenreviews.authentication.k8s.io REST API. - This is required to honor bearer tokens that are provisioned by - an external authentication service. \n Can only be set if \"Type\" - is set to \"None\"." - properties: - kubeConfig: - description: "kubeConfig references a secret that contains kube - config file data which describes how to access the remote webhook - service. The namespace for the referenced secret is openshift-config. - \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - \n The key \"kubeConfig\" is used to locate the data. If the - secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored." - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting it - has no effect. - items: - description: deprecatedWebhookTokenAuthenticator holds the necessary - configuration options for a remote token authenticator. It's the - same as WebhookTokenAuthenticator but it's missing the 'required' - validation on KubeConfig field. - properties: - kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored. The namespace for this secret is determined - by the point of use.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. - This field has no meaning if authentication spec.type is not set - to IntegratedOAuth. The key "oauthMetadata" is used to locate the - data. If the config map or expected key is not found, no metadata - is served. If the specified metadata is not valid, no metadata is - served. The namespace for this config map is openshift-config-managed.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcClients: - description: OIDCClients is where participating operators place the - current OIDC client status for OIDC clients that can be customized - by the cluster-admin. - items: - properties: - componentName: - description: ComponentName is the name of the component that - will consume a client configuration. - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the component - that will consume a client configuration. - maxLength: 63 - minLength: 1 - type: string - conditions: - description: "Conditions are used to communicate the state of - the `oidcClients` entry. \n Supported conditions include Available, - Degraded and Progressing. \n If Available is true, the component - is successfully using the configured client. If Degraded is - true, that means something has gone wrong trying to handle - the client configuration. If Progressing is true, that means - the component is taking some action related to the `oidcClients` - entry." - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - consumingUsers: - description: ConsumingUsers is a slice of ServiceAccounts that - need to have read permission on the `clientSecret` secret. - items: - description: ConsumingUser is an alias for string which we - add validation to. Currently only service accounts are supported. - maxLength: 512 - minLength: 1 - pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - maxItems: 5 - type: array - x-kubernetes-list-type: set - currentOIDCClients: - description: CurrentOIDCClients is a list of clients that the - component is currently using. - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - oidcProviderName: - description: OIDCName refers to the `name` of the provider - from `oidcProviders` - minLength: 1 - type: string - required: - - clientID - - issuerURL - - oidcProviderName - type: object - type: array - x-kubernetes-list-map-keys: - - issuerURL - - clientID - x-kubernetes-list-type: map - required: - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - x-kubernetes-validations: - - message: all oidcClients in the oidcProviders must match their componentName - and componentNamespace to either a previously configured oidcClient or - they must exist in the status.oidcClients - rule: '!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) - || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace - == specC.componentNamespace && statusC.componentName == specC.componentName) - || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, - oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, - oldC.componentNamespace == specC.componentNamespace && oldC.componentName - == specC.componentName)))))' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default-Hypershift.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default-Hypershift.yaml deleted file mode 100644 index 22294e59e1..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default-Hypershift.yaml +++ /dev/null @@ -1,551 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - release.openshift.io/feature-set: Default - name: authentications.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Authentication - listKind: AuthenticationList - plural: authentications - singular: authentication - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an - instance is `cluster`. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" - is used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcProviders: - description: "OIDCProviders are OIDC identity providers that can issue - tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". - \n At most one provider can be configured." - items: - properties: - claimMappings: - description: ClaimMappings describes rules on how to transform - information from an ID token into a cluster identity - properties: - groups: - description: Groups is a name of the claim that should be - used to construct groups for the cluster identity. The - referenced claim must use array of strings values. - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - description: "Prefix is a string to prefix the value - from the token in the result of the claim mapping. - \n By default, no prefixing occurs. \n Example: if - `prefix` is set to \"myoidc:\"\" and the `claim` in - JWT contains an array of strings \"a\", \"b\" and - \ \"c\", the mapping will result in an array of string - \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"." - type: string - required: - - claim - type: object - username: - description: "Username is a name of the claim that should - be used to construct usernames for the cluster identity. - \n Default value: \"sub\"" - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - properties: - prefixString: - minLength: 1 - type: string - required: - - prefixString - type: object - prefixPolicy: - description: "PrefixPolicy specifies how a prefix should - apply. \n By default, claims other than `email` will - be prefixed with the issuer URL to prevent naming - clashes with other plugins. \n Set to \"NoPrefix\" - to disable prefixing. \n Example: (1) `prefix` is - set to \"myoidc:\" and `claim` is set to \"username\". - If the JWT claim `username` contains value `userA`, - the resulting mapped value will be \"myoidc:userA\". - (2) `prefix` is set to \"myoidc:\" and `claim` is - set to \"email\". If the JWT `email` claim contains - value \"userA@myoidc.tld\", the resulting mapped value - will be \"myoidc:userA@myoidc.tld\". (3) `prefix` - is unset, `issuerURL` is set to `https://myoidc.tld`, - the JWT claims include \"username\":\"userA\" and - \"email\":\"userA@myoidc.tld\", and `claim` is set - to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" - (b) \"email\": the mapped value will be \"userA@myoidc.tld\"" - enum: - - "" - - NoPrefix - - Prefix - type: string - required: - - claim - type: object - x-kubernetes-validations: - - message: prefix must be set if prefixPolicy is 'Prefix', - but must remain unset otherwise - rule: 'has(self.prefixPolicy) && self.prefixPolicy == - ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) - > 0) : !has(self.prefix)' - type: object - claimValidationRules: - description: ClaimValidationRules are rules that are applied - to validate token claims to authenticate users. - items: - properties: - requiredClaim: - description: RequiredClaim allows configuring a required - claim name and its expected value - properties: - claim: - description: Claim is a name of a required claim. - Only claims with string values are supported. - minLength: 1 - type: string - requiredValue: - description: RequiredValue is the required value for - the claim. - minLength: 1 - type: string - required: - - claim - - requiredValue - type: object - type: - default: RequiredClaim - description: Type sets the type of the validation rule - enum: - - RequiredClaim - type: string - type: object - type: array - x-kubernetes-list-type: atomic - issuer: - description: Issuer describes atributes of the OIDC token issuer - properties: - audiences: - description: Audiences is an array of audiences that the - token was issued for. Valid tokens must include at least - one of these values in their "aud" claim. Must be set - to exactly one value. - items: - minLength: 1 - type: string - maxItems: 1 - type: array - x-kubernetes-list-type: set - issuerCertificateAuthority: - description: CertificateAuthority is a reference to a config - map in the configuration namespace. The .data of the configMap - must contain the "ca-bundle.crt" key. If unset, system - trust is used instead. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - required: - - audiences - - issuerURL - type: object - name: - description: Name of the OIDC provider - minLength: 1 - type: string - oidcClients: - description: OIDCClients contains configuration for the platform's - clients that need to request tokens from the issuer - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - clientSecret: - description: ClientSecret refers to a secret in the `openshift-config` - namespace that contains the client secret in the `clientSecret` - key of the `.data` field - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - componentName: - description: ComponentName is the name of the component - that is supposed to consume this client configuration - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the - component that is supposed to consume this client configuration - maxLength: 63 - minLength: 1 - type: string - extraScopes: - description: ExtraScopes is an optional set of scopes - to request tokens with. - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - clientID - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - required: - - issuer - - name - type: object - maxItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceAccountIssuer: - description: 'serviceAccountIssuer is the identifier of the bound - service account token issuer. The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation - of all bound tokens with the previous issuer value. Instead, the - tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set - to 24h). This time period is subject to change over time. This allows - internal components to transition to use new service account issuer - without service distruption.' - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - enum: - - "" - - None - - IntegratedOAuth - - OIDC - type: string - webhookTokenAuthenticator: - description: "webhookTokenAuthenticator configures a remote token - reviewer. These remote authentication webhooks can be used to verify - bearer tokens via the tokenreviews.authentication.k8s.io REST API. - This is required to honor bearer tokens that are provisioned by - an external authentication service. \n Can only be set if \"Type\" - is set to \"None\"." - properties: - kubeConfig: - description: "kubeConfig references a secret that contains kube - config file data which describes how to access the remote webhook - service. The namespace for the referenced secret is openshift-config. - \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - \n The key \"kubeConfig\" is used to locate the data. If the - secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored." - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting it - has no effect. - items: - description: deprecatedWebhookTokenAuthenticator holds the necessary - configuration options for a remote token authenticator. It's the - same as WebhookTokenAuthenticator but it's missing the 'required' - validation on KubeConfig field. - properties: - kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored. The namespace for this secret is determined - by the point of use.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. - This field has no meaning if authentication spec.type is not set - to IntegratedOAuth. The key "oauthMetadata" is used to locate the - data. If the config map or expected key is not found, no metadata - is served. If the specified metadata is not valid, no metadata is - served. The namespace for this config map is openshift-config-managed.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcClients: - description: OIDCClients is where participating operators place the - current OIDC client status for OIDC clients that can be customized - by the cluster-admin. - items: - properties: - componentName: - description: ComponentName is the name of the component that - will consume a client configuration. - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the component - that will consume a client configuration. - maxLength: 63 - minLength: 1 - type: string - conditions: - description: "Conditions are used to communicate the state of - the `oidcClients` entry. \n Supported conditions include Available, - Degraded and Progressing. \n If Available is true, the component - is successfully using the configured client. If Degraded is - true, that means something has gone wrong trying to handle - the client configuration. If Progressing is true, that means - the component is taking some action related to the `oidcClients` - entry." - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - consumingUsers: - description: ConsumingUsers is a slice of ServiceAccounts that - need to have read permission on the `clientSecret` secret. - items: - description: ConsumingUser is an alias for string which we - add validation to. Currently only service accounts are supported. - maxLength: 512 - minLength: 1 - pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - maxItems: 5 - type: array - x-kubernetes-list-type: set - currentOIDCClients: - description: CurrentOIDCClients is a list of clients that the - component is currently using. - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - oidcProviderName: - description: OIDCName refers to the `name` of the provider - from `oidcProviders` - minLength: 1 - type: string - required: - - clientID - - issuerURL - - oidcProviderName - type: object - type: array - x-kubernetes-list-map-keys: - - issuerURL - - clientID - x-kubernetes-list-type: map - required: - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - x-kubernetes-validations: - - message: all oidcClients in the oidcProviders must match their componentName - and componentNamespace to either a previously configured oidcClient or - they must exist in the status.oidcClients - rule: '!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) - || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace - == specC.componentNamespace && statusC.componentName == specC.componentName) - || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, - oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, - oldC.componentNamespace == specC.componentNamespace && oldC.componentName - == specC.componentName)))))' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default-Hypershift.yaml-patch b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default-Hypershift.yaml-patch deleted file mode 100644 index ed03e26ca4..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default-Hypershift.yaml-patch +++ /dev/null @@ -1,284 +0,0 @@ -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/oidcProviders - value: - description: "OIDCProviders are OIDC identity providers that can issue tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". \n At most one provider can be configured." - type: array - maxItems: 1 - items: - type: object - required: - - issuer - - name - properties: - claimMappings: - description: ClaimMappings describes rules on how to transform information from an ID token into a cluster identity - type: object - properties: - groups: - description: Groups is a name of the claim that should be used to construct groups for the cluster identity. The referenced claim must use array of strings values. - type: object - required: - - claim - properties: - claim: - description: Claim is a JWT token claim to be used in the mapping - type: string - prefix: - description: "Prefix is a string to prefix the value from the token in the result of the claim mapping. \n By default, no prefixing occurs. \n Example: if `prefix` is set to \"myoidc:\"\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"." - type: string - username: - description: "Username is a name of the claim that should be used to construct usernames for the cluster identity. \n Default value: \"sub\"" - type: object - required: - - claim - properties: - claim: - description: Claim is a JWT token claim to be used in the mapping - type: string - prefix: - type: object - required: - - prefixString - properties: - prefixString: - type: string - minLength: 1 - prefixPolicy: - description: "PrefixPolicy specifies how a prefix should apply. \n By default, claims other than `email` will be prefixed with the issuer URL to prevent naming clashes with other plugins. \n Set to \"NoPrefix\" to disable prefixing. \n Example: (1) `prefix` is set to \"myoidc:\" and `claim` is set to \"username\". If the JWT claim `username` contains value `userA`, the resulting mapped value will be \"myoidc:userA\". (2) `prefix` is set to \"myoidc:\" and `claim` is set to \"email\". If the JWT `email` claim contains value \"userA@myoidc.tld\", the resulting mapped value will be \"myoidc:userA@myoidc.tld\". (3) `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\", and `claim` is set to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" (b) \"email\": the mapped value will be \"userA@myoidc.tld\"" - type: string - enum: - - "" - - NoPrefix - - Prefix - x-kubernetes-validations: - - rule: 'has(self.prefixPolicy) && self.prefixPolicy == ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) > 0) : !has(self.prefix)' - message: prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise - claimValidationRules: - description: ClaimValidationRules are rules that are applied to validate token claims to authenticate users. - type: array - items: - type: object - properties: - requiredClaim: - description: RequiredClaim allows configuring a required claim name and its expected value - type: object - required: - - claim - - requiredValue - properties: - claim: - description: Claim is a name of a required claim. Only claims with string values are supported. - type: string - minLength: 1 - requiredValue: - description: RequiredValue is the required value for the claim. - type: string - minLength: 1 - type: - description: Type sets the type of the validation rule - type: string - default: RequiredClaim - enum: - - RequiredClaim - x-kubernetes-list-type: atomic - issuer: - description: Issuer describes atributes of the OIDC token issuer - type: object - required: - - audiences - - issuerURL - properties: - audiences: - description: Audiences is an array of audiences that the token was issued for. Valid tokens must include at least one of these values in their "aud" claim. Must be set to exactly one value. - type: array - maxItems: 1 - items: - type: string - minLength: 1 - x-kubernetes-list-type: set - issuerCertificateAuthority: - description: CertificateAuthority is a reference to a config map in the configuration namespace. The .data of the configMap must contain the "ca-bundle.crt" key. If unset, system trust is used instead. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config map - type: string - issuerURL: - description: URL is the serving URL of the token issuer. Must use the https:// scheme. - type: string - pattern: ^https:\/\/[^\s] - name: - description: Name of the OIDC provider - type: string - minLength: 1 - oidcClients: - description: OIDCClients contains configuration for the platform's clients that need to request tokens from the issuer - type: array - maxItems: 20 - items: - type: object - required: - - clientID - - componentName - - componentNamespace - properties: - clientID: - description: ClientID is the identifier of the OIDC client from the OIDC provider - type: string - minLength: 1 - clientSecret: - description: ClientSecret refers to a secret in the `openshift-config` namespace that contains the client secret in the `clientSecret` key of the `.data` field - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - componentName: - description: ComponentName is the name of the component that is supposed to consume this client configuration - type: string - maxLength: 256 - minLength: 1 - componentNamespace: - description: ComponentNamespace is the namespace of the component that is supposed to consume this client configuration - type: string - maxLength: 63 - minLength: 1 - extraScopes: - description: ExtraScopes is an optional set of scopes to request tokens with. - type: array - items: - type: string - x-kubernetes-list-type: set - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/status/properties/oidcClients - value: - description: OIDCClients is where participating operators place the current OIDC client status for OIDC clients that can be customized by the cluster-admin. - items: - properties: - componentName: - description: ComponentName is the name of the component that will consume a client configuration. - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the component that will consume a client configuration. - maxLength: 63 - minLength: 1 - type: string - conditions: - description: "Conditions are used to communicate the state of the `oidcClients` entry. \n Supported conditions include Available, Degraded and Progressing. \n If Available is true, the component is successfully using the configured client. If Degraded is true, that means something has gone wrong trying to handle the client configuration. If Progressing is true, that means the component is taking some action related to the `oidcClients` entry." - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - consumingUsers: - description: ConsumingUsers is a slice of ServiceAccounts that need to have read permission on the `clientSecret` secret. - items: - description: ConsumingUser is an alias for string which we add validation to. Currently only service accounts are supported. - maxLength: 512 - minLength: 1 - pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - maxItems: 5 - type: array - x-kubernetes-list-type: set - currentOIDCClients: - description: CurrentOIDCClients is a list of clients that the component is currently using. - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client from the OIDC provider - minLength: 1 - type: string - issuerURL: - description: URL is the serving URL of the token issuer. Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - oidcProviderName: - description: OIDCName refers to the `name` of the provider from `oidcProviders` - minLength: 1 - type: string - required: - - clientID - - issuerURL - - oidcProviderName - type: object - type: array - x-kubernetes-list-map-keys: - - issuerURL - - clientID - x-kubernetes-list-type: map - required: - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/x-kubernetes-validations - value: - - message: all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients - rule: '!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace == specC.componentNamespace && statusC.componentName == specC.componentName) || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, oldC.componentNamespace == specC.componentNamespace && oldC.componentName == specC.componentName)))))' -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/type/enum - value: - - "" - - None - - IntegratedOAuth - - OIDC \ No newline at end of file diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default.yaml deleted file mode 100644 index 87e2434db0..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default.yaml +++ /dev/null @@ -1,171 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - name: authentications.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Authentication - listKind: AuthenticationList - plural: authentications - singular: authentication - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an - instance is `cluster`. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" - is used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - serviceAccountIssuer: - description: 'serviceAccountIssuer is the identifier of the bound - service account token issuer. The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation - of all bound tokens with the previous issuer value. Instead, the - tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set - to 24h). This time period is subject to change over time. This allows - internal components to transition to use new service account issuer - without service distruption.' - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - enum: - - "" - - None - - IntegratedOAuth - type: string - webhookTokenAuthenticator: - description: "webhookTokenAuthenticator configures a remote token - reviewer. These remote authentication webhooks can be used to verify - bearer tokens via the tokenreviews.authentication.k8s.io REST API. - This is required to honor bearer tokens that are provisioned by - an external authentication service. \n Can only be set if \"Type\" - is set to \"None\"." - properties: - kubeConfig: - description: "kubeConfig references a secret that contains kube - config file data which describes how to access the remote webhook - service. The namespace for the referenced secret is openshift-config. - \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - \n The key \"kubeConfig\" is used to locate the data. If the - secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored." - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting it - has no effect. - items: - description: deprecatedWebhookTokenAuthenticator holds the necessary - configuration options for a remote token authenticator. It's the - same as WebhookTokenAuthenticator but it's missing the 'required' - validation on KubeConfig field. - properties: - kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored. The namespace for this secret is determined - by the point of use.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. - This field has no meaning if authentication spec.type is not set - to IntegratedOAuth. The key "oauthMetadata" is used to locate the - data. If the config map or expected key is not found, no metadata - is served. If the specified metadata is not valid, no metadata is - served. The namespace for this config map is openshift-config-managed.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-TechPreviewNoUpgrade.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-TechPreviewNoUpgrade.yaml deleted file mode 100644 index 0e5ef66206..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-TechPreviewNoUpgrade.yaml +++ /dev/null @@ -1,554 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - formatted: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: authentications.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Authentication - listKind: AuthenticationList - plural: authentications - singular: authentication - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an - instance is `cluster`. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" - is used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcProviders: - description: "OIDCProviders are OIDC identity providers that can issue - tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". - \n At most one provider can be configured." - items: - properties: - claimMappings: - description: ClaimMappings describes rules on how to transform - information from an ID token into a cluster identity - properties: - groups: - description: Groups is a name of the claim that should be - used to construct groups for the cluster identity. The - referenced claim must use array of strings values. - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - description: "Prefix is a string to prefix the value - from the token in the result of the claim mapping. - \n By default, no prefixing occurs. \n Example: if - `prefix` is set to \"myoidc:\"\" and the `claim` in - JWT contains an array of strings \"a\", \"b\" and - \ \"c\", the mapping will result in an array of string - \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"." - type: string - required: - - claim - type: object - username: - description: "Username is a name of the claim that should - be used to construct usernames for the cluster identity. - \n Default value: \"sub\"" - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - properties: - prefixString: - minLength: 1 - type: string - required: - - prefixString - type: object - prefixPolicy: - description: "PrefixPolicy specifies how a prefix should - apply. \n By default, claims other than `email` will - be prefixed with the issuer URL to prevent naming - clashes with other plugins. \n Set to \"NoPrefix\" - to disable prefixing. \n Example: (1) `prefix` is - set to \"myoidc:\" and `claim` is set to \"username\". - If the JWT claim `username` contains value `userA`, - the resulting mapped value will be \"myoidc:userA\". - (2) `prefix` is set to \"myoidc:\" and `claim` is - set to \"email\". If the JWT `email` claim contains - value \"userA@myoidc.tld\", the resulting mapped value - will be \"myoidc:userA@myoidc.tld\". (3) `prefix` - is unset, `issuerURL` is set to `https://myoidc.tld`, - the JWT claims include \"username\":\"userA\" and - \"email\":\"userA@myoidc.tld\", and `claim` is set - to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" - (b) \"email\": the mapped value will be \"userA@myoidc.tld\"" - enum: - - "" - - NoPrefix - - Prefix - type: string - required: - - claim - type: object - x-kubernetes-validations: - - message: prefix must be set if prefixPolicy is 'Prefix', - but must remain unset otherwise - rule: 'has(self.prefixPolicy) && self.prefixPolicy == - ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) - > 0) : !has(self.prefix)' - type: object - claimValidationRules: - description: ClaimValidationRules are rules that are applied - to validate token claims to authenticate users. - items: - properties: - requiredClaim: - description: RequiredClaim allows configuring a required - claim name and its expected value - properties: - claim: - description: Claim is a name of a required claim. - Only claims with string values are supported. - minLength: 1 - type: string - requiredValue: - description: RequiredValue is the required value for - the claim. - minLength: 1 - type: string - required: - - claim - - requiredValue - type: object - type: - default: RequiredClaim - description: Type sets the type of the validation rule - enum: - - RequiredClaim - type: string - type: object - type: array - x-kubernetes-list-type: atomic - issuer: - description: Issuer describes atributes of the OIDC token issuer - properties: - audiences: - description: Audiences is an array of audiences that the - token was issued for. Valid tokens must include at least - one of these values in their "aud" claim. Must be set - to exactly one value. - items: - minLength: 1 - type: string - maxItems: 1 - type: array - x-kubernetes-list-type: set - issuerCertificateAuthority: - description: CertificateAuthority is a reference to a config - map in the configuration namespace. The .data of the configMap - must contain the "ca-bundle.crt" key. If unset, system - trust is used instead. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - required: - - audiences - - issuerURL - type: object - name: - description: Name of the OIDC provider - minLength: 1 - type: string - oidcClients: - description: OIDCClients contains configuration for the platform's - clients that need to request tokens from the issuer - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - clientSecret: - description: ClientSecret refers to a secret in the `openshift-config` - namespace that contains the client secret in the `clientSecret` - key of the `.data` field - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - componentName: - description: ComponentName is the name of the component - that is supposed to consume this client configuration - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the - component that is supposed to consume this client configuration - maxLength: 63 - minLength: 1 - type: string - extraScopes: - description: ExtraScopes is an optional set of scopes - to request tokens with. - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - clientID - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - required: - - issuer - - name - type: object - maxItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceAccountIssuer: - description: 'serviceAccountIssuer is the identifier of the bound - service account token issuer. The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation - of all bound tokens with the previous issuer value. Instead, the - tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set - to 24h). This time period is subject to change over time. This allows - internal components to transition to use new service account issuer - without service distruption.' - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - enum: - - "" - - None - - IntegratedOAuth - - OIDC - type: string - webhookTokenAuthenticator: - description: "webhookTokenAuthenticator configures a remote token - reviewer. These remote authentication webhooks can be used to verify - bearer tokens via the tokenreviews.authentication.k8s.io REST API. - This is required to honor bearer tokens that are provisioned by - an external authentication service. \n Can only be set if \"Type\" - is set to \"None\"." - properties: - kubeConfig: - description: "kubeConfig references a secret that contains kube - config file data which describes how to access the remote webhook - service. The namespace for the referenced secret is openshift-config. - \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - \n The key \"kubeConfig\" is used to locate the data. If the - secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored." - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting it - has no effect. - items: - description: deprecatedWebhookTokenAuthenticator holds the necessary - configuration options for a remote token authenticator. It's the - same as WebhookTokenAuthenticator but it's missing the 'required' - validation on KubeConfig field. - properties: - kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored. The namespace for this secret is determined - by the point of use.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. - This field has no meaning if authentication spec.type is not set - to IntegratedOAuth. The key "oauthMetadata" is used to locate the - data. If the config map or expected key is not found, no metadata - is served. If the specified metadata is not valid, no metadata is - served. The namespace for this config map is openshift-config-managed.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcClients: - description: OIDCClients is where participating operators place the - current OIDC client status for OIDC clients that can be customized - by the cluster-admin. - items: - properties: - componentName: - description: ComponentName is the name of the component that - will consume a client configuration. - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the component - that will consume a client configuration. - maxLength: 63 - minLength: 1 - type: string - conditions: - description: "Conditions are used to communicate the state of - the `oidcClients` entry. \n Supported conditions include Available, - Degraded and Progressing. \n If Available is true, the component - is successfully using the configured client. If Degraded is - true, that means something has gone wrong trying to handle - the client configuration. If Progressing is true, that means - the component is taking some action related to the `oidcClients` - entry." - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - consumingUsers: - description: ConsumingUsers is a slice of ServiceAccounts that - need to have read permission on the `clientSecret` secret. - items: - description: ConsumingUser is an alias for string which we - add validation to. Currently only service accounts are supported. - maxLength: 512 - minLength: 1 - pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - maxItems: 5 - type: array - x-kubernetes-list-type: set - currentOIDCClients: - description: CurrentOIDCClients is a list of clients that the - component is currently using. - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - oidcProviderName: - description: OIDCName refers to the `name` of the provider - from `oidcProviders` - minLength: 1 - type: string - required: - - clientID - - issuerURL - - oidcProviderName - type: object - type: array - x-kubernetes-list-map-keys: - - issuerURL - - clientID - x-kubernetes-list-type: map - required: - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - x-kubernetes-validations: - - message: all oidcClients in the oidcProviders must match their componentName - and componentNamespace to either a previously configured oidcClient or - they must exist in the status.oidcClients - rule: '!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) - || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace - == specC.componentNamespace && statusC.componentName == specC.componentName) - || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, - oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, - oldC.componentNamespace == specC.componentNamespace && oldC.componentName - == specC.componentName)))))' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml deleted file mode 100644 index ce7f789da9..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml +++ /dev/null @@ -1,75 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: consoles.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Console - listKind: ConsoleList - plural: consoles - singular: console - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Console holds cluster-wide configuration for the web console, - including the logout URL, and reports the public URL of the console. The - canonical name is `cluster`. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - authentication: - description: ConsoleAuthentication defines a list of optional configuration - for console authentication. - properties: - logoutRedirect: - description: 'An optional, absolute URL to redirect web browsers - to after logging out of the console. If not specified, it will - redirect to the default login page. This is required when using - an identity provider that supports single sign-on (SSO) such - as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, - SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console - will destroy the user''s token. The logoutRedirect provides - the user the option to perform single logout (SLO) through the - identity provider to destroy their single sign-on session.' - pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$ - type: string - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - consoleURL: - description: The URL for the console. This will be derived from the - host for the route that is created for the console. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml deleted file mode 100644 index 7b1bee4065..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,159 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: dnses.config.openshift.io -spec: - group: config.openshift.io - names: - kind: DNS - listKind: DNSList - plural: dnses - singular: dns - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "DNS holds cluster-wide information about DNS. The canonical - name is `cluster` \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - baseDomain: - description: "baseDomain is the base domain of the cluster. All managed - DNS records will be sub-domains of this base. \n For example, given - the base domain `openshift.example.com`, an API server DNS record - may be created for `cluster-api.openshift.example.com`. \n Once - set, this field cannot be changed." - type: string - platform: - description: platform holds configuration specific to the underlying - infrastructure provider for DNS. When omitted, this means the user - has no opinion and the platform is left to choose reasonable defaults. - These defaults are subject to change over time. - properties: - aws: - description: aws contains DNS configuration specific to the Amazon - Web Services cloud provider. - properties: - privateZoneIAMRole: - description: privateZoneIAMRole contains the ARN of an IAM - role that should be assumed when performing operations on - the cluster's private hosted zone specified in the cluster - DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ - type: string - type: object - type: - description: "type is the underlying infrastructure provider for - the cluster. Allowed values: \"\", \"AWS\". \n Individual components - may not support all platforms, and must handle unrecognized - platforms with best-effort defaults." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - x-kubernetes-validations: - - message: allowed values are '' and 'AWS' - rule: self in ['','AWS'] - required: - - type - type: object - x-kubernetes-validations: - - message: aws configuration is required when platform is AWS, and - forbidden otherwise - rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) : - !has(self.aws)' - privateZone: - description: "privateZone is the location where all the DNS records - that are only available internally to the cluster exist. \n If this - field is nil, no private records should be created. \n Once set, - this field cannot be changed." - properties: - id: - description: "id is the identifier that can be used to find the - DNS hosted zone. \n on AWS zone can be fetched using `ID` as - id in [1] on Azure zone can be fetched using `ID` as a pre-determined - name in [2], on GCP zone can be fetched using `ID` as a pre-determined - name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: - type: string - description: "tags can be used to query the DNS hosted zone. \n - on AWS, resourcegroupstaggingapi [1] can be used to fetch a - zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - publicZone: - description: "publicZone is the location where all the DNS records - that are publicly accessible to the internet exist. \n If this field - is nil, no public records should be created. \n Once set, this field - cannot be changed." - properties: - id: - description: "id is the identifier that can be used to find the - DNS hosted zone. \n on AWS zone can be fetched using `ID` as - id in [1] on Azure zone can be fetched using `ID` as a pre-determined - name in [2], on GCP zone can be fetched using `ID` as a pre-determined - name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: - type: string - description: "tags can be used to query the DNS hosted zone. \n - on AWS, resourcegroupstaggingapi [1] can be used to fetch a - zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-Default.crd.yaml deleted file mode 100644 index d2a3e7dc46..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-Default.crd.yaml +++ /dev/null @@ -1,159 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - name: dnses.config.openshift.io -spec: - group: config.openshift.io - names: - kind: DNS - listKind: DNSList - plural: dnses - singular: dns - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "DNS holds cluster-wide information about DNS. The canonical - name is `cluster` \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - baseDomain: - description: "baseDomain is the base domain of the cluster. All managed - DNS records will be sub-domains of this base. \n For example, given - the base domain `openshift.example.com`, an API server DNS record - may be created for `cluster-api.openshift.example.com`. \n Once - set, this field cannot be changed." - type: string - platform: - description: platform holds configuration specific to the underlying - infrastructure provider for DNS. When omitted, this means the user - has no opinion and the platform is left to choose reasonable defaults. - These defaults are subject to change over time. - properties: - aws: - description: aws contains DNS configuration specific to the Amazon - Web Services cloud provider. - properties: - privateZoneIAMRole: - description: privateZoneIAMRole contains the ARN of an IAM - role that should be assumed when performing operations on - the cluster's private hosted zone specified in the cluster - DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ - type: string - type: object - type: - description: "type is the underlying infrastructure provider for - the cluster. Allowed values: \"\", \"AWS\". \n Individual components - may not support all platforms, and must handle unrecognized - platforms with best-effort defaults." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - x-kubernetes-validations: - - message: allowed values are '' and 'AWS' - rule: self in ['','AWS'] - required: - - type - type: object - x-kubernetes-validations: - - message: aws configuration is required when platform is AWS, and - forbidden otherwise - rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) : - !has(self.aws)' - privateZone: - description: "privateZone is the location where all the DNS records - that are only available internally to the cluster exist. \n If this - field is nil, no private records should be created. \n Once set, - this field cannot be changed." - properties: - id: - description: "id is the identifier that can be used to find the - DNS hosted zone. \n on AWS zone can be fetched using `ID` as - id in [1] on Azure zone can be fetched using `ID` as a pre-determined - name in [2], on GCP zone can be fetched using `ID` as a pre-determined - name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: - type: string - description: "tags can be used to query the DNS hosted zone. \n - on AWS, resourcegroupstaggingapi [1] can be used to fetch a - zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - publicZone: - description: "publicZone is the location where all the DNS records - that are publicly accessible to the internet exist. \n If this field - is nil, no public records should be created. \n Once set, this field - cannot be changed." - properties: - id: - description: "id is the identifier that can be used to find the - DNS hosted zone. \n on AWS zone can be fetched using `ID` as - id in [1] on Azure zone can be fetched using `ID` as a pre-determined - name in [2], on GCP zone can be fetched using `ID` as a pre-determined - name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: - type: string - description: "tags can be used to query the DNS hosted zone. \n - on AWS, resourcegroupstaggingapi [1] can be used to fetch a - zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index b5fe24073e..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,159 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: dnses.config.openshift.io -spec: - group: config.openshift.io - names: - kind: DNS - listKind: DNSList - plural: dnses - singular: dns - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "DNS holds cluster-wide information about DNS. The canonical - name is `cluster` \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - baseDomain: - description: "baseDomain is the base domain of the cluster. All managed - DNS records will be sub-domains of this base. \n For example, given - the base domain `openshift.example.com`, an API server DNS record - may be created for `cluster-api.openshift.example.com`. \n Once - set, this field cannot be changed." - type: string - platform: - description: platform holds configuration specific to the underlying - infrastructure provider for DNS. When omitted, this means the user - has no opinion and the platform is left to choose reasonable defaults. - These defaults are subject to change over time. - properties: - aws: - description: aws contains DNS configuration specific to the Amazon - Web Services cloud provider. - properties: - privateZoneIAMRole: - description: privateZoneIAMRole contains the ARN of an IAM - role that should be assumed when performing operations on - the cluster's private hosted zone specified in the cluster - DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ - type: string - type: object - type: - description: "type is the underlying infrastructure provider for - the cluster. Allowed values: \"\", \"AWS\". \n Individual components - may not support all platforms, and must handle unrecognized - platforms with best-effort defaults." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - x-kubernetes-validations: - - message: allowed values are '' and 'AWS' - rule: self in ['','AWS'] - required: - - type - type: object - x-kubernetes-validations: - - message: aws configuration is required when platform is AWS, and - forbidden otherwise - rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) : - !has(self.aws)' - privateZone: - description: "privateZone is the location where all the DNS records - that are only available internally to the cluster exist. \n If this - field is nil, no private records should be created. \n Once set, - this field cannot be changed." - properties: - id: - description: "id is the identifier that can be used to find the - DNS hosted zone. \n on AWS zone can be fetched using `ID` as - id in [1] on Azure zone can be fetched using `ID` as a pre-determined - name in [2], on GCP zone can be fetched using `ID` as a pre-determined - name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: - type: string - description: "tags can be used to query the DNS hosted zone. \n - on AWS, resourcegroupstaggingapi [1] can be used to fetch a - zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - publicZone: - description: "publicZone is the location where all the DNS records - that are publicly accessible to the internet exist. \n If this field - is nil, no public records should be created. \n Once set, this field - cannot be changed." - properties: - id: - description: "id is the identifier that can be used to find the - DNS hosted zone. \n on AWS zone can be fetched using `ID` as - id in [1] on Azure zone can be fetched using `ID` as a pre-determined - name in [2], on GCP zone can be fetched using `ID` as a pre-determined - name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: - type: string - description: "tags can be used to query the DNS hosted zone. \n - on AWS, resourcegroupstaggingapi [1] can be used to fetch a - zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml deleted file mode 100644 index 159260e60e..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml +++ /dev/null @@ -1,213 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: featuregates.config.openshift.io -spec: - group: config.openshift.io - names: - kind: FeatureGate - listKind: FeatureGateList - plural: featuregates - singular: featuregate - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Feature holds cluster-wide information about feature gates. - \ The canonical name is `cluster` \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - customNoUpgrade: - description: customNoUpgrade allows the enabling or disabling of any - feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE - UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting - cannot be validated. If you have any typos or accidentally apply - invalid combinations your cluster may fail in an unrecoverable way. featureSet - must equal "CustomNoUpgrade" must be set to use this field. - nullable: true - properties: - disabled: - description: disabled is a list of all feature gates that you - want to force off - items: - description: FeatureGateName is a string to enforce patterns - on the name of a FeatureGate - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - type: array - enabled: - description: enabled is a list of all feature gates that you want - to force on - items: - description: FeatureGateName is a string to enforce patterns - on the name of a FeatureGate - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - type: array - type: object - featureSet: - description: featureSet changes the list of features in the cluster. The - default is empty. Be very careful adjusting this setting. Turning - on or off features may cause irreversible changes in your cluster - which cannot be undone. - type: string - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: 'conditions represent the observations of the current - state. Known .status.conditions.type are: "DeterminationDegraded"' - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - featureGates: - description: featureGates contains a list of enabled and disabled - featureGates that are keyed by payloadVersion. Operators other than - the CVO and cluster-config-operator, must read the .status.featureGates, - locate the version they are managing, find the enabled/disabled - featuregates and make the operand and operator match. The enabled/disabled - values for a particular version may change during the life of the - cluster as various .spec.featureSet values are selected. Operators - may choose to restart their processes to pick up these changes, - but remembering past enable/disable lists is beyond the scope of - this API and is the responsibility of individual operators. Only - featureGates with .version in the ClusterVersion.status will be - present in this list. - items: - properties: - disabled: - description: disabled is a list of all feature gates that are - disabled in the cluster for the named version. - items: - properties: - name: - description: name is the name of the FeatureGate. - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - required: - - name - type: object - type: array - enabled: - description: enabled is a list of all feature gates that are - enabled in the cluster for the named version. - items: - properties: - name: - description: name is the name of the FeatureGate. - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - required: - - name - type: object - type: array - version: - description: version matches the version provided by the ClusterVersion - and in the ClusterOperator.Status.Versions field. - type: string - required: - - version - type: object - type: array - x-kubernetes-list-map-keys: - - version - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml deleted file mode 100644 index f53396aec9..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml +++ /dev/null @@ -1,162 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: images.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Image - listKind: ImageList - plural: images - singular: image - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Image governs policies related to imagestream imports and runtime - configuration for external registries. It allows cluster admins to configure - which registries OpenShift is allowed to import images from, extra CA trust - bundles for external registries, and policies to block or allow registry - hostnames. When exposing OpenShift's image registry to the public, this - also lets cluster admins specify the external hostname. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - additionalTrustedCA: - description: additionalTrustedCA is a reference to a ConfigMap containing - additional CAs that should be trusted during imagestream import, - pod image pull, build image pull, and imageregistry pullthrough. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - allowedRegistriesForImport: - description: allowedRegistriesForImport limits the container image - registries that normal users may import images from. Set this list - to the registries that you trust to contain valid Docker images - and that you want applications to be able to import from. Users - with permission to create Images or ImageStreamMappings via the - API are not affected by this policy - typically only administrators - or system integrations will have those permissions. - items: - description: RegistryLocation contains a location of the registry - specified by the registry domain name. The domain name might include - wildcards, like '*' or '??'. - properties: - domainName: - description: domainName specifies a domain name for the registry - In case the registry use non-standard (80 or 443) port, the - port should be included in the domain name as well. - type: string - insecure: - description: insecure indicates whether the registry is secure - (https) or insecure (http) By default (if not specified) the - registry is assumed as secure. - type: boolean - type: object - type: array - externalRegistryHostnames: - description: externalRegistryHostnames provides the hostnames for - the default external image registry. The external hostname should - be set only when the image registry is exposed externally. The first - value is used in 'publicDockerImageRepository' field in ImageStreams. - The value must be in "hostname[:port]" format. - items: - type: string - type: array - registrySources: - description: registrySources contains configuration that determines - how the container runtime should treat individual registries when - accessing images for builds+pods. (e.g. whether or not to allow - insecure access). It does not contain configuration for the internal - cluster registry. - properties: - allowedRegistries: - description: "allowedRegistries are the only registries permitted - for image pull and push actions. All other registries are denied. - \n Only one of BlockedRegistries or AllowedRegistries may be - set." - items: - type: string - type: array - blockedRegistries: - description: "blockedRegistries cannot be used for image pull - and push actions. All other registries are permitted. \n Only - one of BlockedRegistries or AllowedRegistries may be set." - items: - type: string - type: array - containerRuntimeSearchRegistries: - description: 'containerRuntimeSearchRegistries are registries - that will be searched when pulling images that do not have fully - qualified domains in their pull specs. Registries will be searched - in the order provided in the list. Note: this search list only - works with the container runtime, i.e CRI-O. Will NOT work with - builds or imagestream imports.' - format: hostname - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - insecureRegistries: - description: insecureRegistries are registries which do not have - a valid TLS certificates or only support HTTP connections. - items: - type: string - type: array - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - externalRegistryHostnames: - description: externalRegistryHostnames provides the hostnames for - the default external image registry. The external hostname should - be set only when the image registry is exposed externally. The first - value is used in 'publicDockerImageRepository' field in ImageStreams. - The value must be in "hostname[:port]" format. - items: - type: string - type: array - internalRegistryHostname: - description: internalRegistryHostname sets the hostname for the default - internal image registry. The value must be in "hostname[:port]" - format. This value is set by the image registry operator which controls - the internal registry hostname. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml deleted file mode 100644 index 2e30bc552b..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml +++ /dev/null @@ -1,112 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/874 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: imagecontentpolicies.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ImageContentPolicy - listKind: ImageContentPolicyList - plural: imagecontentpolicies - singular: imagecontentpolicy - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ImageContentPolicy holds cluster-wide information about how - to handle registry mirror rules. When multiple policies are defined, the - outcome of the behavior is defined on each field. \n Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - repositoryDigestMirrors: - description: "repositoryDigestMirrors allows images referenced by - image digests in pods to be pulled from alternative mirrored repository - locations. The image pull specification provided to the pod will - be compared to the source locations described in RepositoryDigestMirrors - and the image may be pulled down from any of the mirrors in the - list instead of the specified repository allowing administrators - to choose a potentially faster mirror. To pull image from mirrors - by tags, should set the \"allowMirrorByTags\". \n Each “source” - repository is treated independently; configurations for different - “source” repositories don’t interact. \n If the \"mirrors\" is not - specified, the image will continue to be pulled from the specified - repository in the pull spec. \n When multiple policies are defined - for the same “source” repository, the sets of defined mirrors will - be merged together, preserving the relative order of the mirrors, - if possible. For example, if policy A has mirrors `a, b, c` and - policy B has mirrors `c, d, e`, the mirrors will be used in the - order `a, b, c, d, e`. If the orders of mirror entries conflict - (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the - resulting order is unspecified." - items: - description: RepositoryDigestMirrors holds cluster-wide information - about how to handle mirrors in the registries config. - properties: - allowMirrorByTags: - description: allowMirrorByTags if true, the mirrors can be used - to pull the images that are referenced by their tags. Default - is false, the mirrors only work when pulling the images that - are referenced by their digests. Pulling images by tag can - potentially yield different images, depending on which endpoint - we pull from. Forcing digest-pulls for mirrors avoids that - issue. - type: boolean - mirrors: - description: mirrors is zero or more repositories that may also - contain the same images. If the "mirrors" is not specified, - the image will continue to be pulled from the specified repository - in the pull spec. No mirror will be configured. The order - of mirrors in this list is treated as the user's desired priority, - while source is by default considered lower priority than - all mirrors. Other cluster configuration, including (but not - limited to) other repositoryDigestMirrors objects, may impact - the exact order mirrors are contacted in, or some mirrors - may be contacted in parallel, so this should be considered - a preference rather than a guarantee of ordering. - items: - pattern: ^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$ - type: string - type: array - x-kubernetes-list-type: set - source: - description: source is the repository that users refer to, e.g. - in image pull specifications. - pattern: ^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$ - type: string - required: - - source - type: object - type: array - x-kubernetes-list-map-keys: - - source - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml deleted file mode 100644 index 422e46d435..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml +++ /dev/null @@ -1,141 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1126 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: imagedigestmirrorsets.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ImageDigestMirrorSet - listKind: ImageDigestMirrorSetList - plural: imagedigestmirrorsets - shortNames: - - idms - singular: imagedigestmirrorset - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ImageDigestMirrorSet holds cluster-wide information about how - to handle registry mirror rules on using digest pull specification. When - multiple policies are defined, the outcome of the behavior is defined on - each field. \n Compatibility level 1: Stable within a major release for - a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - imageDigestMirrors: - description: "imageDigestMirrors allows images referenced by image - digests in pods to be pulled from alternative mirrored repository - locations. The image pull specification provided to the pod will - be compared to the source locations described in imageDigestMirrors - and the image may be pulled down from any of the mirrors in the - list instead of the specified repository allowing administrators - to choose a potentially faster mirror. To use mirrors to pull images - using tag specification, users should configure a list of mirrors - using \"ImageTagMirrorSet\" CRD. \n If the image pull specification - matches the repository of \"source\" in multiple imagedigestmirrorset - objects, only the objects which define the most specific namespace - match will be used. For example, if there are objects using quay.io/libpod - and quay.io/libpod/busybox as the \"source\", only the objects using - quay.io/libpod/busybox are going to apply for pull specification - quay.io/libpod/busybox. Each “source” repository is treated independently; - configurations for different “source” repositories don’t interact. - \n If the \"mirrors\" is not specified, the image will continue - to be pulled from the specified repository in the pull spec. \n - When multiple policies are defined for the same “source” repository, - the sets of defined mirrors will be merged together, preserving - the relative order of the mirrors, if possible. For example, if - policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, - the mirrors will be used in the order `a, b, c, d, e`. If the orders - of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration - is not rejected but the resulting order is unspecified. Users who - want to use a specific order of mirrors, should configure them into - one list of mirrors using the expected order." - items: - description: ImageDigestMirrors holds cluster-wide information about - how to handle mirrors in the registries config. - properties: - mirrorSourcePolicy: - description: mirrorSourcePolicy defines the fallback policy - if fails to pull image from the mirrors. If unset, the image - will continue to be pulled from the the repository in the - pull spec. sourcePolicy is valid configuration only when one - or more mirrors are in the mirror list. - enum: - - NeverContactSource - - AllowContactingSource - type: string - mirrors: - description: 'mirrors is zero or more locations that may also - contain the same images. No mirror will be configured if not - specified. Images can be pulled from these mirrors only if - they are referenced by their digests. The mirrored location - is obtained by replacing the part of the input reference that - matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo - reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat - causes a mirror.local/redhat/product/repo repository to be - used. The order of mirrors in this list is treated as the - user''s desired priority, while source is by default considered - lower priority than all mirrors. If no mirror is specified - or all image pulls from the mirror list fail, the image will - continue to be pulled from the repository in the pull spec - unless explicitly prohibited by "mirrorSourcePolicy" Other - cluster configuration, including (but not limited to) other - imageDigestMirrors objects, may impact the exact order mirrors - are contacted in, or some mirrors may be contacted in parallel, - so this should be considered a preference rather than a guarantee - of ordering. "mirrors" uses one of the following formats: - host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo - for more information about the format, see the document about - the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' - items: - pattern: ^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ - type: string - type: array - x-kubernetes-list-type: set - source: - description: 'source matches the repository that users refer - to, e.g. in image pull specifications. Setting source to a - registry hostname e.g. docker.io. quay.io, or registry.redhat.io, - will match the image pull specification of corressponding - registry. "source" uses one of the following formats: host[:port] - host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo - [*.]host for more information about the format, see the document - about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' - pattern: ^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ - type: string - required: - - source - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status contains the observed state of the resource. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml deleted file mode 100644 index abcab0166f..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml +++ /dev/null @@ -1,144 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1126 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: imagetagmirrorsets.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ImageTagMirrorSet - listKind: ImageTagMirrorSetList - plural: imagetagmirrorsets - shortNames: - - itms - singular: imagetagmirrorset - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ImageTagMirrorSet holds cluster-wide information about how to - handle registry mirror rules on using tag pull specification. When multiple - policies are defined, the outcome of the behavior is defined on each field. - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - imageTagMirrors: - description: "imageTagMirrors allows images referenced by image tags - in pods to be pulled from alternative mirrored repository locations. - The image pull specification provided to the pod will be compared - to the source locations described in imageTagMirrors and the image - may be pulled down from any of the mirrors in the list instead of - the specified repository allowing administrators to choose a potentially - faster mirror. To use mirrors to pull images using digest specification - only, users should configure a list of mirrors using \"ImageDigestMirrorSet\" - CRD. \n If the image pull specification matches the repository of - \"source\" in multiple imagetagmirrorset objects, only the objects - which define the most specific namespace match will be used. For - example, if there are objects using quay.io/libpod and quay.io/libpod/busybox - as the \"source\", only the objects using quay.io/libpod/busybox - are going to apply for pull specification quay.io/libpod/busybox. - Each “source” repository is treated independently; configurations - for different “source” repositories don’t interact. \n If the \"mirrors\" - is not specified, the image will continue to be pulled from the - specified repository in the pull spec. \n When multiple policies - are defined for the same “source” repository, the sets of defined - mirrors will be merged together, preserving the relative order of - the mirrors, if possible. For example, if policy A has mirrors `a, - b, c` and policy B has mirrors `c, d, e`, the mirrors will be used - in the order `a, b, c, d, e`. If the orders of mirror entries conflict - (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the - resulting order is unspecified. Users who want to use a deterministic - order of mirrors, should configure them into one list of mirrors - using the expected order." - items: - description: ImageTagMirrors holds cluster-wide information about - how to handle mirrors in the registries config. - properties: - mirrorSourcePolicy: - description: mirrorSourcePolicy defines the fallback policy - if fails to pull image from the mirrors. If unset, the image - will continue to be pulled from the repository in the pull - spec. sourcePolicy is valid configuration only when one or - more mirrors are in the mirror list. - enum: - - NeverContactSource - - AllowContactingSource - type: string - mirrors: - description: 'mirrors is zero or more locations that may also - contain the same images. No mirror will be configured if not - specified. Images can be pulled from these mirrors only if - they are referenced by their tags. The mirrored location is - obtained by replacing the part of the input reference that - matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo - reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat - causes a mirror.local/redhat/product/repo repository to be - used. Pulling images by tag can potentially yield different - images, depending on which endpoint we pull from. Configuring - a list of mirrors using "ImageDigestMirrorSet" CRD and forcing - digest-pulls for mirrors avoids that issue. The order of mirrors - in this list is treated as the user''s desired priority, while - source is by default considered lower priority than all mirrors. - If no mirror is specified or all image pulls from the mirror - list fail, the image will continue to be pulled from the repository - in the pull spec unless explicitly prohibited by "mirrorSourcePolicy". - Other cluster configuration, including (but not limited to) - other imageTagMirrors objects, may impact the exact order - mirrors are contacted in, or some mirrors may be contacted - in parallel, so this should be considered a preference rather - than a guarantee of ordering. "mirrors" uses one of the following - formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo - for more information about the format, see the document about - the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' - items: - pattern: ^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ - type: string - type: array - x-kubernetes-list-type: set - source: - description: 'source matches the repository that users refer - to, e.g. in image pull specifications. Setting source to a - registry hostname e.g. docker.io. quay.io, or registry.redhat.io, - will match the image pull specification of corressponding - registry. "source" uses one of the following formats: host[:port] - host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo - [*.]host for more information about the format, see the document - about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' - pattern: ^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ - type: string - required: - - source - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status contains the observed state of the resource. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml deleted file mode 100644 index 975def7c17..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,2089 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: infrastructures.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Infrastructure - listKind: InfrastructureList - plural: infrastructures - singular: infrastructure - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Infrastructure holds cluster-wide information about Infrastructure. - \ The canonical name is `cluster` \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - cloudConfig: - description: "cloudConfig is a reference to a ConfigMap containing - the cloud provider configuration file. This configuration file is - used to configure the Kubernetes cloud provider integration when - using the built-in cloud provider integration or the external cloud - controller manager. The namespace for this config map is openshift-config. - \n cloudConfig should only be consumed by the kube_cloud_config - controller. The controller is responsible for using the user configuration - in the spec for various platforms and combining that with the user - provided ConfigMap in this field to create a stitched kube cloud - config. The controller generates a ConfigMap `kube-cloud-config` - in `openshift-config-managed` namespace with the kube cloud config - is stored in `cloud.conf` key. All the clients are expected to use - the generated ConfigMap only." - properties: - key: - description: Key allows pointing to a specific key/value inside - of the configmap. This is useful for logical file references. - type: string - name: - type: string - type: object - platformSpec: - description: platformSpec holds desired information specific to the - underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to the Alibaba - Cloud infrastructure provider. - type: object - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - type: object - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - type: object - external: - description: ExternalPlatformType represents generic infrastructure - provider. Platform-specific components should be supplemented - separately. - properties: - platformName: - default: Unknown - description: PlatformName holds the arbitrary string representing - the infrastructure provider name, expected to be set at - the installation time. This field is solely for informational - and reporting purposes and is not expected to be used for - decision-making. - type: string - x-kubernetes-validations: - - message: platform name cannot be changed once set - rule: oldSelf == 'Unknown' || self == oldSelf - type: object - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - type: object - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - type: object - nutanix: - description: Nutanix contains settings specific to the Nutanix - infrastructure provider. - properties: - failureDomains: - description: failureDomains configures failure domains information - for the Nutanix platform. When set, the failure domains - defined here may be used to spread Machines across prism - element clusters to improve fault tolerance of the cluster. - items: - description: NutanixFailureDomain configures failure domain - information for the Nutanix platform. - properties: - cluster: - description: cluster is to identify the cluster (the - Prism Element under management of the Prism Central), - in which the Machine's VM will be created. The cluster - identifier (uuid or name) can be obtained from the - Prism Central console or using the prism_central API. - properties: - name: - description: name is the resource name in the PC. - It cannot be empty if the type is Name. - type: string - type: - description: type is the identifier type to use - for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource in - the PC. It cannot be empty if the type is UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when type - is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) - : !has(self.uuid)' - - message: name configuration is required when type - is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) - : !has(self.name)' - name: - description: name defines the unique name of a failure - domain. Name is required and must be at most 64 characters - in length. It must consist of only lower case alphanumeric - characters and hyphens (-). It must start and end - with an alphanumeric character. This value is arbitrary - and is used to identify the failure domain within - the platform. - maxLength: 64 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - type: string - subnets: - description: subnets holds a list of identifiers (one - or more) of the cluster's network subnets for the - Machine's VM to connect to. The subnet identifiers - (uuid or name) can be obtained from the Prism Central - console or using the prism_central API. - items: - description: NutanixResourceIdentifier holds the identity - of a Nutanix PC resource (cluster, image, subnet, - etc.) - properties: - name: - description: name is the resource name in the - PC. It cannot be empty if the type is Name. - type: string - type: - description: type is the identifier type to use - for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource - in the PC. It cannot be empty if the type is - UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when type - is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) - : !has(self.uuid)' - - message: name configuration is required when type - is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) - : !has(self.name)' - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - required: - - cluster - - name - - subnets - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - prismCentral: - description: prismCentral holds the endpoint address and port - to access the Nutanix Prism Central. When a cluster-wide - proxy is installed, by default, this endpoint will be accessed - via the proxy. Should you wish for communication with this - endpoint not to be proxied, please add the endpoint to the - proxy spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS name - or IP address) of the Nutanix Prism Central or Element - (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access the Nutanix - Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - prismElements: - description: prismElements holds one or more endpoint address - and port data to access the Nutanix Prism Elements (clusters) - of the Nutanix Prism Central. Currently we only support - one Prism Element (cluster) for an OpenShift cluster, where - all the Nutanix resources (VMs, subnets, volumes, etc.) - used in the OpenShift cluster are located. In the future, - we may support Nutanix resources (VMs, etc.) spread over - multiple Prism Elements (clusters) of the Prism Central. - items: - description: NutanixPrismElementEndpoint holds the name - and endpoint data for a Prism Element (cluster) - properties: - endpoint: - description: endpoint holds the endpoint address and - port data of the Prism Element (cluster). When a cluster-wide - proxy is installed, by default, this endpoint will - be accessed via the proxy. Should you wish for communication - with this endpoint not to be proxied, please add the - endpoint to the proxy spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS - name or IP address) of the Nutanix Prism Central - or Element (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access the - Nutanix Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - name: - description: name is the name of the Prism Element (cluster). - This value will correspond with the cluster field - configured on other resources (eg Machines, PVCs, - etc). - maxLength: 256 - type: string - required: - - endpoint - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - prismCentral - - prismElements - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - type: object - powervs: - description: PowerVS contains settings specific to the IBM Power - Systems Virtual Servers infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of a Power - VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults of PowerVS - Services. - properties: - name: - description: name is the name of the Power VS service. - Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: - description: type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", - "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", - "Nutanix" and "None". Individual components may not support - all platforms, and must handle unrecognized platforms as None - if they do not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - failureDomains: - description: failureDomains contains the definition of region, - zone and the vCenter topology. If this is omitted failure - domains (regions and zones) will not be used. - items: - description: VSpherePlatformFailureDomainSpec holds the - region and zone failure domain and the vCenter topology - of that failure domain. - properties: - name: - description: name defines the arbitrary but unique name - of a failure domain. - maxLength: 256 - minLength: 1 - type: string - region: - description: region defines the name of a region tag - that will be attached to a vCenter datacenter. The - tag category in vCenter must be named openshift-region. - maxLength: 80 - minLength: 1 - type: string - server: - anyOf: - - format: ipv4 - - format: ipv6 - - format: hostname - description: server is the fully-qualified domain name - or the IP address of the vCenter server. --- - maxLength: 255 - minLength: 1 - type: string - topology: - description: Topology describes a given failure domain - using vSphere constructs - properties: - computeCluster: - description: computeCluster the absolute path of - the vCenter cluster in which virtual machine will - be located. The absolute path is of the form //host/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/host/.*? - type: string - datacenter: - description: datacenter is the name of vCenter datacenter - in which virtual machines will be located. The - maximum length of the datacenter name is 80 characters. - maxLength: 80 - type: string - datastore: - description: datastore is the absolute path of the - datastore in which the virtual machine is located. - The absolute path is of the form //datastore/ - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/datastore/.*? - type: string - folder: - description: folder is the absolute path of the - folder where virtual machines are located. The - absolute path is of the form //vm/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/vm/.*? - type: string - networks: - description: networks is the list of port group - network names within this failure domain. Currently, - we only support a single interface per RHCOS virtual - machine. The available networks (port groups) - can be listed using `govc ls 'network/*'` The - single interface should be the absolute path of - the form //network/. - items: - type: string - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - resourcePool: - description: resourcePool is the absolute path of - the resource pool where virtual machines will - be created. The absolute path is of the form //host//Resources/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/host/.*?/Resources.* - type: string - template: - description: "template is the full inventory path - of the virtual machine or template that will be - cloned when creating new machines in this failure - domain. The maximum length of the path is 2048 - characters. \n When omitted, the template will - be calculated by the control plane machineset - operator based on the region and zone defined - in VSpherePlatformFailureDomainSpec. For example, - for zone=zonea, region=region1, and infrastructure - name=test, the template path would be calculated - as //vm/test-rhcos-region1-zonea." - maxLength: 2048 - minLength: 1 - pattern: ^/.*?/vm/.*? - type: string - required: - - computeCluster - - datacenter - - datastore - - networks - type: object - zone: - description: zone defines the name of a zone tag that - will be attached to a vCenter cluster. The tag category - in vCenter must be named openshift-zone. - maxLength: 80 - minLength: 1 - type: string - required: - - name - - region - - server - - topology - - zone - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeNetworking: - description: nodeNetworking contains the definition of internal - and external network constraints for assigning the node's - networking. If this field is omitted, networking defaults - to the legacy address selection behavior which is to only - support a single address and return the first one found. - properties: - external: - description: external represents the network configuration - of the node that is externally routable. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's VM for - use in the status.addresses fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network names - that will be used to when searching for status.addresses - fields. Note that if internal.networkSubnetCIDR - and external.networkSubnetCIDR are not set, then - the vNIC associated to this network must only have - a single IP address assigned to it. The available - networks (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address on VirtualMachine's - network interfaces included in the fields' CIDRs - that will be used in respective status.addresses - fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: set - type: object - internal: - description: internal represents the network configuration - of the node that is routable only within the cluster. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's VM for - use in the status.addresses fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network names - that will be used to when searching for status.addresses - fields. Note that if internal.networkSubnetCIDR - and external.networkSubnetCIDR are not set, then - the vNIC associated to this network must only have - a single IP address assigned to it. The available - networks (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address on VirtualMachine's - network interfaces included in the fields' CIDRs - that will be used in respective status.addresses - fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: set - type: object - type: object - vcenters: - description: vcenters holds the connection details for services - to communicate with vCenter. Currently, only a single vCenter - is supported. --- - items: - description: VSpherePlatformVCenterSpec stores the vCenter - connection fields. This is used by the vSphere CCM. - properties: - datacenters: - description: The vCenter Datacenters in which the RHCOS - vm guests are located. This field will be used by - the Cloud Controller Manager. Each datacenter listed - here should be used within a topology. - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - port: - description: port is the TCP port that will be used - to communicate to the vCenter endpoint. When omitted, - this means the user has no opinion and it is up to - the platform to choose a sensible default, which is - subject to change over time. - format: int32 - maximum: 32767 - minimum: 1 - type: integer - server: - anyOf: - - format: ipv4 - - format: ipv6 - - format: hostname - description: server is the fully-qualified domain name - or the IP address of the vCenter server. --- - maxLength: 255 - type: string - required: - - datacenters - - server - type: object - maxItems: 1 - minItems: 0 - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme 'https', - address and optionally a port (defaulting to 443). apiServerInternalURL - can be used by components like kubelets, to contact the Kubernetes - API server using the infrastructure provider rather than Kubernetes - networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme 'https', address - and optionally a port (defaulting to 443). apiServerURL can be - used by components like the web console to tell users where to find - the Kubernetes API. - type: string - controlPlaneTopology: - default: HighlyAvailable - description: controlPlaneTopology expresses the expectations for operands - that normally run on control nodes. The default is 'HighlyAvailable', - which represents the behavior operators have in a "normal" cluster. - The 'SingleReplica' mode will be used in single-node deployments - and the operators should not configure the operand for highly-available - operation The 'External' mode indicates that the control plane is - hosted externally to the cluster and that its components are not - visible within the cluster. - enum: - - HighlyAvailable - - SingleReplica - - External - type: string - cpuPartitioning: - default: None - description: cpuPartitioning expresses if CPU partitioning is a currently - enabled feature in the cluster. CPU Partitioning means that this - cluster can support partitioning workloads to specific CPU Sets. - Valid values are "None" and "AllNodes". When omitted, the default - value is "None". The default value of "None" indicates that no nodes - will be setup with CPU partitioning. The "AllNodes" value indicates - that all nodes have been setup with CPU partitioning, and can then - be further configured via the PerformanceProfile API. - enum: - - None - - AllNodes - type: string - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch the - SRV records for discovering etcd servers and clients. For more info: - https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery - deprecated: as of 4.7, this field is no longer set or honored. It - will be removed in a future release.' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster with - a human friendly name. Once set it should not be changed. Must be - of max length 27 and must have only alphanumeric or hyphen characters. - type: string - infrastructureTopology: - default: HighlyAvailable - description: 'infrastructureTopology expresses the expectations for - infrastructure services that do not run on control plane nodes, - usually indicated by a node selector for a `role` value other than - `master`. The default is ''HighlyAvailable'', which represents the - behavior operators have in a "normal" cluster. The ''SingleReplica'' - mode will be used in single-node deployments and the operators should - not configure the operand for highly-available operation NOTE: External - topology mode is not applicable for this field.' - enum: - - HighlyAvailable - - SingleReplica - type: string - platform: - description: "platform is the underlying infrastructure provider for - the cluster. \n Deprecated: Use platformStatus.type instead." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - platformStatus: - description: platformStatus holds status information specific to the - underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to the Alibaba - Cloud infrastructure provider. - properties: - region: - description: region specifies the region for Alibaba Cloud - resources created for the cluster. - pattern: ^[0-9A-Za-z-]+$ - type: string - resourceGroupID: - description: resourceGroupID is the ID of the resource group - for the cluster. - pattern: ^(rg-[0-9A-Za-z]+)?$ - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to Alibaba Cloud resources created for the cluster. - items: - description: AlibabaCloudResourceTag is the set of tags - to add to apply to resources. - properties: - key: - description: key is the key of the tag. - maxLength: 128 - minLength: 1 - type: string - value: - description: value is the value of the tag. - maxLength: 128 - minLength: 1 - type: string - required: - - key - - value - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - required: - - region - type: object - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - properties: - region: - description: region holds the default AWS region for new AWS - resources created by the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html - for information on tagging AWS resources. AWS supports a - maximum of 50 tags per resource. OpenShift reserves 25 tags - for its use, leaving 25 tags available for the user. - items: - description: AWSResourceTag is a tag to apply to AWS resources - created for the cluster. - properties: - key: - description: key is the key of the tag - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: value is the value of the tag. Some AWS - service do not support empty values. Since tags are - added to resources in many services, the length of - the tag value must meet the requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - x-kubernetes-list-type: atomic - serviceEndpoints: - description: ServiceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - properties: - armEndpoint: - description: armEndpoint specifies a URL to use for resource - management in non-soverign clouds such as Azure Stack. - type: string - cloudName: - description: cloudName is the name of the Azure cloud environment - which can be used to configure the Azure SDK with the appropriate - Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. - enum: - - "" - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureStackCloud - type: string - networkResourceGroupName: - description: networkResourceGroupName is the Resource Group - for network resources like the Virtual Network and Subnets - used by the cluster. If empty, the value is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group for new - Azure resources created for the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags - for information on tagging Azure resources. Due to limitations - on Automation, Content Delivery Network, DNS Azure resources, - a maximum of 15 tags may be applied. OpenShift reserves - 5 tags for internal use, allowing 10 tags for user configuration. - items: - description: AzureResourceTag is a tag to apply to Azure - resources created for the cluster. - properties: - key: - description: key is the key part of the tag. A tag key - can have a maximum of 128 characters and cannot be - empty. Key must begin with a letter, end with a letter, - number or underscore, and must contain only alphanumeric - characters and the following special characters `_ - . -`. - maxLength: 128 - minLength: 1 - pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ - type: string - value: - description: 'value is the value part of the tag. A - tag value can have a maximum of 256 characters and - cannot be empty. Value must contain only alphanumeric - characters and the following special characters `_ - + , - . / : ; < = > ? @`.' - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 10 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: resourceTags are immutable and may only be configured - during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) - type: object - x-kubernetes-validations: - - message: resourceTags may only be configured during installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on BareMetal platform which can be a - user-managed or openshift-managed load balancer that - is to be used for the OpenShift API and Ingress endpoints. - When set to OpenShiftManagedDefault the static pods - in charge of API and Ingress traffic load-balancing - defined in the machine config operator will be deployed. - When set to UserManaged these static pods will not be - deployed and it is expected that the load balancer is - configured out of band by the deployer. When omitted, - this means no opinion and the platform is left to choose - a reasonable default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for BareMetal deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - type: object - external: - description: External contains settings specific to the generic - External infrastructure provider. - properties: - cloudControllerManager: - description: cloudControllerManager contains settings specific - to the external Cloud Controller Manager (a.k.a. CCM or - CPI). When omitted, new nodes will be not tainted and no - extra initialization from the cloud controller manager is - expected. - properties: - state: - description: "state determines whether or not an external - Cloud Controller Manager is expected to be installed - within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager - \n Valid values are \"External\", \"None\" and omitted. - When set to \"External\", new nodes will be tainted - as uninitialized when created, preventing them from - running workloads until they are initialized by the - cloud controller manager. When omitted or set to \"None\", - new nodes will be not tainted and no extra initialization - from the cloud controller manager is expected." - enum: - - "" - - External - - None - type: string - x-kubernetes-validations: - - message: state is immutable once set - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: state may not be added or removed once set - rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) - && self.state != "External") - type: object - x-kubernetes-validations: - - message: cloudControllerManager may not be added or removed - once set - rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - properties: - cloudLoadBalancerConfig: - default: - dnsType: PlatformDefault - description: cloudLoadBalancerConfig is a union that contains - the IP addresses of API, API-Int and Ingress Load Balancers - created on the cloud platform. These values would not be - populated on on-prem platforms. These Load Balancer IPs - are used to configure the in-cluster DNS instances for API, - API-Int and Ingress services. `dnsType` is expected to be - set to `ClusterHosted` when these Load Balancer IP addresses - are populated and used. - nullable: true - properties: - clusterHosted: - description: clusterHosted holds the IP addresses of API, - API-Int and Ingress Load Balancers on Cloud Platforms. - The DNS solution hosted within the cluster use these - IP addresses to provide resolution for API, API-Int - and Ingress services. - properties: - apiIntLoadBalancerIPs: - description: apiIntLoadBalancerIPs holds Load Balancer - IPs for the internal API service. These Load Balancer - IP addresses can be IPv4 and/or IPv6 addresses. - Entries in the apiIntLoadBalancerIPs must be unique. - A maximum of 16 IP addresses are permitted. - format: ip - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - apiLoadBalancerIPs: - description: apiLoadBalancerIPs holds Load Balancer - IPs for the API service. These Load Balancer IP - addresses can be IPv4 and/or IPv6 addresses. Could - be empty for private clusters. Entries in the apiLoadBalancerIPs - must be unique. A maximum of 16 IP addresses are - permitted. - format: ip - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - ingressLoadBalancerIPs: - description: ingressLoadBalancerIPs holds IPs for - Ingress Load Balancers. These Load Balancer IP addresses - can be IPv4 and/or IPv6 addresses. Entries in the - ingressLoadBalancerIPs must be unique. A maximum - of 16 IP addresses are permitted. - format: ip - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - type: object - dnsType: - default: PlatformDefault - description: dnsType indicates the type of DNS solution - in use within the cluster. Its default value of `PlatformDefault` - indicates that the cluster's DNS is the default provided - by the cloud platform. It can be set to `ClusterHosted` - to bypass the configuration of the cloud default DNS. - In this mode, the cluster needs to provide a self-hosted - DNS solution for the cluster's installation to succeed. - The cluster's use of the cloud's Load Balancers is unaffected - by this setting. The value is immutable after it has - been set at install time. Currently, there is no way - for the customer to add additional DNS entries into - the cluster hosted DNS. Enabling this functionality - allows the user to start their own DNS solution outside - the cluster after installation is complete. The customer - would be responsible for configuring this custom DNS - solution, and it can be run in addition to the in-cluster - DNS solution. - enum: - - ClusterHosted - - PlatformDefault - type: string - x-kubernetes-validations: - - message: dnsType is immutable - rule: oldSelf == '' || self == oldSelf - type: object - x-kubernetes-validations: - - message: clusterHosted is permitted only when dnsType is - ClusterHosted - rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted'' - ? !has(self.clusterHosted) : true' - projectID: - description: resourceGroupName is the Project ID for new GCP - resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources - created for the cluster. - type: string - resourceLabels: - description: resourceLabels is a list of additional labels - to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources - for information on labeling GCP resources. GCP supports - a maximum of 64 labels per resource. OpenShift reserves - 32 labels for internal use, allowing 32 labels for user - configuration. - items: - description: GCPResourceLabel is a label to apply to GCP - resources created for the cluster. - properties: - key: - description: key is the key part of the label. A label - key can have a maximum of 63 characters and cannot - be empty. Label key must begin with a lowercase letter, - and must contain only lowercase letters, numeric characters, - and the following special characters `_-`. Label key - must not have the reserved prefixes `kubernetes-io` - and `openshift-io`. - maxLength: 63 - minLength: 1 - pattern: ^[a-z][0-9a-z_-]{0,62}$ - type: string - x-kubernetes-validations: - - message: label keys must not start with either `openshift-io` - or `kubernetes-io` - rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')' - value: - description: value is the value part of the label. A - label value can have a maximum of 63 characters and - cannot be empty. Value must contain only lowercase - letters, numeric characters, and the following special - characters `_-`. - maxLength: 63 - minLength: 1 - pattern: ^[0-9a-z_-]{1,63}$ - type: string - required: - - key - - value - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: resourceLabels are immutable and may only be configured - during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) - resourceTags: - description: resourceTags is a list of additional tags to - apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview - for information on tagging GCP resources. GCP supports a - maximum of 50 tags per resource. - items: - description: GCPResourceTag is a tag to apply to GCP resources - created for the cluster. - properties: - key: - description: key is the key part of the tag. A tag key - can have a maximum of 63 characters and cannot be - empty. Tag key must begin and end with an alphanumeric - character, and must contain only uppercase, lowercase - alphanumeric characters, and the following special - characters `._-`. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ - type: string - parentID: - description: 'parentID is the ID of the hierarchical - resource where the tags are defined, e.g. at the Organization - or the Project level. To find the Organization or - Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, - https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. - An OrganizationID must consist of decimal numbers, - and cannot have leading zeroes. A ProjectID must be - 6 to 30 characters in length, can only contain lowercase - letters, numbers, and hyphens, and must start with - a letter, and cannot end with a hyphen.' - maxLength: 32 - minLength: 1 - pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) - type: string - value: - description: value is the value part of the tag. A tag - value can have a maximum of 63 characters and cannot - be empty. Tag value must begin and end with an alphanumeric - character, and must contain only uppercase, lowercase - alphanumeric characters, and the following special - characters `_-.@%=+:,*#&(){}[]` and spaces. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ - type: string - required: - - key - - parentID - - value - type: object - maxItems: 50 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: resourceTags are immutable and may only be configured - during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) - type: object - x-kubernetes-validations: - - message: resourceLabels may only be configured during installation - rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) - || has(oldSelf.resourceLabels) && has(self.resourceLabels)' - - message: resourceTags may only be configured during installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud Internet - Services instance managing the DNS zone for the cluster's - base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS Services - instance managing the DNS zone for the cluster's base domain - type: string - location: - description: Location is where the cluster has been deployed - type: string - providerType: - description: ProviderType indicates the type of cluster that - was created - type: string - resourceGroupName: - description: ResourceGroupName is the Resource Group for new - IBMCloud resources created for the cluster. - type: string - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of an - IBM Cloud service. These endpoints are consumed by components - within the cluster to reach the respective IBM Cloud Services. - items: - description: IBMCloudServiceEndpoint stores the configuration - of a custom url to override existing defaults of IBM Cloud - Services. - properties: - name: - description: 'name is the name of the IBM Cloud service. - Possible values are: CIS, COS, DNSServices, GlobalSearch, - GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, - ResourceManager, or VPC. For example, the IBM Cloud - Private IAM service could be configured with the service - `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` - Whereas the IBM Cloud Private VPC service for US South - (Dallas) could be configured with the service `name` - of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`' - enum: - - CIS - - COS - - DNSServices - - GlobalSearch - - GlobalTagging - - HyperProtect - - IAM - - KeyProtect - - ResourceController - - ResourceManager - - VPC - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - type: string - x-kubernetes-validations: - - message: url must be a valid absolute URL - rule: isURL(self) - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - type: object - nutanix: - description: Nutanix contains settings specific to the Nutanix - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on Nutanix platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - cloudName: - description: cloudName is the name of the desired OpenStack - cloud in the client configuration file (`clouds.yaml`). - type: string - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on OpenStack platform which can be a - user-managed or openshift-managed load balancer that - is to be used for the OpenShift API and Ingress endpoints. - When set to OpenShiftManagedDefault the static pods - in charge of API and Ingress traffic load-balancing - defined in the machine config operator will be deployed. - When set to UserManaged these static pods will not be - deployed and it is expected that the load balancer is - configured out of band by the deployer. When omitted, - this means no opinion and the platform is left to choose - a reasonable default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for OpenStack deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on Ovirt platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - nodeDNSIP: - description: 'deprecated: as of 4.6, this field is no longer - set or honored. It will be removed in a future release.' - type: string - type: object - powervs: - description: PowerVS contains settings specific to the Power Systems - Virtual Servers infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud Internet - Services instance managing the DNS zone for the cluster's - base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS Services - instance managing the DNS zone for the cluster's base domain - type: string - region: - description: region holds the default Power VS region for - new Power VS resources created by the cluster. - type: string - resourceGroup: - description: 'resourceGroup is the resource group name for - new IBMCloud resources created for a cluster. The resource - group specified here will be used by cluster-image-registry-operator - to set up a COS Instance in IBMCloud for the cluster registry. - More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. - When omitted, the image registry operator won''t be able - to configure storage, which results in the image registry - cluster operator not being in an available state.' - maxLength: 40 - pattern: ^[a-zA-Z0-9-_ ]+$ - type: string - x-kubernetes-validations: - - message: resourceGroup is immutable once set - rule: oldSelf == '' || self == oldSelf - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of a Power - VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults of PowerVS - Services. - properties: - name: - description: name is the name of the Power VS service. - Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - zone: - description: 'zone holds the default zone for the new Power - VS resources created by the cluster. Note: Currently only - single-zone OCP clusters are supported' - type: string - type: object - x-kubernetes-validations: - - message: cannot unset resourceGroup once set - rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)' - type: - description: "type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", - \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", - \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components - may not support all platforms, and must handle unrecognized - platforms as None if they do not support that platform. \n This - value will be synced with to the `status.platform` and `status.platformStatus.type`. - Currently this value cannot be changed once set." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on VSphere platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for vSphere deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml-patch b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml-patch deleted file mode 100644 index d127130add..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml-patch +++ /dev/null @@ -1,24 +0,0 @@ -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/vcenters/items/properties/server/anyOf - value: - - format: ipv4 - - format: ipv6 - - format: hostname -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/failureDomains/items/properties/server/anyOf - value: - - format: ipv4 - - format: ipv6 - - format: hostname -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/excludeNetworkSubnetCidr/items/format - value: cidr -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/networkSubnetCidr/items/format - value: cidr -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/excludeNetworkSubnetCidr/items/format - value: cidr -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/networkSubnetCidr/items/format - value: cidr diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml deleted file mode 100644 index 289aa85eb2..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml +++ /dev/null @@ -1,1745 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - name: infrastructures.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Infrastructure - listKind: InfrastructureList - plural: infrastructures - singular: infrastructure - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Infrastructure holds cluster-wide information about Infrastructure. - \ The canonical name is `cluster` \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - cloudConfig: - description: "cloudConfig is a reference to a ConfigMap containing - the cloud provider configuration file. This configuration file is - used to configure the Kubernetes cloud provider integration when - using the built-in cloud provider integration or the external cloud - controller manager. The namespace for this config map is openshift-config. - \n cloudConfig should only be consumed by the kube_cloud_config - controller. The controller is responsible for using the user configuration - in the spec for various platforms and combining that with the user - provided ConfigMap in this field to create a stitched kube cloud - config. The controller generates a ConfigMap `kube-cloud-config` - in `openshift-config-managed` namespace with the kube cloud config - is stored in `cloud.conf` key. All the clients are expected to use - the generated ConfigMap only." - properties: - key: - description: Key allows pointing to a specific key/value inside - of the configmap. This is useful for logical file references. - type: string - name: - type: string - type: object - platformSpec: - description: platformSpec holds desired information specific to the - underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to the Alibaba - Cloud infrastructure provider. - type: object - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - type: object - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - type: object - external: - description: ExternalPlatformType represents generic infrastructure - provider. Platform-specific components should be supplemented - separately. - properties: - platformName: - default: Unknown - description: PlatformName holds the arbitrary string representing - the infrastructure provider name, expected to be set at - the installation time. This field is solely for informational - and reporting purposes and is not expected to be used for - decision-making. - type: string - x-kubernetes-validations: - - message: platform name cannot be changed once set - rule: oldSelf == 'Unknown' || self == oldSelf - type: object - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - type: object - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - type: object - nutanix: - description: Nutanix contains settings specific to the Nutanix - infrastructure provider. - properties: - failureDomains: - description: failureDomains configures failure domains information - for the Nutanix platform. When set, the failure domains - defined here may be used to spread Machines across prism - element clusters to improve fault tolerance of the cluster. - items: - description: NutanixFailureDomain configures failure domain - information for the Nutanix platform. - properties: - cluster: - description: cluster is to identify the cluster (the - Prism Element under management of the Prism Central), - in which the Machine's VM will be created. The cluster - identifier (uuid or name) can be obtained from the - Prism Central console or using the prism_central API. - properties: - name: - description: name is the resource name in the PC. - It cannot be empty if the type is Name. - type: string - type: - description: type is the identifier type to use - for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource in - the PC. It cannot be empty if the type is UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when type - is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) - : !has(self.uuid)' - - message: name configuration is required when type - is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) - : !has(self.name)' - name: - description: name defines the unique name of a failure - domain. Name is required and must be at most 64 characters - in length. It must consist of only lower case alphanumeric - characters and hyphens (-). It must start and end - with an alphanumeric character. This value is arbitrary - and is used to identify the failure domain within - the platform. - maxLength: 64 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - type: string - subnets: - description: subnets holds a list of identifiers (one - or more) of the cluster's network subnets for the - Machine's VM to connect to. The subnet identifiers - (uuid or name) can be obtained from the Prism Central - console or using the prism_central API. - items: - description: NutanixResourceIdentifier holds the identity - of a Nutanix PC resource (cluster, image, subnet, - etc.) - properties: - name: - description: name is the resource name in the - PC. It cannot be empty if the type is Name. - type: string - type: - description: type is the identifier type to use - for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource - in the PC. It cannot be empty if the type is - UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when type - is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) - : !has(self.uuid)' - - message: name configuration is required when type - is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) - : !has(self.name)' - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - required: - - cluster - - name - - subnets - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - prismCentral: - description: prismCentral holds the endpoint address and port - to access the Nutanix Prism Central. When a cluster-wide - proxy is installed, by default, this endpoint will be accessed - via the proxy. Should you wish for communication with this - endpoint not to be proxied, please add the endpoint to the - proxy spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS name - or IP address) of the Nutanix Prism Central or Element - (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access the Nutanix - Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - prismElements: - description: prismElements holds one or more endpoint address - and port data to access the Nutanix Prism Elements (clusters) - of the Nutanix Prism Central. Currently we only support - one Prism Element (cluster) for an OpenShift cluster, where - all the Nutanix resources (VMs, subnets, volumes, etc.) - used in the OpenShift cluster are located. In the future, - we may support Nutanix resources (VMs, etc.) spread over - multiple Prism Elements (clusters) of the Prism Central. - items: - description: NutanixPrismElementEndpoint holds the name - and endpoint data for a Prism Element (cluster) - properties: - endpoint: - description: endpoint holds the endpoint address and - port data of the Prism Element (cluster). When a cluster-wide - proxy is installed, by default, this endpoint will - be accessed via the proxy. Should you wish for communication - with this endpoint not to be proxied, please add the - endpoint to the proxy spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS - name or IP address) of the Nutanix Prism Central - or Element (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access the - Nutanix Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - name: - description: name is the name of the Prism Element (cluster). - This value will correspond with the cluster field - configured on other resources (eg Machines, PVCs, - etc). - maxLength: 256 - type: string - required: - - endpoint - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - prismCentral - - prismElements - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - type: object - powervs: - description: PowerVS contains settings specific to the IBM Power - Systems Virtual Servers infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of a Power - VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults of PowerVS - Services. - properties: - name: - description: name is the name of the Power VS service. - Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: - description: type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", - "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", - "Nutanix" and "None". Individual components may not support - all platforms, and must handle unrecognized platforms as None - if they do not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - failureDomains: - description: failureDomains contains the definition of region, - zone and the vCenter topology. If this is omitted failure - domains (regions and zones) will not be used. - items: - description: VSpherePlatformFailureDomainSpec holds the - region and zone failure domain and the vCenter topology - of that failure domain. - properties: - name: - description: name defines the arbitrary but unique name - of a failure domain. - maxLength: 256 - minLength: 1 - type: string - region: - description: region defines the name of a region tag - that will be attached to a vCenter datacenter. The - tag category in vCenter must be named openshift-region. - maxLength: 80 - minLength: 1 - type: string - server: - anyOf: - - format: ipv4 - - format: ipv6 - - format: hostname - description: server is the fully-qualified domain name - or the IP address of the vCenter server. --- - maxLength: 255 - minLength: 1 - type: string - topology: - description: Topology describes a given failure domain - using vSphere constructs - properties: - computeCluster: - description: computeCluster the absolute path of - the vCenter cluster in which virtual machine will - be located. The absolute path is of the form //host/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/host/.*? - type: string - datacenter: - description: datacenter is the name of vCenter datacenter - in which virtual machines will be located. The - maximum length of the datacenter name is 80 characters. - maxLength: 80 - type: string - datastore: - description: datastore is the absolute path of the - datastore in which the virtual machine is located. - The absolute path is of the form //datastore/ - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/datastore/.*? - type: string - folder: - description: folder is the absolute path of the - folder where virtual machines are located. The - absolute path is of the form //vm/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/vm/.*? - type: string - networks: - description: networks is the list of port group - network names within this failure domain. Currently, - we only support a single interface per RHCOS virtual - machine. The available networks (port groups) - can be listed using `govc ls 'network/*'` The - single interface should be the absolute path of - the form //network/. - items: - type: string - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - resourcePool: - description: resourcePool is the absolute path of - the resource pool where virtual machines will - be created. The absolute path is of the form //host//Resources/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/host/.*?/Resources.* - type: string - required: - - computeCluster - - datacenter - - datastore - - networks - type: object - zone: - description: zone defines the name of a zone tag that - will be attached to a vCenter cluster. The tag category - in vCenter must be named openshift-zone. - maxLength: 80 - minLength: 1 - type: string - required: - - name - - region - - server - - topology - - zone - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeNetworking: - description: nodeNetworking contains the definition of internal - and external network constraints for assigning the node's - networking. If this field is omitted, networking defaults - to the legacy address selection behavior which is to only - support a single address and return the first one found. - properties: - external: - description: external represents the network configuration - of the node that is externally routable. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's VM for - use in the status.addresses fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network names - that will be used to when searching for status.addresses - fields. Note that if internal.networkSubnetCIDR - and external.networkSubnetCIDR are not set, then - the vNIC associated to this network must only have - a single IP address assigned to it. The available - networks (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address on VirtualMachine's - network interfaces included in the fields' CIDRs - that will be used in respective status.addresses - fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: set - type: object - internal: - description: internal represents the network configuration - of the node that is routable only within the cluster. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's VM for - use in the status.addresses fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network names - that will be used to when searching for status.addresses - fields. Note that if internal.networkSubnetCIDR - and external.networkSubnetCIDR are not set, then - the vNIC associated to this network must only have - a single IP address assigned to it. The available - networks (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address on VirtualMachine's - network interfaces included in the fields' CIDRs - that will be used in respective status.addresses - fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: set - type: object - type: object - vcenters: - description: vcenters holds the connection details for services - to communicate with vCenter. Currently, only a single vCenter - is supported. --- - items: - description: VSpherePlatformVCenterSpec stores the vCenter - connection fields. This is used by the vSphere CCM. - properties: - datacenters: - description: The vCenter Datacenters in which the RHCOS - vm guests are located. This field will be used by - the Cloud Controller Manager. Each datacenter listed - here should be used within a topology. - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - port: - description: port is the TCP port that will be used - to communicate to the vCenter endpoint. When omitted, - this means the user has no opinion and it is up to - the platform to choose a sensible default, which is - subject to change over time. - format: int32 - maximum: 32767 - minimum: 1 - type: integer - server: - anyOf: - - format: ipv4 - - format: ipv6 - - format: hostname - description: server is the fully-qualified domain name - or the IP address of the vCenter server. --- - maxLength: 255 - type: string - required: - - datacenters - - server - type: object - maxItems: 1 - minItems: 0 - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme 'https', - address and optionally a port (defaulting to 443). apiServerInternalURL - can be used by components like kubelets, to contact the Kubernetes - API server using the infrastructure provider rather than Kubernetes - networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme 'https', address - and optionally a port (defaulting to 443). apiServerURL can be - used by components like the web console to tell users where to find - the Kubernetes API. - type: string - controlPlaneTopology: - default: HighlyAvailable - description: controlPlaneTopology expresses the expectations for operands - that normally run on control nodes. The default is 'HighlyAvailable', - which represents the behavior operators have in a "normal" cluster. - The 'SingleReplica' mode will be used in single-node deployments - and the operators should not configure the operand for highly-available - operation The 'External' mode indicates that the control plane is - hosted externally to the cluster and that its components are not - visible within the cluster. - enum: - - HighlyAvailable - - SingleReplica - - External - type: string - cpuPartitioning: - default: None - description: cpuPartitioning expresses if CPU partitioning is a currently - enabled feature in the cluster. CPU Partitioning means that this - cluster can support partitioning workloads to specific CPU Sets. - Valid values are "None" and "AllNodes". When omitted, the default - value is "None". The default value of "None" indicates that no nodes - will be setup with CPU partitioning. The "AllNodes" value indicates - that all nodes have been setup with CPU partitioning, and can then - be further configured via the PerformanceProfile API. - enum: - - None - - AllNodes - type: string - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch the - SRV records for discovering etcd servers and clients. For more info: - https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery - deprecated: as of 4.7, this field is no longer set or honored. It - will be removed in a future release.' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster with - a human friendly name. Once set it should not be changed. Must be - of max length 27 and must have only alphanumeric or hyphen characters. - type: string - infrastructureTopology: - default: HighlyAvailable - description: 'infrastructureTopology expresses the expectations for - infrastructure services that do not run on control plane nodes, - usually indicated by a node selector for a `role` value other than - `master`. The default is ''HighlyAvailable'', which represents the - behavior operators have in a "normal" cluster. The ''SingleReplica'' - mode will be used in single-node deployments and the operators should - not configure the operand for highly-available operation NOTE: External - topology mode is not applicable for this field.' - enum: - - HighlyAvailable - - SingleReplica - type: string - platform: - description: "platform is the underlying infrastructure provider for - the cluster. \n Deprecated: Use platformStatus.type instead." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - platformStatus: - description: platformStatus holds status information specific to the - underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to the Alibaba - Cloud infrastructure provider. - properties: - region: - description: region specifies the region for Alibaba Cloud - resources created for the cluster. - pattern: ^[0-9A-Za-z-]+$ - type: string - resourceGroupID: - description: resourceGroupID is the ID of the resource group - for the cluster. - pattern: ^(rg-[0-9A-Za-z]+)?$ - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to Alibaba Cloud resources created for the cluster. - items: - description: AlibabaCloudResourceTag is the set of tags - to add to apply to resources. - properties: - key: - description: key is the key of the tag. - maxLength: 128 - minLength: 1 - type: string - value: - description: value is the value of the tag. - maxLength: 128 - minLength: 1 - type: string - required: - - key - - value - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - required: - - region - type: object - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - properties: - region: - description: region holds the default AWS region for new AWS - resources created by the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html - for information on tagging AWS resources. AWS supports a - maximum of 50 tags per resource. OpenShift reserves 25 tags - for its use, leaving 25 tags available for the user. - items: - description: AWSResourceTag is a tag to apply to AWS resources - created for the cluster. - properties: - key: - description: key is the key of the tag - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: value is the value of the tag. Some AWS - service do not support empty values. Since tags are - added to resources in many services, the length of - the tag value must meet the requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - x-kubernetes-list-type: atomic - serviceEndpoints: - description: ServiceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - properties: - armEndpoint: - description: armEndpoint specifies a URL to use for resource - management in non-soverign clouds such as Azure Stack. - type: string - cloudName: - description: cloudName is the name of the Azure cloud environment - which can be used to configure the Azure SDK with the appropriate - Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. - enum: - - "" - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureStackCloud - type: string - networkResourceGroupName: - description: networkResourceGroupName is the Resource Group - for network resources like the Virtual Network and Subnets - used by the cluster. If empty, the value is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group for new - Azure resources created for the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags - for information on tagging Azure resources. Due to limitations - on Automation, Content Delivery Network, DNS Azure resources, - a maximum of 15 tags may be applied. OpenShift reserves - 5 tags for internal use, allowing 10 tags for user configuration. - items: - description: AzureResourceTag is a tag to apply to Azure - resources created for the cluster. - properties: - key: - description: key is the key part of the tag. A tag key - can have a maximum of 128 characters and cannot be - empty. Key must begin with a letter, end with a letter, - number or underscore, and must contain only alphanumeric - characters and the following special characters `_ - . -`. - maxLength: 128 - minLength: 1 - pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ - type: string - value: - description: 'value is the value part of the tag. A - tag value can have a maximum of 256 characters and - cannot be empty. Value must contain only alphanumeric - characters and the following special characters `_ - + , - . / : ; < = > ? @`.' - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 10 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: resourceTags are immutable and may only be configured - during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) - type: object - x-kubernetes-validations: - - message: resourceTags may only be configured during installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for BareMetal deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - type: object - external: - description: External contains settings specific to the generic - External infrastructure provider. - properties: - cloudControllerManager: - description: cloudControllerManager contains settings specific - to the external Cloud Controller Manager (a.k.a. CCM or - CPI). When omitted, new nodes will be not tainted and no - extra initialization from the cloud controller manager is - expected. - properties: - state: - description: "state determines whether or not an external - Cloud Controller Manager is expected to be installed - within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager - \n Valid values are \"External\", \"None\" and omitted. - When set to \"External\", new nodes will be tainted - as uninitialized when created, preventing them from - running workloads until they are initialized by the - cloud controller manager. When omitted or set to \"None\", - new nodes will be not tainted and no extra initialization - from the cloud controller manager is expected." - enum: - - "" - - External - - None - type: string - x-kubernetes-validations: - - message: state is immutable once set - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: state may not be added or removed once set - rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) - && self.state != "External") - type: object - x-kubernetes-validations: - - message: cloudControllerManager may not be added or removed - once set - rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - properties: - projectID: - description: resourceGroupName is the Project ID for new GCP - resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources - created for the cluster. - type: string - type: object - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud Internet - Services instance managing the DNS zone for the cluster's - base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS Services - instance managing the DNS zone for the cluster's base domain - type: string - location: - description: Location is where the cluster has been deployed - type: string - providerType: - description: ProviderType indicates the type of cluster that - was created - type: string - resourceGroupName: - description: ResourceGroupName is the Resource Group for new - IBMCloud resources created for the cluster. - type: string - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of an - IBM Cloud service. These endpoints are consumed by components - within the cluster to reach the respective IBM Cloud Services. - items: - description: IBMCloudServiceEndpoint stores the configuration - of a custom url to override existing defaults of IBM Cloud - Services. - properties: - name: - description: 'name is the name of the IBM Cloud service. - Possible values are: CIS, COS, DNSServices, GlobalSearch, - GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, - ResourceManager, or VPC. For example, the IBM Cloud - Private IAM service could be configured with the service - `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` - Whereas the IBM Cloud Private VPC service for US South - (Dallas) could be configured with the service `name` - of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`' - enum: - - CIS - - COS - - DNSServices - - GlobalSearch - - GlobalTagging - - HyperProtect - - IAM - - KeyProtect - - ResourceController - - ResourceManager - - VPC - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - type: string - x-kubernetes-validations: - - message: url must be a valid absolute URL - rule: isURL(self) - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - type: object - nutanix: - description: Nutanix contains settings specific to the Nutanix - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - cloudName: - description: cloudName is the name of the desired OpenStack - cloud in the client configuration file (`clouds.yaml`). - type: string - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on OpenStack platform which can be a - user-managed or openshift-managed load balancer that - is to be used for the OpenShift API and Ingress endpoints. - When set to OpenShiftManagedDefault the static pods - in charge of API and Ingress traffic load-balancing - defined in the machine config operator will be deployed. - When set to UserManaged these static pods will not be - deployed and it is expected that the load balancer is - configured out of band by the deployer. When omitted, - this means no opinion and the platform is left to choose - a reasonable default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for OpenStack deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: 'deprecated: as of 4.6, this field is no longer - set or honored. It will be removed in a future release.' - type: string - type: object - powervs: - description: PowerVS contains settings specific to the Power Systems - Virtual Servers infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud Internet - Services instance managing the DNS zone for the cluster's - base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS Services - instance managing the DNS zone for the cluster's base domain - type: string - region: - description: region holds the default Power VS region for - new Power VS resources created by the cluster. - type: string - resourceGroup: - description: 'resourceGroup is the resource group name for - new IBMCloud resources created for a cluster. The resource - group specified here will be used by cluster-image-registry-operator - to set up a COS Instance in IBMCloud for the cluster registry. - More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. - When omitted, the image registry operator won''t be able - to configure storage, which results in the image registry - cluster operator not being in an available state.' - maxLength: 40 - pattern: ^[a-zA-Z0-9-_ ]+$ - type: string - x-kubernetes-validations: - - message: resourceGroup is immutable once set - rule: oldSelf == '' || self == oldSelf - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of a Power - VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults of PowerVS - Services. - properties: - name: - description: name is the name of the Power VS service. - Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - zone: - description: 'zone holds the default zone for the new Power - VS resources created by the cluster. Note: Currently only - single-zone OCP clusters are supported' - type: string - type: object - x-kubernetes-validations: - - message: cannot unset resourceGroup once set - rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)' - type: - description: "type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", - \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", - \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components - may not support all platforms, and must handle unrecognized - platforms as None if they do not support that platform. \n This - value will be synced with to the `status.platform` and `status.platformStatus.type`. - Currently this value cannot be changed once set." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for vSphere deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml-patch b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml-patch deleted file mode 100644 index d127130add..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml-patch +++ /dev/null @@ -1,24 +0,0 @@ -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/vcenters/items/properties/server/anyOf - value: - - format: ipv4 - - format: ipv6 - - format: hostname -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/failureDomains/items/properties/server/anyOf - value: - - format: ipv4 - - format: ipv6 - - format: hostname -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/excludeNetworkSubnetCidr/items/format - value: cidr -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/networkSubnetCidr/items/format - value: cidr -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/excludeNetworkSubnetCidr/items/format - value: cidr -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/networkSubnetCidr/items/format - value: cidr diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index 73205cfa1b..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,2089 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: infrastructures.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Infrastructure - listKind: InfrastructureList - plural: infrastructures - singular: infrastructure - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Infrastructure holds cluster-wide information about Infrastructure. - \ The canonical name is `cluster` \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - cloudConfig: - description: "cloudConfig is a reference to a ConfigMap containing - the cloud provider configuration file. This configuration file is - used to configure the Kubernetes cloud provider integration when - using the built-in cloud provider integration or the external cloud - controller manager. The namespace for this config map is openshift-config. - \n cloudConfig should only be consumed by the kube_cloud_config - controller. The controller is responsible for using the user configuration - in the spec for various platforms and combining that with the user - provided ConfigMap in this field to create a stitched kube cloud - config. The controller generates a ConfigMap `kube-cloud-config` - in `openshift-config-managed` namespace with the kube cloud config - is stored in `cloud.conf` key. All the clients are expected to use - the generated ConfigMap only." - properties: - key: - description: Key allows pointing to a specific key/value inside - of the configmap. This is useful for logical file references. - type: string - name: - type: string - type: object - platformSpec: - description: platformSpec holds desired information specific to the - underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to the Alibaba - Cloud infrastructure provider. - type: object - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - type: object - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - type: object - external: - description: ExternalPlatformType represents generic infrastructure - provider. Platform-specific components should be supplemented - separately. - properties: - platformName: - default: Unknown - description: PlatformName holds the arbitrary string representing - the infrastructure provider name, expected to be set at - the installation time. This field is solely for informational - and reporting purposes and is not expected to be used for - decision-making. - type: string - x-kubernetes-validations: - - message: platform name cannot be changed once set - rule: oldSelf == 'Unknown' || self == oldSelf - type: object - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - type: object - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - type: object - nutanix: - description: Nutanix contains settings specific to the Nutanix - infrastructure provider. - properties: - failureDomains: - description: failureDomains configures failure domains information - for the Nutanix platform. When set, the failure domains - defined here may be used to spread Machines across prism - element clusters to improve fault tolerance of the cluster. - items: - description: NutanixFailureDomain configures failure domain - information for the Nutanix platform. - properties: - cluster: - description: cluster is to identify the cluster (the - Prism Element under management of the Prism Central), - in which the Machine's VM will be created. The cluster - identifier (uuid or name) can be obtained from the - Prism Central console or using the prism_central API. - properties: - name: - description: name is the resource name in the PC. - It cannot be empty if the type is Name. - type: string - type: - description: type is the identifier type to use - for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource in - the PC. It cannot be empty if the type is UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when type - is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) - : !has(self.uuid)' - - message: name configuration is required when type - is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) - : !has(self.name)' - name: - description: name defines the unique name of a failure - domain. Name is required and must be at most 64 characters - in length. It must consist of only lower case alphanumeric - characters and hyphens (-). It must start and end - with an alphanumeric character. This value is arbitrary - and is used to identify the failure domain within - the platform. - maxLength: 64 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - type: string - subnets: - description: subnets holds a list of identifiers (one - or more) of the cluster's network subnets for the - Machine's VM to connect to. The subnet identifiers - (uuid or name) can be obtained from the Prism Central - console or using the prism_central API. - items: - description: NutanixResourceIdentifier holds the identity - of a Nutanix PC resource (cluster, image, subnet, - etc.) - properties: - name: - description: name is the resource name in the - PC. It cannot be empty if the type is Name. - type: string - type: - description: type is the identifier type to use - for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource - in the PC. It cannot be empty if the type is - UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when type - is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) - : !has(self.uuid)' - - message: name configuration is required when type - is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) - : !has(self.name)' - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - required: - - cluster - - name - - subnets - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - prismCentral: - description: prismCentral holds the endpoint address and port - to access the Nutanix Prism Central. When a cluster-wide - proxy is installed, by default, this endpoint will be accessed - via the proxy. Should you wish for communication with this - endpoint not to be proxied, please add the endpoint to the - proxy spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS name - or IP address) of the Nutanix Prism Central or Element - (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access the Nutanix - Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - prismElements: - description: prismElements holds one or more endpoint address - and port data to access the Nutanix Prism Elements (clusters) - of the Nutanix Prism Central. Currently we only support - one Prism Element (cluster) for an OpenShift cluster, where - all the Nutanix resources (VMs, subnets, volumes, etc.) - used in the OpenShift cluster are located. In the future, - we may support Nutanix resources (VMs, etc.) spread over - multiple Prism Elements (clusters) of the Prism Central. - items: - description: NutanixPrismElementEndpoint holds the name - and endpoint data for a Prism Element (cluster) - properties: - endpoint: - description: endpoint holds the endpoint address and - port data of the Prism Element (cluster). When a cluster-wide - proxy is installed, by default, this endpoint will - be accessed via the proxy. Should you wish for communication - with this endpoint not to be proxied, please add the - endpoint to the proxy spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS - name or IP address) of the Nutanix Prism Central - or Element (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access the - Nutanix Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - name: - description: name is the name of the Prism Element (cluster). - This value will correspond with the cluster field - configured on other resources (eg Machines, PVCs, - etc). - maxLength: 256 - type: string - required: - - endpoint - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - prismCentral - - prismElements - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - type: object - powervs: - description: PowerVS contains settings specific to the IBM Power - Systems Virtual Servers infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of a Power - VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults of PowerVS - Services. - properties: - name: - description: name is the name of the Power VS service. - Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: - description: type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", - "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", - "Nutanix" and "None". Individual components may not support - all platforms, and must handle unrecognized platforms as None - if they do not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - failureDomains: - description: failureDomains contains the definition of region, - zone and the vCenter topology. If this is omitted failure - domains (regions and zones) will not be used. - items: - description: VSpherePlatformFailureDomainSpec holds the - region and zone failure domain and the vCenter topology - of that failure domain. - properties: - name: - description: name defines the arbitrary but unique name - of a failure domain. - maxLength: 256 - minLength: 1 - type: string - region: - description: region defines the name of a region tag - that will be attached to a vCenter datacenter. The - tag category in vCenter must be named openshift-region. - maxLength: 80 - minLength: 1 - type: string - server: - anyOf: - - format: ipv4 - - format: ipv6 - - format: hostname - description: server is the fully-qualified domain name - or the IP address of the vCenter server. --- - maxLength: 255 - minLength: 1 - type: string - topology: - description: Topology describes a given failure domain - using vSphere constructs - properties: - computeCluster: - description: computeCluster the absolute path of - the vCenter cluster in which virtual machine will - be located. The absolute path is of the form //host/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/host/.*? - type: string - datacenter: - description: datacenter is the name of vCenter datacenter - in which virtual machines will be located. The - maximum length of the datacenter name is 80 characters. - maxLength: 80 - type: string - datastore: - description: datastore is the absolute path of the - datastore in which the virtual machine is located. - The absolute path is of the form //datastore/ - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/datastore/.*? - type: string - folder: - description: folder is the absolute path of the - folder where virtual machines are located. The - absolute path is of the form //vm/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/vm/.*? - type: string - networks: - description: networks is the list of port group - network names within this failure domain. Currently, - we only support a single interface per RHCOS virtual - machine. The available networks (port groups) - can be listed using `govc ls 'network/*'` The - single interface should be the absolute path of - the form //network/. - items: - type: string - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - resourcePool: - description: resourcePool is the absolute path of - the resource pool where virtual machines will - be created. The absolute path is of the form //host//Resources/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/host/.*?/Resources.* - type: string - template: - description: "template is the full inventory path - of the virtual machine or template that will be - cloned when creating new machines in this failure - domain. The maximum length of the path is 2048 - characters. \n When omitted, the template will - be calculated by the control plane machineset - operator based on the region and zone defined - in VSpherePlatformFailureDomainSpec. For example, - for zone=zonea, region=region1, and infrastructure - name=test, the template path would be calculated - as //vm/test-rhcos-region1-zonea." - maxLength: 2048 - minLength: 1 - pattern: ^/.*?/vm/.*? - type: string - required: - - computeCluster - - datacenter - - datastore - - networks - type: object - zone: - description: zone defines the name of a zone tag that - will be attached to a vCenter cluster. The tag category - in vCenter must be named openshift-zone. - maxLength: 80 - minLength: 1 - type: string - required: - - name - - region - - server - - topology - - zone - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeNetworking: - description: nodeNetworking contains the definition of internal - and external network constraints for assigning the node's - networking. If this field is omitted, networking defaults - to the legacy address selection behavior which is to only - support a single address and return the first one found. - properties: - external: - description: external represents the network configuration - of the node that is externally routable. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's VM for - use in the status.addresses fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network names - that will be used to when searching for status.addresses - fields. Note that if internal.networkSubnetCIDR - and external.networkSubnetCIDR are not set, then - the vNIC associated to this network must only have - a single IP address assigned to it. The available - networks (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address on VirtualMachine's - network interfaces included in the fields' CIDRs - that will be used in respective status.addresses - fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: set - type: object - internal: - description: internal represents the network configuration - of the node that is routable only within the cluster. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's VM for - use in the status.addresses fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network names - that will be used to when searching for status.addresses - fields. Note that if internal.networkSubnetCIDR - and external.networkSubnetCIDR are not set, then - the vNIC associated to this network must only have - a single IP address assigned to it. The available - networks (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address on VirtualMachine's - network interfaces included in the fields' CIDRs - that will be used in respective status.addresses - fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: set - type: object - type: object - vcenters: - description: vcenters holds the connection details for services - to communicate with vCenter. Currently, only a single vCenter - is supported. --- - items: - description: VSpherePlatformVCenterSpec stores the vCenter - connection fields. This is used by the vSphere CCM. - properties: - datacenters: - description: The vCenter Datacenters in which the RHCOS - vm guests are located. This field will be used by - the Cloud Controller Manager. Each datacenter listed - here should be used within a topology. - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - port: - description: port is the TCP port that will be used - to communicate to the vCenter endpoint. When omitted, - this means the user has no opinion and it is up to - the platform to choose a sensible default, which is - subject to change over time. - format: int32 - maximum: 32767 - minimum: 1 - type: integer - server: - anyOf: - - format: ipv4 - - format: ipv6 - - format: hostname - description: server is the fully-qualified domain name - or the IP address of the vCenter server. --- - maxLength: 255 - type: string - required: - - datacenters - - server - type: object - maxItems: 1 - minItems: 0 - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme 'https', - address and optionally a port (defaulting to 443). apiServerInternalURL - can be used by components like kubelets, to contact the Kubernetes - API server using the infrastructure provider rather than Kubernetes - networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme 'https', address - and optionally a port (defaulting to 443). apiServerURL can be - used by components like the web console to tell users where to find - the Kubernetes API. - type: string - controlPlaneTopology: - default: HighlyAvailable - description: controlPlaneTopology expresses the expectations for operands - that normally run on control nodes. The default is 'HighlyAvailable', - which represents the behavior operators have in a "normal" cluster. - The 'SingleReplica' mode will be used in single-node deployments - and the operators should not configure the operand for highly-available - operation The 'External' mode indicates that the control plane is - hosted externally to the cluster and that its components are not - visible within the cluster. - enum: - - HighlyAvailable - - SingleReplica - - External - type: string - cpuPartitioning: - default: None - description: cpuPartitioning expresses if CPU partitioning is a currently - enabled feature in the cluster. CPU Partitioning means that this - cluster can support partitioning workloads to specific CPU Sets. - Valid values are "None" and "AllNodes". When omitted, the default - value is "None". The default value of "None" indicates that no nodes - will be setup with CPU partitioning. The "AllNodes" value indicates - that all nodes have been setup with CPU partitioning, and can then - be further configured via the PerformanceProfile API. - enum: - - None - - AllNodes - type: string - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch the - SRV records for discovering etcd servers and clients. For more info: - https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery - deprecated: as of 4.7, this field is no longer set or honored. It - will be removed in a future release.' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster with - a human friendly name. Once set it should not be changed. Must be - of max length 27 and must have only alphanumeric or hyphen characters. - type: string - infrastructureTopology: - default: HighlyAvailable - description: 'infrastructureTopology expresses the expectations for - infrastructure services that do not run on control plane nodes, - usually indicated by a node selector for a `role` value other than - `master`. The default is ''HighlyAvailable'', which represents the - behavior operators have in a "normal" cluster. The ''SingleReplica'' - mode will be used in single-node deployments and the operators should - not configure the operand for highly-available operation NOTE: External - topology mode is not applicable for this field.' - enum: - - HighlyAvailable - - SingleReplica - type: string - platform: - description: "platform is the underlying infrastructure provider for - the cluster. \n Deprecated: Use platformStatus.type instead." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - platformStatus: - description: platformStatus holds status information specific to the - underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to the Alibaba - Cloud infrastructure provider. - properties: - region: - description: region specifies the region for Alibaba Cloud - resources created for the cluster. - pattern: ^[0-9A-Za-z-]+$ - type: string - resourceGroupID: - description: resourceGroupID is the ID of the resource group - for the cluster. - pattern: ^(rg-[0-9A-Za-z]+)?$ - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to Alibaba Cloud resources created for the cluster. - items: - description: AlibabaCloudResourceTag is the set of tags - to add to apply to resources. - properties: - key: - description: key is the key of the tag. - maxLength: 128 - minLength: 1 - type: string - value: - description: value is the value of the tag. - maxLength: 128 - minLength: 1 - type: string - required: - - key - - value - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - required: - - region - type: object - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - properties: - region: - description: region holds the default AWS region for new AWS - resources created by the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html - for information on tagging AWS resources. AWS supports a - maximum of 50 tags per resource. OpenShift reserves 25 tags - for its use, leaving 25 tags available for the user. - items: - description: AWSResourceTag is a tag to apply to AWS resources - created for the cluster. - properties: - key: - description: key is the key of the tag - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: value is the value of the tag. Some AWS - service do not support empty values. Since tags are - added to resources in many services, the length of - the tag value must meet the requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - x-kubernetes-list-type: atomic - serviceEndpoints: - description: ServiceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - properties: - armEndpoint: - description: armEndpoint specifies a URL to use for resource - management in non-soverign clouds such as Azure Stack. - type: string - cloudName: - description: cloudName is the name of the Azure cloud environment - which can be used to configure the Azure SDK with the appropriate - Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. - enum: - - "" - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureStackCloud - type: string - networkResourceGroupName: - description: networkResourceGroupName is the Resource Group - for network resources like the Virtual Network and Subnets - used by the cluster. If empty, the value is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group for new - Azure resources created for the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags - for information on tagging Azure resources. Due to limitations - on Automation, Content Delivery Network, DNS Azure resources, - a maximum of 15 tags may be applied. OpenShift reserves - 5 tags for internal use, allowing 10 tags for user configuration. - items: - description: AzureResourceTag is a tag to apply to Azure - resources created for the cluster. - properties: - key: - description: key is the key part of the tag. A tag key - can have a maximum of 128 characters and cannot be - empty. Key must begin with a letter, end with a letter, - number or underscore, and must contain only alphanumeric - characters and the following special characters `_ - . -`. - maxLength: 128 - minLength: 1 - pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ - type: string - value: - description: 'value is the value part of the tag. A - tag value can have a maximum of 256 characters and - cannot be empty. Value must contain only alphanumeric - characters and the following special characters `_ - + , - . / : ; < = > ? @`.' - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 10 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: resourceTags are immutable and may only be configured - during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) - type: object - x-kubernetes-validations: - - message: resourceTags may only be configured during installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on BareMetal platform which can be a - user-managed or openshift-managed load balancer that - is to be used for the OpenShift API and Ingress endpoints. - When set to OpenShiftManagedDefault the static pods - in charge of API and Ingress traffic load-balancing - defined in the machine config operator will be deployed. - When set to UserManaged these static pods will not be - deployed and it is expected that the load balancer is - configured out of band by the deployer. When omitted, - this means no opinion and the platform is left to choose - a reasonable default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for BareMetal deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - type: object - external: - description: External contains settings specific to the generic - External infrastructure provider. - properties: - cloudControllerManager: - description: cloudControllerManager contains settings specific - to the external Cloud Controller Manager (a.k.a. CCM or - CPI). When omitted, new nodes will be not tainted and no - extra initialization from the cloud controller manager is - expected. - properties: - state: - description: "state determines whether or not an external - Cloud Controller Manager is expected to be installed - within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager - \n Valid values are \"External\", \"None\" and omitted. - When set to \"External\", new nodes will be tainted - as uninitialized when created, preventing them from - running workloads until they are initialized by the - cloud controller manager. When omitted or set to \"None\", - new nodes will be not tainted and no extra initialization - from the cloud controller manager is expected." - enum: - - "" - - External - - None - type: string - x-kubernetes-validations: - - message: state is immutable once set - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: state may not be added or removed once set - rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) - && self.state != "External") - type: object - x-kubernetes-validations: - - message: cloudControllerManager may not be added or removed - once set - rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - properties: - cloudLoadBalancerConfig: - default: - dnsType: PlatformDefault - description: cloudLoadBalancerConfig is a union that contains - the IP addresses of API, API-Int and Ingress Load Balancers - created on the cloud platform. These values would not be - populated on on-prem platforms. These Load Balancer IPs - are used to configure the in-cluster DNS instances for API, - API-Int and Ingress services. `dnsType` is expected to be - set to `ClusterHosted` when these Load Balancer IP addresses - are populated and used. - nullable: true - properties: - clusterHosted: - description: clusterHosted holds the IP addresses of API, - API-Int and Ingress Load Balancers on Cloud Platforms. - The DNS solution hosted within the cluster use these - IP addresses to provide resolution for API, API-Int - and Ingress services. - properties: - apiIntLoadBalancerIPs: - description: apiIntLoadBalancerIPs holds Load Balancer - IPs for the internal API service. These Load Balancer - IP addresses can be IPv4 and/or IPv6 addresses. - Entries in the apiIntLoadBalancerIPs must be unique. - A maximum of 16 IP addresses are permitted. - format: ip - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - apiLoadBalancerIPs: - description: apiLoadBalancerIPs holds Load Balancer - IPs for the API service. These Load Balancer IP - addresses can be IPv4 and/or IPv6 addresses. Could - be empty for private clusters. Entries in the apiLoadBalancerIPs - must be unique. A maximum of 16 IP addresses are - permitted. - format: ip - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - ingressLoadBalancerIPs: - description: ingressLoadBalancerIPs holds IPs for - Ingress Load Balancers. These Load Balancer IP addresses - can be IPv4 and/or IPv6 addresses. Entries in the - ingressLoadBalancerIPs must be unique. A maximum - of 16 IP addresses are permitted. - format: ip - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - type: object - dnsType: - default: PlatformDefault - description: dnsType indicates the type of DNS solution - in use within the cluster. Its default value of `PlatformDefault` - indicates that the cluster's DNS is the default provided - by the cloud platform. It can be set to `ClusterHosted` - to bypass the configuration of the cloud default DNS. - In this mode, the cluster needs to provide a self-hosted - DNS solution for the cluster's installation to succeed. - The cluster's use of the cloud's Load Balancers is unaffected - by this setting. The value is immutable after it has - been set at install time. Currently, there is no way - for the customer to add additional DNS entries into - the cluster hosted DNS. Enabling this functionality - allows the user to start their own DNS solution outside - the cluster after installation is complete. The customer - would be responsible for configuring this custom DNS - solution, and it can be run in addition to the in-cluster - DNS solution. - enum: - - ClusterHosted - - PlatformDefault - type: string - x-kubernetes-validations: - - message: dnsType is immutable - rule: oldSelf == '' || self == oldSelf - type: object - x-kubernetes-validations: - - message: clusterHosted is permitted only when dnsType is - ClusterHosted - rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted'' - ? !has(self.clusterHosted) : true' - projectID: - description: resourceGroupName is the Project ID for new GCP - resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources - created for the cluster. - type: string - resourceLabels: - description: resourceLabels is a list of additional labels - to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources - for information on labeling GCP resources. GCP supports - a maximum of 64 labels per resource. OpenShift reserves - 32 labels for internal use, allowing 32 labels for user - configuration. - items: - description: GCPResourceLabel is a label to apply to GCP - resources created for the cluster. - properties: - key: - description: key is the key part of the label. A label - key can have a maximum of 63 characters and cannot - be empty. Label key must begin with a lowercase letter, - and must contain only lowercase letters, numeric characters, - and the following special characters `_-`. Label key - must not have the reserved prefixes `kubernetes-io` - and `openshift-io`. - maxLength: 63 - minLength: 1 - pattern: ^[a-z][0-9a-z_-]{0,62}$ - type: string - x-kubernetes-validations: - - message: label keys must not start with either `openshift-io` - or `kubernetes-io` - rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')' - value: - description: value is the value part of the label. A - label value can have a maximum of 63 characters and - cannot be empty. Value must contain only lowercase - letters, numeric characters, and the following special - characters `_-`. - maxLength: 63 - minLength: 1 - pattern: ^[0-9a-z_-]{1,63}$ - type: string - required: - - key - - value - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: resourceLabels are immutable and may only be configured - during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) - resourceTags: - description: resourceTags is a list of additional tags to - apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview - for information on tagging GCP resources. GCP supports a - maximum of 50 tags per resource. - items: - description: GCPResourceTag is a tag to apply to GCP resources - created for the cluster. - properties: - key: - description: key is the key part of the tag. A tag key - can have a maximum of 63 characters and cannot be - empty. Tag key must begin and end with an alphanumeric - character, and must contain only uppercase, lowercase - alphanumeric characters, and the following special - characters `._-`. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ - type: string - parentID: - description: 'parentID is the ID of the hierarchical - resource where the tags are defined, e.g. at the Organization - or the Project level. To find the Organization or - Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, - https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. - An OrganizationID must consist of decimal numbers, - and cannot have leading zeroes. A ProjectID must be - 6 to 30 characters in length, can only contain lowercase - letters, numbers, and hyphens, and must start with - a letter, and cannot end with a hyphen.' - maxLength: 32 - minLength: 1 - pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) - type: string - value: - description: value is the value part of the tag. A tag - value can have a maximum of 63 characters and cannot - be empty. Tag value must begin and end with an alphanumeric - character, and must contain only uppercase, lowercase - alphanumeric characters, and the following special - characters `_-.@%=+:,*#&(){}[]` and spaces. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ - type: string - required: - - key - - parentID - - value - type: object - maxItems: 50 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: resourceTags are immutable and may only be configured - during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) - type: object - x-kubernetes-validations: - - message: resourceLabels may only be configured during installation - rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) - || has(oldSelf.resourceLabels) && has(self.resourceLabels)' - - message: resourceTags may only be configured during installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud Internet - Services instance managing the DNS zone for the cluster's - base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS Services - instance managing the DNS zone for the cluster's base domain - type: string - location: - description: Location is where the cluster has been deployed - type: string - providerType: - description: ProviderType indicates the type of cluster that - was created - type: string - resourceGroupName: - description: ResourceGroupName is the Resource Group for new - IBMCloud resources created for the cluster. - type: string - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of an - IBM Cloud service. These endpoints are consumed by components - within the cluster to reach the respective IBM Cloud Services. - items: - description: IBMCloudServiceEndpoint stores the configuration - of a custom url to override existing defaults of IBM Cloud - Services. - properties: - name: - description: 'name is the name of the IBM Cloud service. - Possible values are: CIS, COS, DNSServices, GlobalSearch, - GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, - ResourceManager, or VPC. For example, the IBM Cloud - Private IAM service could be configured with the service - `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` - Whereas the IBM Cloud Private VPC service for US South - (Dallas) could be configured with the service `name` - of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`' - enum: - - CIS - - COS - - DNSServices - - GlobalSearch - - GlobalTagging - - HyperProtect - - IAM - - KeyProtect - - ResourceController - - ResourceManager - - VPC - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - type: string - x-kubernetes-validations: - - message: url must be a valid absolute URL - rule: isURL(self) - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - type: object - nutanix: - description: Nutanix contains settings specific to the Nutanix - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on Nutanix platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - cloudName: - description: cloudName is the name of the desired OpenStack - cloud in the client configuration file (`clouds.yaml`). - type: string - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on OpenStack platform which can be a - user-managed or openshift-managed load balancer that - is to be used for the OpenShift API and Ingress endpoints. - When set to OpenShiftManagedDefault the static pods - in charge of API and Ingress traffic load-balancing - defined in the machine config operator will be deployed. - When set to UserManaged these static pods will not be - deployed and it is expected that the load balancer is - configured out of band by the deployer. When omitted, - this means no opinion and the platform is left to choose - a reasonable default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for OpenStack deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on Ovirt platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - nodeDNSIP: - description: 'deprecated: as of 4.6, this field is no longer - set or honored. It will be removed in a future release.' - type: string - type: object - powervs: - description: PowerVS contains settings specific to the Power Systems - Virtual Servers infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud Internet - Services instance managing the DNS zone for the cluster's - base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS Services - instance managing the DNS zone for the cluster's base domain - type: string - region: - description: region holds the default Power VS region for - new Power VS resources created by the cluster. - type: string - resourceGroup: - description: 'resourceGroup is the resource group name for - new IBMCloud resources created for a cluster. The resource - group specified here will be used by cluster-image-registry-operator - to set up a COS Instance in IBMCloud for the cluster registry. - More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. - When omitted, the image registry operator won''t be able - to configure storage, which results in the image registry - cluster operator not being in an available state.' - maxLength: 40 - pattern: ^[a-zA-Z0-9-_ ]+$ - type: string - x-kubernetes-validations: - - message: resourceGroup is immutable once set - rule: oldSelf == '' || self == oldSelf - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of a Power - VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults of PowerVS - Services. - properties: - name: - description: name is the name of the Power VS service. - Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - zone: - description: 'zone holds the default zone for the new Power - VS resources created by the cluster. Note: Currently only - single-zone OCP clusters are supported' - type: string - type: object - x-kubernetes-validations: - - message: cannot unset resourceGroup once set - rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)' - type: - description: "type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", - \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", - \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components - may not support all platforms, and must handle unrecognized - platforms as None if they do not support that platform. \n This - value will be synced with to the `status.platform` and `status.platformStatus.type`. - Currently this value cannot be changed once set." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on VSphere platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for vSphere deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml-patch b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml-patch deleted file mode 100644 index d127130add..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml-patch +++ /dev/null @@ -1,24 +0,0 @@ -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/vcenters/items/properties/server/anyOf - value: - - format: ipv4 - - format: ipv6 - - format: hostname -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/failureDomains/items/properties/server/anyOf - value: - - format: ipv4 - - format: ipv6 - - format: hostname -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/excludeNetworkSubnetCidr/items/format - value: cidr -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/external/properties/networkSubnetCidr/items/format - value: cidr -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/excludeNetworkSubnetCidr/items/format - value: cidr -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/platformSpec/properties/vsphere/properties/nodeNetworking/properties/internal/properties/networkSubnetCidr/items/format - value: cidr diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml deleted file mode 100644 index c582dccb11..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml +++ /dev/null @@ -1,553 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: ingresses.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Ingress - listKind: IngressList - plural: ingresses - singular: ingress - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Ingress holds cluster-wide information about ingress, including - the default ingress domain used for routes. The canonical name is `cluster`. - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - appsDomain: - description: appsDomain is an optional domain to use instead of the - one specified in the domain field when a Route is created without - specifying an explicit host. If appsDomain is nonempty, this value - is used to generate default host values for Route. Unlike domain, - appsDomain may be modified after installation. This assumes a new - ingresscontroller has been setup with a wildcard certificate. - type: string - componentRoutes: - description: "componentRoutes is an optional list of routes that are - managed by OpenShift components that a cluster-admin is able to - configure the hostname and serving certificate for. The namespace - and name of each route in this list should match an existing entry - in the status.componentRoutes list. \n To determine the set of configurable - Routes, look at namespace and name of entries in the .status.componentRoutes - list, where participating operators write the status of configurable - routes." - items: - description: ComponentRouteSpec allows for configuration of a route's - hostname and serving certificate. - properties: - hostname: - description: hostname is the hostname that should be used by - the route. - pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - type: string - name: - description: "name is the logical name of the route to customize. - \n The namespace and name of this componentRoute must match - a corresponding entry in the list of status.componentRoutes - if the route is to be customized." - maxLength: 256 - minLength: 1 - type: string - namespace: - description: "namespace is the namespace of the route to customize. - \n The namespace and name of this componentRoute must match - a corresponding entry in the list of status.componentRoutes - if the route is to be customized." - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - servingCertKeyPairSecret: - description: servingCertKeyPairSecret is a reference to a secret - of type `kubernetes.io/tls` in the openshift-config namespace. - The serving cert/key pair must match and will be used by the - operator to fulfill the intent of serving with this name. - If the custom hostname uses the default routing suffix of - the cluster, the Secret specification for a serving certificate - will not be needed. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - required: - - hostname - - name - - namespace - type: object - type: array - x-kubernetes-list-map-keys: - - namespace - - name - x-kubernetes-list-type: map - domain: - description: "domain is used to generate a default host name for a - route when the route's host name is empty. The generated host name - will follow this pattern: \"..\". - \n It is also used as the default wildcard domain suffix for ingress. - The default ingresscontroller domain will follow this pattern: \"*.\". - \n Once set, changing domain is not currently supported." - type: string - loadBalancer: - description: loadBalancer contains the load balancer details in general - which are not only specific to the underlying infrastructure provider - of the current cluster and are required for Ingress Controller to - work on OpenShift. - properties: - platform: - description: platform holds configuration specific to the underlying - infrastructure provider for the ingress load balancers. When - omitted, this means the user has no opinion and the platform - is left to choose reasonable defaults. These defaults are subject - to change over time. - properties: - aws: - description: aws contains settings specific to the Amazon - Web Services infrastructure provider. - properties: - type: - description: "type allows user to set a load balancer - type. When this field is set the default ingresscontroller - will get created using the specified LBType. If this - field is not set then the default ingress controller - of LBType Classic will be created. Valid values are: - \n * \"Classic\": A Classic Load Balancer that makes - routing decisions at either the transport layer (TCP/SSL) - or the application layer (HTTP/HTTPS). See the following - for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - \n * \"NLB\": A Network Load Balancer that makes routing - decisions at the transport layer (TCP/SSL). See the - following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" - enum: - - NLB - - Classic - type: string - required: - - type - type: object - type: - description: type is the underlying infrastructure provider - for the cluster. Allowed values are "AWS", "Azure", "BareMetal", - "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", - "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and - "None". Individual components may not support all platforms, - and must handle unrecognized platforms as None if they do - not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - type: object - type: object - requiredHSTSPolicies: - description: "requiredHSTSPolicies specifies HSTS policies that are - required to be set on newly created or updated routes matching - the domainPattern/s and namespaceSelector/s that are specified in - the policy. Each requiredHSTSPolicy must have at least a domainPattern - and a maxAge to validate a route HSTS Policy route annotation, and - affect route admission. \n A candidate route is checked for HSTS - Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" - E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains - \n - For each candidate route, if it matches a requiredHSTSPolicy - domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, - and includeSubdomainsPolicy must be valid to be admitted. Otherwise, - the route is rejected. - The first match, by domainPattern and optional - namespaceSelector, in the ordering of the RequiredHSTSPolicies determines - the route's admission status. - If the candidate route doesn't match - any requiredHSTSPolicy domainPattern and optional namespaceSelector, - then it may use any HSTS Policy annotation. \n The HSTS policy configuration - may be changed after routes have already been created. An update - to a previously admitted route may then fail if the updated route - does not conform to the updated HSTS policy configuration. However, - changing the HSTS policy configuration will not cause a route that - is already admitted to stop working. \n Note that if there are no - RequiredHSTSPolicies, any HSTS Policy annotation on the route is - valid." - items: - properties: - domainPatterns: - description: "domainPatterns is a list of domains for which - the desired HSTS annotations are required. If domainPatterns - is specified and a route is created with a spec.host matching - one of the domains, the route must specify the HSTS Policy - components described in the matching RequiredHSTSPolicy. \n - The use of wildcards is allowed like this: *.foo.com matches - everything under foo.com. foo.com only matches foo.com, so - to cover foo.com and everything under it, you must specify - *both*." - items: - type: string - minItems: 1 - type: array - includeSubDomainsPolicy: - description: 'includeSubDomainsPolicy means the HSTS Policy - should apply to any subdomains of the host''s domain name. Thus, - for the host bar.foo.com, if includeSubDomainsPolicy was set - to RequireIncludeSubDomains: - the host app.bar.foo.com would - inherit the HSTS Policy of bar.foo.com - the host bar.foo.com - would inherit the HSTS Policy of bar.foo.com - the host foo.com - would NOT inherit the HSTS Policy of bar.foo.com - the host - def.foo.com would NOT inherit the HSTS Policy of bar.foo.com' - enum: - - RequireIncludeSubDomains - - RequireNoIncludeSubDomains - - NoOpinion - type: string - maxAge: - description: maxAge is the delta time range in seconds during - which hosts are regarded as HSTS hosts. If set to 0, it negates - the effect, and hosts are removed as HSTS hosts. If set to - 0 and includeSubdomains is specified, all subdomains of the - host are also removed as HSTS hosts. maxAge is a time-to-live - value, and if this policy is not refreshed on a client, the - HSTS policy will eventually expire on that client. - properties: - largestMaxAge: - description: The largest allowed value (in seconds) of the - RequiredHSTSPolicy max-age This value can be left unspecified, - in which case no upper limit is enforced. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - smallestMaxAge: - description: The smallest allowed value (in seconds) of - the RequiredHSTSPolicy max-age Setting max-age=0 allows - the deletion of an existing HSTS header from a host. This - is a necessary tool for administrators to quickly correct - mistakes. This value can be left unspecified, in which - case no lower limit is enforced. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - type: object - namespaceSelector: - description: namespaceSelector specifies a label selector such - that the policy applies only to those routes that are in namespaces - with labels that match the selector, and are in one of the - DomainPatterns. Defaults to the empty LabelSelector, which - matches everything. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - preloadPolicy: - description: preloadPolicy directs the client to include hosts - in its host preload list so that it never needs to do an initial - load to get the HSTS header (note that this is not defined - in RFC 6797 and is therefore client implementation-dependent). - enum: - - RequirePreload - - RequireNoPreload - - NoOpinion - type: string - required: - - domainPatterns - type: object - type: array - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - componentRoutes: - description: componentRoutes is where participating operators place - the current route status for routes whose hostnames and serving - certificates can be customized by the cluster-admin. - items: - description: ComponentRouteStatus contains information allowing - configuration of a route's hostname and serving certificate. - properties: - conditions: - description: "conditions are used to communicate the state of - the componentRoutes entry. \n Supported conditions include - Available, Degraded and Progressing. \n If available is true, - the content served by the route can be accessed by users. - This includes cases where a default may continue to serve - content while the customized route specified by the cluster-admin - is being configured. \n If Degraded is true, that means something - has gone wrong trying to handle the componentRoutes entry. - The currentHostnames field may or may not be in effect. \n - If Progressing is true, that means the component is taking - some action related to the componentRoutes entry." - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - consumingUsers: - description: consumingUsers is a slice of ServiceAccounts that - need to have read permission on the servingCertKeyPairSecret - secret. - items: - description: ConsumingUser is an alias for string which we - add validation to. Currently only service accounts are supported. - maxLength: 512 - minLength: 1 - pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - maxItems: 5 - type: array - currentHostnames: - description: currentHostnames is the list of current names used - by the route. Typically, this list should consist of a single - hostname, but if multiple hostnames are supported by the route - the operator may write multiple entries to this list. - items: - description: "Hostname is an alias for hostname string validation. - \n The left operand of the | is the original kubebuilder - hostname validation format, which is incorrect because it - allows upper case letters, disallows hyphen or number in - the TLD, and allows labels to start/end in non-alphanumeric - characters. See https://bugzilla.redhat.com/show_bug.cgi?id=2039256. - ^([a-zA-Z0-9\\p{S}\\p{L}]((-?[a-zA-Z0-9\\p{S}\\p{L}]{0,62})?)|([a-zA-Z0-9\\p{S}\\p{L}](([a-zA-Z0-9-\\p{S}\\p{L}]{0,61}[a-zA-Z0-9\\p{S}\\p{L}])?)(\\.)){1,}([a-zA-Z\\p{L}]){2,63})$ - \n The right operand of the | is a new pattern that mimics - the current API route admission validation on hostname, - except that it allows hostnames longer than the maximum - length: ^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - \n Both operand patterns are made available so that modifications - on ingress spec can still happen after an invalid hostname - was saved via validation by the incorrect left operand of - the | operator." - pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - type: string - minItems: 1 - type: array - defaultHostname: - description: defaultHostname is the hostname of this route prior - to customization. - pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - type: string - name: - description: "name is the logical name of the route to customize. - It does not have to be the actual name of a route resource - but it cannot be renamed. \n The namespace and name of this - componentRoute must match a corresponding entry in the list - of spec.componentRoutes if the route is to be customized." - maxLength: 256 - minLength: 1 - type: string - namespace: - description: "namespace is the namespace of the route to customize. - It must be a real namespace. Using an actual namespace ensures - that no two components will conflict and the same component - can be installed multiple times. \n The namespace and name - of this componentRoute must match a corresponding entry in - the list of spec.componentRoutes if the route is to be customized." - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - relatedObjects: - description: relatedObjects is a list of resources which are - useful when debugging or inspecting how spec.componentRoutes - is applied. - items: - description: ObjectReference contains enough information to - let you inspect or modify the referred object. - properties: - group: - description: group of the referent. - type: string - name: - description: name of the referent. - type: string - namespace: - description: namespace of the referent. - type: string - resource: - description: resource of the referent. - type: string - required: - - group - - name - - resource - type: object - minItems: 1 - type: array - required: - - defaultHostname - - name - - namespace - - relatedObjects - type: object - type: array - x-kubernetes-list-map-keys: - - namespace - - name - x-kubernetes-list-type: map - defaultPlacement: - description: "defaultPlacement is set at installation time to control - which nodes will host the ingress router pods by default. The options - are control-plane nodes or worker nodes. \n This field works by - dictating how the Cluster Ingress Operator will consider unset replicas - and nodePlacement fields in IngressController resources when creating - the corresponding Deployments. \n See the documentation for the - IngressController replicas and nodePlacement fields for more information. - \n When omitted, the default value is Workers" - enum: - - ControlPlane - - Workers - - "" - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-CustomNoUpgrade.crd.yaml deleted file mode 100644 index 5392f14c6e..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,284 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: networks.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Network - listKind: NetworkList - plural: networks - singular: network - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Network holds cluster-wide information about Network. The canonical - name is `cluster`. It is used to configure the desired network configuration, - such as: IP address pools for services/pod IPs, network plugin, etc. Please - view network.spec for an explanation on what applies when configuring this - resource. \n Compatibility level 1: Stable within a major release for a - minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration. As a general - rule, this SHOULD NOT be read directly. Instead, you should consume - the NetworkStatus, as it indicates the currently deployed configuration. - Currently, most spec fields are immutable after installation. Please - view the individual ones for further details on each. - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. This field is immutable - after installation. - items: - description: ClusterNetworkEntry is a contiguous block of IP addresses - from which pod IPs are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: The size (prefix) of block to allocate to each - node. If this field is not used by the plugin, it can be left - unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - externalIP: - description: externalIP defines configuration for controllers that - affect Service.ExternalIP. If nil, then ExternalIP is not allowed - to be set. - properties: - autoAssignCIDRs: - description: autoAssignCIDRs is a list of CIDRs from which to - automatically assign Service.ExternalIP. These are assigned - when the service is of type LoadBalancer. In general, this is - only useful for bare-metal clusters. In Openshift 3.x, this - was misleadingly called "IngressIPs". Automatically assigned - External IPs are not affected by any ExternalIPPolicy rules. - Currently, only one entry may be provided. - items: - type: string - type: array - policy: - description: policy is a set of restrictions applied to the ExternalIP - field. If nil or empty, then ExternalIP is not allowed to be - set. - properties: - allowedCIDRs: - description: allowedCIDRs is the list of allowed CIDRs. - items: - type: string - type: array - rejectedCIDRs: - description: rejectedCIDRs is the list of disallowed CIDRs. - These take precedence over allowedCIDRs. - items: - type: string - type: array - type: object - type: object - networkType: - description: 'NetworkType is the plugin that is to be deployed (e.g. - OpenShiftSDN). This should match a value that the cluster-network-operator - understands, or else no networking will be installed. Currently - supported values are: - OpenShiftSDN This field is immutable after - installation.' - type: string - serviceNetwork: - description: IP address pool for services. Currently, we only support - a single entry here. This field is immutable after installation. - items: - type: string - type: array - serviceNodePortRange: - description: The port range allowed for Services of type NodePort. - If not specified, the default of 30000-32767 will be used. Such - Services without a NodePort specified will have one automatically - allocated from this range. This parameter can be updated after the - cluster is installed. - pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. - items: - description: ClusterNetworkEntry is a contiguous block of IP addresses - from which pod IPs are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: The size (prefix) of block to allocate to each - node. If this field is not used by the plugin, it can be left - unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - clusterNetworkMTU: - description: ClusterNetworkMTU is the MTU for inter-pod networking. - type: integer - conditions: - description: 'conditions represents the observations of a network.config - current state. Known .status.conditions.type are: "NetworkTypeMigrationInProgress", - "NetworkTypeMigrationMTUReady", "NetworkTypeMigrationTargetCNIAvailable", - "NetworkTypeMigrationTargetCNIInUse" and "NetworkTypeMigrationOriginalCNIPurged"' - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - migration: - description: Migration contains the cluster network migration configuration. - properties: - mtu: - description: MTU contains the MTU migration configuration. - properties: - machine: - description: Machine contains MTU migration configuration - for the machine's uplink. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: Network contains MTU migration configuration - for the default network. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - networkType: - description: 'NetworkType is the target plugin that is to be deployed. - Currently supported values are: OpenShiftSDN, OVNKubernetes' - enum: - - OpenShiftSDN - - OVNKubernetes - type: string - type: object - networkType: - description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). - type: string - serviceNetwork: - description: IP address pool for services. Currently, we only support - a single entry here. - items: - type: string - type: array - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-Default.crd.yaml deleted file mode 100644 index d71799f595..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-Default.crd.yaml +++ /dev/null @@ -1,284 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - name: networks.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Network - listKind: NetworkList - plural: networks - singular: network - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Network holds cluster-wide information about Network. The canonical - name is `cluster`. It is used to configure the desired network configuration, - such as: IP address pools for services/pod IPs, network plugin, etc. Please - view network.spec for an explanation on what applies when configuring this - resource. \n Compatibility level 1: Stable within a major release for a - minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration. As a general - rule, this SHOULD NOT be read directly. Instead, you should consume - the NetworkStatus, as it indicates the currently deployed configuration. - Currently, most spec fields are immutable after installation. Please - view the individual ones for further details on each. - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. This field is immutable - after installation. - items: - description: ClusterNetworkEntry is a contiguous block of IP addresses - from which pod IPs are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: The size (prefix) of block to allocate to each - node. If this field is not used by the plugin, it can be left - unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - externalIP: - description: externalIP defines configuration for controllers that - affect Service.ExternalIP. If nil, then ExternalIP is not allowed - to be set. - properties: - autoAssignCIDRs: - description: autoAssignCIDRs is a list of CIDRs from which to - automatically assign Service.ExternalIP. These are assigned - when the service is of type LoadBalancer. In general, this is - only useful for bare-metal clusters. In Openshift 3.x, this - was misleadingly called "IngressIPs". Automatically assigned - External IPs are not affected by any ExternalIPPolicy rules. - Currently, only one entry may be provided. - items: - type: string - type: array - policy: - description: policy is a set of restrictions applied to the ExternalIP - field. If nil or empty, then ExternalIP is not allowed to be - set. - properties: - allowedCIDRs: - description: allowedCIDRs is the list of allowed CIDRs. - items: - type: string - type: array - rejectedCIDRs: - description: rejectedCIDRs is the list of disallowed CIDRs. - These take precedence over allowedCIDRs. - items: - type: string - type: array - type: object - type: object - networkType: - description: 'NetworkType is the plugin that is to be deployed (e.g. - OpenShiftSDN). This should match a value that the cluster-network-operator - understands, or else no networking will be installed. Currently - supported values are: - OpenShiftSDN This field is immutable after - installation.' - type: string - serviceNetwork: - description: IP address pool for services. Currently, we only support - a single entry here. This field is immutable after installation. - items: - type: string - type: array - serviceNodePortRange: - description: The port range allowed for Services of type NodePort. - If not specified, the default of 30000-32767 will be used. Such - Services without a NodePort specified will have one automatically - allocated from this range. This parameter can be updated after the - cluster is installed. - pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. - items: - description: ClusterNetworkEntry is a contiguous block of IP addresses - from which pod IPs are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: The size (prefix) of block to allocate to each - node. If this field is not used by the plugin, it can be left - unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - clusterNetworkMTU: - description: ClusterNetworkMTU is the MTU for inter-pod networking. - type: integer - conditions: - description: 'conditions represents the observations of a network.config - current state. Known .status.conditions.type are: "NetworkTypeMigrationInProgress", - "NetworkTypeMigrationMTUReady", "NetworkTypeMigrationTargetCNIAvailable", - "NetworkTypeMigrationTargetCNIInUse" and "NetworkTypeMigrationOriginalCNIPurged"' - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - migration: - description: Migration contains the cluster network migration configuration. - properties: - mtu: - description: MTU contains the MTU migration configuration. - properties: - machine: - description: Machine contains MTU migration configuration - for the machine's uplink. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: Network contains MTU migration configuration - for the default network. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - networkType: - description: 'NetworkType is the target plugin that is to be deployed. - Currently supported values are: OpenShiftSDN, OVNKubernetes' - enum: - - OpenShiftSDN - - OVNKubernetes - type: string - type: object - networkType: - description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). - type: string - serviceNetwork: - description: IP address pool for services. Currently, we only support - a single entry here. - items: - type: string - type: array - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index 8ec000b89e..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,284 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: networks.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Network - listKind: NetworkList - plural: networks - singular: network - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Network holds cluster-wide information about Network. The canonical - name is `cluster`. It is used to configure the desired network configuration, - such as: IP address pools for services/pod IPs, network plugin, etc. Please - view network.spec for an explanation on what applies when configuring this - resource. \n Compatibility level 1: Stable within a major release for a - minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration. As a general - rule, this SHOULD NOT be read directly. Instead, you should consume - the NetworkStatus, as it indicates the currently deployed configuration. - Currently, most spec fields are immutable after installation. Please - view the individual ones for further details on each. - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. This field is immutable - after installation. - items: - description: ClusterNetworkEntry is a contiguous block of IP addresses - from which pod IPs are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: The size (prefix) of block to allocate to each - node. If this field is not used by the plugin, it can be left - unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - externalIP: - description: externalIP defines configuration for controllers that - affect Service.ExternalIP. If nil, then ExternalIP is not allowed - to be set. - properties: - autoAssignCIDRs: - description: autoAssignCIDRs is a list of CIDRs from which to - automatically assign Service.ExternalIP. These are assigned - when the service is of type LoadBalancer. In general, this is - only useful for bare-metal clusters. In Openshift 3.x, this - was misleadingly called "IngressIPs". Automatically assigned - External IPs are not affected by any ExternalIPPolicy rules. - Currently, only one entry may be provided. - items: - type: string - type: array - policy: - description: policy is a set of restrictions applied to the ExternalIP - field. If nil or empty, then ExternalIP is not allowed to be - set. - properties: - allowedCIDRs: - description: allowedCIDRs is the list of allowed CIDRs. - items: - type: string - type: array - rejectedCIDRs: - description: rejectedCIDRs is the list of disallowed CIDRs. - These take precedence over allowedCIDRs. - items: - type: string - type: array - type: object - type: object - networkType: - description: 'NetworkType is the plugin that is to be deployed (e.g. - OpenShiftSDN). This should match a value that the cluster-network-operator - understands, or else no networking will be installed. Currently - supported values are: - OpenShiftSDN This field is immutable after - installation.' - type: string - serviceNetwork: - description: IP address pool for services. Currently, we only support - a single entry here. This field is immutable after installation. - items: - type: string - type: array - serviceNodePortRange: - description: The port range allowed for Services of type NodePort. - If not specified, the default of 30000-32767 will be used. Such - Services without a NodePort specified will have one automatically - allocated from this range. This parameter can be updated after the - cluster is installed. - pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. - items: - description: ClusterNetworkEntry is a contiguous block of IP addresses - from which pod IPs are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: The size (prefix) of block to allocate to each - node. If this field is not used by the plugin, it can be left - unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - clusterNetworkMTU: - description: ClusterNetworkMTU is the MTU for inter-pod networking. - type: integer - conditions: - description: 'conditions represents the observations of a network.config - current state. Known .status.conditions.type are: "NetworkTypeMigrationInProgress", - "NetworkTypeMigrationMTUReady", "NetworkTypeMigrationTargetCNIAvailable", - "NetworkTypeMigrationTargetCNIInUse" and "NetworkTypeMigrationOriginalCNIPurged"' - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - migration: - description: Migration contains the cluster network migration configuration. - properties: - mtu: - description: MTU contains the MTU migration configuration. - properties: - machine: - description: Machine contains MTU migration configuration - for the machine's uplink. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: Network contains MTU migration configuration - for the default network. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - networkType: - description: 'NetworkType is the target plugin that is to be deployed. - Currently supported values are: OpenShiftSDN, OVNKubernetes' - enum: - - OpenShiftSDN - - OVNKubernetes - type: string - type: object - networkType: - description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). - type: string - serviceNetwork: - description: IP address pool for services. Currently, we only support - a single entry here. - items: - type: string - type: array - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml deleted file mode 100644 index ab135b221e..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1107 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: nodes.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Node - listKind: NodeList - plural: nodes - singular: node - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Node holds cluster-wide information about node specific features. - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - cgroupMode: - description: CgroupMode determines the cgroups version on the node - enum: - - v1 - - v2 - - "" - type: string - workerLatencyProfile: - description: WorkerLatencyProfile determins the how fast the kubelet - is updating the status and corresponding reaction of the cluster - enum: - - Default - - MediumUpdateAverageReaction - - LowUpdateSlowReaction - type: string - type: object - status: - description: status holds observed values. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml deleted file mode 100644 index bc588e0985..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml +++ /dev/null @@ -1,698 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: oauths.config.openshift.io -spec: - group: config.openshift.io - names: - kind: OAuth - listKind: OAuthList - plural: oauths - singular: oauth - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "OAuth holds cluster-wide information about OAuth. The canonical - name is `cluster`. It is used to configure the integrated OAuth server. - This configuration is only honored when the top level Authentication config - has type set to IntegratedOAuth. \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - identityProviders: - description: identityProviders is an ordered list of ways for a user - to identify themselves. When this list is empty, no identities are - provisioned for users. - items: - description: IdentityProvider provides identities for users authenticating - using credentials - properties: - basicAuth: - description: basicAuth contains configuration options for the - BasicAuth IdP - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - tlsClientCert: - description: tlsClientCert is an optional reference to a - secret by name that contains the PEM-encoded TLS client - certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - tlsClientKey: - description: tlsClientKey is an optional reference to a - secret by name that contains the PEM-encoded TLS private - key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - url: - description: url is the remote URL to connect to - type: string - type: object - github: - description: github enables user authentication using GitHub - credentials - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. This can only be configured when hostname is set - to a non-empty value. The namespace for this config map - is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - hostname: - description: hostname is the optional domain (e.g. "mycompany.com") - for use with a hosted instance of GitHub Enterprise. It - must match the GitHub Enterprise settings value configured - at /setup/settings#hostname. - type: string - organizations: - description: organizations optionally restricts which organizations - are allowed to log in - items: - type: string - type: array - teams: - description: teams optionally restricts which teams are - allowed to log in. Format is /. - items: - type: string - type: array - type: object - gitlab: - description: gitlab enables user authentication using GitLab - credentials - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - url: - description: url is the oauth server base URL - type: string - type: object - google: - description: google enables user authentication using Google - credentials - properties: - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - hostedDomain: - description: hostedDomain is the optional Google App domain - (e.g. "mycompany.com") to restrict logins to - type: string - type: object - htpasswd: - description: htpasswd enables user authentication using an HTPasswd - file to validate credentials - properties: - fileData: - description: fileData is a required reference to a secret - by name containing the data to use as the htpasswd file. - The key "htpasswd" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. If the specified htpasswd data is not - valid, the identity provider is not honored. The namespace - for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - keystone: - description: keystone enables user authentication using keystone - password credentials - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - domainName: - description: domainName is required for keystone v3 - type: string - tlsClientCert: - description: tlsClientCert is an optional reference to a - secret by name that contains the PEM-encoded TLS client - certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - tlsClientKey: - description: tlsClientKey is an optional reference to a - secret by name that contains the PEM-encoded TLS private - key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - url: - description: url is the remote URL to connect to - type: string - type: object - ldap: - description: ldap enables user authentication using LDAP credentials - properties: - attributes: - description: attributes maps LDAP attributes to identities - properties: - email: - description: email is the list of attributes whose values - should be used as the email address. Optional. If - unspecified, no email is set for the identity - items: - type: string - type: array - id: - description: id is the list of attributes whose values - should be used as the user ID. Required. First non-empty - attribute is used. At least one attribute is required. - If none of the listed attribute have a value, authentication - fails. LDAP standard identity attribute is "dn" - items: - type: string - type: array - name: - description: name is the list of attributes whose values - should be used as the display name. Optional. If unspecified, - no display name is set for the identity LDAP standard - display name attribute is "cn" - items: - type: string - type: array - preferredUsername: - description: preferredUsername is the list of attributes - whose values should be used as the preferred username. - LDAP standard login attribute is "uid" - items: - type: string - type: array - type: object - bindDN: - description: bindDN is an optional DN to bind with during - the search phase. - type: string - bindPassword: - description: bindPassword is an optional reference to a - secret by name containing a password to bind with during - the search phase. The key "bindPassword" is used to locate - the data. If specified and the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - insecure: - description: 'insecure, if true, indicates the connection - should not use TLS WARNING: Should not be set to `true` - with the URL scheme "ldaps://" as "ldaps://" URLs always - attempt to connect using TLS, even when `insecure` is - set to `true` When `true`, "ldap://" URLS connect insecurely. - When `false`, "ldap://" URLs are upgraded to a TLS connection - using StartTLS as specified in https://tools.ietf.org/html/rfc2830.' - type: boolean - url: - description: 'url is an RFC 2255 URL which specifies the - LDAP search parameters to use. The syntax of the URL is: - ldap://host:port/basedn?attribute?scope?filter' - type: string - type: object - mappingMethod: - description: mappingMethod determines how identities from this - provider are mapped to users Defaults to "claim" - type: string - name: - description: 'name is used to qualify the identities returned - by this provider. - It MUST be unique and not shared by any - other identity provider used - It MUST be a valid path segment: - name cannot equal "." or ".." or contain "/" or "%" or ":" - Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' - type: string - openID: - description: openID enables user authentication using OpenID - credentials - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - claims: - description: claims mappings - properties: - email: - description: email is the list of claims whose values - should be used as the email address. Optional. If - unspecified, no email is set for the identity - items: - type: string - type: array - x-kubernetes-list-type: atomic - groups: - description: groups is the list of claims value of which - should be used to synchronize groups from the OIDC - provider to OpenShift for the user. If multiple claims - are specified, the first one with a non-empty value - is used. - items: - description: OpenIDClaim represents a claim retrieved - from an OpenID provider's tokens or userInfo responses - minLength: 1 - type: string - type: array - x-kubernetes-list-type: atomic - name: - description: name is the list of claims whose values - should be used as the display name. Optional. If unspecified, - no display name is set for the identity - items: - type: string - type: array - x-kubernetes-list-type: atomic - preferredUsername: - description: preferredUsername is the list of claims - whose values should be used as the preferred username. - If unspecified, the preferred username is determined - from the value of the sub claim - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - extraAuthorizeParameters: - additionalProperties: - type: string - description: extraAuthorizeParameters are any custom parameters - to add to the authorize request. - type: object - extraScopes: - description: extraScopes are any scopes to request in addition - to the standard "openid" scope. - items: - type: string - type: array - issuer: - description: issuer is the URL that the OpenID Provider - asserts as its Issuer Identifier. It must use the https - scheme with no query or fragment component. - type: string - type: object - requestHeader: - description: requestHeader enables user authentication using - request header credentials - properties: - ca: - description: ca is a required reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. Specifically, it allows verification - of incoming requests to prevent header spoofing. The key - "ca.crt" is used to locate the data. If the config map - or expected key is not found, the identity provider is - not honored. If the specified ca data is not valid, the - identity provider is not honored. The namespace for this - config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - challengeURL: - description: challengeURL is a URL to redirect unauthenticated - /authorize requests to Unauthenticated requests from OAuth - clients which expect WWW-Authenticate challenges will - be redirected here. ${url} is replaced with the current - URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when challenge is set to true. - type: string - clientCommonNames: - description: clientCommonNames is an optional list of common - names to require a match from. If empty, any client certificate - validated against the clientCA bundle is considered authoritative. - items: - type: string - type: array - emailHeaders: - description: emailHeaders is the set of headers to check - for the email address - items: - type: string - type: array - headers: - description: headers is the set of headers to check for - identity information - items: - type: string - type: array - loginURL: - description: loginURL is a URL to redirect unauthenticated - /authorize requests to Unauthenticated requests from OAuth - clients which expect interactive logins will be redirected - here ${url} is replaced with the current URL, escaped - to be safe in a query parameter https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when login is set to true. - type: string - nameHeaders: - description: nameHeaders is the set of headers to check - for the display name - items: - type: string - type: array - preferredUsernameHeaders: - description: preferredUsernameHeaders is the set of headers - to check for the preferred username - items: - type: string - type: array - type: object - type: - description: type identifies the identity provider type for - this entry. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - templates: - description: templates allow you to customize pages like the login - page. - properties: - error: - description: error is the name of a secret that specifies a go - template to use to render error pages during the authentication - or grant flow. The key "errors.html" is used to locate the template - data. If specified and the secret or expected key is not found, - the default error page is used. If the specified template is - not valid, the default error page is used. If unspecified, the - default error page is used. The namespace for this secret is - openshift-config. - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - login: - description: login is the name of a secret that specifies a go - template to use to render the login page. The key "login.html" - is used to locate the template data. If specified and the secret - or expected key is not found, the default login page is used. - If the specified template is not valid, the default login page - is used. If unspecified, the default login page is used. The - namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - providerSelection: - description: providerSelection is the name of a secret that specifies - a go template to use to render the provider selection page. - The key "providers.html" is used to locate the template data. - If specified and the secret or expected key is not found, the - default provider selection page is used. If the specified template - is not valid, the default provider selection page is used. If - unspecified, the default provider selection page is used. The - namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - type: object - tokenConfig: - description: tokenConfig contains options for authorization and access - tokens - properties: - accessTokenInactivityTimeout: - description: "accessTokenInactivityTimeout defines the token inactivity - timeout for tokens granted by any client. The value represents - the maximum amount of time that can occur between consecutive - uses of the token. Tokens become invalid if they are not used - within this temporal window. The user will need to acquire a - new token to regain access once a token times out. Takes valid - time duration string such as \"5m\", \"1.5h\" or \"2h45m\". - The minimum allowed value for duration is 300s (5 minutes). - If the timeout is configured per client, then that value takes - precedence. If the timeout value is not specified and the client - does not override the value, then tokens are valid until their - lifetime. \n WARNING: existing tokens' timeout will not be affected - (lowered) by changing this value" - type: string - accessTokenInactivityTimeoutSeconds: - description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: - setting this field has no effect.' - format: int32 - type: integer - accessTokenMaxAgeSeconds: - description: accessTokenMaxAgeSeconds defines the maximum age - of access tokens - format: int32 - type: integer - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml deleted file mode 100644 index ec2c7af3f4..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: projects.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Project - listKind: ProjectList - plural: projects - singular: project - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Project holds cluster-wide information about Project. The canonical - name is `cluster` \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - projectRequestMessage: - description: projectRequestMessage is the string presented to a user - if they are unable to request a project via the projectrequest api - endpoint - type: string - projectRequestTemplate: - description: projectRequestTemplate is the template to use for creating - projects in response to projectrequest. This must point to a template - in 'openshift-config' namespace. It is optional. If it is not specified, - a default template is used. - properties: - name: - description: name is the metadata.name of the referenced project - request template - type: string - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml deleted file mode 100644 index ff93011104..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml +++ /dev/null @@ -1,108 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: schedulers.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Scheduler - listKind: SchedulerList - plural: schedulers - singular: scheduler - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Scheduler holds cluster-wide config information to run the Kubernetes - Scheduler and influence its placement decisions. The canonical name for - this config is `cluster`. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - defaultNodeSelector: - description: 'defaultNodeSelector helps set the cluster-wide default - node selector to restrict pod placement to specific nodes. This - is applied to the pods created in all namespaces and creates an - intersection with any existing nodeSelectors already set on a pod, - additionally constraining that pod''s selector. For example, defaultNodeSelector: - "type=user-node,region=east" would set nodeSelector field in pod - spec to "type=user-node,region=east" to all pods created in all - namespaces. Namespaces having project-wide node selectors won''t - be impacted even if this field is set. This adds an annotation section - to the namespace. For example, if a new namespace is created with - node-selector=''type=user-node,region=east'', the annotation openshift.io/node-selector: - type=user-node,region=east gets added to the project. When the openshift.io/node-selector - annotation is set on the project the value is used in preference - to the value we are setting for defaultNodeSelector field. For instance, - openshift.io/node-selector: "type=user-node,region=west" means that - the default of "type=user-node,region=east" set in defaultNodeSelector - would not be applied.' - type: string - mastersSchedulable: - description: 'MastersSchedulable allows masters nodes to be schedulable. - When this flag is turned on, all the master nodes in the cluster - will be made schedulable, so that workload pods can run on them. - The default value for this field is false, meaning none of the master - nodes are schedulable. Important Note: Once the workload pods start - running on the master nodes, extreme care must be taken to ensure - that cluster-critical control plane components are not impacted. - Please turn on this field after doing due diligence.' - type: boolean - policy: - description: 'DEPRECATED: the scheduler Policy API has been deprecated - and will be removed in a future release. policy is a reference to - a ConfigMap containing scheduler policy which has user specified - predicates and priorities. If this ConfigMap is not available scheduler - will default to use DefaultAlgorithmProvider. The namespace for - this configmap is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - profile: - description: "profile sets which scheduling profile should be set - in order to configure scheduling decisions for new pods. \n Valid - values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" - Defaults to \"LowNodeUtilization\"" - enum: - - "" - - LowNodeUtilization - - HighNodeUtilization - - NoScoring - type: string - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml deleted file mode 100644 index 94e7f015a0..0000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml +++ /dev/null @@ -1,431 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - capability.openshift.io/name: Build - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: builds.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Build - listKind: BuildList - plural: builds - singular: build - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Build configures the behavior of OpenShift builds for the entire - cluster. This includes default settings that can be overridden in BuildConfig - objects, and overrides which are applied to all builds. \n The canonical - name is \"cluster\" \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds user-settable values for the build controller - configuration - properties: - additionalTrustedCA: - description: "AdditionalTrustedCA is a reference to a ConfigMap containing - additional CAs that should be trusted for image pushes and pulls - during builds. The namespace for this config map is openshift-config. - \n DEPRECATED: Additional CAs for image pull and push should be - set on image.config.openshift.io/cluster instead." - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - buildDefaults: - description: BuildDefaults controls the default information for Builds - properties: - defaultProxy: - description: "DefaultProxy contains the default proxy settings - for all build operations, including image pull/push and source - download. \n Values can be overrode by setting the `HTTP_PROXY`, - `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build - config's strategy." - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS - requests. Empty means unset and will not result in an env - var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames - and/or CIDRs and/or IPs for which the proxy should not be - used. Empty means unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used - to verify readiness of the proxy. - items: - type: string - type: array - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing - a CA certificate bundle. The trustedCA field should only - be consumed by a proxy validator. The validator is responsible - for reading the certificate bundle from the required key - \"ca-bundle.crt\", merging it with the system default trust - bundle, and writing the merged trust bundle to a ConfigMap - named \"trusted-ca-bundle\" in the \"openshift-config-managed\" - namespace. Clients that expect to make proxy connections - must use the trusted-ca-bundle for all HTTPS requests to - the proxy, and may use the trusted-ca-bundle for non-proxy - HTTPS requests as well. \n The namespace for the ConfigMap - referenced by trustedCA is \"openshift-config\". Here is - an example ConfigMap (in yaml): \n apiVersion: v1 kind: - ConfigMap metadata: name: user-ca-bundle namespace: openshift-config - data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom - CA certificate bundle. -----END CERTIFICATE-----" - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - type: object - env: - description: Env is a set of default environment variables that - will be applied to the build if the specified variables do not - exist on the build - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - gitProxy: - description: "GitProxy contains the proxy settings for git operations - only. If set, this will override any Proxy settings for all - git commands, such as git clone. \n Values that are not set - here will be inherited from DefaultProxy." - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS - requests. Empty means unset and will not result in an env - var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames - and/or CIDRs and/or IPs for which the proxy should not be - used. Empty means unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used - to verify readiness of the proxy. - items: - type: string - type: array - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing - a CA certificate bundle. The trustedCA field should only - be consumed by a proxy validator. The validator is responsible - for reading the certificate bundle from the required key - \"ca-bundle.crt\", merging it with the system default trust - bundle, and writing the merged trust bundle to a ConfigMap - named \"trusted-ca-bundle\" in the \"openshift-config-managed\" - namespace. Clients that expect to make proxy connections - must use the trusted-ca-bundle for all HTTPS requests to - the proxy, and may use the trusted-ca-bundle for non-proxy - HTTPS requests as well. \n The namespace for the ConfigMap - referenced by trustedCA is \"openshift-config\". Here is - an example ConfigMap (in yaml): \n apiVersion: v1 kind: - ConfigMap metadata: name: user-ca-bundle namespace: openshift-config - data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom - CA certificate bundle. -----END CERTIFICATE-----" - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - type: object - imageLabels: - description: ImageLabels is a list of docker labels that are applied - to the resulting image. User can override a default label by - providing a label with the same name in their Build/BuildConfig. - items: - properties: - name: - description: Name defines the name of the label. It must - have non-zero length. - type: string - value: - description: Value defines the literal value of the label. - type: string - type: object - type: array - resources: - description: Resources defines resource requirements to execute - the build. - properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be - set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in - pod.spec.resourceClaims of the Pod where this field - is used. It makes that resource available inside a - container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - type: object - buildOverrides: - description: BuildOverrides controls override settings for builds - properties: - forcePull: - description: ForcePull overrides, if set, the equivalent value - in the builds, i.e. false disables force pull for all builds, - true enables force pull for all builds, independently of what - each build specifies itself - type: boolean - imageLabels: - description: ImageLabels is a list of docker labels that are applied - to the resulting image. If user provided a label in their Build/BuildConfig - with the same name as one in this list, the user's label will - be overwritten. - items: - properties: - name: - description: Name defines the name of the label. It must - have non-zero length. - type: string - value: - description: Value defines the literal value of the label. - type: string - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: NodeSelector is a selector which must be true for - the build pod to fit on a node - type: object - tolerations: - description: Tolerations is a list of Tolerations that will override - any existing tolerations set on a build pod. - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/custom.apiserver.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.apiserver.testsuite.yaml deleted file mode 100644 index 5e2dea3ea9..0000000000 --- a/vendor/github.com/openshift/api/config/v1/custom.apiserver.testsuite.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] APIServer" -crd: 0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create encrypt with aescbc - initial: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - encryption: - type: aescbc - expected: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - audit: - profile: Default - encryption: - type: aescbc - - name: Should be able to create encrypt with aesgcm - initial: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - encryption: - type: aesgcm - expected: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - audit: - profile: Default - encryption: - type: aesgcm diff --git a/vendor/github.com/openshift/api/config/v1/custom.authentication.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.authentication.testsuite.yaml deleted file mode 100644 index 92e7d72e62..0000000000 --- a/vendor/github.com/openshift/api/config/v1/custom.authentication.testsuite.yaml +++ /dev/null @@ -1,284 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] Authentication" -crd: 0000_10_config-operator_01_authentication.crd-CustomNoUpgrade.yaml -tests: - onCreate: - - name: Should be able to create a minimal Authentication - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} # No spec is required for a Authentication - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} - - name: Should be able to use the OIDC type - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - - name: Cannot set username claim prefix with policy NoPrefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - prefix: - prefixString: "myoidc:" - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set username claim prefix with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - - name: Cannot leave username claim prefix blank with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set OIDC providers with no username prefixing - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - onUpdate: - - name: Updating OIDC provider with a client that's not in the status - initial: &initConfig | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: dif-namespace # new client here - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating OIDC provider with a client that's different from the previous one - initial: *initConfig - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: dif-namespace - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating previously existing client - initial: *initConfig - updated: &prevExistingUpdated | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *prevExistingUpdated - - name: Removing a configured client from the status (== component unregister) - initial: *initConfig - updated: &removeFromStatus | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *removeFromStatus - - name: Simply add a valid client - initial: *initConfig - updated: &addClient | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: namespace2 - componentName: name3 - clientID: justavalidclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *addClient diff --git a/vendor/github.com/openshift/api/config/v1/custom.clusterversion.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.clusterversion.testsuite.yaml deleted file mode 100644 index f3090558b9..0000000000 --- a/vendor/github.com/openshift/api/config/v1/custom.clusterversion.testsuite.yaml +++ /dev/null @@ -1,472 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] ClusterVersion" -crd: 0000_00_cluster-version-operator_01_clusterversion-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ClusterVersion - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - - name: Should allow image to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - - name: Should allow version to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - version: 4.11.1 - - name: Should allow architecture to be empty - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: "" - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: "" - version: 4.11.1 - - name: Should allow architecture and version to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - - name: Version must be set if architecture is set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - expectedError: "Version must be set if Architecture is set" - - name: Should not allow image and architecture to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities baremetal and MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities baremetal without MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability - - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities marketplace and OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities marketplace without OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - expectedError: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability - - name: Should be able to set a custom signature store - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus.ocp.com" - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus.ocp.com" - - name: Should be able to set multiple custom signature store - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus1.ocp.com" - - url: "https://osus2.ocp.com" - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus1.ocp.com" - - url: "https://osus2.ocp.com" - - name: Invalid custom signature store should throw error - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "osus1.ocp.com" - expectedError: "url must be a valid absolute URL" - - name: Should be able to unset the signature stores - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: [] - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: [] - onUpdate: - - name: Should not allow image to be set if architecture set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should not allow architecture to be set if image set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, and implicitly enabled MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, with the Machine API capability - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - - name: Should not be able to add the baremetal capability with a ClusterVersion with base capability None, and without MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability - - name: Should be able to add the marketplace capability with a ClusterVersion with base capability None, and implicitly enabled OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - - name: Should be able to add the marketplace capability with a ClusterVersion with base capability None, with the OperatorLifecycleManager capability - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - - name: Should not be able to add the marketplace capability with a ClusterVersion with base capability None, and without OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - expectedError: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability diff --git a/vendor/github.com/openshift/api/config/v1/custom.dns.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.dns.testsuite.yaml deleted file mode 100644 index ab1a123b60..0000000000 --- a/vendor/github.com/openshift/api/config/v1/custom.dns.testsuite.yaml +++ /dev/null @@ -1,104 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Custom] DNS" -crd: 0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal DNS - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS - expected: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} - - name: Should be able to specify an AWS role ARN for a private hosted zone - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expected: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - - name: Should not be able to specify unsupported platform - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: Azure - azure: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expectedError: "Invalid value: \"string\": allowed values are '' and 'AWS'" - - name: Should not be able to specify invalid AWS role ARN - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - metadata: - name: cluster - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam:bad:123456789012:role/foo - expectedError: "DNS.config.openshift.io \"cluster\" is invalid: spec.platform.aws.privateZoneIAMRole: Invalid value: \"arn:aws:iam:bad:123456789012:role/foo\": spec.platform.aws.privateZoneIAMRole in body should match '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\\/.*$'" - - name: Should not be able to specify different type and platform - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expectedError: "Invalid value: \"object\": aws configuration is required when platform is AWS, and forbidden otherwise" - onUpdate: - - name: Can switch from empty (default), to AWS - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - updated: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expected: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - - name: Upgrade case is valid - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS - updated: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - expected: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" diff --git a/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml deleted file mode 100644 index 24433f4f75..0000000000 --- a/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml +++ /dev/null @@ -1,321 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Custom] Infrastructure" -crd: 0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Infrastructure - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} # No spec is required for a Infrastructure - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - onUpdate: - - name: Should not be able to modify an existing GCP ResourceLabels Label - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "changed"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" - - name: Should not be able to add a Label to an existing GCP ResourceLabels - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "new", value: "entry"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" - - name: Should not be able to remove a Label from an existing GCP ResourceLabels - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "new", value: "entry"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" - - name: Should not be able to add GCP ResourceLabels to an empty platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - gcp: - resourceLabels: - - {key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" - - name: Should not be able to remove GCP ResourceLabels from platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" - - name: Should not have label key start with openshift-io for GCP ResourceLabels in platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "openshift-io-created-cluster", value: "true"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" - - name: Should not have label key start with kubernetes-io for GCP ResourceLabels in platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "kubernetes-io-created-cluster", value: "true"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" - - name: Should not be able to modify an existing GCP ResourceTags Tag - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "changed"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to add a Tag to an existing GCP ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - - {parentID: "test-project-123", key: "new", value: "tag"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to remove a Tag from an existing GCP ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key1", value: "value1"} - - {parentID: "test-project-123", key: "key2", value: "value2"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key1", value: "value1"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to add GCP ResourceTags to an empty platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" - - name: Should not be able to remove GCP ResourceTags from platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" - - name: Should not be able to modify ParentID of a Tag in the GCP ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "test-project-123", key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" diff --git a/vendor/github.com/openshift/api/config/v1/custom.network.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.network.testsuite.yaml deleted file mode 100644 index 59e9fbdfff..0000000000 --- a/vendor/github.com/openshift/api/config/v1/custom.network.testsuite.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] Network" -crd: 0000_10_config-operator_01_network-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to set status conditions - initial: | - apiVersion: config.openshift.io/v1 - kind: Network - spec: {} # No spec is required for a Network - status: - conditions: - - type: NetworkTypeMigrationInProgress - status: "False" - reason: "Reason" - message: "Message" - lastTransitionTime: "2023-10-25T12:00:00Z" - expected: | - apiVersion: config.openshift.io/v1 - kind: Network - spec: {} - status: - conditions: - - type: NetworkTypeMigrationInProgress - status: "False" - reason: "Reason" - message: "Message" - lastTransitionTime: "2023-10-25T12:00:00Z" diff --git a/vendor/github.com/openshift/api/config/v1/doc.go b/vendor/github.com/openshift/api/config/v1/doc.go index 4ff5208f2c..f994547583 100644 --- a/vendor/github.com/openshift/api/config/v1/doc.go +++ b/vendor/github.com/openshift/api/config/v1/doc.go @@ -1,6 +1,7 @@ // +k8s:deepcopy-gen=package,register // +k8s:defaulter-gen=TypeMeta // +k8s:openapi-gen=true +// +openshift:featuregated-schema-gen=true // +kubebuilder:validation:Optional // +groupName=config.openshift.io diff --git a/vendor/github.com/openshift/api/config/v1/feature_gates.go b/vendor/github.com/openshift/api/config/v1/feature_gates.go index 7b7cbf640a..7a9d129cfb 100644 --- a/vendor/github.com/openshift/api/config/v1/feature_gates.go +++ b/vendor/github.com/openshift/api/config/v1/feature_gates.go @@ -1,5 +1,7 @@ package v1 +import "fmt" + // FeatureGateDescription is a golang-only interface used to contains details for a feature gate. type FeatureGateDescription struct { // FeatureGateAttributes is the information that appears in the API @@ -15,6 +17,14 @@ type FeatureGateDescription struct { OwningProduct OwningProduct } +type ClusterProfileName string + +var ( + Hypershift = ClusterProfileName("include.release.openshift.io/ibm-cloud-managed") + SelfManaged = ClusterProfileName("include.release.openshift.io/self-managed-high-availability") + AllClusterProfiles = []ClusterProfileName{Hypershift, SelfManaged} +) + type OwningProduct string var ( @@ -22,443 +32,567 @@ var ( kubernetes = OwningProduct("Kubernetes") ) -var ( - FeatureGateValidatingAdmissionPolicy = FeatureGateName("ValidatingAdmissionPolicy") - validatingAdmissionPolicy = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateValidatingAdmissionPolicy, - }, - OwningJiraComponent: "kube-apiserver", - ResponsiblePerson: "benluddy", - OwningProduct: kubernetes, - } - - FeatureGateGatewayAPI = FeatureGateName("GatewayAPI") - gateGatewayAPI = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateGatewayAPI, - }, - OwningJiraComponent: "Routing", - ResponsiblePerson: "miciah", - OwningProduct: ocpSpecific, - } - - FeatureGateOpenShiftPodSecurityAdmission = FeatureGateName("OpenShiftPodSecurityAdmission") - openShiftPodSecurityAdmission = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateOpenShiftPodSecurityAdmission, - }, - OwningJiraComponent: "auth", - ResponsiblePerson: "stlaz", - OwningProduct: ocpSpecific, - } - - FeatureGateExternalCloudProvider = FeatureGateName("ExternalCloudProvider") - externalCloudProvider = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateExternalCloudProvider, - }, - OwningJiraComponent: "cloud-provider", - ResponsiblePerson: "jspeed", - OwningProduct: ocpSpecific, - } - - FeatureGateExternalCloudProviderAzure = FeatureGateName("ExternalCloudProviderAzure") - externalCloudProviderAzure = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateExternalCloudProviderAzure, - }, - OwningJiraComponent: "cloud-provider", - ResponsiblePerson: "jspeed", - OwningProduct: ocpSpecific, - } - - FeatureGateExternalCloudProviderGCP = FeatureGateName("ExternalCloudProviderGCP") - externalCloudProviderGCP = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateExternalCloudProviderGCP, - }, - OwningJiraComponent: "cloud-provider", - ResponsiblePerson: "jspeed", - OwningProduct: ocpSpecific, - } - - FeatureGateExternalCloudProviderExternal = FeatureGateName("ExternalCloudProviderExternal") - externalCloudProviderExternal = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateExternalCloudProviderExternal, - }, - OwningJiraComponent: "cloud-provider", - ResponsiblePerson: "elmiko", - OwningProduct: ocpSpecific, - } - - FeatureGateCSIDriverSharedResource = FeatureGateName("CSIDriverSharedResource") - csiDriverSharedResource = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateCSIDriverSharedResource, - }, - OwningJiraComponent: "builds", - ResponsiblePerson: "adkaplan", - OwningProduct: ocpSpecific, - } +type featureGateBuilder struct { + name string + owningJiraComponent string + responsiblePerson string + owningProduct OwningProduct - FeatureGateBuildCSIVolumes = FeatureGateName("BuildCSIVolumes") - buildCSIVolumes = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateBuildCSIVolumes, - }, - OwningJiraComponent: "builds", - ResponsiblePerson: "adkaplan", - OwningProduct: ocpSpecific, - } - - FeatureGateNodeSwap = FeatureGateName("NodeSwap") - nodeSwap = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateNodeSwap, - }, - OwningJiraComponent: "node", - ResponsiblePerson: "ehashman", - OwningProduct: kubernetes, - } - - FeatureGateMachineAPIProviderOpenStack = FeatureGateName("MachineAPIProviderOpenStack") - machineAPIProviderOpenStack = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateMachineAPIProviderOpenStack, - }, - OwningJiraComponent: "openstack", - ResponsiblePerson: "egarcia", - OwningProduct: ocpSpecific, - } - - FeatureGateInsightsConfigAPI = FeatureGateName("InsightsConfigAPI") - insightsConfigAPI = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateInsightsConfigAPI, - }, - OwningJiraComponent: "insights", - ResponsiblePerson: "tremes", - OwningProduct: ocpSpecific, - } - - FeatureGateDynamicResourceAllocation = FeatureGateName("DynamicResourceAllocation") - dynamicResourceAllocation = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateDynamicResourceAllocation, - }, - OwningJiraComponent: "scheduling", - ResponsiblePerson: "jchaloup", - OwningProduct: kubernetes, - } - - FeatureGateAzureWorkloadIdentity = FeatureGateName("AzureWorkloadIdentity") - azureWorkloadIdentity = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateAzureWorkloadIdentity, - }, - OwningJiraComponent: "cloud-credential-operator", - ResponsiblePerson: "abutcher", - OwningProduct: ocpSpecific, - } - - FeatureGateMaxUnavailableStatefulSet = FeatureGateName("MaxUnavailableStatefulSet") - maxUnavailableStatefulSet = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateMaxUnavailableStatefulSet, - }, - OwningJiraComponent: "apps", - ResponsiblePerson: "atiratree", - OwningProduct: kubernetes, - } - - FeatureGateEventedPLEG = FeatureGateName("EventedPLEG") - eventedPleg = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateEventedPLEG, - }, - OwningJiraComponent: "node", - ResponsiblePerson: "sairameshv", - OwningProduct: kubernetes, - } - - FeatureGatePrivateHostedZoneAWS = FeatureGateName("PrivateHostedZoneAWS") - privateHostedZoneAWS = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGatePrivateHostedZoneAWS, - }, - OwningJiraComponent: "Routing", - ResponsiblePerson: "miciah", - OwningProduct: ocpSpecific, - } - - FeatureGateSigstoreImageVerification = FeatureGateName("SigstoreImageVerification") - sigstoreImageVerification = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateSigstoreImageVerification, - }, - OwningJiraComponent: "node", - ResponsiblePerson: "sgrunert", - OwningProduct: ocpSpecific, - } - - FeatureGateGCPLabelsTags = FeatureGateName("GCPLabelsTags") - gcpLabelsTags = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateGCPLabelsTags, - }, - OwningJiraComponent: "Installer", - ResponsiblePerson: "bhb", - OwningProduct: ocpSpecific, - } - - FeatureGateAlibabaPlatform = FeatureGateName("AlibabaPlatform") - alibabaPlatform = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateAlibabaPlatform, - }, - OwningJiraComponent: "cloud-provider", - ResponsiblePerson: "jspeed", - OwningProduct: ocpSpecific, - } + statusByClusterProfileByFeatureSet map[ClusterProfileName]map[FeatureSet]bool +} - FeatureGateCloudDualStackNodeIPs = FeatureGateName("CloudDualStackNodeIPs") - cloudDualStackNodeIPs = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateCloudDualStackNodeIPs, - }, - OwningJiraComponent: "machine-config-operator/platform-baremetal", - ResponsiblePerson: "mkowalsk", - OwningProduct: kubernetes, - } - FeatureGateVSphereStaticIPs = FeatureGateName("VSphereStaticIPs") - vSphereStaticIPs = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateVSphereStaticIPs, - }, - OwningJiraComponent: "splat", - ResponsiblePerson: "rvanderp3", - OwningProduct: ocpSpecific, +// newFeatureGate featuregate are disabled in every FeatureSet and selectively enabled +func newFeatureGate(name string) *featureGateBuilder { + b := &featureGateBuilder{ + name: name, + statusByClusterProfileByFeatureSet: map[ClusterProfileName]map[FeatureSet]bool{}, } - - FeatureGateRouteExternalCertificate = FeatureGateName("RouteExternalCertificate") - routeExternalCertificate = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateRouteExternalCertificate, - }, - OwningJiraComponent: "router", - ResponsiblePerson: "thejasn", - OwningProduct: ocpSpecific, + for _, clusterProfile := range AllClusterProfiles { + byFeatureSet := map[FeatureSet]bool{} + for _, featureSet := range AllFixedFeatureSets { + byFeatureSet[featureSet] = false + } + b.statusByClusterProfileByFeatureSet[clusterProfile] = byFeatureSet } + return b +} - FeatureGateAdminNetworkPolicy = FeatureGateName("AdminNetworkPolicy") - adminNetworkPolicy = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateAdminNetworkPolicy, - }, - OwningJiraComponent: "Networking/ovn-kubernetes", - ResponsiblePerson: "tssurya", - OwningProduct: ocpSpecific, - } +func (b *featureGateBuilder) reportProblemsToJiraComponent(owningJiraComponent string) *featureGateBuilder { + b.owningJiraComponent = owningJiraComponent + return b +} - FeatureGateNetworkLiveMigration = FeatureGateName("NetworkLiveMigration") - sdnLiveMigration = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateNetworkLiveMigration, - }, - OwningJiraComponent: "Networking/ovn-kubernetes", - ResponsiblePerson: "pliu", - OwningProduct: ocpSpecific, - } +func (b *featureGateBuilder) contactPerson(responsiblePerson string) *featureGateBuilder { + b.responsiblePerson = responsiblePerson + return b +} - FeatureGateAutomatedEtcdBackup = FeatureGateName("AutomatedEtcdBackup") - automatedEtcdBackup = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateAutomatedEtcdBackup, - }, - OwningJiraComponent: "etcd", - ResponsiblePerson: "hasbro17", - OwningProduct: ocpSpecific, - } +func (b *featureGateBuilder) productScope(owningProduct OwningProduct) *featureGateBuilder { + b.owningProduct = owningProduct + return b +} - FeatureGateMachineAPIOperatorDisableMachineHealthCheckController = FeatureGateName("MachineAPIOperatorDisableMachineHealthCheckController") - machineAPIOperatorDisableMachineHealthCheckController = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateMachineAPIOperatorDisableMachineHealthCheckController, - }, - OwningJiraComponent: "ecoproject", - ResponsiblePerson: "msluiter", - OwningProduct: ocpSpecific, +func (b *featureGateBuilder) enableIn(featureSets ...FeatureSet) *featureGateBuilder { + for clusterProfile := range b.statusByClusterProfileByFeatureSet { + for _, featureSet := range featureSets { + b.statusByClusterProfileByFeatureSet[clusterProfile][featureSet] = true + } } + return b +} - FeatureGateDNSNameResolver = FeatureGateName("DNSNameResolver") - dnsNameResolver = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateDNSNameResolver, - }, - OwningJiraComponent: "dns", - ResponsiblePerson: "miciah", - OwningProduct: ocpSpecific, +func (b *featureGateBuilder) enableForClusterProfile(clusterProfile ClusterProfileName, featureSets ...FeatureSet) *featureGateBuilder { + for _, featureSet := range featureSets { + b.statusByClusterProfileByFeatureSet[clusterProfile][featureSet] = true } + return b +} - FeatureGateVSphereControlPlaneMachineset = FeatureGateName("VSphereControlPlaneMachineSet") - vSphereControlPlaneMachineset = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateVSphereControlPlaneMachineset, - }, - OwningJiraComponent: "splat", - ResponsiblePerson: "rvanderp3", - OwningProduct: ocpSpecific, +func (b *featureGateBuilder) register() (FeatureGateName, error) { + if len(b.name) == 0 { + return "", fmt.Errorf("missing name") } - - FeatureGateMachineConfigNodes = FeatureGateName("MachineConfigNodes") - machineConfigNodes = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateMachineConfigNodes, - }, - OwningJiraComponent: "MachineConfigOperator", - ResponsiblePerson: "cdoern", - OwningProduct: ocpSpecific, + if len(b.owningJiraComponent) == 0 { + return "", fmt.Errorf("missing owningJiraComponent") } - - FeatureGateClusterAPIInstall = FeatureGateName("ClusterAPIInstall") - clusterAPIInstall = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateClusterAPIInstall, - }, - OwningJiraComponent: "Installer", - ResponsiblePerson: "vincepri", - OwningProduct: ocpSpecific, + if len(b.responsiblePerson) == 0 { + return "", fmt.Errorf("missing responsiblePerson") } - - FeatureGateMetricsServer = FeatureGateName("MetricsServer") - metricsServer = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateMetricsServer, - }, - OwningJiraComponent: "Monitoring", - ResponsiblePerson: "slashpai", - OwningProduct: ocpSpecific, + if len(b.owningProduct) == 0 { + return "", fmt.Errorf("missing owningProduct") } - FeatureGateInstallAlternateInfrastructureAWS = FeatureGateName("InstallAlternateInfrastructureAWS") - installAlternateInfrastructureAWS = FeatureGateDescription{ + featureGateName := FeatureGateName(b.name) + description := FeatureGateDescription{ FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateInstallAlternateInfrastructureAWS, + Name: featureGateName, }, - OwningJiraComponent: "Installer", - ResponsiblePerson: "padillon", - OwningProduct: ocpSpecific, + OwningJiraComponent: b.owningJiraComponent, + ResponsiblePerson: b.responsiblePerson, + OwningProduct: b.owningProduct, } - FeatureGateGCPClusterHostedDNS = FeatureGateName("GCPClusterHostedDNS") - gcpClusterHostedDNS = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateGCPClusterHostedDNS, - }, - OwningJiraComponent: "Installer", - ResponsiblePerson: "barbacbd", - OwningProduct: ocpSpecific, - } + // statusByClusterProfileByFeatureSet is initialized by constructor to be false for every combination + for clusterProfile, byFeatureSet := range b.statusByClusterProfileByFeatureSet { + for featureSet, enabled := range byFeatureSet { + if _, ok := allFeatureGates[clusterProfile]; !ok { + allFeatureGates[clusterProfile] = map[FeatureSet]*FeatureGateEnabledDisabled{} + } + if _, ok := allFeatureGates[clusterProfile][featureSet]; !ok { + allFeatureGates[clusterProfile][featureSet] = &FeatureGateEnabledDisabled{} + } - FeatureGateMixedCPUsAllocation = FeatureGateName("MixedCPUsAllocation") - mixedCPUsAllocation = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateMixedCPUsAllocation, - }, - OwningJiraComponent: "NodeTuningOperator", - ResponsiblePerson: "titzhak", - OwningProduct: ocpSpecific, + if enabled { + allFeatureGates[clusterProfile][featureSet].Enabled = append(allFeatureGates[clusterProfile][featureSet].Enabled, description) + } else { + allFeatureGates[clusterProfile][featureSet].Disabled = append(allFeatureGates[clusterProfile][featureSet].Disabled, description) + } + } } - FeatureGateManagedBootImages = FeatureGateName("ManagedBootImages") - managedBootImages = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateManagedBootImages, - }, - OwningJiraComponent: "MachineConfigOperator", - ResponsiblePerson: "djoshy", - OwningProduct: ocpSpecific, - } + return featureGateName, nil +} - FeatureGateDisableKubeletCloudCredentialProviders = FeatureGateName("DisableKubeletCloudCredentialProviders") - disableKubeletCloudCredentialProviders = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateDisableKubeletCloudCredentialProviders, - }, - OwningJiraComponent: "cloud-provider", - ResponsiblePerson: "jspeed", - OwningProduct: kubernetes, +func (b *featureGateBuilder) mustRegister() FeatureGateName { + ret, err := b.register() + if err != nil { + panic(err) } + return ret +} - FeatureGateOnClusterBuild = FeatureGateName("OnClusterBuild") - onClusterBuild = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateOnClusterBuild, - }, - OwningJiraComponent: "MachineConfigOperator", - ResponsiblePerson: "dkhater", - OwningProduct: ocpSpecific, +func FeatureSets(clusterProfile ClusterProfileName, featureSet FeatureSet) (*FeatureGateEnabledDisabled, error) { + byFeatureSet, ok := allFeatureGates[clusterProfile] + if !ok { + return nil, fmt.Errorf("no information found for ClusterProfile=%q", clusterProfile) } - - FeatureGateSignatureStores = FeatureGateName("SignatureStores") - signatureStores = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateSignatureStores, - }, - OwningJiraComponent: "Cluster Version Operator", - ResponsiblePerson: "lmohanty", - OwningProduct: ocpSpecific, + featureGates, ok := byFeatureSet[featureSet] + if !ok { + return nil, fmt.Errorf("no information found for FeatureSet=%q under ClusterProfile=%q", featureSet, clusterProfile) } + return featureGates.DeepCopy(), nil +} - FeatureGateKMSv1 = FeatureGateName("KMSv1") - kmsv1 = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateKMSv1, - }, - OwningJiraComponent: "kube-apiserver", - ResponsiblePerson: "dgrisonnet", - OwningProduct: kubernetes, - } +func AllFeatureSets() map[ClusterProfileName]map[FeatureSet]*FeatureGateEnabledDisabled { + ret := map[ClusterProfileName]map[FeatureSet]*FeatureGateEnabledDisabled{} - FeatureGatePinnedImages = FeatureGateName("PinnedImages") - pinnedImages = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGatePinnedImages, - }, - OwningJiraComponent: "MachineConfigOperator", - ResponsiblePerson: "jhernand", - OwningProduct: ocpSpecific, - } + for clusterProfile, byFeatureSet := range allFeatureGates { + newByFeatureSet := map[FeatureSet]*FeatureGateEnabledDisabled{} - FeatureGateUpgradeStatus = FeatureGateName("UpgradeStatus") - upgradeStatus = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateUpgradeStatus, - }, - OwningJiraComponent: "Cluster Version Operator", - ResponsiblePerson: "pmuller", - OwningProduct: ocpSpecific, + for featureSet, enabledDisabled := range byFeatureSet { + newByFeatureSet[featureSet] = enabledDisabled.DeepCopy() + } + ret[clusterProfile] = newByFeatureSet } - FeatureGateTranslateStreamCloseWebsocketRequests = FeatureGateName("TranslateStreamCloseWebsocketRequests") - translateStreamCloseWebsocketRequests = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateTranslateStreamCloseWebsocketRequests, - }, - OwningJiraComponent: "kube-apiserver", - ResponsiblePerson: "akashem", - OwningProduct: kubernetes, - } + return ret +} - FeatureGateVolumeGroupSnapshot = FeatureGateName("VolumeGroupSnapshot") - volumeGroupSnapshot = FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: FeatureGateVolumeGroupSnapshot, - }, - OwningJiraComponent: "Storage / Kubernetes External Components", - ResponsiblePerson: "fbertina", - OwningProduct: kubernetes, - } +var ( + allFeatureGates = map[ClusterProfileName]map[FeatureSet]*FeatureGateEnabledDisabled{} + + FeatureGateServiceAccountTokenNodeBindingValidation = newFeatureGate("ServiceAccountTokenNodeBindingValidation"). + reportProblemsToJiraComponent("apiserver-auth"). + contactPerson("stlaz"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateServiceAccountTokenNodeBinding = newFeatureGate("ServiceAccountTokenNodeBinding"). + reportProblemsToJiraComponent("apiserver-auth"). + contactPerson("stlaz"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateServiceAccountTokenPodNodeInfo = newFeatureGate("ServiceAccountTokenPodNodeInfo"). + reportProblemsToJiraComponent("apiserver-auth"). + contactPerson("stlaz"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateValidatingAdmissionPolicy = newFeatureGate("ValidatingAdmissionPolicy"). + reportProblemsToJiraComponent("kube-apiserver"). + contactPerson("benluddy"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateGatewayAPI = newFeatureGate("GatewayAPI"). + reportProblemsToJiraComponent("Routing"). + contactPerson("miciah"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateOpenShiftPodSecurityAdmission = newFeatureGate("OpenShiftPodSecurityAdmission"). + reportProblemsToJiraComponent("auth"). + contactPerson("stlaz"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateExternalCloudProvider = newFeatureGate("ExternalCloudProvider"). + reportProblemsToJiraComponent("cloud-provider"). + contactPerson("jspeed"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateExternalCloudProviderAzure = newFeatureGate("ExternalCloudProviderAzure"). + reportProblemsToJiraComponent("cloud-provider"). + contactPerson("jspeed"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateExternalCloudProviderGCP = newFeatureGate("ExternalCloudProviderGCP"). + reportProblemsToJiraComponent("cloud-provider"). + contactPerson("jspeed"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateExternalCloudProviderExternal = newFeatureGate("ExternalCloudProviderExternal"). + reportProblemsToJiraComponent("cloud-provider"). + contactPerson("elmiko"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateCSIDriverSharedResource = newFeatureGate("CSIDriverSharedResource"). + reportProblemsToJiraComponent("builds"). + contactPerson("adkaplan"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateBuildCSIVolumes = newFeatureGate("BuildCSIVolumes"). + reportProblemsToJiraComponent("builds"). + contactPerson("adkaplan"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateNodeSwap = newFeatureGate("NodeSwap"). + reportProblemsToJiraComponent("node"). + contactPerson("ehashman"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateMachineAPIProviderOpenStack = newFeatureGate("MachineAPIProviderOpenStack"). + reportProblemsToJiraComponent("openstack"). + contactPerson("egarcia"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateInsightsConfigAPI = newFeatureGate("InsightsConfigAPI"). + reportProblemsToJiraComponent("insights"). + contactPerson("tremes"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateDynamicResourceAllocation = newFeatureGate("DynamicResourceAllocation"). + reportProblemsToJiraComponent("scheduling"). + contactPerson("jchaloup"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateAzureWorkloadIdentity = newFeatureGate("AzureWorkloadIdentity"). + reportProblemsToJiraComponent("cloud-credential-operator"). + contactPerson("abutcher"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateMaxUnavailableStatefulSet = newFeatureGate("MaxUnavailableStatefulSet"). + reportProblemsToJiraComponent("apps"). + contactPerson("atiratree"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateEventedPLEG = newFeatureGate("EventedPLEG"). + reportProblemsToJiraComponent("node"). + contactPerson("sairameshv"). + productScope(kubernetes). + mustRegister() + + FeatureGatePrivateHostedZoneAWS = newFeatureGate("PrivateHostedZoneAWS"). + reportProblemsToJiraComponent("Routing"). + contactPerson("miciah"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateSigstoreImageVerification = newFeatureGate("SigstoreImageVerification"). + reportProblemsToJiraComponent("node"). + contactPerson("sgrunert"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateGCPLabelsTags = newFeatureGate("GCPLabelsTags"). + reportProblemsToJiraComponent("Installer"). + contactPerson("bhb"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateAlibabaPlatform = newFeatureGate("AlibabaPlatform"). + reportProblemsToJiraComponent("cloud-provider"). + contactPerson("jspeed"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateCloudDualStackNodeIPs = newFeatureGate("CloudDualStackNodeIPs"). + reportProblemsToJiraComponent("machine-config-operator/platform-baremetal"). + contactPerson("mkowalsk"). + productScope(kubernetes). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateVSphereStaticIPs = newFeatureGate("VSphereStaticIPs"). + reportProblemsToJiraComponent("splat"). + contactPerson("rvanderp3"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateRouteExternalCertificate = newFeatureGate("RouteExternalCertificate"). + reportProblemsToJiraComponent("router"). + contactPerson("thejasn"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateAdminNetworkPolicy = newFeatureGate("AdminNetworkPolicy"). + reportProblemsToJiraComponent("Networking/ovn-kubernetes"). + contactPerson("tssurya"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateNetworkLiveMigration = newFeatureGate("NetworkLiveMigration"). + reportProblemsToJiraComponent("Networking/ovn-kubernetes"). + contactPerson("pliu"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateNetworkDiagnosticsConfig = newFeatureGate("NetworkDiagnosticsConfig"). + reportProblemsToJiraComponent("Networking/cluster-network-operator"). + contactPerson("kyrtapz"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateHardwareSpeed = newFeatureGate("HardwareSpeed"). + reportProblemsToJiraComponent("etcd"). + contactPerson("hasbro17"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateAutomatedEtcdBackup = newFeatureGate("AutomatedEtcdBackup"). + reportProblemsToJiraComponent("etcd"). + contactPerson("hasbro17"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateMachineAPIOperatorDisableMachineHealthCheckController = newFeatureGate("MachineAPIOperatorDisableMachineHealthCheckController"). + reportProblemsToJiraComponent("ecoproject"). + contactPerson("msluiter"). + productScope(ocpSpecific). + mustRegister() + + FeatureGateDNSNameResolver = newFeatureGate("DNSNameResolver"). + reportProblemsToJiraComponent("dns"). + contactPerson("miciah"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateVSphereControlPlaneMachineset = newFeatureGate("VSphereControlPlaneMachineSet"). + reportProblemsToJiraComponent("splat"). + contactPerson("rvanderp3"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateMachineConfigNodes = newFeatureGate("MachineConfigNodes"). + reportProblemsToJiraComponent("MachineConfigOperator"). + contactPerson("cdoern"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateClusterAPIInstall = newFeatureGate("ClusterAPIInstall"). + reportProblemsToJiraComponent("Installer"). + contactPerson("vincepri"). + productScope(ocpSpecific). + mustRegister() + + FeatureGateMetricsServer = newFeatureGate("MetricsServer"). + reportProblemsToJiraComponent("Monitoring"). + contactPerson("slashpai"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateInstallAlternateInfrastructureAWS = newFeatureGate("InstallAlternateInfrastructureAWS"). + reportProblemsToJiraComponent("Installer"). + contactPerson("padillon"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateGCPClusterHostedDNS = newFeatureGate("GCPClusterHostedDNS"). + reportProblemsToJiraComponent("Installer"). + contactPerson("barbacbd"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateMixedCPUsAllocation = newFeatureGate("MixedCPUsAllocation"). + reportProblemsToJiraComponent("NodeTuningOperator"). + contactPerson("titzhak"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateManagedBootImages = newFeatureGate("ManagedBootImages"). + reportProblemsToJiraComponent("MachineConfigOperator"). + contactPerson("djoshy"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateDisableKubeletCloudCredentialProviders = newFeatureGate("DisableKubeletCloudCredentialProviders"). + reportProblemsToJiraComponent("cloud-provider"). + contactPerson("jspeed"). + productScope(kubernetes). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateOnClusterBuild = newFeatureGate("OnClusterBuild"). + reportProblemsToJiraComponent("MachineConfigOperator"). + contactPerson("dkhater"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateSignatureStores = newFeatureGate("SignatureStores"). + reportProblemsToJiraComponent("Cluster Version Operator"). + contactPerson("lmohanty"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateKMSv1 = newFeatureGate("KMSv1"). + reportProblemsToJiraComponent("kube-apiserver"). + contactPerson("dgrisonnet"). + productScope(kubernetes). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGatePinnedImages = newFeatureGate("PinnedImages"). + reportProblemsToJiraComponent("MachineConfigOperator"). + contactPerson("jhernand"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateUpgradeStatus = newFeatureGate("UpgradeStatus"). + reportProblemsToJiraComponent("Cluster Version Operator"). + contactPerson("pmuller"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateTranslateStreamCloseWebsocketRequests = newFeatureGate("TranslateStreamCloseWebsocketRequests"). + reportProblemsToJiraComponent("kube-apiserver"). + contactPerson("akashem"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateVolumeGroupSnapshot = newFeatureGate("VolumeGroupSnapshot"). + reportProblemsToJiraComponent("Storage / Kubernetes External Components"). + contactPerson("fbertina"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateExternalOIDC = newFeatureGate("ExternalOIDC"). + reportProblemsToJiraComponent("authentication"). + contactPerson("stlaz"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + enableForClusterProfile(Hypershift, Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateExample = newFeatureGate("Example"). + reportProblemsToJiraComponent("cluster-config"). + contactPerson("deads"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGatePlatformOperators = newFeatureGate("PlatformOperators"). + reportProblemsToJiraComponent("olm"). + contactPerson("joe"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateNewOLM = newFeatureGate("NewOLM"). + reportProblemsToJiraComponent("olm"). + contactPerson("joe"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateExternalRouteCertificate = newFeatureGate("ExternalRouteCertificate"). + reportProblemsToJiraComponent("network-edge"). + contactPerson("miciah"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateInsightsOnDemandDataGather = newFeatureGate("InsightsOnDemandDataGather"). + reportProblemsToJiraComponent("insights"). + contactPerson("tremes"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateAlertingRules = newFeatureGate("AlertingRules"). + reportProblemsToJiraComponent("Monitoring"). + contactPerson("simon"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateBareMetalLoadBalancer = newFeatureGate("BareMetalLoadBalancer"). + reportProblemsToJiraComponent("metal"). + contactPerson("EmilienM"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateInsightsConfig = newFeatureGate("InsightsConfig"). + reportProblemsToJiraComponent("insights"). + contactPerson("tremes"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateImagePolicy = newFeatureGate("ImagePolicy"). + reportProblemsToJiraComponent("node"). + contactPerson("rphillips"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateNodeDisruptionPolicy = newFeatureGate("NodeDisruptionPolicy"). + reportProblemsToJiraComponent("MachineConfigOperator"). + contactPerson("jerzhang"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateMetricsCollectionProfiles = newFeatureGate("MetricsCollectionProfiles"). + reportProblemsToJiraComponent("Monitoring"). + contactPerson("rexagod"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() ) diff --git a/vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml deleted file mode 100644 index 75f846a3db..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] APIServer" -crd: 0000_10_config-operator_01_apiserver-Default.crd.yaml -tests: - onCreate: - - name: Should be able to create encrypt with aescbc - initial: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - encryption: - type: aescbc - expected: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - audit: - profile: Default - encryption: - type: aescbc - - name: Should be able to create encrypt with aesgcm - initial: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - encryption: - type: aesgcm - expected: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - audit: - profile: Default - encryption: - type: aesgcm - diff --git a/vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml deleted file mode 100644 index 6e966c15b4..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Authentication" -crd: 0000_10_config-operator_01_authentication.crd-Default.yaml -tests: - onCreate: - - name: Should be able to create a minimal Authentication - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} # No spec is required for a Authentication - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} - - name: Shouldn't be able to use the OIDC type in a stable version of the resource - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - expectedError: "spec.type: Unsupported value: \"OIDC\": supported values: \"\", \"None\", \"IntegratedOAuth\"" \ No newline at end of file diff --git a/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml deleted file mode 100644 index b422ebd206..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Build" -crd: 0000_10_openshift-controller-manager-operator_01_build.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Build - initial: | - apiVersion: config.openshift.io/v1 - kind: Build - spec: {} # No spec is required for a Build - expected: | - apiVersion: config.openshift.io/v1 - kind: Build - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml deleted file mode 100644 index 177e8f6917..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ClusterOperator" -crd: 0000_00_cluster-version-operator_01_clusteroperator.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ClusterOperator - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterOperator - spec: {} # No spec is required for a ClusterOperator - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterOperator - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml deleted file mode 100644 index 4c3fed149d..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml +++ /dev/null @@ -1,418 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ClusterVersion" -crd: 0000_00_cluster-version-operator_01_clusterversion-Default.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ClusterVersion - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - - name: Should allow image to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - - name: Should allow version to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - version: 4.11.1 - - name: Should allow architecture to be empty - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: "" - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: "" - version: 4.11.1 - - name: Should allow architecture and version to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - - name: Version must be set if architecture is set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - expectedError: "Version must be set if Architecture is set" - - name: Should not allow image and architecture to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities baremetal and MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities baremetal without MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability - - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities marketplace and OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities marketplace without OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - expectedError: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability - onUpdate: - - name: Should not allow image to be set if architecture set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should not allow architecture to be set if image set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, and implicitly enabled MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, with the Machine API capability - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - - name: Should not be able to add the baremetal capability with a ClusterVersion with base capability None, and without MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability - - name: Should be able to add the marketplace capability with a ClusterVersion with base capability None, and implicitly enabled OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - - name: Should be able to add the marketplace capability with a ClusterVersion with base capability None, with the OperatorLifecycleManager capability - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - - name: Should not be able to add the marketplace capability with a ClusterVersion with base capability None, and without OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - expectedError: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability diff --git a/vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml deleted file mode 100644 index 0081816fc9..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Console" -crd: 0000_10_config-operator_01_console.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Console - initial: | - apiVersion: config.openshift.io/v1 - kind: Console - spec: {} # No spec is required for a Console - expected: | - apiVersion: config.openshift.io/v1 - kind: Console - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml deleted file mode 100644 index 3054d200e6..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] DNS" -crd: 0000_10_config-operator_01_dns-Default.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal DNS - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS - expected: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} - - name: Should be able to specify an AWS role ARN for a private hosted zone - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expected: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - - name: Should not be able to specify unsupported platform - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: Azure - azure: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expectedError: "Invalid value: \"string\": allowed values are '' and 'AWS'" - - name: Should not be able to specify invalid AWS role ARN - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - metadata: - name: cluster - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam:bad:123456789012:role/foo - expectedError: "DNS.config.openshift.io \"cluster\" is invalid: spec.platform.aws.privateZoneIAMRole: Invalid value: \"arn:aws:iam:bad:123456789012:role/foo\": spec.platform.aws.privateZoneIAMRole in body should match '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\\/.*$'" - - name: Should not be able to specify different type and platform - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expectedError: "Invalid value: \"object\": aws configuration is required when platform is AWS, and forbidden otherwise" - onUpdate: - - name: Can switch from empty (default), to AWS - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - updated: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expected: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - - name: Upgrade case is valid - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS - updated: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - expected: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - diff --git a/vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml deleted file mode 100644 index 6b6a4327a6..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] FeatureGate" -crd: 0000_10_config-operator_01_featuregate.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal FeatureGate - initial: | - apiVersion: config.openshift.io/v1 - kind: FeatureGate - spec: {} # No spec is required for a FeatureGate - expected: | - apiVersion: config.openshift.io/v1 - kind: FeatureGate - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.hypershift.authentication.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.hypershift.authentication.testsuite.yaml deleted file mode 100644 index 406bf38617..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.hypershift.authentication.testsuite.yaml +++ /dev/null @@ -1,298 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable][Hypershift] Authentication" -crd: 0000_10_config-operator_01_authentication.crd-Default-Hypershift.yaml -tests: - onCreate: - - name: Should be able to create a minimal Authentication - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} # No spec is required for a Authentication - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} - - name: Should be able to use the OIDC type - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - - name: Cannot set username claim prefix with policy NoPrefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - prefix: - prefixString: "myoidc:" - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set username claim prefix with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - - name: Cannot leave username claim prefix blank with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set OIDC providers with no username prefixing - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - onUpdate: - - name: Updating OIDC provider with a client that's not in the status - initial: &initConfig | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: dif-namespace # new client here - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating OIDC provider with a client that's different from the previous one - initial: *initConfig - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: dif-namespace - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating previously existing client - initial: *initConfig - updated: &prevExistingUpdated | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *prevExistingUpdated - - name: Removing a configured client from the status (== component unregister) - initial: *initConfig - updated: &removeFromStatus | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *removeFromStatus - - name: Simply add a valid client - initial: *initConfig - updated: &addClient | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: namespace2 - componentName: name3 - clientID: justavalidclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *addClient - - name: Remove all oidcProviders - initial: *initConfig - updated: &removeFromStatus | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - status: - oidcClients: - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *removeFromStatus diff --git a/vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml deleted file mode 100644 index 6bfbb820ff..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Image" -crd: 0000_10_config-operator_01_image.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Image - initial: | - apiVersion: config.openshift.io/v1 - kind: Image - spec: {} # No spec is required for a Image - expected: | - apiVersion: config.openshift.io/v1 - kind: Image - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml deleted file mode 100644 index bffdb6bcda..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ImageContentPolicy" -crd: 0000_10_config-operator_01_imagecontentpolicy.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImageContentPolicy - initial: | - apiVersion: config.openshift.io/v1 - kind: ImageContentPolicy - spec: {} # No spec is required for a ImageContentPolicy - expected: | - apiVersion: config.openshift.io/v1 - kind: ImageContentPolicy - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml deleted file mode 100644 index c25b1696bc..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ImageDigestMirrorSet" -crd: 0000_10_config-operator_01_imagedigestmirrorset.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImageDigestMirrorSet - initial: | - apiVersion: config.openshift.io/v1 - kind: ImageDigestMirrorSet - spec: {} # No spec is required for a ImageDigestMirrorSet - expected: | - apiVersion: config.openshift.io/v1 - kind: ImageDigestMirrorSet - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml deleted file mode 100644 index de91eb2c59..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ImageTagMirrorSet" -crd: 0000_10_config-operator_01_imagetagmirrorset.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImageTagMirrorSet - initial: | - apiVersion: config.openshift.io/v1 - kind: ImageTagMirrorSet - spec: {} # No spec is required for a ImageTagMirrorSet - expected: | - apiVersion: config.openshift.io/v1 - kind: ImageTagMirrorSet - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml deleted file mode 100644 index 9d0861b68b..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml +++ /dev/null @@ -1,1262 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Infrastructure" -crd: 0000_10_config-operator_01_infrastructure-Default.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Infrastructure - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} # No spec is required for a Infrastructure - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - - name: Should be able to pass 2 IP addresses to apiServerInternalIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - apiServerInternalIPs: - - 192.0.2.1 - - "2001:db8::1" - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - apiServerInternalIPs: - - 192.0.2.1 - - "2001:db8::1" - - name: Should not be able to pass not-an-IP to apiServerInternalIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - apiServerInternalIPs: - - not-an-ip-address - expectedError: "Invalid value: \"not-an-ip-address\"" - - name: Should not be able to pass 2 IPv4 addresses to apiServerInternalIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - apiServerInternalIPs: - - 192.0.2.1 - - 192.0.2.2 - expectedError: "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" - - name: Should not be able to pass 2 IPv6 addresses to apiServerInternalIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - apiServerInternalIPs: - - "2001:db8::1" - - "2001:db8::2" - expectedError: "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" - - name: Should not be able to pass more than 2 entries to apiServerInternalIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - apiServerInternalIPs: - - 192.0.2.1 - - "2001:db8::1" - - 192.0.2.2 - expectedError: "Too many: 3: must have at most 2 items" - - name: Should be able to pass 2 IP addresses to ingressIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - ingressIPs: - - 192.0.2.1 - - "2001:db8::1" - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - ingressIPs: - - 192.0.2.1 - - "2001:db8::1" - - name: Should not be able to pass not-an-IP to ingressIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - ingressIPs: - - not-an-ip-address - expectedError: "Invalid value: \"not-an-ip-address\"" - - name: Should not be able to pass 2 IPv4 addresses to ingressIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - ingressIPs: - - 192.0.2.1 - - 192.0.2.2 - expectedError: "ingressIPs must contain at most one IPv4 address and at most one IPv6 address" - - name: Should not be able to pass 2 IPv6 addresses to ingressIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - ingressIPs: - - "2001:db8::1" - - "2001:db8::2" - expectedError: "ingressIPs must contain at most one IPv4 address and at most one IPv6 address" - - name: Should not be able to pass more than 2 entries to ingressIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - ingressIPs: - - 192.0.2.1 - - "2001:db8::1" - - 192.0.2.2 - expectedError: "Too many: 3: must have at most 2 items" - - name: Should be able to pass 2 IP subnets addresses to machineNetworks in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - machineNetworks: - - "192.0.2.0/24" - - "2001:db8::0/32" - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - machineNetworks: - - "192.0.2.0/24" - - "2001:db8::0/32" - - name: Should not be able to pass not-a-CIDR to machineNetworks in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - machineNetworks: - - 192.0.2.1 - expectedError: "Invalid value: \"192.0.2.1\"" - onUpdate: - - name: Should be able to change External platformName from unknown to something else - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: External - external: - platformName: Unknown - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: External - external: - platformName: M&PCloud - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: External - external: - platformName: M&PCloud - - name: Should not be able to change External platformName once it was set - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: External - external: - platformName: M&PCloud - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: External - external: - platformName: SomeOtherCoolplatformName - expectedError: " spec.platformSpec.external.platformName: Invalid value: \"string\": platform name cannot be changed once set" - - name: Should not be able to modify an existing Azure ResourceTags Tag - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: Azure - platformStatus: - type: Azure - azure: - resourceTags: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: - resourceTags: - - {key: "key", value: "changed"} - expectedStatusError: "status.platformStatus.azure.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to add a Tag to an existing Azure ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: Azure - platformStatus: - type: Azure - azure: - resourceTags: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: - resourceTags: - - {key: "key", value: "value"} - - {key: "new", value: "entry"} - expectedStatusError: "status.platformStatus.azure.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to remove a Tag from an existing Azure ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: - resourceTags: - - {key: "key", value: "value"} - - {key: "new", value: "entry"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: - resourceTags: - - {key: "key", value: "value"} - expectedStatusError: "status.platformStatus.azure.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to add Azure ResourceTags to an empty platformStatus.azure - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - azure: - resourceTags: - - {key: "key", value: "value"} - expectedStatusError: "status.platformStatus.azure: Invalid value: \"object\": resourceTags may only be configured during installation" - - name: Should not be able to remove Azure ResourceTags from platformStatus.azure - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: - resourceTags: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: {} - expectedStatusError: "status.platformStatus.azure: Invalid value: \"object\": resourceTags may only be configured during installation" - - name: Should be able to modify the ResourceGroupName while Azure ResourceTags are present - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: - resourceGroupName: foo - resourceTags: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - azure: - resourceGroupName: bar - resourceTags: - - {key: "key", value: "value"} - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - cpuPartitioning: None - platform: Azure - platformStatus: - azure: - resourceGroupName: bar - resourceTags: - - {key: "key", value: "value"} - - name: PowerVS platform status's resourceGroup length should not exceed the max length set - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - resourceGroup: resource-group - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - resourceGroup: resource-group-should-not-accept-the-string-that-exceeds-max-length-set - expectedStatusError: "status.platformStatus.powervs.resourceGroup: Too long: may not be longer than 40" - - name: PowerVS platform status's resourceGroup should match the regex configured - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - resourceGroup: resource-group - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - resourceGroup: re$ource-group - expectedStatusError: "status.platformStatus.powervs.resourceGroup in body should match '^[a-zA-Z0-9-_ ]+$'" - - name: Should not be able to change PowerVS platform status's resourceGroup once it was set - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - resourceGroup: resource-group - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - resourceGroup: other-resource-group-name - expectedStatusError: "status.platformStatus.powervs.resourceGroup: Invalid value: \"string\": resourceGroup is immutable once set" - - name: Should not be able to unset PowerVS platform status's resourceGroup once it was set - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - region: some-region - resourceGroup: resource-group - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - region: some-region - expectedStatusError: "status.platformStatus.powervs: Invalid value: \"object\": cannot unset resourceGroup once set" - - name: Should set load balancer type to OpenShiftManagedDefault if not specified - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - status: - platform: OpenStack - platformStatus: - openstack: {} - type: OpenStack - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: OpenStack - platformStatus: - openstack: - loadBalancer: - type: OpenShiftManagedDefault - type: OpenStack - - name: Should be able to override the default load balancer with a valid value - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - status: - platform: OpenStack - platformStatus: - openstack: - loadBalancer: - type: UserManaged - type: OpenStack - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: OpenStack - platformStatus: - openstack: - loadBalancer: - type: UserManaged - type: OpenStack - - name: Should not allow changing the immutable load balancer type field - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: OpenStack - platformStatus: - openstack: - loadBalancer: - type: OpenShiftManagedDefault - type: OpenStack - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: OpenStack - openstack: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: OpenStack - platformStatus: - openstack: - loadBalancer: - type: UserManaged - type: OpenStack - expectedStatusError: "status.platformStatus.openstack.loadBalancer.type: Invalid value: \"string\": type is immutable once set" - - name: Should not allow removing the immutable load balancer type field that was initially set - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: OpenStack - platformStatus: - openstack: - loadBalancer: - type: UserManaged - type: OpenStack - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: OpenStack - openstack: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: OpenStack - platformStatus: - openstack: {} - type: OpenStack - expectedStatusError: "status.platformStatus.openstack.loadBalancer.type: Invalid value: \"string\": type is immutable once set" - - name: Should not allow setting the load balancer type to a wrong value - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - status: - platform: OpenStack - platformStatus: - openstack: - loadBalancer: - type: FooBar - type: OpenStack - expectedStatusError: "status.platformStatus.openstack.loadBalancer.type: Unsupported value: \"FooBar\": supported values: \"OpenShiftManagedDefault\", \"UserManaged\"" - - name: Should not be able to update cloudControllerManager state to empty string when state is already set to None - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platformStatus: - external: - cloudControllerManager: - state: "" - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should not be able to update cloudControllerManager state to External when state is already set to None - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should be able to update cloudControllerManager state to None when state is already set to None - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - cpuPartitioning: None - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - - name: Should not be able to unset cloudControllerManager state when state is already set to None - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" - - name: Should not be able to update cloudControllerManager state to empty string when state is already set to External - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should not be able to update cloudControllerManager state to None when state is already set to External - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should be able to update cloudControllerManager state to External when state is already set to External - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - cpuPartitioning: None - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - - name: Should not be able to unset cloudControllerManager state when state is already set to External - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" - - name: Should not be able to update cloudControllerManager state to None when state is already set to empty string - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should not be able to update cloudControllerManager state to External when state is already set to empty string - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should be able to update cloudControllerManager state to empty string when state is already set to empty string - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - cpuPartitioning: None - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - - name: Should not be able to unset cloudControllerManager state when state is already set to empty string - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" - - name: Should be able to update cloudControllerManager state to None when cloudControllerManager state is unset - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - cpuPartitioning: None - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - - name: Should be able to update cloudControllerManager state to empty string when cloudControllerManager state is unset - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - cpuPartitioning: None - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - - name: Should not be able to update cloudControllerManager state to External when cloudControllerManager state is unset - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" - - name: Should be able to unset cloudControllerManager state when cloudControllerManager state is unset - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - cpuPartitioning: None - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - - name: Should not be able to add cloudControllerManager when cloudControllerManager is unset - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - expectedStatusError: " status.platformStatus.external: Invalid value: \"object\": cloudControllerManager may not be added or removed once set" - - name: Should not be able to remove cloudControllerManager when cloudControllerManager is set - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: {} - expectedStatusError: " status.platformStatus.external: Invalid value: \"object\": cloudControllerManager may not be added or removed once set" - - name: Should be able to add valid (URL) ServiceEndpoints to IBMCloud PlatformStatus - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: [] - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: - - name: VPC - url: https://dummy.vpc.com - - name: COS - url: https://dummy.cos.com - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: - - name: VPC - url: https://dummy.vpc.com - - name: COS - url: https://dummy.cos.com - - name: Should not be able to add empty (URL) ServiceEndpoints to IBMCloud PlatformStatus - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: [] - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: - - name: COS - url: " " - expectedStatusError: " status.platformStatus.ibmcloud.serviceEndpoints[0].url: Invalid value: \"string\": url must be a valid absolute URL" - - name: Should not be able to add invalid (URL) ServiceEndpoints to IBMCloud PlatformStatus - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: [] - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: - - name: VPC - url: https://dummy.vpc.com - - name: COS - url: dummy-cos-com - expectedStatusError: " status.platformStatus.ibmcloud.serviceEndpoints[1].url: Invalid value: \"string\": url must be a valid absolute URL" - - name: Should not be able to add invalid (Name) ServiceEndpoints to IBMCloud PlatformStatus - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: [] - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: - - name: VPC - url: https://dummy.vpc.com - - name: BadService - url: https://bad-service.com - expectedStatusError: " status.platformStatus.ibmcloud.serviceEndpoints[1].name: Unsupported value: \"BadService\": supported values: \"CIS\", \"COS\", \"DNSServices\", \"GlobalSearch\", \"GlobalTagging\", \"HyperProtect\", \"IAM\", \"KeyProtect\", \"ResourceController\", \"ResourceManager\", \"VPC\"" diff --git a/vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml deleted file mode 100644 index 90d48e8965..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Ingress" -crd: 0000_10_config-operator_01_ingress.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Ingress - initial: | - apiVersion: config.openshift.io/v1 - kind: Ingress - spec: {} # No spec is required for a Ingress - expected: | - apiVersion: config.openshift.io/v1 - kind: Ingress - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml deleted file mode 100644 index c85d122a65..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Network" -crd: 0000_10_config-operator_01_network-Default.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Network - initial: | - apiVersion: config.openshift.io/v1 - kind: Network - spec: {} # No spec is required for a Network - expected: | - apiVersion: config.openshift.io/v1 - kind: Network - spec: {} - - name: Should be able to set status conditions - initial: | - apiVersion: config.openshift.io/v1 - kind: Network - spec: {} # No spec is required for a Network - status: - conditions: - - type: NetworkTypeMigrationInProgress - status: "False" - reason: "Reason" - message: "Message" - lastTransitionTime: "2023-10-25T12:00:00Z" - expected: | - apiVersion: config.openshift.io/v1 - kind: Network - spec: {} - status: - conditions: - - type: NetworkTypeMigrationInProgress - status: "False" - reason: "Reason" - message: "Message" - lastTransitionTime: "2023-10-25T12:00:00Z" diff --git a/vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml deleted file mode 100644 index d6502600bc..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Node" -crd: 0000_10_config-operator_01_node.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Node - initial: | - apiVersion: config.openshift.io/v1 - kind: Node - spec: {} # No spec is required for a Node - expected: | - apiVersion: config.openshift.io/v1 - kind: Node - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml deleted file mode 100644 index d33d2bc1b1..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] OAuth" -crd: 0000_10_config-operator_01_oauth.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal OAuth - initial: | - apiVersion: config.openshift.io/v1 - kind: OAuth - spec: {} # No spec is required for a OAuth - expected: | - apiVersion: config.openshift.io/v1 - kind: OAuth - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml deleted file mode 100644 index 9dd7a4c6d6..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] OperatorHub" -crd: 0000_03_marketplace-operator_01_operatorhub.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal OperatorHub - initial: | - apiVersion: config.openshift.io/v1 - kind: OperatorHub - spec: {} # No spec is required for a OperatorHub - expected: | - apiVersion: config.openshift.io/v1 - kind: OperatorHub - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml deleted file mode 100644 index 0144ad32f2..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Project" -crd: 0000_10_config-operator_01_project.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Project - initial: | - apiVersion: config.openshift.io/v1 - kind: Project - spec: {} # No spec is required for a Project - expected: | - apiVersion: config.openshift.io/v1 - kind: Project - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml deleted file mode 100644 index d49b83247a..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Proxy" -crd: 0000_03_config-operator_01_proxy.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Proxy - initial: | - apiVersion: config.openshift.io/v1 - kind: Proxy - spec: {} # No spec is required for a Proxy - expected: | - apiVersion: config.openshift.io/v1 - kind: Proxy - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml deleted file mode 100644 index d9333b558c..0000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Scheduler" -crd: 0000_10_config-operator_01_scheduler.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Scheduler - initial: | - apiVersion: config.openshift.io/v1 - kind: Scheduler - spec: {} # No spec is required for a Scheduler - expected: | - apiVersion: config.openshift.io/v1 - kind: Scheduler - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.apiserver.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.apiserver.testsuite.yaml deleted file mode 100644 index 74aa92b470..0000000000 --- a/vendor/github.com/openshift/api/config/v1/techpreview.apiserver.testsuite.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] APIServer" -crd: 0000_10_config-operator_01_apiserver-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create encrypt with aescbc - initial: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - encryption: - type: aescbc - expected: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - audit: - profile: Default - encryption: - type: aescbc - - name: Should be able to create encrypt with aesgcm - initial: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - encryption: - type: aesgcm - expected: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - audit: - profile: Default - encryption: - type: aesgcm diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.authentication.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.authentication.testsuite.yaml deleted file mode 100644 index 9d978fcf5b..0000000000 --- a/vendor/github.com/openshift/api/config/v1/techpreview.authentication.testsuite.yaml +++ /dev/null @@ -1,298 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] Authentication" -crd: 0000_10_config-operator_01_authentication.crd-TechPreviewNoUpgrade.yaml -tests: - onCreate: - - name: Should be able to create a minimal Authentication - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} # No spec is required for a Authentication - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} - - name: Should be able to use the OIDC type - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - - name: Cannot set username claim prefix with policy NoPrefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - prefix: - prefixString: "myoidc:" - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set username claim prefix with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - - name: Cannot leave username claim prefix blank with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set OIDC providers with no username prefixing - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - onUpdate: - - name: Updating OIDC provider with a client that's not in the status - initial: &initConfig | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: dif-namespace # new client here - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating OIDC provider with a client that's different from the previous one - initial: *initConfig - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: dif-namespace - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating previously existing client - initial: *initConfig - updated: &prevExistingUpdated | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *prevExistingUpdated - - name: Removing a configured client from the status (== component unregister) - initial: *initConfig - updated: &removeFromStatus | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *removeFromStatus - - name: Simply add a valid client - initial: *initConfig - updated: &addClient | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: namespace2 - componentName: name3 - clientID: justavalidclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *addClient - - name: Remove all oidcProviders - initial: *initConfig - updated: &removeFromStatus | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - status: - oidcClients: - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *removeFromStatus diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.clusterversion.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.clusterversion.testsuite.yaml deleted file mode 100644 index 71988108e5..0000000000 --- a/vendor/github.com/openshift/api/config/v1/techpreview.clusterversion.testsuite.yaml +++ /dev/null @@ -1,472 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] ClusterVersion" -crd: 0000_00_cluster-version-operator_01_clusterversion-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ClusterVersion - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - - name: Should allow image to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - - name: Should allow version to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - version: 4.11.1 - - name: Should allow architecture to be empty - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: "" - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: "" - version: 4.11.1 - - name: Should allow architecture and version to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - - name: Version must be set if architecture is set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - expectedError: "Version must be set if Architecture is set" - - name: Should not allow image and architecture to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities baremetal and MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities baremetal without MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability - - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities marketplace and OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities marketplace without OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - expectedError: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability - - name: Should be able to set a custom signature store - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus.ocp.com" - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus.ocp.com" - - name: Should be able to set multiple custom signature store - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus1.ocp.com" - - url: "https://osus2.ocp.com" - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus1.ocp.com" - - url: "https://osus2.ocp.com" - - name: Invalid custom signature store should throw error - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "osus1.ocp.com" - expectedError: "url must be a valid absolute URL" - - name: Should be able to unset the signature stores - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: [] - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: [] - onUpdate: - - name: Should not allow image to be set if architecture set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should not allow architecture to be set if image set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, and implicitly enabled MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, with the Machine API capability - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - - name: Should not be able to add the baremetal capability with a ClusterVersion with base capability None, and without MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability - - name: Should be able to add the marketplace capability with a ClusterVersion with base capability None, and implicitly enabled OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - - name: Should be able to add the marketplace capability with a ClusterVersion with base capability None, with the OperatorLifecycleManager capability - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - - name: Should not be able to add the marketplace capability with a ClusterVersion with base capability None, and without OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - expectedError: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.dns.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.dns.testsuite.yaml deleted file mode 100644 index ec64352e35..0000000000 --- a/vendor/github.com/openshift/api/config/v1/techpreview.dns.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreview] DNS" -crd: 0000_10_config-operator_01_dns-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal DNS - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS - expected: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml deleted file mode 100644 index d4a1113f01..0000000000 --- a/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml +++ /dev/null @@ -1,749 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] Infrastructure" -crd: 0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Infrastructure - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} # No spec is required for a Infrastructure - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - onUpdate: - - name: Status Should contain default fields - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: {} - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - controlPlaneTopology: HighlyAvailable - - name: Status update cpuPartitioning should fail validation check - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - cpuPartitioning: None - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - cpuPartitioning: "Invalid" - expectedStatusError: 'status.cpuPartitioning: Unsupported value: "Invalid": supported values: "None", "AllNodes"' - - name: Should set load balancer type to OpenShiftManagedDefault if not specified - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - status: - platform: BareMetal - platformStatus: - baremetal: {} - type: BareMetal - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: BareMetal - platformStatus: - baremetal: - loadBalancer: - type: OpenShiftManagedDefault - type: BareMetal - - name: Should be able to override the default load balancer with a valid value - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - status: - platform: BareMetal - platformStatus: - baremetal: - loadBalancer: - type: UserManaged - type: BareMetal - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: BareMetal - platformStatus: - baremetal: - loadBalancer: - type: UserManaged - type: BareMetal - - name: Should not allow changing the immutable load balancer type field - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: BareMetal - platformStatus: - baremetal: - loadBalancer: - type: OpenShiftManagedDefault - type: BareMetal - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: BareMetal - platformStatus: - baremetal: - loadBalancer: - type: UserManaged - type: BareMetal - expectedStatusError: "status.platformStatus.baremetal.loadBalancer.type: Invalid value: \"string\": type is immutable once set" - - name: Should not allow removing the immutable load balancer type field that was initially set - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: BareMetal - platformStatus: - baremetal: - loadBalancer: - type: UserManaged - type: BareMetal - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: BareMetal - platformStatus: - baremetal: {} - type: BareMetal - expectedStatusError: "status.platformStatus.baremetal.loadBalancer.type: Invalid value: \"string\": type is immutable once set" - - name: Should not allow setting the load balancer type to a wrong value - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - status: - platform: BareMetal - platformStatus: - baremetal: - loadBalancer: - type: FooBar - type: BareMetal - expectedStatusError: "status.platformStatus.baremetal.loadBalancer.type: Unsupported value: \"FooBar\": supported values: \"OpenShiftManagedDefault\", \"UserManaged\"" - - name: Should not be able to modify an existing GCP ResourceLabels Label - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "changed"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" - - name: Should not be able to add a Label to an existing GCP ResourceLabels - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "new", value: "entry"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" - - name: Should not be able to remove a Label from an existing GCP ResourceLabels - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "new", value: "entry"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" - - name: Should not be able to add GCP ResourceLabels to an empty platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - gcp: - resourceLabels: - - {key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" - - name: Should not be able to remove GCP ResourceLabels from platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" - - name: Should not have label key start with openshift-io for GCP ResourceLabels in platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "openshift-io-created-cluster", value: "true"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" - - name: Should not have label key start with kubernetes-io for GCP ResourceLabels in platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "kubernetes-io-created-cluster", value: "true"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" - - name: Should not be able to modify an existing GCP ResourceTags Tag - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "changed"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to add a Tag to an existing GCP ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - - {parentID: "test-project-123", key: "new", value: "tag"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to remove a Tag from an existing GCP ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key1", value: "value1"} - - {parentID: "test-project-123", key: "key2", value: "value2"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key1", value: "value1"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to add GCP ResourceTags to an empty platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" - - name: Should not be able to remove GCP ResourceTags from platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" - - name: Should not be able to modify ParentID of a Tag in the GCP ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "test-project-123", key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: dnsType should default to `PlatformDefault` when not specified - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - gcp: {} - type: GCP - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: {} - type: GCP - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: {} - type: GCP - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: PlatformDefault - type: GCP - - name: should be able to set dnsType to non-default value of `ClusterHosted` - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - gcp: {} - type: GCP - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: ClusterHosted - type: GCP - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: ClusterHosted - type: GCP - - name: Should not allow changing the immutable dnsType field - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - gcp: {} - type: GCP - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: ClusterHosted - clusterHosted: - apiIntLoadBalancerIPs: - - 10.10.10.20 - type: GCP - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: PlatformDefault - type: GCP - expectedStatusError: "status.platformStatus.gcp.cloudLoadBalancerConfig.dnsType: Invalid value: \"string\": dnsType is immutable" - - name: Should not accept non-IP address values for Load Balancer IPs - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - gcp: {} - type: GCP - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: ClusterHosted - clusterHosted: - apiIntLoadBalancerIPs: - - 10.10.10.20 - type: GCP - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: ClusterHosted - clusterHosted: - apiIntLoadBalancerIPs: - - 10.10.10.20 - - not-an-ip-address - type: GCP - expectedStatusError: "status.platformStatus.gcp.cloudLoadBalancerConfig.clusterHosted.apiIntLoadBalancerIPs[1]: Invalid value: \"not-an-ip-address\": status.platformStatus.gcp.cloudLoadBalancerConfig.clusterHosted.apiIntLoadBalancerIPs[1] in body should match '(^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*)'" - - name: Should not accept update when `clusterHosted` is specified with DNSType `PlatformDefault` - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - gcp: {} - type: GCP - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: {} - type: GCP - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: PlatformDefault - clusterHosted: - apiIntLoadBalancerIPs: - - 10.10.10.20 - type: GCP - expectedStatusError: "status.platformStatus.gcp.cloudLoadBalancerConfig: Invalid value: \"object\": clusterHosted is permitted only when dnsType is ClusterHosted" - - name: Should not accept duplicate IP addresses for any of the Load Balancer IPs - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - gcp: {} - type: GCP - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: ClusterHosted - clusterHosted: - apiIntLoadBalancerIPs: - - 10.10.10.20 - - 10.10.20.20 - - 10.10.10.20 - type: GCP - expectedStatusError: "status.platformStatus.gcp.cloudLoadBalancerConfig.clusterHosted.apiIntLoadBalancerIPs[2]: Duplicate value: \"10.10.10.20\"" diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.network.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.network.testsuite.yaml deleted file mode 100644 index d15fae3a90..0000000000 --- a/vendor/github.com/openshift/api/config/v1/techpreview.network.testsuite.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] Network" -crd: 0000_10_config-operator_01_network-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to set status conditions - initial: | - apiVersion: config.openshift.io/v1 - kind: Network - spec: {} # No spec is required for a Network - status: - conditions: - - type: NetworkTypeMigrationInProgress - status: "False" - reason: "Reason" - message: "Message" - lastTransitionTime: "2023-10-25T12:00:00Z" - expected: | - apiVersion: config.openshift.io/v1 - kind: Network - spec: {} - status: - conditions: - - type: NetworkTypeMigrationInProgress - status: "False" - reason: "Reason" - message: "Message" - lastTransitionTime: "2023-10-25T12:00:00Z" diff --git a/vendor/github.com/openshift/api/config/v1/types_apiserver.go b/vendor/github.com/openshift/api/config/v1/types_apiserver.go index 59b89388bd..bdae466892 100644 --- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go +++ b/vendor/github.com/openshift/api/config/v1/types_apiserver.go @@ -14,6 +14,11 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=apiservers,scope=Cluster +// +kubebuilder:subresource:status type APIServer struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index b53aff173f..b3dfa61b51 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -4,15 +4,19 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +genclient // +genclient:nonNamespaced -// +kubebuilder:subresource:status // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +openshift:validation:FeatureSetAwareXValidation:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,rule="!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace == specC.componentNamespace && statusC.componentName == specC.componentName) || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, oldC.componentNamespace == specC.componentNamespace && oldC.componentName == specC.componentName)))))",message="all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC,rule="!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace == specC.componentNamespace && statusC.componentName == specC.componentName) || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, oldC.componentNamespace == specC.componentNamespace && oldC.componentName == specC.componentName)))))",message="all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" // Authentication specifies cluster-wide settings for authentication (like OAuth and // webhook token authenticators). The canonical name of an instance is `cluster`. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=authentications,scope=Cluster +// +kubebuilder:subresource:status type Authentication struct { metav1.TypeMeta `json:",inline"` @@ -85,7 +89,7 @@ type AuthenticationSpec struct { // +listType=map // +listMapKey=name // +kubebuilder:validation:MaxItems=1 - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +openshift:enable:FeatureGate=ExternalOIDC OIDCProviders []OIDCProvider `json:"oidcProviders,omitempty"` } @@ -112,7 +116,7 @@ type AuthenticationStatus struct { // +listMapKey=componentNamespace // +listMapKey=componentName // +kubebuilder:validation:MaxItems=20 - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +openshift:enable:FeatureGate=ExternalOIDC OIDCClients []OIDCClientStatus `json:"oidcClients"` } @@ -130,8 +134,8 @@ type AuthenticationList struct { Items []Authentication `json:"items"` } -// +openshift:validation:FeatureSetAwareEnum:featureSet=Default,enum="";None;IntegratedOAuth -// +openshift:validation:FeatureSetAwareEnum:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,enum="";None;IntegratedOAuth;OIDC +// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum="";None;IntegratedOAuth +// +openshift:validation:FeatureGateAwareEnum:featureGate=ExternalOIDC,enum="";None;IntegratedOAuth;OIDC type AuthenticationType string const ( @@ -240,7 +244,8 @@ type TokenIssuer struct { // // +listType=set // +kubebuilder:validation:Required - // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 // +required Audiences []TokenAudience `json:"audiences"` diff --git a/vendor/github.com/openshift/api/config/v1/types_build.go b/vendor/github.com/openshift/api/config/v1/types_build.go index e9aef0375b..dad47666db 100644 --- a/vendor/github.com/openshift/api/config/v1/types_build.go +++ b/vendor/github.com/openshift/api/config/v1/types_build.go @@ -16,6 +16,12 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=openshift-controller-manager,operatorOrdering=01 +// +openshift:capability=Build +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=builds,scope=Cluster +// +kubebuilder:subresource:status type Build struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go index 78666bb1eb..7951762ccd 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go @@ -15,6 +15,17 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/497 +// +openshift:file-pattern=cvoRunLevel=0000_00,operatorName=cluster-version-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clusteroperators,scope=Cluster,shortName=co +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name=Version,JSONPath=.status.versions[?(@.name=="operator")].version,type=string,description=The version the operator is at. +// +kubebuilder:printcolumn:name=Available,JSONPath=.status.conditions[?(@.type=="Available")].status,type=string,description=Whether the operator is running and stable. +// +kubebuilder:printcolumn:name=Progressing,JSONPath=.status.conditions[?(@.type=="Progressing")].status,type=string,description=Whether the operator is processing changes. +// +kubebuilder:printcolumn:name=Degraded,JSONPath=.status.conditions[?(@.type=="Degraded")].status,type=string,description=Whether the operator is degraded. +// +kubebuilder:printcolumn:name=Since,JSONPath=.status.conditions[?(@.type=="Available")].lastTransitionTime,type=date,description=The time the operator's Available status last changed. +// +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true type ClusterOperator struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 0ceedbab45..2b8c302134 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -13,8 +13,19 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/495 +// +openshift:file-pattern=cvoRunLevel=0000_00,operatorName=cluster-version-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=clusterversions,scope=Cluster // +kubebuilder:validation:XValidation:rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'baremetal' in self.spec.capabilities.additionalEnabledCapabilities ? 'MachineAPI' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'MachineAPI' in self.status.capabilities.enabledCapabilities) : true",message="the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability" // +kubebuilder:validation:XValidation:rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'marketplace' in self.spec.capabilities.additionalEnabledCapabilities ? 'OperatorLifecycleManager' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'OperatorLifecycleManager' in self.status.capabilities.enabledCapabilities) : true",message="the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability" +// +kubebuilder:printcolumn:name=Version,JSONPath=.status.history[?(@.state=="Completed")].version,type=string +// +kubebuilder:printcolumn:name=Available,JSONPath=.status.conditions[?(@.type=="Available")].status,type=string +// +kubebuilder:printcolumn:name=Progressing,JSONPath=.status.conditions[?(@.type=="Progressing")].status,type=string +// +kubebuilder:printcolumn:name=Since,JSONPath=.status.conditions[?(@.type=="Progressing")].lastTransitionTime,type=date +// +kubebuilder:printcolumn:name=Status,JSONPath=.status.conditions[?(@.type=="Progressing")].message,type=string +// +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true type ClusterVersion struct { metav1.TypeMeta `json:",inline"` @@ -100,7 +111,7 @@ type ClusterVersionSpec struct { // // A maximum of 32 signature stores may be configured. // +kubebuilder:validation:MaxItems=32 - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +openshift:enable:FeatureGate=SignatureStores // +listType=map // +listMapKey=url // +optional @@ -278,7 +289,7 @@ const ( ) // ClusterVersionCapability enumerates optional, core cluster components. -// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential +// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager type ClusterVersionCapability string const ( @@ -376,6 +387,25 @@ const ( // ClusterVersionCapabilityCloudCredential manages credentials for cloud providers // in openshift cluster ClusterVersionCapabilityCloudCredential ClusterVersionCapability = "CloudCredential" + + // ClusterVersionCapabilityIngress manages the cluster ingress operator + // which is responsible for running the ingress controllers (including OpenShift router). + // + // The following CRDs are part of the capability as well: + // IngressController + // DNSRecord + // GatewayClass + // Gateway + // HTTPRoute + // ReferenceGrant + // + // WARNING: This capability cannot be disabled on the standalone OpenShift. + ClusterVersionCapabilityIngress ClusterVersionCapability = "Ingress" + + // ClusterVersionCapabilityCloudControllerManager manages various Cloud Controller + // Managers deployed on top of OpenShift. They help you to work with cloud + // provider API and embeds cloud-specific control logic. + ClusterVersionCapabilityCloudControllerManager ClusterVersionCapability = "CloudControllerManager" ) // KnownClusterVersionCapabilities includes all known optional, core cluster components. @@ -394,10 +424,12 @@ var KnownClusterVersionCapabilities = []ClusterVersionCapability{ ClusterVersionCapabilityImageRegistry, ClusterVersionCapabilityOperatorLifecycleManager, ClusterVersionCapabilityCloudCredential, + ClusterVersionCapabilityIngress, + ClusterVersionCapabilityCloudControllerManager, } // ClusterVersionCapabilitySet defines sets of cluster version capabilities. -// +kubebuilder:validation:Enum=None;v4.11;v4.12;v4.13;v4.14;v4.15;vCurrent +// +kubebuilder:validation:Enum=None;v4.11;v4.12;v4.13;v4.14;v4.15;v4.16;vCurrent type ClusterVersionCapabilitySet string const ( @@ -435,6 +467,12 @@ const ( // version of OpenShift is installed. ClusterVersionCapabilitySet4_15 ClusterVersionCapabilitySet = "v4.15" + // ClusterVersionCapabilitySet4_16 is the recommended set of + // optional capabilities to enable for the 4.16 version of + // OpenShift. This list will remain the same no matter which + // version of OpenShift is installed. + ClusterVersionCapabilitySet4_16 ClusterVersionCapabilitySet = "v4.16" + // ClusterVersionCapabilitySetCurrent is the recommended set // of optional capabilities to enable for the cluster's // current version of OpenShift. @@ -501,6 +539,24 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityOperatorLifecycleManager, ClusterVersionCapabilityCloudCredential, }, + ClusterVersionCapabilitySet4_16: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, + ClusterVersionCapabilityOperatorLifecycleManager, + ClusterVersionCapabilityCloudCredential, + ClusterVersionCapabilityIngress, + ClusterVersionCapabilityCloudControllerManager, + }, ClusterVersionCapabilitySetCurrent: { ClusterVersionCapabilityBaremetal, ClusterVersionCapabilityConsole, @@ -516,6 +572,8 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityImageRegistry, ClusterVersionCapabilityOperatorLifecycleManager, ClusterVersionCapabilityCloudCredential, + ClusterVersionCapabilityIngress, + ClusterVersionCapabilityCloudControllerManager, }, } @@ -691,7 +749,6 @@ type ConditionalUpdate struct { // conditions represents the observations of the conditional update's // current status. Known types are: - // * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules. // * Recommended, for whether the update is recommended for the current cluster. // +patchMergeKey=type // +patchStrategy=merge diff --git a/vendor/github.com/openshift/api/config/v1/types_console.go b/vendor/github.com/openshift/api/config/v1/types_console.go index 928181849a..36b1696af9 100644 --- a/vendor/github.com/openshift/api/config/v1/types_console.go +++ b/vendor/github.com/openshift/api/config/v1/types_console.go @@ -14,6 +14,11 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=consoles,scope=Cluster +// +kubebuilder:subresource:status type Console struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_dns.go b/vendor/github.com/openshift/api/config/v1/types_dns.go index 5f8697673f..1875c9cddf 100644 --- a/vendor/github.com/openshift/api/config/v1/types_dns.go +++ b/vendor/github.com/openshift/api/config/v1/types_dns.go @@ -10,6 +10,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=dnses,scope=Cluster +// +kubebuilder:subresource:status type DNS struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index f608fd0bea..2efe16f4e6 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -1,8 +1,6 @@ package v1 import ( - "fmt" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -14,6 +12,11 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=featuregates,scope=Cluster +// +kubebuilder:subresource:status type FeatureGate struct { metav1.TypeMeta `json:",inline"` @@ -47,6 +50,9 @@ var ( // TopologyManager enables ToplogyManager support. Upgrades are enabled with this feature. LatencySensitive FeatureSet = "LatencySensitive" + + // AllFixedFeatureSets are the featuresets that have known featuregates. Custom doesn't for instance. LatencySensitive is dead + AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade} ) type FeatureGateSpec struct { @@ -59,6 +65,8 @@ type FeatureGateSelection struct { // Turning on or off features may cause irreversible changes in your cluster which cannot be undone. // +unionDiscriminator // +optional + // +kubebuilder:validation:XValidation:rule="oldSelf == 'CustomNoUpgrade' ? self == 'CustomNoUpgrade' : true",message="CustomNoUpgrade may not be changed" + // +kubebuilder:validation:XValidation:rule="oldSelf == 'TechPreviewNoUpgrade' ? self == 'TechPreviewNoUpgrade' : true",message="TechPreviewNoUpgrade may not be changed" FeatureSet FeatureSet `json:"featureSet,omitempty"` // customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. @@ -143,171 +151,3 @@ type FeatureGateEnabledDisabled struct { Enabled []FeatureGateDescription Disabled []FeatureGateDescription } - -// FeatureSets Contains a map of Feature names to Enabled/Disabled Feature. -// -// NOTE: The caller needs to make sure to check for the existence of the value -// using golang's existence field. A possible scenario is an upgrade where new -// FeatureSets are added and a controller has not been upgraded with a newer -// version of this file. In this upgrade scenario the map could return nil. -// -// example: -// -// if featureSet, ok := FeatureSets["SomeNewFeature"]; ok { } -// -// If you put an item in either of these lists, put your area and name on it so we can find owners. -var FeatureSets = map[FeatureSet]*FeatureGateEnabledDisabled{ - Default: defaultFeatures, - CustomNoUpgrade: { - Enabled: []FeatureGateDescription{}, - Disabled: []FeatureGateDescription{ - disableKubeletCloudCredentialProviders, // We do not currently ship the correct config to use the external credentials provider. - }, - }, - TechPreviewNoUpgrade: newDefaultFeatures(). - with(validatingAdmissionPolicy). - with(csiDriverSharedResource). - with(nodeSwap). - with(machineAPIProviderOpenStack). - with(insightsConfigAPI). - with(dynamicResourceAllocation). - with(gateGatewayAPI). - with(maxUnavailableStatefulSet). - without(eventedPleg). - with(sigstoreImageVerification). - with(gcpLabelsTags). - with(gcpClusterHostedDNS). - with(vSphereStaticIPs). - with(routeExternalCertificate). - with(automatedEtcdBackup). - without(machineAPIOperatorDisableMachineHealthCheckController). - with(adminNetworkPolicy). - with(dnsNameResolver). - with(machineConfigNodes). - with(metricsServer). - with(installAlternateInfrastructureAWS). - without(clusterAPIInstall). - with(mixedCPUsAllocation). - with(managedBootImages). - without(disableKubeletCloudCredentialProviders). - with(onClusterBuild). - with(signatureStores). - with(pinnedImages). - with(upgradeStatus). - with(translateStreamCloseWebsocketRequests). - with(volumeGroupSnapshot). - toFeatures(defaultFeatures), - LatencySensitive: newDefaultFeatures(). - toFeatures(defaultFeatures), -} - -var defaultFeatures = &FeatureGateEnabledDisabled{ - Enabled: []FeatureGateDescription{ - openShiftPodSecurityAdmission, - alibabaPlatform, // This is a bug, it should be TechPreviewNoUpgrade. This must be downgraded before 4.14 is shipped. - azureWorkloadIdentity, - cloudDualStackNodeIPs, - externalCloudProvider, - externalCloudProviderAzure, - externalCloudProviderGCP, - externalCloudProviderExternal, - privateHostedZoneAWS, - buildCSIVolumes, - kmsv1, - vSphereControlPlaneMachineset, - sdnLiveMigration, - }, - Disabled: []FeatureGateDescription{ - disableKubeletCloudCredentialProviders, // We do not currently ship the correct config to use the external credentials provider. - }, -} - -type featureSetBuilder struct { - forceOn []FeatureGateDescription - forceOff []FeatureGateDescription -} - -func newDefaultFeatures() *featureSetBuilder { - return &featureSetBuilder{} -} - -func (f *featureSetBuilder) with(forceOn FeatureGateDescription) *featureSetBuilder { - for _, curr := range f.forceOn { - if curr.FeatureGateAttributes.Name == forceOn.FeatureGateAttributes.Name { - panic(fmt.Errorf("coding error: %q enabled twice", forceOn.FeatureGateAttributes.Name)) - } - } - f.forceOn = append(f.forceOn, forceOn) - return f -} - -func (f *featureSetBuilder) without(forceOff FeatureGateDescription) *featureSetBuilder { - for _, curr := range f.forceOff { - if curr.FeatureGateAttributes.Name == forceOff.FeatureGateAttributes.Name { - panic(fmt.Errorf("coding error: %q disabled twice", forceOff.FeatureGateAttributes.Name)) - } - } - f.forceOff = append(f.forceOff, forceOff) - return f -} - -func (f *featureSetBuilder) isForcedOff(needle FeatureGateDescription) bool { - for _, forcedOff := range f.forceOff { - if needle.FeatureGateAttributes.Name == forcedOff.FeatureGateAttributes.Name { - return true - } - } - return false -} - -func (f *featureSetBuilder) isForcedOn(needle FeatureGateDescription) bool { - for _, forceOn := range f.forceOn { - if needle.FeatureGateAttributes.Name == forceOn.FeatureGateAttributes.Name { - return true - } - } - return false -} - -func (f *featureSetBuilder) toFeatures(defaultFeatures *FeatureGateEnabledDisabled) *FeatureGateEnabledDisabled { - finalOn := []FeatureGateDescription{} - finalOff := []FeatureGateDescription{} - - // only add the default enabled features if they haven't been explicitly set off - for _, defaultOn := range defaultFeatures.Enabled { - if !f.isForcedOff(defaultOn) { - finalOn = append(finalOn, defaultOn) - } - } - for _, currOn := range f.forceOn { - if f.isForcedOff(currOn) { - panic("coding error, you can't have features both on and off") - } - found := false - for _, alreadyOn := range finalOn { - if alreadyOn.FeatureGateAttributes.Name == currOn.FeatureGateAttributes.Name { - found = true - } - } - if found { - continue - } - - finalOn = append(finalOn, currOn) - } - - // only add the default disabled features if they haven't been explicitly set on - for _, defaultOff := range defaultFeatures.Disabled { - if !f.isForcedOn(defaultOff) { - finalOff = append(finalOff, defaultOff) - } - } - for _, currOff := range f.forceOff { - finalOff = append(finalOff, currOff) - } - - return &FeatureGateEnabledDisabled{ - Enabled: finalOn, - Disabled: finalOff, - } -} diff --git a/vendor/github.com/openshift/api/config/v1/types_image.go b/vendor/github.com/openshift/api/config/v1/types_image.go index 928224c0d7..74511f8640 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image.go +++ b/vendor/github.com/openshift/api/config/v1/types_image.go @@ -15,6 +15,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=images,scope=Cluster +// +kubebuilder:subresource:status type Image struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go b/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go index 3dc315f68a..f2faf1996d 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go +++ b/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go @@ -11,6 +11,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/874 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=imagecontentpolicies,scope=Cluster +// +kubebuilder:subresource:status type ImageContentPolicy struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go b/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go index 987c6cfdc4..8fa38f223b 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go +++ b/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go @@ -11,6 +11,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1126 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=imagedigestmirrorsets,scope=Cluster,shortName=idms +// +kubebuilder:subresource:status type ImageDigestMirrorSet struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go b/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go index 295522e59f..d9627b78cc 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go +++ b/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go @@ -11,6 +11,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1126 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=imagetagmirrorsets,scope=Cluster,shortName=itms +// +kubebuilder:subresource:status type ImageTagMirrorSet struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index dee43d0f6a..611ba928cb 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -13,6 +13,11 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=infrastructures,scope=Cluster +// +kubebuilder:subresource:status type Infrastructure struct { metav1.TypeMeta `json:",inline"` @@ -603,8 +608,8 @@ const ( type GCPPlatformSpec struct{} // GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider. -// +openshift:validation:FeatureSetAwareXValidation:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,rule="!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)",message="resourceLabels may only be configured during installation" -// +openshift:validation:FeatureSetAwareXValidation:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,rule="!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)",message="resourceTags may only be configured during installation" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=GCPLabelsTags,rule="!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)",message="resourceLabels may only be configured during installation" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=GCPLabelsTags,rule="!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)",message="resourceTags may only be configured during installation" type GCPPlatformStatus struct { // resourceGroupName is the Project ID for new GCP resources created for the cluster. ProjectID string `json:"projectID"` @@ -621,7 +626,7 @@ type GCPPlatformStatus struct { // +listType=map // +listMapKey=key // +optional - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +openshift:enable:FeatureGate=GCPLabelsTags ResourceLabels []GCPResourceLabel `json:"resourceLabels,omitempty"` // resourceTags is a list of additional tags to apply to GCP resources created for the cluster. @@ -632,7 +637,7 @@ type GCPPlatformStatus struct { // +listType=map // +listMapKey=key // +optional - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +openshift:enable:FeatureGate=GCPLabelsTags ResourceTags []GCPResourceTag `json:"resourceTags,omitempty"` // This field was introduced and removed under tech preview. @@ -649,7 +654,7 @@ type GCPPlatformStatus struct { // // +default={"dnsType": "PlatformDefault"} // +kubebuilder:default={"dnsType": "PlatformDefault"} - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +openshift:enable:FeatureGate=GCPClusterHostedDNS // +optional // +nullable CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` @@ -898,7 +903,7 @@ type BareMetalPlatformStatus struct { // loadBalancer defines how the load balancer used by the cluster is configured. // +default={"type": "OpenShiftManagedDefault"} // +kubebuilder:default={"type": "OpenShiftManagedDefault"} - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +openshift:enable:FeatureGate=BareMetalLoadBalancer // +optional LoadBalancer *BareMetalPlatformLoadBalancer `json:"loadBalancer,omitempty"` @@ -1105,7 +1110,7 @@ type OvirtPlatformStatus struct { // loadBalancer defines how the load balancer used by the cluster is configured. // +default={"type": "OpenShiftManagedDefault"} // +kubebuilder:default={"type": "OpenShiftManagedDefault"} - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +openshift:enable:FeatureGate=BareMetalLoadBalancer // +optional LoadBalancer *OvirtPlatformLoadBalancer `json:"loadBalancer,omitempty"` } @@ -1235,7 +1240,7 @@ type VSpherePlatformTopology struct { // VSpherePlatformFailureDomainSpec. // For example, for zone=zonea, region=region1, and infrastructure name=test, // the template path would be calculated as //vm/test-rhcos-region1-zonea. - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +openshift:enable:FeatureGate=VSphereControlPlaneMachineSet // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=2048 // +kubebuilder:validation:Pattern=`^/.*?/vm/.*?` @@ -1437,7 +1442,7 @@ type VSpherePlatformStatus struct { // loadBalancer defines how the load balancer used by the cluster is configured. // +default={"type": "OpenShiftManagedDefault"} // +kubebuilder:default={"type": "OpenShiftManagedDefault"} - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +openshift:enable:FeatureGate=BareMetalLoadBalancer // +optional LoadBalancer *VSpherePlatformLoadBalancer `json:"loadBalancer,omitempty"` @@ -1830,7 +1835,7 @@ type NutanixPlatformStatus struct { // loadBalancer defines how the load balancer used by the cluster is configured. // +default={"type": "OpenShiftManagedDefault"} // +kubebuilder:default={"type": "OpenShiftManagedDefault"} - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +openshift:enable:FeatureGate=BareMetalLoadBalancer // +optional LoadBalancer *NutanixPlatformLoadBalancer `json:"loadBalancer,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_ingress.go b/vendor/github.com/openshift/api/config/v1/types_ingress.go index e518f6765e..e58ad7f00b 100644 --- a/vendor/github.com/openshift/api/config/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/config/v1/types_ingress.go @@ -13,6 +13,11 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=ingresses,scope=Cluster +// +kubebuilder:subresource:status type Ingress struct { metav1.TypeMeta `json:",inline"` @@ -164,20 +169,20 @@ const ( // +kubebuilder:validation:MaxLength=512 type ConsumingUser string -// Hostname is an alias for hostname string validation. -// -// The left operand of the | is the original kubebuilder hostname validation format, which is incorrect because it -// allows upper case letters, disallows hyphen or number in the TLD, and allows labels to start/end in non-alphanumeric -// characters. See https://bugzilla.redhat.com/show_bug.cgi?id=2039256. -// ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$ -// -// The right operand of the | is a new pattern that mimics the current API route admission validation on hostname, -// except that it allows hostnames longer than the maximum length: -// ^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ -// -// Both operand patterns are made available so that modifications on ingress spec can still happen after an invalid hostname -// was saved via validation by the incorrect left operand of the | operator. -// +// Hostname is a host name as defined by RFC-1123. +// + --- +// + The left operand of the | is the original kubebuilder hostname validation format, which is incorrect because it +// + allows upper case letters, disallows hyphen or number in the TLD, and allows labels to start/end in non-alphanumeric +// + characters. See https://bugzilla.redhat.com/show_bug.cgi?id=2039256. +// + ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$ +// + +// + The right operand of the | is a new pattern that mimics the current API route admission validation on hostname, +// + except that it allows hostnames longer than the maximum length: +// + ^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ +// + +// + Both operand patterns are made available so that modifications on ingress spec can still happen after an invalid hostname +// + was saved via validation by the incorrect left operand of the | operator. +// + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$` type Hostname string diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go index 794f3db7b7..618aeff3b0 100644 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ b/vendor/github.com/openshift/api/config/v1/types_network.go @@ -1,6 +1,9 @@ package v1 -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) // +genclient // +genclient:nonNamespaced @@ -10,7 +13,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Please view network.spec for an explanation on what applies when configuring this resource. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 // +openshift:compatibility-gen:level=1 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=networks,scope=Cluster type Network struct { metav1.TypeMeta `json:",inline"` @@ -34,6 +41,7 @@ type Network struct { // As a general rule, this SHOULD NOT be read directly. Instead, you should // consume the NetworkStatus, as it indicates the currently deployed configuration. // Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each. +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NetworkDiagnosticsConfig,rule="!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) || self.networkDiagnostics.mode!='Disabled' || !has(self.networkDiagnostics.sourcePlacement) && !has(self.networkDiagnostics.targetPlacement)",message="cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement when networkDiagnostics.mode is Disabled" type NetworkSpec struct { // IP address pool to use for pod IPs. // This field is immutable after installation. @@ -66,6 +74,17 @@ type NetworkSpec struct { // installed. // +kubebuilder:validation:Pattern=`^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$` ServiceNodePortRange string `json:"serviceNodePortRange,omitempty"` + + // networkDiagnostics defines network diagnostics configuration. + // + // Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. + // If networkDiagnostics is not specified or is empty, + // and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, + // the network diagnostics feature will be disabled. + // + // +optional + // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig + NetworkDiagnostics NetworkDiagnostics `json:"networkDiagnostics"` } // NetworkStatus is the current network configuration. @@ -88,13 +107,15 @@ type NetworkStatus struct { // conditions represents the observations of a network.config current state. // Known .status.conditions.type are: "NetworkTypeMigrationInProgress", "NetworkTypeMigrationMTUReady", - // "NetworkTypeMigrationTargetCNIAvailable", "NetworkTypeMigrationTargetCNIInUse" - // and "NetworkTypeMigrationOriginalCNIPurged" + // "NetworkTypeMigrationTargetCNIAvailable", "NetworkTypeMigrationTargetCNIInUse", + // "NetworkTypeMigrationOriginalCNIPurged" and "NetworkDiagnosticsAvailable" // +optional // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type + // +openshift:enable:FeatureGate=NetworkLiveMigration + // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` } @@ -192,3 +213,89 @@ type MTUMigrationValues struct { // +optional From *uint32 `json:"from,omitempty"` } + +// NetworkDiagnosticsMode is an enumeration of the available network diagnostics modes +// Valid values are "", "All", "Disabled". +// +kubebuilder:validation:Enum:="";All;Disabled +type NetworkDiagnosticsMode string + +const ( + // NetworkDiagnosticsNoOpinion means that the user has no opinion and the platform is left + // to choose reasonable default. The current default is All and is a subject to change over time. + NetworkDiagnosticsNoOpinion NetworkDiagnosticsMode = "" + // NetworkDiagnosticsAll means that all network diagnostics checks are enabled + NetworkDiagnosticsAll NetworkDiagnosticsMode = "All" + // NetworkDiagnosticsDisabled means that network diagnostics is disabled + NetworkDiagnosticsDisabled NetworkDiagnosticsMode = "Disabled" +) + +// NetworkDiagnostics defines network diagnostics configuration + +type NetworkDiagnostics struct { + // mode controls the network diagnostics mode + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is All. + // + // +optional + Mode NetworkDiagnosticsMode `json:"mode"` + + // sourcePlacement controls the scheduling of network diagnostics source deployment + // + // See NetworkDiagnosticsSourcePlacement for more details about default values. + // + // +optional + SourcePlacement NetworkDiagnosticsSourcePlacement `json:"sourcePlacement"` + + // targetPlacement controls the scheduling of network diagnostics target daemonset + // + // See NetworkDiagnosticsTargetPlacement for more details about default values. + // + // +optional + TargetPlacement NetworkDiagnosticsTargetPlacement `json:"targetPlacement"` +} + +// NetworkDiagnosticsSourcePlacement defines node scheduling configuration network diagnostics source components +type NetworkDiagnosticsSourcePlacement struct { + // nodeSelector is the node selector applied to network diagnostics components + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is `kubernetes.io/os: linux`. + // + // +optional + NodeSelector map[string]string `json:"nodeSelector"` + + // tolerations is a list of tolerations applied to network diagnostics components + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is an empty list. + // + // +optional + // +listType=atomic + Tolerations []corev1.Toleration `json:"tolerations"` +} + +// NetworkDiagnosticsTargetPlacement defines node scheduling configuration network diagnostics target components +type NetworkDiagnosticsTargetPlacement struct { + // nodeSelector is the node selector applied to network diagnostics components + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is `kubernetes.io/os: linux`. + // + // +optional + NodeSelector map[string]string `json:"nodeSelector"` + + // tolerations is a list of tolerations applied to network diagnostics components + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is `- operator: "Exists"` which means that all taints are tolerated. + // + // +optional + // +listType=atomic + Tolerations []corev1.Toleration `json:"tolerations"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_node.go b/vendor/github.com/openshift/api/config/v1/types_node.go index 233c89d9cc..3dd31f39ad 100644 --- a/vendor/github.com/openshift/api/config/v1/types_node.go +++ b/vendor/github.com/openshift/api/config/v1/types_node.go @@ -14,6 +14,9 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1107 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true // +kubebuilder:resource:path=nodes,scope=Cluster // +kubebuilder:subresource:status type Node struct { diff --git a/vendor/github.com/openshift/api/config/v1/types_oauth.go b/vendor/github.com/openshift/api/config/v1/types_oauth.go index 451a5ec38d..6654479dc8 100644 --- a/vendor/github.com/openshift/api/config/v1/types_oauth.go +++ b/vendor/github.com/openshift/api/config/v1/types_oauth.go @@ -14,6 +14,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=oauths,scope=Cluster +// +kubebuilder:subresource:status type OAuth struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go index ba2c96343b..1fddfa51e5 100644 --- a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go +++ b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go @@ -38,9 +38,14 @@ type OperatorHubStatus struct { // enabled to disabled and vice versa. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=operatorhubs,scope=Cluster // +kubebuilder:subresource:status // +genclient // +genclient:nonNamespaced +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=marketplace,operatorOrdering=01 +// +openshift:capability=marketplace // +openshift:compatibility-gen:level=1 type OperatorHub struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_project.go b/vendor/github.com/openshift/api/config/v1/types_project.go index 85afb90c28..8d6d614b67 100644 --- a/vendor/github.com/openshift/api/config/v1/types_project.go +++ b/vendor/github.com/openshift/api/config/v1/types_project.go @@ -10,6 +10,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=projects,scope=Cluster +// +kubebuilder:subresource:status type Project struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_proxy.go b/vendor/github.com/openshift/api/config/v1/types_proxy.go index 40ed296d60..851291bb05 100644 --- a/vendor/github.com/openshift/api/config/v1/types_proxy.go +++ b/vendor/github.com/openshift/api/config/v1/types_proxy.go @@ -12,6 +12,11 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=proxies,scope=Cluster +// +kubebuilder:subresource:status type Proxy struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_scheduling.go b/vendor/github.com/openshift/api/config/v1/types_scheduling.go index 7367f414f9..061c4a8835 100644 --- a/vendor/github.com/openshift/api/config/v1/types_scheduling.go +++ b/vendor/github.com/openshift/api/config/v1/types_scheduling.go @@ -11,6 +11,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=schedulers,scope=Cluster +// +kubebuilder:subresource:status type Scheduler struct { metav1.TypeMeta `json:",inline"` @@ -42,6 +47,10 @@ type SchedulerSpec struct { // Defaults to "LowNodeUtilization" // +optional Profile SchedulerProfile `json:"profile,omitempty"` + // profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. + // +openshift:enable:FeatureGate=DynamicResourceAllocation + // +optional + ProfileCustomizations ProfileCustomizations `json:"profileCustomizations"` // defaultNodeSelector helps set the cluster-wide default node selector to // restrict pod placement to specific nodes. This is applied to the pods // created in all namespaces and creates an intersection with any existing @@ -93,6 +102,30 @@ var ( NoScoring SchedulerProfile = "NoScoring" ) +// ProfileCustomizations contains various parameters for modifying the default behavior of certain profiles +type ProfileCustomizations struct { + // dynamicResourceAllocation allows to enable or disable dynamic resource allocation within the scheduler. + // Dynamic resource allocation is an API for requesting and sharing resources between pods and containers inside a pod. + // Third-party resource drivers are responsible for tracking and allocating resources. + // Different kinds of resources support arbitrary parameters for defining requirements and initialization. + // Valid values are Enabled, Disabled and omitted. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. + // The current default is Disabled. + // +optional + DynamicResourceAllocation DRAEnablement `json:"dynamicResourceAllocation"` +} + +// +kubebuilder:validation:Enum:="";"Enabled";"Disabled" +type DRAEnablement string + +var ( + // DRAEnablementEnabled enables dynamic resource allocation feature + DRAEnablementEnabled DRAEnablement = "Enabled" + // DRAEnablementDisabled disables dynamic resource allocation feature + DRAEnablementDisabled DRAEnablement = "Disabled" +) + type SchedulerStatus struct { } diff --git a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go index 4f69de40cf..c5dea1a032 100644 --- a/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go +++ b/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go @@ -27,35 +27,65 @@ type TLSSecurityProfile struct { // and looks like this (yaml): // // ciphers: + // // - TLS_AES_128_GCM_SHA256 + // // - TLS_AES_256_GCM_SHA384 + // // - TLS_CHACHA20_POLY1305_SHA256 + // // - ECDHE-ECDSA-AES128-GCM-SHA256 + // // - ECDHE-RSA-AES128-GCM-SHA256 + // // - ECDHE-ECDSA-AES256-GCM-SHA384 + // // - ECDHE-RSA-AES256-GCM-SHA384 + // // - ECDHE-ECDSA-CHACHA20-POLY1305 + // // - ECDHE-RSA-CHACHA20-POLY1305 + // // - DHE-RSA-AES128-GCM-SHA256 + // // - DHE-RSA-AES256-GCM-SHA384 + // // - DHE-RSA-CHACHA20-POLY1305 + // // - ECDHE-ECDSA-AES128-SHA256 + // // - ECDHE-RSA-AES128-SHA256 + // // - ECDHE-ECDSA-AES128-SHA + // // - ECDHE-RSA-AES128-SHA + // // - ECDHE-ECDSA-AES256-SHA384 + // // - ECDHE-RSA-AES256-SHA384 + // // - ECDHE-ECDSA-AES256-SHA + // // - ECDHE-RSA-AES256-SHA + // // - DHE-RSA-AES128-SHA256 + // // - DHE-RSA-AES256-SHA256 + // // - AES128-GCM-SHA256 + // // - AES256-GCM-SHA384 + // // - AES128-SHA256 + // // - AES256-SHA256 + // // - AES128-SHA + // // - AES256-SHA + // // - DES-CBC3-SHA + // // minTLSVersion: VersionTLS10 // // +optional @@ -68,17 +98,29 @@ type TLSSecurityProfile struct { // and looks like this (yaml): // // ciphers: + // // - TLS_AES_128_GCM_SHA256 + // // - TLS_AES_256_GCM_SHA384 + // // - TLS_CHACHA20_POLY1305_SHA256 + // // - ECDHE-ECDSA-AES128-GCM-SHA256 + // // - ECDHE-RSA-AES128-GCM-SHA256 + // // - ECDHE-ECDSA-AES256-GCM-SHA384 + // // - ECDHE-RSA-AES256-GCM-SHA384 + // // - ECDHE-ECDSA-CHACHA20-POLY1305 + // // - ECDHE-RSA-CHACHA20-POLY1305 + // // - DHE-RSA-AES128-GCM-SHA256 + // // - DHE-RSA-AES256-GCM-SHA384 + // // minTLSVersion: VersionTLS12 // // +optional @@ -91,12 +133,14 @@ type TLSSecurityProfile struct { // and looks like this (yaml): // // ciphers: + // // - TLS_AES_128_GCM_SHA256 + // // - TLS_AES_256_GCM_SHA384 + // // - TLS_CHACHA20_POLY1305_SHA256 - // minTLSVersion: VersionTLS13 // - // NOTE: Currently unsupported. + // minTLSVersion: VersionTLS13 // // +optional // +nullable @@ -106,10 +150,15 @@ type TLSSecurityProfile struct { // looks like this: // // ciphers: + // // - ECDHE-ECDSA-CHACHA20-POLY1305 + // // - ECDHE-RSA-CHACHA20-POLY1305 + // // - ECDHE-RSA-AES128-GCM-SHA256 + // // - ECDHE-ECDSA-AES128-GCM-SHA256 + // // minTLSVersion: VersionTLS11 // // +optional @@ -177,7 +226,7 @@ type TLSProfileSpec struct { // TLSProtocolVersion is a way to specify the protocol version used for TLS connections. // Protocol versions are based on the following most common TLS configurations: // -// https://ssl-config.mozilla.org/ +// https://ssl-config.mozilla.org/ // // Note that SSLv3.0 is not a supported protocol version due to well known // vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index d4705556ad..02c2d7221d 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -3597,6 +3597,84 @@ func (in *Network) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkDiagnostics) DeepCopyInto(out *NetworkDiagnostics) { + *out = *in + in.SourcePlacement.DeepCopyInto(&out.SourcePlacement) + in.TargetPlacement.DeepCopyInto(&out.TargetPlacement) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkDiagnostics. +func (in *NetworkDiagnostics) DeepCopy() *NetworkDiagnostics { + if in == nil { + return nil + } + out := new(NetworkDiagnostics) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkDiagnosticsSourcePlacement) DeepCopyInto(out *NetworkDiagnosticsSourcePlacement) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]corev1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkDiagnosticsSourcePlacement. +func (in *NetworkDiagnosticsSourcePlacement) DeepCopy() *NetworkDiagnosticsSourcePlacement { + if in == nil { + return nil + } + out := new(NetworkDiagnosticsSourcePlacement) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkDiagnosticsTargetPlacement) DeepCopyInto(out *NetworkDiagnosticsTargetPlacement) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]corev1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkDiagnosticsTargetPlacement. +func (in *NetworkDiagnosticsTargetPlacement) DeepCopy() *NetworkDiagnosticsTargetPlacement { + if in == nil { + return nil + } + out := new(NetworkDiagnosticsTargetPlacement) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkList) DeepCopyInto(out *NetworkList) { *out = *in @@ -3669,6 +3747,7 @@ func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { *out = new(ExternalIPConfig) (*in).DeepCopyInto(*out) } + in.NetworkDiagnostics.DeepCopyInto(&out.NetworkDiagnostics) return } @@ -4826,6 +4905,22 @@ func (in *PrefixedClaimMapping) DeepCopy() *PrefixedClaimMapping { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProfileCustomizations) DeepCopyInto(out *ProfileCustomizations) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileCustomizations. +func (in *ProfileCustomizations) DeepCopy() *ProfileCustomizations { + if in == nil { + return nil + } + out := new(ProfileCustomizations) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Project) DeepCopyInto(out *Project) { *out = *in @@ -5280,6 +5375,7 @@ func (in *SchedulerList) DeepCopyObject() runtime.Object { func (in *SchedulerSpec) DeepCopyInto(out *SchedulerSpec) { *out = *in out.Policy = in.Policy + out.ProfileCustomizations = in.ProfileCustomizations return } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..286bbbd84e --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,490 @@ +apiservers.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: apiservers.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: APIServer + Labels: {} + PluralName: apiservers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +authentications.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: authentications.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - ExternalOIDC + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Authentication + Labels: {} + PluralName: authentications + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +builds.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: builds.config.openshift.io + Capability: Build + Category: "" + FeatureGates: [] + FilenameOperatorName: openshift-controller-manager + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Build + Labels: {} + PluralName: builds + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +clusteroperators.config.openshift.io: + Annotations: + include.release.openshift.io/self-managed-high-availability: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/497 + CRDName: clusteroperators.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: cluster-version-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_00" + GroupName: config.openshift.io + HasStatus: true + KindName: ClusterOperator + Labels: {} + PluralName: clusteroperators + PrinterColumns: + - description: The version the operator is at. + jsonPath: .status.versions[?(@.name=="operator")].version + name: Version + type: string + - description: Whether the operator is running and stable. + jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available + type: string + - description: Whether the operator is processing changes. + jsonPath: .status.conditions[?(@.type=="Progressing")].status + name: Progressing + type: string + - description: Whether the operator is degraded. + jsonPath: .status.conditions[?(@.type=="Degraded")].status + name: Degraded + type: string + - description: The time the operator's Available status last changed. + jsonPath: .status.conditions[?(@.type=="Available")].lastTransitionTime + name: Since + type: date + Scope: Cluster + ShortNames: + - co + TopLevelFeatureGates: [] + Version: v1 + +clusterversions.config.openshift.io: + Annotations: + include.release.openshift.io/self-managed-high-availability: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/495 + CRDName: clusterversions.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - SignatureStores + FilenameOperatorName: cluster-version-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_00" + GroupName: config.openshift.io + HasStatus: true + KindName: ClusterVersion + Labels: {} + PluralName: clusterversions + PrinterColumns: + - jsonPath: .status.history[?(@.state=="Completed")].version + name: Version + type: string + - jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available + type: string + - jsonPath: .status.conditions[?(@.type=="Progressing")].status + name: Progressing + type: string + - jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime + name: Since + type: date + - jsonPath: .status.conditions[?(@.type=="Progressing")].message + name: Status + type: string + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +consoles.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: consoles.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Console + Labels: {} + PluralName: consoles + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +dnses.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: dnses.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: DNS + Labels: {} + PluralName: dnses + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +featuregates.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: featuregates.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: FeatureGate + Labels: {} + PluralName: featuregates + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +images.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: images.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Image + Labels: {} + PluralName: images + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +imagecontentpolicies.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/874 + CRDName: imagecontentpolicies.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: ImageContentPolicy + Labels: {} + PluralName: imagecontentpolicies + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +imagedigestmirrorsets.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1126 + CRDName: imagedigestmirrorsets.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: ImageDigestMirrorSet + Labels: {} + PluralName: imagedigestmirrorsets + PrinterColumns: [] + Scope: Cluster + ShortNames: + - idms + TopLevelFeatureGates: [] + Version: v1 + +imagetagmirrorsets.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1126 + CRDName: imagetagmirrorsets.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: ImageTagMirrorSet + Labels: {} + PluralName: imagetagmirrorsets + PrinterColumns: [] + Scope: Cluster + ShortNames: + - itms + TopLevelFeatureGates: [] + Version: v1 + +infrastructures.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: infrastructures.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - BareMetalLoadBalancer + - GCPClusterHostedDNS + - GCPLabelsTags + - VSphereControlPlaneMachineSet + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Infrastructure + Labels: {} + PluralName: infrastructures + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +ingresses.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: ingresses.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Ingress + Labels: {} + PluralName: ingresses + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +networks.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: networks.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - NetworkDiagnosticsConfig + - NetworkLiveMigration + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: false + KindName: Network + Labels: {} + PluralName: networks + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +nodes.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1107 + CRDName: nodes.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Node + Labels: {} + PluralName: nodes + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +oauths.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: oauths.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: OAuth + Labels: {} + PluralName: oauths + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +operatorhubs.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: operatorhubs.config.openshift.io + Capability: marketplace + Category: "" + FeatureGates: [] + FilenameOperatorName: marketplace + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_03" + GroupName: config.openshift.io + HasStatus: true + KindName: OperatorHub + Labels: {} + PluralName: operatorhubs + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +projects.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: projects.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Project + Labels: {} + PluralName: projects + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +proxies.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: proxies.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_03" + GroupName: config.openshift.io + HasStatus: true + KindName: Proxy + Labels: {} + PluralName: proxies + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +schedulers.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: schedulers.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - DynamicResourceAllocation + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Scheduler + Labels: {} + PluralName: schedulers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 270fa0acf9..5a163ebdc8 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -743,7 +743,7 @@ var map_ConditionalUpdate = map[string]string{ "": "ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.", "release": "release is the target of the update.", "risks": "risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.", - "conditions": "conditions represents the observations of the conditional update's current status. Known types are: * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules. * Recommended, for whether the update is recommended for the current cluster.", + "conditions": "conditions represents the observations of the conditional update's current status. Known types are: * Recommended, for whether the update is recommended for the current cluster.", } func (ConditionalUpdate) SwaggerDoc() map[string]string { @@ -1987,6 +1987,36 @@ func (Network) SwaggerDoc() map[string]string { return map_Network } +var map_NetworkDiagnostics = map[string]string{ + "mode": "mode controls the network diagnostics mode\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is All.", + "sourcePlacement": "sourcePlacement controls the scheduling of network diagnostics source deployment\n\nSee NetworkDiagnosticsSourcePlacement for more details about default values.", + "targetPlacement": "targetPlacement controls the scheduling of network diagnostics target daemonset\n\nSee NetworkDiagnosticsTargetPlacement for more details about default values.", +} + +func (NetworkDiagnostics) SwaggerDoc() map[string]string { + return map_NetworkDiagnostics +} + +var map_NetworkDiagnosticsSourcePlacement = map[string]string{ + "": "NetworkDiagnosticsSourcePlacement defines node scheduling configuration network diagnostics source components", + "nodeSelector": "nodeSelector is the node selector applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.", + "tolerations": "tolerations is a list of tolerations applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is an empty list.", +} + +func (NetworkDiagnosticsSourcePlacement) SwaggerDoc() map[string]string { + return map_NetworkDiagnosticsSourcePlacement +} + +var map_NetworkDiagnosticsTargetPlacement = map[string]string{ + "": "NetworkDiagnosticsTargetPlacement defines node scheduling configuration network diagnostics target components", + "nodeSelector": "nodeSelector is the node selector applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.", + "tolerations": "tolerations is a list of tolerations applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `- operator: \"Exists\"` which means that all taints are tolerated.", +} + +func (NetworkDiagnosticsTargetPlacement) SwaggerDoc() map[string]string { + return map_NetworkDiagnosticsTargetPlacement +} + var map_NetworkList = map[string]string{ "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -2013,6 +2043,7 @@ var map_NetworkSpec = map[string]string{ "networkType": "NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN This field is immutable after installation.", "externalIP": "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.", "serviceNodePortRange": "The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.", + "networkDiagnostics": "networkDiagnostics defines network diagnostics configuration.\n\nTakes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.", } func (NetworkSpec) SwaggerDoc() map[string]string { @@ -2026,7 +2057,7 @@ var map_NetworkStatus = map[string]string{ "networkType": "NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).", "clusterNetworkMTU": "ClusterNetworkMTU is the MTU for inter-pod networking.", "migration": "Migration contains the cluster network migration configuration.", - "conditions": "conditions represents the observations of a network.config current state. Known .status.conditions.type are: \"NetworkTypeMigrationInProgress\", \"NetworkTypeMigrationMTUReady\", \"NetworkTypeMigrationTargetCNIAvailable\", \"NetworkTypeMigrationTargetCNIInUse\" and \"NetworkTypeMigrationOriginalCNIPurged\"", + "conditions": "conditions represents the observations of a network.config current state. Known .status.conditions.type are: \"NetworkTypeMigrationInProgress\", \"NetworkTypeMigrationMTUReady\", \"NetworkTypeMigrationTargetCNIAvailable\", \"NetworkTypeMigrationTargetCNIInUse\", \"NetworkTypeMigrationOriginalCNIPurged\" and \"NetworkDiagnosticsAvailable\"", } func (NetworkStatus) SwaggerDoc() map[string]string { @@ -2435,6 +2466,15 @@ func (ProxyStatus) SwaggerDoc() map[string]string { return map_ProxyStatus } +var map_ProfileCustomizations = map[string]string{ + "": "ProfileCustomizations contains various parameters for modifying the default behavior of certain profiles", + "dynamicResourceAllocation": "dynamicResourceAllocation allows to enable or disable dynamic resource allocation within the scheduler. Dynamic resource allocation is an API for requesting and sharing resources between pods and containers inside a pod. Third-party resource drivers are responsible for tracking and allocating resources. Different kinds of resources support arbitrary parameters for defining requirements and initialization. Valid values are Enabled, Disabled and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Disabled.", +} + +func (ProfileCustomizations) SwaggerDoc() map[string]string { + return map_ProfileCustomizations +} + var map_Scheduler = map[string]string{ "": "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -2456,10 +2496,11 @@ func (SchedulerList) SwaggerDoc() map[string]string { } var map_SchedulerSpec = map[string]string{ - "policy": "DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", - "profile": "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods.\n\nValid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"", - "defaultNodeSelector": "defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod's selector. For example, defaultNodeSelector: \"type=user-node,region=east\" would set nodeSelector field in pod spec to \"type=user-node,region=east\" to all pods created in all namespaces. Namespaces having project-wide node selectors won't be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector='type=user-node,region=east', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: \"type=user-node,region=west\" means that the default of \"type=user-node,region=east\" set in defaultNodeSelector would not be applied.", - "mastersSchedulable": "MastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.", + "policy": "DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", + "profile": "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods.\n\nValid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"", + "profileCustomizations": "profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles.", + "defaultNodeSelector": "defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod's selector. For example, defaultNodeSelector: \"type=user-node,region=east\" would set nodeSelector field in pod spec to \"type=user-node,region=east\" to all pods created in all namespaces. Namespaces having project-wide node selectors won't be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector='type=user-node,region=east', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: \"type=user-node,region=west\" means that the default of \"type=user-node,region=east\" set in defaultNodeSelector would not be applied.", + "mastersSchedulable": "MastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.", } func (SchedulerSpec) SwaggerDoc() map[string]string { @@ -2511,10 +2552,10 @@ func (TLSProfileSpec) SwaggerDoc() map[string]string { var map_TLSSecurityProfile = map[string]string{ "": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.\n\nNote that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.", - "old": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA\n minTLSVersion: VersionTLS10", - "intermediate": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n minTLSVersion: VersionTLS12", - "modern": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n minTLSVersion: VersionTLS13\n\nNOTE: Currently unsupported.", - "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n minTLSVersion: VersionTLS11", + "old": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", + "intermediate": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", + "modern": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", + "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", } func (TLSSecurityProfile) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index 697eb73325..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,142 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1482 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: backups.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Backup - listKind: BackupList - plural: backups - singular: backup - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "Backup provides configuration for performing backups of the - openshift cluster. \n Compatibility level 4: No compatibility is provided, - the API can change at any point for any reason. These capabilities should - not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - etcd: - description: etcd specifies the configuration for periodic backups - of the etcd cluster - properties: - pvcName: - description: PVCName specifies the name of the PersistentVolumeClaim - (PVC) which binds a PersistentVolume where the etcd backup files - would be saved The PVC itself must always be created in the - "openshift-etcd" namespace If the PVC is left unspecified "" - then the platform will choose a reasonable default location - to save the backup. In the future this would be backups saved - across the control-plane master nodes. - type: string - retentionPolicy: - description: RetentionPolicy defines the retention policy for - retaining and deleting existing backups. - properties: - retentionNumber: - description: RetentionNumber configures the retention policy - based on the number of backups - properties: - maxNumberOfBackups: - description: MaxNumberOfBackups defines the maximum number - of backups to retain. If the existing number of backups - saved is equal to MaxNumberOfBackups then the oldest - backup will be removed before a new backup is initiated. - minimum: 1 - type: integer - required: - - maxNumberOfBackups - type: object - retentionSize: - description: RetentionSize configures the retention policy - based on the size of backups - properties: - maxSizeOfBackupsGb: - description: MaxSizeOfBackupsGb defines the total size - in GB of backups to retain. If the current total size - backups exceeds MaxSizeOfBackupsGb then the oldest backup - will be removed before a new backup is initiated. - minimum: 1 - type: integer - required: - - maxSizeOfBackupsGb - type: object - retentionType: - allOf: - - enum: - - RetentionNumber - - RetentionSize - - enum: - - "" - - RetentionNumber - - RetentionSize - description: RetentionType sets the type of retention policy. - Currently, the only valid policies are retention by number - of backups (RetentionNumber), by the size of backups (RetentionSize). - More policies or types may be added in the future. Empty - string means no opinion and the platform is left to choose - a reasonable default which is subject to change without - notice. The current default is RetentionNumber with 15 backups - kept. - type: string - required: - - retentionType - type: object - schedule: - description: 'Schedule defines the recurring backup schedule in - Cron format every 2 hours: 0 */2 * * * every day at 3am: 0 3 - * * * Empty string means no opinion and the platform is left - to choose a reasonable default which is subject to change without - notice. The current default is "no backups", but will change - in the future.' - pattern: ^(@(annually|yearly|monthly|weekly|daily|hourly))|(\*|(?:\*|(?:[0-9]|(?:[1-5][0-9])))\/(?:[0-9]|(?:[1-5][0-9]))|(?:[0-9]|(?:[1-5][0-9]))(?:(?:\-[0-9]|\-(?:[1-5][0-9]))?|(?:\,(?:[0-9]|(?:[1-5][0-9])))*)) - (\*|(?:\*|(?:\*|(?:[0-9]|1[0-9]|2[0-3])))\/(?:[0-9]|1[0-9]|2[0-3])|(?:[0-9]|1[0-9]|2[0-3])(?:(?:\-(?:[0-9]|1[0-9]|2[0-3]))?|(?:\,(?:[0-9]|1[0-9]|2[0-3]))*)) - (\*|(?:[1-9]|(?:[12][0-9])|3[01])(?:(?:\-(?:[1-9]|(?:[12][0-9])|3[01]))?|(?:\,(?:[1-9]|(?:[12][0-9])|3[01]))*)) - (\*|(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC)(?:(?:\-(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))?|(?:\,(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))*)) - (\*|(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT)(?:(?:\-(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT))?|(?:\,(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT))*))$ - type: string - timeZone: - description: The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. - If not specified, this will default to the time zone of the - kube-controller-manager process. See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones - pattern: ^([A-Za-z_]+([+-]*0)*|[A-Za-z_]+(\/[A-Za-z_]+){1,2})(\/GMT[+-]\d{1,2})?$ - type: string - type: object - required: - - etcd - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-CustomNoUpgrade.crd.yaml deleted file mode 100644 index 607b85698d..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,394 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1457 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: clusterimagepolicies.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ClusterImagePolicy - listKind: ClusterImagePolicyList - plural: clusterimagepolicies - singular: clusterimagepolicy - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "ClusterImagePolicy holds cluster-wide configuration for image - signature verification \n Compatibility level 4: No compatibility is provided, - the API can change at any point for any reason. These capabilities should - not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec contains the configuration for the cluster image policy. - properties: - policy: - description: policy contains configuration to allow scopes to be verified, - and defines how images not matching the verification policy will - be treated. - properties: - rootOfTrust: - description: rootOfTrust specifies the root of trust for the policy. - properties: - fulcioCAWithRekor: - description: 'fulcioCAWithRekor defines the root of trust - based on the Fulcio certificate and the Rekor public key. - For more information about Fulcio and Rekor, please refer - to the document at: https://github.com/sigstore/fulcio and - https://github.com/sigstore/rekor' - properties: - fulcioCAData: - description: fulcioCAData contains inline base64-encoded - data for the PEM format fulcio CA. fulcioCAData must - be at most 8192 characters. - maxLength: 8192 - type: string - fulcioSubject: - description: fulcioSubject specifies OIDC issuer and the - email of the Fulcio authentication configuration. - properties: - oidcIssuer: - description: 'oidcIssuer contains the expected OIDC - issuer. It will be verified that the Fulcio-issued - certificate contains a (Fulcio-defined) certificate - extension pointing at this OIDC issuer URL. When - Fulcio issues certificates, it includes a value - based on an URL inside the client-provided ID token. - Example: "https://expected.OIDC.issuer/"' - type: string - x-kubernetes-validations: - - message: oidcIssuer must be a valid URL - rule: isURL(self) - signedEmail: - description: 'signedEmail holds the email address - the the Fulcio certificate is issued for. Example: - "expected-signing-user@example.com"' - type: string - x-kubernetes-validations: - - message: invalid email address - rule: self.matches('^\\S+@\\S+$') - required: - - oidcIssuer - - signedEmail - type: object - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - maxLength: 8192 - type: string - required: - - fulcioCAData - - fulcioSubject - - rekorKeyData - type: object - policyType: - description: policyType serves as the union's discriminator. - Users are required to assign a value to this field, choosing - one of the policy types that define the root of trust. "PublicKey" - indicates that the policy relies on a sigstore publicKey - and may optionally use a Rekor verification. "FulcioCAWithRekor" - indicates that the policy is based on the Fulcio certification - and incorporates a Rekor verification. - enum: - - PublicKey - - FulcioCAWithRekor - type: string - publicKey: - description: publicKey defines the root of trust based on - a sigstore public key. - properties: - keyData: - description: keyData contains inline base64-encoded data - for the PEM format public key. KeyData must be at most - 8192 characters. - maxLength: 8192 - type: string - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - maxLength: 8192 - type: string - required: - - keyData - type: object - required: - - policyType - type: object - x-kubernetes-validations: - - message: publicKey is required when policyType is PublicKey, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''PublicKey'' - ? has(self.publicKey) : !has(self.publicKey)' - - message: fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''FulcioCAWithRekor'' - ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)' - signedIdentity: - description: signedIdentity specifies what image identity the - signature claims about the image. The required matchPolicy field - specifies the approach used in the verification process to verify - the identity in the signature and the actual image identity, - the default matchPolicy is "MatchRepoDigestOrExact". - properties: - exactRepository: - description: exactRepository is required if matchPolicy is - set to "ExactRepository". - properties: - repository: - description: repository is the reference of the image - identity to be matched. The value should be a repository - name (by omitting the tag or digest) in a registry implementing - the "Docker Registry HTTP API V2". For example, docker.io/library/busybox - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - repository - type: object - matchPolicy: - description: matchPolicy sets the type of matching to be used. - Valid values are "MatchRepoDigestOrExact", "MatchRepository", - "ExactRepository", "RemapIdentity". When omitted, the default - value is "MatchRepoDigestOrExact". If set matchPolicy to - ExactRepository, then the exactRepository must be specified. - If set matchPolicy to RemapIdentity, then the remapIdentity - must be specified. "MatchRepoDigestOrExact" means that the - identity in the signature must be in the same repository - as the image identity if the image identity is referenced - by a digest. Otherwise, the identity in the signature must - be the same as the image identity. "MatchRepository" means - that the identity in the signature must be in the same repository - as the image identity. "ExactRepository" means that the - identity in the signature must be in the same repository - as a specific identity specified by "repository". "RemapIdentity" - means that the signature must be in the same as the remapped - image identity. Remapped image identity is obtained by replacing - the "prefix" with the specified “signedPrefix” if the the - image identity matches the specified remapPrefix. - enum: - - MatchRepoDigestOrExact - - MatchRepository - - ExactRepository - - RemapIdentity - type: string - remapIdentity: - description: remapIdentity is required if matchPolicy is set - to "RemapIdentity". - properties: - prefix: - description: prefix is the prefix of the image identity - to be matched. If the image identity matches the specified - prefix, that prefix is replaced by the specified “signedPrefix” - (otherwise it is used as unchanged and no remapping - takes place). This useful when verifying signatures - for a mirror of some other repository namespace that - preserves the vendor’s repository structure. The prefix - and signedPrefix values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - signedPrefix: - description: signedPrefix is the prefix of the image identity - to be matched in the signature. The format is the same - as "prefix". The values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - prefix - - signedPrefix - type: object - required: - - matchPolicy - type: object - x-kubernetes-validations: - - message: exactRepository is required when matchPolicy is ExactRepository, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''ExactRepository'') - ? has(self.exactRepository) : !has(self.exactRepository)' - - message: remapIdentity is required when matchPolicy is RemapIdentity, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''RemapIdentity'') - ? has(self.remapIdentity) : !has(self.remapIdentity)' - required: - - rootOfTrust - type: object - scopes: - description: 'scopes defines the list of image identities assigned - to a policy. Each item refers to a scope in a registry implementing - the "Docker Registry HTTP API V2". Scopes matching individual images - are named Docker references in the fully expanded form, either using - a tag or digest. For example, docker.io/library/busybox:latest (not - busybox:latest). More general scopes are prefixes of individual-image - scopes, and specify a repository (by omitting the tag or digest), - a repository namespace, or a registry host (by only specifying the - host name and possibly a port number) or a wildcard expression starting - with `*.`, for matching all subdomains (not including a port number). - Wildcards are only supported for subdomain matching, and may not - be used in the middle of the host, i.e. *.example.com is a valid - case, but example*.*.com is not. Please be aware that the scopes - should not be nested under the repositories of OpenShift Container - Platform images. If configured, the policies for OpenShift Container - Platform repositories will not be in effect. For additional details - about the format, please refer to the document explaining the docker - transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' - items: - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid image scope format, scope must contain a fully - qualified domain name or 'localhost' - rule: 'size(self.split(''/'')[0].split(''.'')) == 1 ? self.split(''/'')[0].split(''.'')[0].split('':'')[0] - == ''localhost'' : true' - - message: invalid image scope with wildcard, a wildcard can only - be at the start of the domain and is only supported for subdomain - matching, not path matching - rule: 'self.contains(''*'') ? self.matches(''^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$'') - : true' - - message: invalid repository namespace or image specification in - the image scope - rule: '!self.contains(''*'') ? self.matches(''^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\w][\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$'') - : true' - maxItems: 256 - type: array - x-kubernetes-list-type: set - required: - - policy - - scopes - type: object - status: - description: status contains the observed state of the resource. - properties: - conditions: - description: conditions provide details on the status of this API - Resource. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index c5129d7b4a..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,394 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1457 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: clusterimagepolicies.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ClusterImagePolicy - listKind: ClusterImagePolicyList - plural: clusterimagepolicies - singular: clusterimagepolicy - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "ClusterImagePolicy holds cluster-wide configuration for image - signature verification \n Compatibility level 4: No compatibility is provided, - the API can change at any point for any reason. These capabilities should - not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec contains the configuration for the cluster image policy. - properties: - policy: - description: policy contains configuration to allow scopes to be verified, - and defines how images not matching the verification policy will - be treated. - properties: - rootOfTrust: - description: rootOfTrust specifies the root of trust for the policy. - properties: - fulcioCAWithRekor: - description: 'fulcioCAWithRekor defines the root of trust - based on the Fulcio certificate and the Rekor public key. - For more information about Fulcio and Rekor, please refer - to the document at: https://github.com/sigstore/fulcio and - https://github.com/sigstore/rekor' - properties: - fulcioCAData: - description: fulcioCAData contains inline base64-encoded - data for the PEM format fulcio CA. fulcioCAData must - be at most 8192 characters. - maxLength: 8192 - type: string - fulcioSubject: - description: fulcioSubject specifies OIDC issuer and the - email of the Fulcio authentication configuration. - properties: - oidcIssuer: - description: 'oidcIssuer contains the expected OIDC - issuer. It will be verified that the Fulcio-issued - certificate contains a (Fulcio-defined) certificate - extension pointing at this OIDC issuer URL. When - Fulcio issues certificates, it includes a value - based on an URL inside the client-provided ID token. - Example: "https://expected.OIDC.issuer/"' - type: string - x-kubernetes-validations: - - message: oidcIssuer must be a valid URL - rule: isURL(self) - signedEmail: - description: 'signedEmail holds the email address - the the Fulcio certificate is issued for. Example: - "expected-signing-user@example.com"' - type: string - x-kubernetes-validations: - - message: invalid email address - rule: self.matches('^\\S+@\\S+$') - required: - - oidcIssuer - - signedEmail - type: object - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - maxLength: 8192 - type: string - required: - - fulcioCAData - - fulcioSubject - - rekorKeyData - type: object - policyType: - description: policyType serves as the union's discriminator. - Users are required to assign a value to this field, choosing - one of the policy types that define the root of trust. "PublicKey" - indicates that the policy relies on a sigstore publicKey - and may optionally use a Rekor verification. "FulcioCAWithRekor" - indicates that the policy is based on the Fulcio certification - and incorporates a Rekor verification. - enum: - - PublicKey - - FulcioCAWithRekor - type: string - publicKey: - description: publicKey defines the root of trust based on - a sigstore public key. - properties: - keyData: - description: keyData contains inline base64-encoded data - for the PEM format public key. KeyData must be at most - 8192 characters. - maxLength: 8192 - type: string - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - maxLength: 8192 - type: string - required: - - keyData - type: object - required: - - policyType - type: object - x-kubernetes-validations: - - message: publicKey is required when policyType is PublicKey, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''PublicKey'' - ? has(self.publicKey) : !has(self.publicKey)' - - message: fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''FulcioCAWithRekor'' - ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)' - signedIdentity: - description: signedIdentity specifies what image identity the - signature claims about the image. The required matchPolicy field - specifies the approach used in the verification process to verify - the identity in the signature and the actual image identity, - the default matchPolicy is "MatchRepoDigestOrExact". - properties: - exactRepository: - description: exactRepository is required if matchPolicy is - set to "ExactRepository". - properties: - repository: - description: repository is the reference of the image - identity to be matched. The value should be a repository - name (by omitting the tag or digest) in a registry implementing - the "Docker Registry HTTP API V2". For example, docker.io/library/busybox - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - repository - type: object - matchPolicy: - description: matchPolicy sets the type of matching to be used. - Valid values are "MatchRepoDigestOrExact", "MatchRepository", - "ExactRepository", "RemapIdentity". When omitted, the default - value is "MatchRepoDigestOrExact". If set matchPolicy to - ExactRepository, then the exactRepository must be specified. - If set matchPolicy to RemapIdentity, then the remapIdentity - must be specified. "MatchRepoDigestOrExact" means that the - identity in the signature must be in the same repository - as the image identity if the image identity is referenced - by a digest. Otherwise, the identity in the signature must - be the same as the image identity. "MatchRepository" means - that the identity in the signature must be in the same repository - as the image identity. "ExactRepository" means that the - identity in the signature must be in the same repository - as a specific identity specified by "repository". "RemapIdentity" - means that the signature must be in the same as the remapped - image identity. Remapped image identity is obtained by replacing - the "prefix" with the specified “signedPrefix” if the the - image identity matches the specified remapPrefix. - enum: - - MatchRepoDigestOrExact - - MatchRepository - - ExactRepository - - RemapIdentity - type: string - remapIdentity: - description: remapIdentity is required if matchPolicy is set - to "RemapIdentity". - properties: - prefix: - description: prefix is the prefix of the image identity - to be matched. If the image identity matches the specified - prefix, that prefix is replaced by the specified “signedPrefix” - (otherwise it is used as unchanged and no remapping - takes place). This useful when verifying signatures - for a mirror of some other repository namespace that - preserves the vendor’s repository structure. The prefix - and signedPrefix values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - signedPrefix: - description: signedPrefix is the prefix of the image identity - to be matched in the signature. The format is the same - as "prefix". The values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - prefix - - signedPrefix - type: object - required: - - matchPolicy - type: object - x-kubernetes-validations: - - message: exactRepository is required when matchPolicy is ExactRepository, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''ExactRepository'') - ? has(self.exactRepository) : !has(self.exactRepository)' - - message: remapIdentity is required when matchPolicy is RemapIdentity, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''RemapIdentity'') - ? has(self.remapIdentity) : !has(self.remapIdentity)' - required: - - rootOfTrust - type: object - scopes: - description: 'scopes defines the list of image identities assigned - to a policy. Each item refers to a scope in a registry implementing - the "Docker Registry HTTP API V2". Scopes matching individual images - are named Docker references in the fully expanded form, either using - a tag or digest. For example, docker.io/library/busybox:latest (not - busybox:latest). More general scopes are prefixes of individual-image - scopes, and specify a repository (by omitting the tag or digest), - a repository namespace, or a registry host (by only specifying the - host name and possibly a port number) or a wildcard expression starting - with `*.`, for matching all subdomains (not including a port number). - Wildcards are only supported for subdomain matching, and may not - be used in the middle of the host, i.e. *.example.com is a valid - case, but example*.*.com is not. Please be aware that the scopes - should not be nested under the repositories of OpenShift Container - Platform images. If configured, the policies for OpenShift Container - Platform repositories will not be in effect. For additional details - about the format, please refer to the document explaining the docker - transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' - items: - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid image scope format, scope must contain a fully - qualified domain name or 'localhost' - rule: 'size(self.split(''/'')[0].split(''.'')) == 1 ? self.split(''/'')[0].split(''.'')[0].split('':'')[0] - == ''localhost'' : true' - - message: invalid image scope with wildcard, a wildcard can only - be at the start of the domain and is only supported for subdomain - matching, not path matching - rule: 'self.contains(''*'') ? self.matches(''^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$'') - : true' - - message: invalid repository namespace or image specification in - the image scope - rule: '!self.contains(''*'') ? self.matches(''^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\w][\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$'') - : true' - maxItems: 256 - type: array - x-kubernetes-list-type: set - required: - - policy - - scopes - type: object - status: - description: status contains the observed state of the resource. - properties: - conditions: - description: conditions provide details on the status of this API - Resource. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-CustomNoUpgrade.crd.yaml deleted file mode 100644 index a94542da44..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,394 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1457 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: imagepolicies.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ImagePolicy - listKind: ImagePolicyList - plural: imagepolicies - singular: imagepolicy - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "ImagePolicy holds namespace-wide configuration for image signature - verification \n Compatibility level 4: No compatibility is provided, the - API can change at any point for any reason. These capabilities should not - be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - policy: - description: policy contains configuration to allow scopes to be verified, - and defines how images not matching the verification policy will - be treated. - properties: - rootOfTrust: - description: rootOfTrust specifies the root of trust for the policy. - properties: - fulcioCAWithRekor: - description: 'fulcioCAWithRekor defines the root of trust - based on the Fulcio certificate and the Rekor public key. - For more information about Fulcio and Rekor, please refer - to the document at: https://github.com/sigstore/fulcio and - https://github.com/sigstore/rekor' - properties: - fulcioCAData: - description: fulcioCAData contains inline base64-encoded - data for the PEM format fulcio CA. fulcioCAData must - be at most 8192 characters. - maxLength: 8192 - type: string - fulcioSubject: - description: fulcioSubject specifies OIDC issuer and the - email of the Fulcio authentication configuration. - properties: - oidcIssuer: - description: 'oidcIssuer contains the expected OIDC - issuer. It will be verified that the Fulcio-issued - certificate contains a (Fulcio-defined) certificate - extension pointing at this OIDC issuer URL. When - Fulcio issues certificates, it includes a value - based on an URL inside the client-provided ID token. - Example: "https://expected.OIDC.issuer/"' - type: string - x-kubernetes-validations: - - message: oidcIssuer must be a valid URL - rule: isURL(self) - signedEmail: - description: 'signedEmail holds the email address - the the Fulcio certificate is issued for. Example: - "expected-signing-user@example.com"' - type: string - x-kubernetes-validations: - - message: invalid email address - rule: self.matches('^\\S+@\\S+$') - required: - - oidcIssuer - - signedEmail - type: object - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - maxLength: 8192 - type: string - required: - - fulcioCAData - - fulcioSubject - - rekorKeyData - type: object - policyType: - description: policyType serves as the union's discriminator. - Users are required to assign a value to this field, choosing - one of the policy types that define the root of trust. "PublicKey" - indicates that the policy relies on a sigstore publicKey - and may optionally use a Rekor verification. "FulcioCAWithRekor" - indicates that the policy is based on the Fulcio certification - and incorporates a Rekor verification. - enum: - - PublicKey - - FulcioCAWithRekor - type: string - publicKey: - description: publicKey defines the root of trust based on - a sigstore public key. - properties: - keyData: - description: keyData contains inline base64-encoded data - for the PEM format public key. KeyData must be at most - 8192 characters. - maxLength: 8192 - type: string - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - maxLength: 8192 - type: string - required: - - keyData - type: object - required: - - policyType - type: object - x-kubernetes-validations: - - message: publicKey is required when policyType is PublicKey, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''PublicKey'' - ? has(self.publicKey) : !has(self.publicKey)' - - message: fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''FulcioCAWithRekor'' - ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)' - signedIdentity: - description: signedIdentity specifies what image identity the - signature claims about the image. The required matchPolicy field - specifies the approach used in the verification process to verify - the identity in the signature and the actual image identity, - the default matchPolicy is "MatchRepoDigestOrExact". - properties: - exactRepository: - description: exactRepository is required if matchPolicy is - set to "ExactRepository". - properties: - repository: - description: repository is the reference of the image - identity to be matched. The value should be a repository - name (by omitting the tag or digest) in a registry implementing - the "Docker Registry HTTP API V2". For example, docker.io/library/busybox - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - repository - type: object - matchPolicy: - description: matchPolicy sets the type of matching to be used. - Valid values are "MatchRepoDigestOrExact", "MatchRepository", - "ExactRepository", "RemapIdentity". When omitted, the default - value is "MatchRepoDigestOrExact". If set matchPolicy to - ExactRepository, then the exactRepository must be specified. - If set matchPolicy to RemapIdentity, then the remapIdentity - must be specified. "MatchRepoDigestOrExact" means that the - identity in the signature must be in the same repository - as the image identity if the image identity is referenced - by a digest. Otherwise, the identity in the signature must - be the same as the image identity. "MatchRepository" means - that the identity in the signature must be in the same repository - as the image identity. "ExactRepository" means that the - identity in the signature must be in the same repository - as a specific identity specified by "repository". "RemapIdentity" - means that the signature must be in the same as the remapped - image identity. Remapped image identity is obtained by replacing - the "prefix" with the specified “signedPrefix” if the the - image identity matches the specified remapPrefix. - enum: - - MatchRepoDigestOrExact - - MatchRepository - - ExactRepository - - RemapIdentity - type: string - remapIdentity: - description: remapIdentity is required if matchPolicy is set - to "RemapIdentity". - properties: - prefix: - description: prefix is the prefix of the image identity - to be matched. If the image identity matches the specified - prefix, that prefix is replaced by the specified “signedPrefix” - (otherwise it is used as unchanged and no remapping - takes place). This useful when verifying signatures - for a mirror of some other repository namespace that - preserves the vendor’s repository structure. The prefix - and signedPrefix values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - signedPrefix: - description: signedPrefix is the prefix of the image identity - to be matched in the signature. The format is the same - as "prefix". The values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - prefix - - signedPrefix - type: object - required: - - matchPolicy - type: object - x-kubernetes-validations: - - message: exactRepository is required when matchPolicy is ExactRepository, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''ExactRepository'') - ? has(self.exactRepository) : !has(self.exactRepository)' - - message: remapIdentity is required when matchPolicy is RemapIdentity, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''RemapIdentity'') - ? has(self.remapIdentity) : !has(self.remapIdentity)' - required: - - rootOfTrust - type: object - scopes: - description: 'scopes defines the list of image identities assigned - to a policy. Each item refers to a scope in a registry implementing - the "Docker Registry HTTP API V2". Scopes matching individual images - are named Docker references in the fully expanded form, either using - a tag or digest. For example, docker.io/library/busybox:latest (not - busybox:latest). More general scopes are prefixes of individual-image - scopes, and specify a repository (by omitting the tag or digest), - a repository namespace, or a registry host (by only specifying the - host name and possibly a port number) or a wildcard expression starting - with `*.`, for matching all subdomains (not including a port number). - Wildcards are only supported for subdomain matching, and may not - be used in the middle of the host, i.e. *.example.com is a valid - case, but example*.*.com is not. Please be aware that the scopes - should not be nested under the repositories of OpenShift Container - Platform images. If configured, the policies for OpenShift Container - Platform repositories will not be in effect. For additional details - about the format, please refer to the document explaining the docker - transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' - items: - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid image scope format, scope must contain a fully - qualified domain name or 'localhost' - rule: 'size(self.split(''/'')[0].split(''.'')) == 1 ? self.split(''/'')[0].split(''.'')[0].split('':'')[0] - == ''localhost'' : true' - - message: invalid image scope with wildcard, a wildcard can only - be at the start of the domain and is only supported for subdomain - matching, not path matching - rule: 'self.contains(''*'') ? self.matches(''^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$'') - : true' - - message: invalid repository namespace or image specification in - the image scope - rule: '!self.contains(''*'') ? self.matches(''^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\w][\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$'') - : true' - maxItems: 256 - type: array - x-kubernetes-list-type: set - required: - - policy - - scopes - type: object - status: - description: status contains the observed state of the resource. - properties: - conditions: - description: conditions provide details on the status of this API - Resource. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index 11f72b1724..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,394 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1457 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: imagepolicies.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ImagePolicy - listKind: ImagePolicyList - plural: imagepolicies - singular: imagepolicy - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "ImagePolicy holds namespace-wide configuration for image signature - verification \n Compatibility level 4: No compatibility is provided, the - API can change at any point for any reason. These capabilities should not - be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - policy: - description: policy contains configuration to allow scopes to be verified, - and defines how images not matching the verification policy will - be treated. - properties: - rootOfTrust: - description: rootOfTrust specifies the root of trust for the policy. - properties: - fulcioCAWithRekor: - description: 'fulcioCAWithRekor defines the root of trust - based on the Fulcio certificate and the Rekor public key. - For more information about Fulcio and Rekor, please refer - to the document at: https://github.com/sigstore/fulcio and - https://github.com/sigstore/rekor' - properties: - fulcioCAData: - description: fulcioCAData contains inline base64-encoded - data for the PEM format fulcio CA. fulcioCAData must - be at most 8192 characters. - maxLength: 8192 - type: string - fulcioSubject: - description: fulcioSubject specifies OIDC issuer and the - email of the Fulcio authentication configuration. - properties: - oidcIssuer: - description: 'oidcIssuer contains the expected OIDC - issuer. It will be verified that the Fulcio-issued - certificate contains a (Fulcio-defined) certificate - extension pointing at this OIDC issuer URL. When - Fulcio issues certificates, it includes a value - based on an URL inside the client-provided ID token. - Example: "https://expected.OIDC.issuer/"' - type: string - x-kubernetes-validations: - - message: oidcIssuer must be a valid URL - rule: isURL(self) - signedEmail: - description: 'signedEmail holds the email address - the the Fulcio certificate is issued for. Example: - "expected-signing-user@example.com"' - type: string - x-kubernetes-validations: - - message: invalid email address - rule: self.matches('^\\S+@\\S+$') - required: - - oidcIssuer - - signedEmail - type: object - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - maxLength: 8192 - type: string - required: - - fulcioCAData - - fulcioSubject - - rekorKeyData - type: object - policyType: - description: policyType serves as the union's discriminator. - Users are required to assign a value to this field, choosing - one of the policy types that define the root of trust. "PublicKey" - indicates that the policy relies on a sigstore publicKey - and may optionally use a Rekor verification. "FulcioCAWithRekor" - indicates that the policy is based on the Fulcio certification - and incorporates a Rekor verification. - enum: - - PublicKey - - FulcioCAWithRekor - type: string - publicKey: - description: publicKey defines the root of trust based on - a sigstore public key. - properties: - keyData: - description: keyData contains inline base64-encoded data - for the PEM format public key. KeyData must be at most - 8192 characters. - maxLength: 8192 - type: string - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - maxLength: 8192 - type: string - required: - - keyData - type: object - required: - - policyType - type: object - x-kubernetes-validations: - - message: publicKey is required when policyType is PublicKey, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''PublicKey'' - ? has(self.publicKey) : !has(self.publicKey)' - - message: fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''FulcioCAWithRekor'' - ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)' - signedIdentity: - description: signedIdentity specifies what image identity the - signature claims about the image. The required matchPolicy field - specifies the approach used in the verification process to verify - the identity in the signature and the actual image identity, - the default matchPolicy is "MatchRepoDigestOrExact". - properties: - exactRepository: - description: exactRepository is required if matchPolicy is - set to "ExactRepository". - properties: - repository: - description: repository is the reference of the image - identity to be matched. The value should be a repository - name (by omitting the tag or digest) in a registry implementing - the "Docker Registry HTTP API V2". For example, docker.io/library/busybox - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - repository - type: object - matchPolicy: - description: matchPolicy sets the type of matching to be used. - Valid values are "MatchRepoDigestOrExact", "MatchRepository", - "ExactRepository", "RemapIdentity". When omitted, the default - value is "MatchRepoDigestOrExact". If set matchPolicy to - ExactRepository, then the exactRepository must be specified. - If set matchPolicy to RemapIdentity, then the remapIdentity - must be specified. "MatchRepoDigestOrExact" means that the - identity in the signature must be in the same repository - as the image identity if the image identity is referenced - by a digest. Otherwise, the identity in the signature must - be the same as the image identity. "MatchRepository" means - that the identity in the signature must be in the same repository - as the image identity. "ExactRepository" means that the - identity in the signature must be in the same repository - as a specific identity specified by "repository". "RemapIdentity" - means that the signature must be in the same as the remapped - image identity. Remapped image identity is obtained by replacing - the "prefix" with the specified “signedPrefix” if the the - image identity matches the specified remapPrefix. - enum: - - MatchRepoDigestOrExact - - MatchRepository - - ExactRepository - - RemapIdentity - type: string - remapIdentity: - description: remapIdentity is required if matchPolicy is set - to "RemapIdentity". - properties: - prefix: - description: prefix is the prefix of the image identity - to be matched. If the image identity matches the specified - prefix, that prefix is replaced by the specified “signedPrefix” - (otherwise it is used as unchanged and no remapping - takes place). This useful when verifying signatures - for a mirror of some other repository namespace that - preserves the vendor’s repository structure. The prefix - and signedPrefix values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - signedPrefix: - description: signedPrefix is the prefix of the image identity - to be matched in the signature. The format is the same - as "prefix". The values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - prefix - - signedPrefix - type: object - required: - - matchPolicy - type: object - x-kubernetes-validations: - - message: exactRepository is required when matchPolicy is ExactRepository, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''ExactRepository'') - ? has(self.exactRepository) : !has(self.exactRepository)' - - message: remapIdentity is required when matchPolicy is RemapIdentity, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''RemapIdentity'') - ? has(self.remapIdentity) : !has(self.remapIdentity)' - required: - - rootOfTrust - type: object - scopes: - description: 'scopes defines the list of image identities assigned - to a policy. Each item refers to a scope in a registry implementing - the "Docker Registry HTTP API V2". Scopes matching individual images - are named Docker references in the fully expanded form, either using - a tag or digest. For example, docker.io/library/busybox:latest (not - busybox:latest). More general scopes are prefixes of individual-image - scopes, and specify a repository (by omitting the tag or digest), - a repository namespace, or a registry host (by only specifying the - host name and possibly a port number) or a wildcard expression starting - with `*.`, for matching all subdomains (not including a port number). - Wildcards are only supported for subdomain matching, and may not - be used in the middle of the host, i.e. *.example.com is a valid - case, but example*.*.com is not. Please be aware that the scopes - should not be nested under the repositories of OpenShift Container - Platform images. If configured, the policies for OpenShift Container - Platform repositories will not be in effect. For additional details - about the format, please refer to the document explaining the docker - transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' - items: - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid image scope format, scope must contain a fully - qualified domain name or 'localhost' - rule: 'size(self.split(''/'')[0].split(''.'')) == 1 ? self.split(''/'')[0].split(''.'')[0].split('':'')[0] - == ''localhost'' : true' - - message: invalid image scope with wildcard, a wildcard can only - be at the start of the domain and is only supported for subdomain - matching, not path matching - rule: 'self.contains(''*'') ? self.matches(''^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$'') - : true' - - message: invalid repository namespace or image specification in - the image scope - rule: '!self.contains(''*'') ? self.matches(''^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\w][\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$'') - : true' - maxItems: 256 - type: array - x-kubernetes-list-type: set - required: - - policy - - scopes - type: object - status: - description: status contains the observed state of the resource. - properties: - conditions: - description: conditions provide details on the status of this API - Resource. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather.crd.yaml deleted file mode 100644 index b23e917c99..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather.crd.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1245 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: insightsdatagathers.config.openshift.io -spec: - group: config.openshift.io - names: - kind: InsightsDataGather - listKind: InsightsDataGatherList - plural: insightsdatagathers - singular: insightsdatagather - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "InsightsDataGather provides data gather configuration options - for the the Insights Operator. \n Compatibility level 4: No compatibility - is provided, the API can change at any point for any reason. These capabilities - should not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - gatherConfig: - description: gatherConfig spec attribute includes all the configuration - options related to gathering of the Insights data and its uploading - to the ingress. - properties: - dataPolicy: - description: dataPolicy allows user to enable additional global - obfuscation of the IP addresses and base domain in the Insights - archive data. Valid values are "None" and "ObfuscateNetworking". - When set to None the data is not obfuscated. When set to ObfuscateNetworking - the IP addresses and the cluster domain name are obfuscated. - When omitted, this means no opinion and the platform is left - to choose a reasonable default, which is subject to change over - time. The current default is None. - enum: - - "" - - None - - ObfuscateNetworking - type: string - disabledGatherers: - description: 'disabledGatherers is a list of gatherers to be excluded - from the gathering. All the gatherers can be disabled by providing - "all" value. If all the gatherers are disabled, the Insights - operator does not gather any data. The particular gatherers - IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. - Run the following command to get the names of last active gatherers: - "oc get insightsoperators.operator.openshift.io cluster -o json - | jq ''.status.gatherStatus.gatherers[].name''" An example of - disabling gatherers looks like this: `disabledGatherers: ["clusterconfig/machine_configs", - "workloads/workload_info"]`' - items: - type: string - type: array - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/custom.clusterimagepolicy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/custom.clusterimagepolicy.testsuite.yaml deleted file mode 100644 index 232bdf037b..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/custom.clusterimagepolicy.testsuite.yaml +++ /dev/null @@ -1,451 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] ClusterImagePolicy" -crd: 0000_10_config-operator_01_clusterimagepolicy-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImagePolicy with policyType PublicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Should be able to create a minimal ImagePolicy with policyType FulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - - name: Should not allow policyType PublicKey but not set publicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - FulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType FulcioCAData but not set fulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - PublicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow policyType set but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType set FulcioCAWith but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy ExactRepository but not set repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy RemapIdentity but not set prefixes - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise" - - name: Test scope should not allow 'busybox' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - busybox - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope format, scope must contain a fully qualified domain name or 'localhost'" - - name: Test scope should not allow start with subnamesapces '*.example.com/test' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - "*.example.com/test" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching" - - name: Test scope should not allow invalid digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:12dsdf - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid repository namespace or image specification in the image scope" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow digest in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com/namespace:latest - signedPrefix: example.com/namespace - expectedError: "[spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should allow valid ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - - name: Test should allow valid signedIdentity prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - - name: Test scope should allow localhost name with port 'localhost:1234/namespace/namespace' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow localhost 'localhost/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow 'example.com/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow tag 'example.com/foo/bar:latest' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow full specification digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow '*.example.com' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== diff --git a/vendor/github.com/openshift/api/config/v1alpha1/custom.imagepolicy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/custom.imagepolicy.testsuite.yaml deleted file mode 100644 index 05b1487faa..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/custom.imagepolicy.testsuite.yaml +++ /dev/null @@ -1,451 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] ImagePolicy" -crd: 0000_10_config-operator_01_imagepolicy-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImagePolicy with policyType PublicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Should be able to create a minimal ImagePolicy with policyType FulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - - name: Should not allow policyType PublicKey but not set publicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - FulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType FulcioCAData but not set fulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - PublicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow policyType set but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType set FulcioCAWith but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy ExactRepository but not set repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy RemapIdentity but not set prefixes - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise" - - name: Test scope should not allow 'busybox' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - busybox - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope format, scope must contain a fully qualified domain name or 'localhost'" - - name: Test scope should not allow start with subnamesapces '*.example.com/test' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - "*.example.com/test" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching" - - name: Test scope should not allow invalid digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:12dsdf - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid repository namespace or image specification in the image scope" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow digest in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com/namespace:latest - signedPrefix: example.com/namespace - expectedError: "[spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should allow valid ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - - name: Test should allow valid signedIdentity prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - - name: Test scope should allow localhost name with port 'localhost:1234/namespace/namespace' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow localhost 'localhost/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow 'example.com/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow tag 'example.com/foo/bar:latest' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow full specification digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow '*.example.com' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== diff --git a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.backup.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/techpreview.backup.testsuite.yaml deleted file mode 100644 index 91836dd93e..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.backup.testsuite.yaml +++ /dev/null @@ -1,202 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreview] Backup" -crd: 0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a Backup with a valid spec - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* 2 * * *" - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* 2 * * *" - pvcName: etcdbackup-pvc - - name: Should be able to create an EtcdBackup without the pvcName specified - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* 2 * * *" - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* 2 * * *" - - name: Should be able to create a Backup with a valid schedule - At 22:00 on every day-of-week from Monday through Friday - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "0 22 * * 1-5" - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "0 22 * * 1-5" - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid schedule - At 04:05 on Sunday. - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "5 4 * * SUN" - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "5 4 * * SUN" - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid schedule - Predefined hourly - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "@hourly" - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "@hourly" - pvcName: etcdbackup-pvc - - name: Should fail to create an EtcdBackup with an invalid schedule - At 04:05 on invalid day FOO. - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "5 4 * * FOO" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should fail to create an EtcdBackup with an invalid schedule - Predefined typo @hourli instead of @hourly. - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "@hourli" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should fail to create an EtcdBackup with an invalid schedule - Non standard L last Friday in month - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* * * * 5L" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should fail to create an EtcdBackup with an invalid schedule - Non standard L 5th day before last day of month - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* * L-5 * *" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should fail to create an EtcdBackup with an invalid schedule - Non standard W closest weekday to 15th of month - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* * 15W * *" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should be able to create a Backup with a valid time zone - Africa/Banjul - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Africa/Banjul - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Africa/Banjul - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid time zone - Etc/GMT-8 - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Etc/GMT-8 - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Etc/GMT-8 - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid time zone - Etc/UTC - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Etc/UTC - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Etc/UTC - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid time zone - America/Argentina/Catamarca - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: America/Argentina/Catamarca - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: America/Argentina/Catamarca - pvcName: etcdbackup-pvc - - name: Should fail to create an EtcdBackup with an invalid time zone - GMT2 - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: GMT2 - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.timeZone in body should match" - - name: Should fail to create an EtcdBackup with an invalid time zone - GMT+3 - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: GMT+3 - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.timeZone in body should match" - diff --git a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.clusterimagepolicy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/techpreview.clusterimagepolicy.testsuite.yaml deleted file mode 100644 index 6253106674..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.clusterimagepolicy.testsuite.yaml +++ /dev/null @@ -1,451 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] ClusterImagePolicy" -crd: 0000_10_config-operator_01_clusterimagepolicy-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImagePolicy with policyType PublicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Should be able to create a minimal ImagePolicy with policyType FulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - - name: Should not allow policyType PublicKey but not set publicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - FulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType FulcioCAData but not set fulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - PublicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow policyType set but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType set FulcioCAWith but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy ExactRepository but not set repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy RemapIdentity but not set prefixes - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise" - - name: Test scope should not allow 'busybox' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - busybox - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope format, scope must contain a fully qualified domain name or 'localhost'" - - name: Test scope should not allow start with subnamesapces '*.example.com/test' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - "*.example.com/test" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching" - - name: Test scope should not allow invalid digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:12dsdf - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid repository namespace or image specification in the image scope" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow digest in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com/namespace:latest - signedPrefix: example.com/namespace - expectedError: "[spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should allow valid ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - - name: Test should allow valid signedIdentity prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - - name: Test scope should allow localhost name with port 'localhost:1234/namespace/namespace' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow localhost 'localhost/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow 'example.com/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow tag 'example.com/foo/bar:latest' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow full specification digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow '*.example.com' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== diff --git a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.imagepolicy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/techpreview.imagepolicy.testsuite.yaml deleted file mode 100644 index b469d4c523..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.imagepolicy.testsuite.yaml +++ /dev/null @@ -1,451 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] ImagePolicy" -crd: 0000_10_config-operator_01_imagepolicy-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImagePolicy with policyType PublicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Should be able to create a minimal ImagePolicy with policyType FulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - - name: Should not allow policyType PublicKey but not set publicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - FulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType FulcioCAData but not set fulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - PublicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow policyType set but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType set FulcioCAWith but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy ExactRepository but not set repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy RemapIdentity but not set prefixes - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise" - - name: Test scope should not allow 'busybox' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - busybox - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope format, scope must contain a fully qualified domain name or 'localhost'" - - name: Test scope should not allow start with subnamesapces '*.example.com/test' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - "*.example.com/test" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching" - - name: Test scope should not allow invalid digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:12dsdf - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid repository namespace or image specification in the image scope" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow digest in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com/namespace:latest - signedPrefix: example.com/namespace - expectedError: "[spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should allow valid ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - - name: Test should allow valid signedIdentity prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - - name: Test scope should allow localhost name with port 'localhost:1234/namespace/namespace' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow localhost 'localhost/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow 'example.com/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow tag 'example.com/foo/bar:latest' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow full specification digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow '*.example.com' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== diff --git a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.insightsdatagather.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/techpreview.insightsdatagather.testsuite.yaml deleted file mode 100644 index f737927380..0000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.insightsdatagather.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] InsightsDataGather" -crd: 0000_10_config-operator_01_insightsdatagather.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal InsightsDataGather - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: InsightsDataGather - spec: {} # No spec is required for a InsightsDataGather - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: InsightsDataGather - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go b/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go index 9af55b540e..65eb5c1f75 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go @@ -9,6 +9,12 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Backup provides configuration for performing backups of the openshift cluster. // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=backups,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1482 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +openshift:enable:FeatureGate=AutomatedEtcdBackup // +openshift:compatibility-gen:level=4 type Backup struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go index 5c44e0e74e..c503fdeab6 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go @@ -9,6 +9,12 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // ClusterImagePolicy holds cluster-wide configuration for image signature verification // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clusterimagepolicies,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1457 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +openshift:enable:FeatureGate=ImagePolicy // +openshift:compatibility-gen:level=4 type ClusterImagePolicy struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go index b93f17c5da..247bab2184 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go @@ -8,6 +8,12 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // ImagePolicy holds namespace-wide configuration for image signature verification // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=imagepolicies,scope=Namespaced +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1457 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +openshift:enable:FeatureGate=ImagePolicy // +openshift:compatibility-gen:level=4 type ImagePolicy struct { metav1.TypeMeta `json:",inline"` @@ -96,12 +102,12 @@ type PublicKey struct { // KeyData must be at most 8192 characters. // +kubebuilder:validation:Required // +kubebuilder:validation:MaxLength=8192 - KeyData string `json:"keyData"` + KeyData []byte `json:"keyData"` // rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. // rekorKeyData must be at most 8192 characters. // +optional // +kubebuilder:validation:MaxLength=8192 - RekorKeyData string `json:"rekorKeyData,omitempty"` + RekorKeyData []byte `json:"rekorKeyData,omitempty"` } // FulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. @@ -110,12 +116,12 @@ type FulcioCAWithRekor struct { // fulcioCAData must be at most 8192 characters. // +kubebuilder:validation:Required // +kubebuilder:validation:MaxLength=8192 - FulcioCAData string `json:"fulcioCAData"` + FulcioCAData []byte `json:"fulcioCAData"` // rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. // rekorKeyData must be at most 8192 characters. // +kubebuilder:validation:Required // +kubebuilder:validation:MaxLength=8192 - RekorKeyData string `json:"rekorKeyData"` + RekorKeyData []byte `json:"rekorKeyData"` // fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration. // +kubebuilder:validation:Required FulcioSubject PolicyFulcioSubject `json:"fulcioSubject,omitempty"` diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go b/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go index 4dcdb2ec4d..171e96d5b8 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go @@ -9,6 +9,12 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // InsightsDataGather provides data gather configuration options for the the Insights Operator. // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=insightsdatagathers,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1245 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +openshift:enable:FeatureGate=InsightsConfig // +openshift:compatibility-gen:level=4 type InsightsDataGather struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go index 21b08cf333..ab39b5b915 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go @@ -230,6 +230,16 @@ func (in *EtcdBackupSpec) DeepCopy() *EtcdBackupSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FulcioCAWithRekor) DeepCopyInto(out *FulcioCAWithRekor) { *out = *in + if in.FulcioCAData != nil { + in, out := &in.FulcioCAData, &out.FulcioCAData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.RekorKeyData != nil { + in, out := &in.RekorKeyData, &out.RekorKeyData + *out = make([]byte, len(*in)) + copy(*out, *in) + } out.FulcioSubject = in.FulcioSubject return } @@ -563,12 +573,12 @@ func (in *PolicyRootOfTrust) DeepCopyInto(out *PolicyRootOfTrust) { if in.PublicKey != nil { in, out := &in.PublicKey, &out.PublicKey *out = new(PublicKey) - **out = **in + (*in).DeepCopyInto(*out) } if in.FulcioCAWithRekor != nil { in, out := &in.FulcioCAWithRekor, &out.FulcioCAWithRekor *out = new(FulcioCAWithRekor) - **out = **in + (*in).DeepCopyInto(*out) } return } @@ -586,6 +596,16 @@ func (in *PolicyRootOfTrust) DeepCopy() *PolicyRootOfTrust { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PublicKey) DeepCopyInto(out *PublicKey) { *out = *in + if in.KeyData != nil { + in, out := &in.KeyData, &out.KeyData + *out = make([]byte, len(*in)) + copy(*out, *in) + } + if in.RekorKeyData != nil { + in, out := &in.RekorKeyData, &out.RekorKeyData + *out = make([]byte, len(*in)) + copy(*out, *in) + } return } diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..9b5744d4a0 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,92 @@ +backups.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1482 + CRDName: backups.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - AutomatedEtcdBackup + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Backup + Labels: {} + PluralName: backups + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - AutomatedEtcdBackup + Version: v1alpha1 + +clusterimagepolicies.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1457 + CRDName: clusterimagepolicies.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - ImagePolicy + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: ClusterImagePolicy + Labels: {} + PluralName: clusterimagepolicies + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - ImagePolicy + Version: v1alpha1 + +imagepolicies.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1457 + CRDName: imagepolicies.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - ImagePolicy + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: ImagePolicy + Labels: {} + PluralName: imagepolicies + PrinterColumns: [] + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: + - ImagePolicy + Version: v1alpha1 + +insightsdatagathers.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1245 + CRDName: insightsdatagathers.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - InsightsConfig + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: InsightsDataGather + Labels: {} + PluralName: insightsdatagathers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - InsightsConfig + Version: v1alpha1 + diff --git a/vendor/github.com/openshift/api/console/v1/00_consoleclidownload.crd.yaml b/vendor/github.com/openshift/api/console/v1/00_consoleclidownload.crd.yaml deleted file mode 100644 index 913f4c6eb2..0000000000 --- a/vendor/github.com/openshift/api/console/v1/00_consoleclidownload.crd.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/481 - capability.openshift.io/name: Console - description: Extension for configuring openshift web console command line interface - (CLI) downloads. - displayName: ConsoleCLIDownload - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: consoleclidownloads.console.openshift.io -spec: - group: console.openshift.io - names: - kind: ConsoleCLIDownload - listKind: ConsoleCLIDownloadList - plural: consoleclidownloads - singular: consoleclidownload - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.displayName - name: Display name - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: string - name: v1 - schema: - openAPIV3Schema: - description: "ConsoleCLIDownload is an extension for configuring openshift - web console command line interface (CLI) downloads. \n Compatibility level - 2: Stable within a major release for a minimum of 9 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsoleCLIDownloadSpec is the desired cli download configuration. - properties: - description: - description: description is the description of the CLI download (can - include markdown). - type: string - displayName: - description: displayName is the display name of the CLI download. - type: string - links: - description: links is a list of objects that provide CLI download - link details. - items: - properties: - href: - description: href is the absolute secure URL for the link (must - use https) - pattern: ^https:// - type: string - text: - description: text is the display text for the link - type: string - required: - - href - type: object - type: array - required: - - description - - displayName - - links - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/console/v1/00_consoleexternalloglink.crd.yaml b/vendor/github.com/openshift/api/console/v1/00_consoleexternalloglink.crd.yaml deleted file mode 100644 index f658d8bdd3..0000000000 --- a/vendor/github.com/openshift/api/console/v1/00_consoleexternalloglink.crd.yaml +++ /dev/null @@ -1,92 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/481 - capability.openshift.io/name: Console - description: ConsoleExternalLogLink is an extension for customizing OpenShift - web console log links. - displayName: ConsoleExternalLogLinks - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: consoleexternalloglinks.console.openshift.io -spec: - group: console.openshift.io - names: - kind: ConsoleExternalLogLink - listKind: ConsoleExternalLogLinkList - plural: consoleexternalloglinks - singular: consoleexternalloglink - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.text - name: Text - type: string - - jsonPath: .spec.hrefTemplate - name: HrefTemplate - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: "ConsoleExternalLogLink is an extension for customizing OpenShift - web console log links. \n Compatibility level 2: Stable within a major release - for a minimum of 9 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsoleExternalLogLinkSpec is the desired log link configuration. - The log link will appear on the logs tab of the pod details page. - properties: - hrefTemplate: - description: "hrefTemplate is an absolute secure URL (must use https) - for the log link including variables to be replaced. Variables are - specified in the URL with the format ${variableName}, for instance, - ${containerName} and will be replaced with the corresponding values - from the resource. Resource is a pod. Supported variables are: - - ${resourceName} - name of the resource which containes the logs - - ${resourceUID} - UID of the resource which contains the logs - - e.g. `11111111-2222-3333-4444-555555555555` - ${containerName} - - name of the resource's container that contains the logs - ${resourceNamespace} - - namespace of the resource that contains the logs - ${resourceNamespaceUID} - - namespace UID of the resource that contains the logs - ${podLabels} - - JSON representation of labels matching the pod with the logs - - e.g. `{\"key1\":\"value1\",\"key2\":\"value2\"}` \n e.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}" - pattern: ^https:// - type: string - namespaceFilter: - description: namespaceFilter is a regular expression used to restrict - a log link to a matching set of namespaces (e.g., `^openshift-`). - The string is converted into a regular expression using the JavaScript - RegExp constructor. If not specified, links will be displayed for - all the namespaces. - type: string - text: - description: text is the display text for the link - type: string - required: - - hrefTemplate - - text - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/console/v1/00_consolelink.crd.yaml b/vendor/github.com/openshift/api/console/v1/00_consolelink.crd.yaml deleted file mode 100644 index 6a4922e98f..0000000000 --- a/vendor/github.com/openshift/api/console/v1/00_consolelink.crd.yaml +++ /dev/null @@ -1,162 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/481 - capability.openshift.io/name: Console - description: Extension for customizing OpenShift web console links - displayName: ConsoleLinks - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: consolelinks.console.openshift.io -spec: - group: console.openshift.io - names: - kind: ConsoleLink - listKind: ConsoleLinkList - plural: consolelinks - singular: consolelink - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.text - name: Text - type: string - - jsonPath: .spec.href - name: URL - type: string - - jsonPath: .spec.menu - name: Menu - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: "ConsoleLink is an extension for customizing OpenShift web console - links. \n Compatibility level 2: Stable within a major release for a minimum - of 9 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsoleLinkSpec is the desired console link configuration. - properties: - applicationMenu: - description: applicationMenu holds information about section and icon - used for the link in the application menu, and it is applicable - only when location is set to ApplicationMenu. - properties: - imageURL: - description: imageUrl is the URL for the icon used in front of - the link in the application menu. The URL must be an HTTPS URL - or a Data URI. The image should be square and will be shown - at 24x24 pixels. - type: string - section: - description: section is the section of the application menu in - which the link should appear. This can be any text that will - appear as a subheading in the application menu dropdown. A new - section will be created if the text does not match text of an - existing section. - type: string - required: - - section - type: object - href: - description: href is the absolute secure URL for the link (must use - https) - pattern: ^https:// - type: string - location: - description: location determines which location in the console the - link will be appended to (ApplicationMenu, HelpMenu, UserMenu, NamespaceDashboard). - pattern: ^(ApplicationMenu|HelpMenu|UserMenu|NamespaceDashboard)$ - type: string - namespaceDashboard: - description: namespaceDashboard holds information about namespaces - in which the dashboard link should appear, and it is applicable - only when location is set to NamespaceDashboard. If not specified, - the link will appear in all namespaces. - properties: - namespaceSelector: - description: namespaceSelector is used to select the Namespaces - that should contain dashboard link by label. If the namespace - labels match, dashboard link will be shown for the namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces is an array of namespace names in which - the dashboard link should appear. - items: - type: string - type: array - type: object - text: - description: text is the display text for the link - type: string - required: - - href - - location - - text - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/console/v1/00_consolenotification.crd.yaml b/vendor/github.com/openshift/api/console/v1/00_consolenotification.crd.yaml deleted file mode 100644 index 4952526682..0000000000 --- a/vendor/github.com/openshift/api/console/v1/00_consolenotification.crd.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/481 - capability.openshift.io/name: Console - description: Extension for configuring openshift web console notifications. - displayName: ConsoleNotification - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: consolenotifications.console.openshift.io -spec: - group: console.openshift.io - names: - kind: ConsoleNotification - listKind: ConsoleNotificationList - plural: consolenotifications - singular: consolenotification - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.text - name: Text - type: string - - jsonPath: .spec.location - name: Location - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: "ConsoleNotification is the extension for configuring openshift - web console notifications. \n Compatibility level 2: Stable within a major - release for a minimum of 9 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsoleNotificationSpec is the desired console notification - configuration. - properties: - backgroundColor: - description: backgroundColor is the color of the background for the - notification as CSS data type color. - type: string - color: - description: color is the color of the text for the notification as - CSS data type color. - type: string - link: - description: link is an object that holds notification link details. - properties: - href: - description: href is the absolute secure URL for the link (must - use https) - pattern: ^https:// - type: string - text: - description: text is the display text for the link - type: string - required: - - href - - text - type: object - location: - description: 'location is the location of the notification in the - console. Valid values are: "BannerTop", "BannerBottom", "BannerTopBottom".' - pattern: ^(BannerTop|BannerBottom|BannerTopBottom)$ - type: string - text: - description: text is the visible text of the notification. - type: string - required: - - text - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/console/v1/00_consolequickstart.crd.yaml b/vendor/github.com/openshift/api/console/v1/00_consolequickstart.crd.yaml deleted file mode 100644 index 2aa57ea060..0000000000 --- a/vendor/github.com/openshift/api/console/v1/00_consolequickstart.crd.yaml +++ /dev/null @@ -1,207 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/750 - capability.openshift.io/name: Console - description: Extension for guiding user through various workflows in the OpenShift - web console. - displayName: ConsoleQuickStart - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: consolequickstarts.console.openshift.io -spec: - group: console.openshift.io - names: - kind: ConsoleQuickStart - listKind: ConsoleQuickStartList - plural: consolequickstarts - singular: consolequickstart - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ConsoleQuickStart is an extension for guiding user through various - workflows in the OpenShift web console. \n Compatibility level 2: Stable - within a major release for a minimum of 9 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsoleQuickStartSpec is the desired quick start configuration. - properties: - accessReviewResources: - description: accessReviewResources contains a list of resources that - the user's access will be reviewed against in order for the user - to complete the Quick Start. The Quick Start will be hidden if any - of the access reviews fail. - items: - description: ResourceAttributes includes the authorization attributes - available for resource requests to the Authorizer interface - properties: - group: - description: Group is the API Group of the Resource. "*" means - all. - type: string - name: - description: Name is the name of the resource being requested - for a "get" or deleted for a "delete". "" (empty) means all. - type: string - namespace: - description: Namespace is the namespace of the action being - requested. Currently, there is no distinction between no - namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews - "" (empty) is empty for cluster-scoped resources "" (empty) - means "all" for namespace scoped resources from a SubjectAccessReview - or SelfSubjectAccessReview - type: string - resource: - description: Resource is one of the existing resource types. "*" - means all. - type: string - subresource: - description: Subresource is one of the existing resource types. "" - means none. - type: string - verb: - description: 'Verb is a kubernetes resource API verb, like: - get, list, watch, create, update, delete, proxy. "*" means - all.' - type: string - version: - description: Version is the API Version of the Resource. "*" - means all. - type: string - type: object - type: array - conclusion: - description: conclusion sums up the Quick Start and suggests the possible - next steps. (includes markdown) - type: string - description: - description: description is the description of the Quick Start. (includes - markdown) - maxLength: 256 - minLength: 1 - type: string - displayName: - description: displayName is the display name of the Quick Start. - minLength: 1 - type: string - durationMinutes: - description: durationMinutes describes approximately how many minutes - it will take to complete the Quick Start. - minimum: 1 - type: integer - icon: - description: icon is a base64 encoded image that will be displayed - beside the Quick Start display name. The icon should be an vector - image for easy scaling. The size of the icon should be 40x40. - type: string - introduction: - description: introduction describes the purpose of the Quick Start. - (includes markdown) - minLength: 1 - type: string - nextQuickStart: - description: nextQuickStart is a list of the following Quick Starts, - suggested for the user to try. - items: - type: string - type: array - prerequisites: - description: prerequisites contains all prerequisites that need to - be met before taking a Quick Start. (includes markdown) - items: - type: string - type: array - tags: - description: tags is a list of strings that describe the Quick Start. - items: - type: string - type: array - tasks: - description: tasks is the list of steps the user has to perform to - complete the Quick Start. - items: - description: ConsoleQuickStartTask is a single step in a Quick Start. - properties: - description: - description: description describes the steps needed to complete - the task. (includes markdown) - minLength: 1 - type: string - review: - description: review contains instructions to validate the task - is complete. The user will select 'Yes' or 'No'. using a radio - button, which indicates whether the step was completed successfully. - properties: - failedTaskHelp: - description: failedTaskHelp contains suggestions for a failed - task review and is shown at the end of task. (includes - markdown) - minLength: 1 - type: string - instructions: - description: instructions contains steps that user needs - to take in order to validate his work after going through - a task. (includes markdown) - minLength: 1 - type: string - required: - - failedTaskHelp - - instructions - type: object - summary: - description: summary contains information about the passed step. - properties: - failed: - description: failed briefly describes the unsuccessfully - passed task. (includes markdown) - maxLength: 128 - minLength: 1 - type: string - success: - description: success describes the succesfully passed task. - minLength: 1 - type: string - required: - - failed - - success - type: object - title: - description: title describes the task and is displayed as a - step heading. - minLength: 1 - type: string - required: - - description - - title - type: object - minItems: 1 - type: array - required: - - description - - displayName - - durationMinutes - - introduction - - tasks - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/console/v1/00_consolesample.crd.yaml b/vendor/github.com/openshift/api/console/v1/00_consolesample.crd.yaml deleted file mode 100644 index 4c62c4cc38..0000000000 --- a/vendor/github.com/openshift/api/console/v1/00_consolesample.crd.yaml +++ /dev/null @@ -1,241 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/481 - capability.openshift.io/name: Console - description: ConsoleSample is an extension to customizing OpenShift web console - by adding samples. - displayName: ConsoleSample - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: consolesamples.console.openshift.io -spec: - group: console.openshift.io - names: - kind: ConsoleSample - listKind: ConsoleSampleList - plural: consolesamples - singular: consolesample - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ConsoleSample is an extension to customizing OpenShift web console - by adding samples. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec contains configuration for a console sample. - properties: - abstract: - description: "abstract is a short introduction to the sample. \n It - is required and must be no more than 100 characters in length. \n - The abstract is shown on the sample card tile below the title and - provider and is limited to three lines of content." - maxLength: 100 - type: string - description: - description: "description is a long form explanation of the sample. - \n It is required and can have a maximum length of **4096** characters. - \n It is a README.md-like content for additional information, links, - pre-conditions, and other instructions. It will be rendered as Markdown - so that it can contain line breaks, links, and other simple formatting." - maxLength: 4096 - type: string - icon: - description: "icon is an optional base64 encoded image and shown beside - the sample title. \n The format must follow the data: URL format - and can have a maximum size of **10 KB**. \n data:[][;base64], \n For example: \n data:image;base64, plus - the base64 encoded image. \n Vector images can also be used. SVG - icons must start with: \n data:image/svg+xml;base64, plus the - base64 encoded SVG image. \n All sample catalog icons will be shown - on a white background (also when the dark theme is used). The web - console ensures that different aspect ratios work correctly. Currently, - the surface of the icon is at most 40x100px. \n For more information - on the data URL format, please visit https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs." - maxLength: 14000 - pattern: ^data:([a-z/\.+0-9]*;(([-a-zA-Z0-9=])*;)?)?base64, - type: string - provider: - description: "provider is an optional label to honor who provides - the sample. \n It is optional and must be no more than 50 characters - in length. \n A provider can be a company like \"Red Hat\" or an - organization like \"CNCF\" or \"Knative\". \n Currently, the provider - is only shown on the sample card tile below the title with the prefix - \"Provided by \"" - maxLength: 50 - type: string - source: - description: source defines where to deploy the sample service from. - The sample may be sourced from an external git repository or container - image. - properties: - containerImport: - description: containerImport allows the user import a container - image. - properties: - image: - description: "reference to a container image that provides - a HTTP service. The service must be exposed on the default - port (8080) unless otherwise configured with the port field. - \n Supported formats: - / - - docker.io// - quay.io// - - quay.io//@sha256: - - quay.io//:" - maxLength: 256 - minLength: 1 - type: string - service: - default: - targetPort: 8080 - description: service contains configuration for the Service - resource created for this sample. - properties: - targetPort: - default: 8080 - description: targetPort is the port that the service listens - on for HTTP requests. This port will be used for Service - and Route created for this sample. Port must be in the - range 1 to 65535. Default port is 8080. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - type: object - required: - - image - type: object - gitImport: - description: gitImport allows the user to import code from a git - repository. - properties: - repository: - description: repository contains the reference to the actual - Git repository. - properties: - contextDir: - description: contextDir is used to specify a directory - within the repository to build the component. Must start - with `/` and have a maximum length of 256 characters. - When omitted, the default value is to build from the - root of the repository. - maxLength: 256 - pattern: ^/ - type: string - revision: - description: revision is the git revision at which to - clone the git repository Can be used to clone a specific - branch, tag or commit SHA. Must be at most 256 characters - in length. When omitted the repository's default branch - is used. - maxLength: 256 - type: string - url: - description: "url of the Git repository that contains - a HTTP service. The HTTP service must be exposed on - the default port (8080) unless otherwise configured - with the port field. \n Only public repositories on - GitHub, GitLab and Bitbucket are currently supported: - \n - https://github.com// - https://gitlab.com// - - https://bitbucket.org// \n The url - must have a maximum length of 256 characters." - maxLength: 256 - minLength: 1 - pattern: ^https:\/\/(github.com|gitlab.com|bitbucket.org)\/[a-zA-Z0-9-]+\/[a-zA-Z0-9-]+(.git)?$ - type: string - required: - - url - type: object - service: - default: - targetPort: 8080 - description: service contains configuration for the Service - resource created for this sample. - properties: - targetPort: - default: 8080 - description: targetPort is the port that the service listens - on for HTTP requests. This port will be used for Service - created for this sample. Port must be in the range 1 - to 65535. Default port is 8080. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - type: object - required: - - repository - type: object - type: - allOf: - - enum: - - GitImport - - ContainerImport - - enum: - - GitImport - - ContainerImport - description: 'type of the sample, currently supported: "GitImport";"ContainerImport"' - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: source.gitImport is required when source.type is GitImport, - and forbidden otherwise - rule: 'self.type == ''GitImport'' ? has(self.gitImport) : !has(self.gitImport)' - - message: source.containerImport is required when source.type is - ContainerImport, and forbidden otherwise - rule: 'self.type == ''ContainerImport'' ? has(self.containerImport) - : !has(self.containerImport)' - tags: - description: "tags are optional string values that can be used to - find samples in the samples catalog. \n Examples of common tags - may be \"Java\", \"Quarkus\", etc. \n They will be displayed on - the samples details page." - items: - type: string - maxItems: 10 - type: array - x-kubernetes-list-type: set - title: - description: "title is the display name of the sample. \n It is required - and must be no more than 50 characters in length." - maxLength: 50 - minLength: 1 - type: string - type: - description: "type is an optional label to group multiple samples. - \n It is optional and must be no more than 20 characters in length. - \n Recommendation is a singular term like \"Builder Image\", \"Devfile\" - or \"Serverless Function\". \n Currently, the type is shown a badge - on the sample card tile in the top right corner." - maxLength: 20 - type: string - required: - - abstract - - description - - source - - title - type: object - required: - - metadata - - spec - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/console/v1/00_consoleyamlsample.crd.yaml b/vendor/github.com/openshift/api/console/v1/00_consoleyamlsample.crd.yaml deleted file mode 100644 index f40a7c68e0..0000000000 --- a/vendor/github.com/openshift/api/console/v1/00_consoleyamlsample.crd.yaml +++ /dev/null @@ -1,91 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/481 - capability.openshift.io/name: Console - description: Extension for configuring openshift web console YAML samples. - displayName: ConsoleYAMLSample - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: consoleyamlsamples.console.openshift.io -spec: - group: console.openshift.io - names: - kind: ConsoleYAMLSample - listKind: ConsoleYAMLSampleList - plural: consoleyamlsamples - singular: consoleyamlsample - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ConsoleYAMLSample is an extension for customizing OpenShift - web console YAML samples. \n Compatibility level 2: Stable within a major - release for a minimum of 9 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsoleYAMLSampleSpec is the desired YAML sample configuration. - Samples will appear with their descriptions in a samples sidebar when - creating a resources in the web console. - properties: - description: - description: description of the YAML sample. - pattern: ^(.|\s)*\S(.|\s)*$ - type: string - snippet: - description: snippet indicates that the YAML sample is not the full - YAML resource definition, but a fragment that can be inserted into - the existing YAML document at the user's cursor. - type: boolean - targetResource: - description: targetResource contains apiVersion and kind of the resource - YAML sample is representating. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - type: object - title: - description: title of the YAML sample. - pattern: ^(.|\s)*\S(.|\s)*$ - type: string - yaml: - description: yaml is the YAML sample to display. - pattern: ^(.|\s)*\S(.|\s)*$ - type: string - required: - - description - - targetResource - - title - - yaml - type: object - required: - - metadata - - spec - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/console/v1/90_consoleplugin.crd.yaml b/vendor/github.com/openshift/api/console/v1/90_consoleplugin.crd.yaml deleted file mode 100644 index 294152a824..0000000000 --- a/vendor/github.com/openshift/api/console/v1/90_consoleplugin.crd.yaml +++ /dev/null @@ -1,374 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1186 - capability.openshift.io/name: Console - description: Extension for configuring openshift web console plugins. - displayName: ConsolePlugin - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - service.beta.openshift.io/inject-cabundle: "true" - name: consoleplugins.console.openshift.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook - namespace: openshift-console-operator - path: /crdconvert - port: 9443 - conversionReviewVersions: - - v1 - - v1alpha1 - group: console.openshift.io - names: - kind: ConsolePlugin - listKind: ConsolePluginList - plural: consoleplugins - singular: consoleplugin - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ConsolePlugin is an extension for customizing OpenShift web - console by dynamically loading code from another service running on the - cluster. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsolePluginSpec is the desired plugin configuration. - properties: - backend: - description: backend holds the configuration of backend which is serving - console's plugin . - properties: - service: - description: service is a Kubernetes Service that exposes the - plugin using a deployment with an HTTP server. The Service must - use HTTPS and Service serving certificate. The console backend - will proxy the plugins assets from the Service using the service - CA bundle. - properties: - basePath: - default: / - description: basePath is the path to the plugin's assets. - The primary asset it the manifest file called `plugin-manifest.json`, - which is a JSON document that contains metadata about the - plugin and the extensions. - maxLength: 256 - minLength: 1 - pattern: ^[a-zA-Z0-9.\-_~!$&'()*+,;=:@\/]*$ - type: string - name: - description: name of Service that is serving the plugin assets. - maxLength: 128 - minLength: 1 - type: string - namespace: - description: namespace of Service that is serving the plugin - assets. - maxLength: 128 - minLength: 1 - type: string - port: - description: port on which the Service that is serving the - plugin is listening to. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - name - - namespace - - port - type: object - type: - description: "type is the backend type which servers the console's - plugin. Currently only \"Service\" is supported. \n ---" - enum: - - Service - type: string - required: - - type - type: object - displayName: - description: displayName is the display name of the plugin. The dispalyName - should be between 1 and 128 characters. - maxLength: 128 - minLength: 1 - type: string - i18n: - description: i18n is the configuration of plugin's localization resources. - properties: - loadType: - description: loadType indicates how the plugin's localization - resource should be loaded. Valid values are Preload, Lazy and - the empty string. When set to Preload, all localization resources - are fetched when the plugin is loaded. When set to Lazy, localization - resources are lazily loaded as and when they are required by - the console. When omitted or set to the empty string, the behaviour - is equivalent to Lazy type. - enum: - - Preload - - Lazy - - "" - type: string - required: - - loadType - type: object - proxy: - description: proxy is a list of proxies that describe various service - type to which the plugin needs to connect to. - items: - description: ConsolePluginProxy holds information on various service - types to which console's backend will proxy the plugin's requests. - properties: - alias: - description: "alias is a proxy name that identifies the plugin's - proxy. An alias name should be unique per plugin. The console - backend exposes following proxy endpoint: \n /api/proxy/plugin///? - \n Request example path: \n /api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver" - maxLength: 128 - minLength: 1 - pattern: ^[A-Za-z0-9-_]+$ - type: string - authorization: - default: None - description: authorization provides information about authorization - type, which the proxied request should contain - enum: - - UserToken - - None - type: string - caCertificate: - description: caCertificate provides the cert authority certificate - contents, in case the proxied Service is using custom service - CA. By default, the service CA bundle provided by the service-ca - operator is used. - pattern: ^-----BEGIN CERTIFICATE-----([\s\S]*)-----END CERTIFICATE-----\s?$ - type: string - endpoint: - description: endpoint provides information about endpoint to - which the request is proxied to. - properties: - service: - description: 'service is an in-cluster Service that the - plugin will connect to. The Service must use HTTPS. The - console backend exposes an endpoint in order to proxy - communication between the plugin and the Service. Note: - service field is required for now, since currently only - "Service" type is supported.' - properties: - name: - description: name of Service that the plugin needs to - connect to. - maxLength: 128 - minLength: 1 - type: string - namespace: - description: namespace of Service that the plugin needs - to connect to - maxLength: 128 - minLength: 1 - type: string - port: - description: port on which the Service that the plugin - needs to connect to is listening on. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - name - - namespace - - port - type: object - type: - description: "type is the type of the console plugin's proxy. - Currently only \"Service\" is supported. \n ---" - enum: - - Service - type: string - required: - - type - type: object - required: - - alias - - endpoint - type: object - type: array - required: - - backend - - displayName - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "ConsolePlugin is an extension for customizing OpenShift web - console by dynamically loading code from another service running on the - cluster. \n Compatibility level 4: No compatibility is provided, the API - can change at any point for any reason. These capabilities should not be - used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsolePluginSpec is the desired plugin configuration. - properties: - displayName: - description: displayName is the display name of the plugin. - minLength: 1 - type: string - proxy: - description: proxy is a list of proxies that describe various service - type to which the plugin needs to connect to. - items: - description: ConsolePluginProxy holds information on various service - types to which console's backend will proxy the plugin's requests. - properties: - alias: - description: "alias is a proxy name that identifies the plugin's - proxy. An alias name should be unique per plugin. The console - backend exposes following proxy endpoint: \n /api/proxy/plugin///? - \n Request example path: \n /api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver" - maxLength: 128 - minLength: 1 - pattern: ^[A-Za-z0-9-_]+$ - type: string - authorize: - default: false - description: "authorize indicates if the proxied request should - contain the logged-in user's OpenShift access token in the - \"Authorization\" request header. For example: \n Authorization: - Bearer sha256~kV46hPnEYhCWFnB85r5NrprAxggzgb6GOeLbgcKNsH0 - \n By default the access token is not part of the proxied - request." - type: boolean - caCertificate: - description: caCertificate provides the cert authority certificate - contents, in case the proxied Service is using custom service - CA. By default, the service CA bundle provided by the service-ca - operator is used. - pattern: ^-----BEGIN CERTIFICATE-----([\s\S]*)-----END CERTIFICATE-----\s?$ - type: string - service: - description: 'service is an in-cluster Service that the plugin - will connect to. The Service must use HTTPS. The console backend - exposes an endpoint in order to proxy communication between - the plugin and the Service. Note: service field is required - for now, since currently only "Service" type is supported.' - properties: - name: - description: name of Service that the plugin needs to connect - to. - maxLength: 128 - minLength: 1 - type: string - namespace: - description: namespace of Service that the plugin needs - to connect to - maxLength: 128 - minLength: 1 - type: string - port: - description: port on which the Service that the plugin needs - to connect to is listening on. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - name - - namespace - - port - type: object - type: - description: type is the type of the console plugin's proxy. - Currently only "Service" is supported. - pattern: ^(Service)$ - type: string - required: - - alias - - type - type: object - type: array - service: - description: service is a Kubernetes Service that exposes the plugin - using a deployment with an HTTP server. The Service must use HTTPS - and Service serving certificate. The console backend will proxy - the plugins assets from the Service using the service CA bundle. - properties: - basePath: - default: / - description: basePath is the path to the plugin's assets. The - primary asset it the manifest file called `plugin-manifest.json`, - which is a JSON document that contains metadata about the plugin - and the extensions. - minLength: 1 - pattern: ^/ - type: string - name: - description: name of Service that is serving the plugin assets. - maxLength: 128 - minLength: 1 - type: string - namespace: - description: namespace of Service that is serving the plugin assets. - maxLength: 128 - minLength: 1 - type: string - port: - description: port on which the Service that is serving the plugin - is listening to. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - basePath - - name - - namespace - - port - type: object - required: - - service - type: object - required: - - metadata - - spec - type: object - served: true - storage: false diff --git a/vendor/github.com/openshift/api/console/v1/stable.consoleclidownload.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consoleclidownload.testsuite.yaml deleted file mode 100644 index 8faef369b3..0000000000 --- a/vendor/github.com/openshift/api/console/v1/stable.consoleclidownload.testsuite.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ConsoleCLIDownload" -crd: 00_consoleclidownload.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ConsoleCLIDownload - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsoleCLIDownload - spec: - description: foo - displayName: foo - links: [] - expected: | - apiVersion: console.openshift.io/v1 - kind: ConsoleCLIDownload - spec: - description: foo - displayName: foo - links: [] diff --git a/vendor/github.com/openshift/api/console/v1/stable.consoleexternalloglink.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consoleexternalloglink.testsuite.yaml deleted file mode 100644 index 8602d88b8e..0000000000 --- a/vendor/github.com/openshift/api/console/v1/stable.consoleexternalloglink.testsuite.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ConsoleExternalLogLink" -crd: 00_consoleexternalloglink.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ConsoleExternalLogLink - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsoleExternalLogLink - spec: - text: foo - hrefTemplate: "https://" - expected: | - apiVersion: console.openshift.io/v1 - kind: ConsoleExternalLogLink - spec: - text: foo - hrefTemplate: "https://" diff --git a/vendor/github.com/openshift/api/console/v1/stable.consolelink.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consolelink.testsuite.yaml deleted file mode 100644 index 87415ec163..0000000000 --- a/vendor/github.com/openshift/api/console/v1/stable.consolelink.testsuite.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ConsoleLink" -crd: 00_consolelink.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ConsoleLink - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsoleLink - spec: - href: "https://" - location: HelpMenu - text: foo - expected: | - apiVersion: console.openshift.io/v1 - kind: ConsoleLink - spec: - href: "https://" - location: HelpMenu - text: foo diff --git a/vendor/github.com/openshift/api/console/v1/stable.consolenotification.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consolenotification.testsuite.yaml deleted file mode 100644 index c60dd0a64e..0000000000 --- a/vendor/github.com/openshift/api/console/v1/stable.consolenotification.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ConsoleNotification" -crd: 00_consolenotification.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ConsoleNotification - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsoleNotification - spec: - text: foo - expected: | - apiVersion: console.openshift.io/v1 - kind: ConsoleNotification - spec: - text: foo diff --git a/vendor/github.com/openshift/api/console/v1/stable.consoleplugin.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consoleplugin.testsuite.yaml deleted file mode 100644 index 0abe23ba7a..0000000000 --- a/vendor/github.com/openshift/api/console/v1/stable.consoleplugin.testsuite.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ConsolePlugin" -crd: 90_consoleplugin.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ConsolePlugin - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsolePlugin - spec: - displayName: foo - backend: - type: Service - expected: | - apiVersion: console.openshift.io/v1 - kind: ConsolePlugin - spec: - displayName: foo - backend: - type: Service - - name: Should be able to create a ConsolePlugin with default i18n loadType - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsolePlugin - spec: - displayName: foo - backend: - type: Service - i18n: - loadType: "" - expected: | - apiVersion: console.openshift.io/v1 - kind: ConsolePlugin - spec: - displayName: foo - backend: - type: Service - i18n: - loadType: "" - - name: Should be able to create a ConsolePlugin with Preload i18n loadType - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsolePlugin - spec: - displayName: foo - backend: - type: Service - i18n: - loadType: Preload - expected: | - apiVersion: console.openshift.io/v1 - kind: ConsolePlugin - spec: - displayName: foo - backend: - type: Service - i18n: - loadType: Preload - - name: Should be able to create a ConsolePlugin with Lazy i18n loadType - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsolePlugin - spec: - displayName: foo - backend: - type: Service - i18n: - loadType: Lazy - expected: | - apiVersion: console.openshift.io/v1 - kind: ConsolePlugin - spec: - displayName: foo - backend: - type: Service - i18n: - loadType: Lazy - - name: Should reject to create a ConsolePlugin with invalid i18n loadType - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsolePlugin - spec: - displayName: foo - backend: - type: Service - i18n: - loadType: Invalid - expectedError: "Unsupported value: \"Invalid\"" diff --git a/vendor/github.com/openshift/api/console/v1/stable.consolequickstart.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consolequickstart.testsuite.yaml deleted file mode 100644 index d9c3ec93f4..0000000000 --- a/vendor/github.com/openshift/api/console/v1/stable.consolequickstart.testsuite.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ConsoleQuickStart" -crd: 00_consolequickstart.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ConsoleQuickStart - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsoleQuickStart - spec: - description: foo - displayName: foo - durationMinutes: 10 - introduction: foo - tasks: - - title: foo - description: foo - expected: | - apiVersion: console.openshift.io/v1 - kind: ConsoleQuickStart - spec: - description: foo - displayName: foo - durationMinutes: 10 - introduction: foo - tasks: - - title: foo - description: foo diff --git a/vendor/github.com/openshift/api/console/v1/stable.consolesample.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consolesample.testsuite.yaml deleted file mode 100644 index f5af743603..0000000000 --- a/vendor/github.com/openshift/api/console/v1/stable.consolesample.testsuite.yaml +++ /dev/null @@ -1,183 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ConsoleSample" -crd: 00_consolesample.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ConsoleSample with GitImport - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsoleSample - spec: - title: Java with Maven test - abstract: Build and run Java applications using Maven and OpenJDK. - description: Build and run Java applications using Maven and OpenJDK. - source: - type: GitImport - gitImport: - repository: - url: https://github.com/jboss-openshift/openshift-quickstarts - expected: | - apiVersion: console.openshift.io/v1 - kind: ConsoleSample - spec: - title: Java with Maven test - abstract: Build and run Java applications using Maven and OpenJDK. - description: Build and run Java applications using Maven and OpenJDK. - source: - type: GitImport - gitImport: - repository: - url: https://github.com/jboss-openshift/openshift-quickstarts - service: - targetPort: 8080 - - name: Should be able to create a minimal ConsoleSample with ContainerImport - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsoleSample - spec: - title: Base image test - abstract: Test the minimal Red Hat Universal Base Image (UBI). - description: Test the minimal Red Hat Universal Base Image (UBI). - source: - type: ContainerImport - containerImport: - image: registry.access.redhat.com/ubi8/ubi-minimal:8.8-860 - expected: | - apiVersion: console.openshift.io/v1 - kind: ConsoleSample - spec: - title: Base image test - abstract: Test the minimal Red Hat Universal Base Image (UBI). - description: Test the minimal Red Hat Universal Base Image (UBI). - source: - type: ContainerImport - containerImport: - image: registry.access.redhat.com/ubi8/ubi-minimal:8.8-860 - service: - targetPort: 8080 - - name: Should be able to create a full ConsoleSample with GitImport - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsoleSample - spec: - title: Java with Maven test - abstract: Build and run Java applications using Maven and OpenJDK. - description: Build and run Java applications using Maven and OpenJDK. - icon: data:image;base64,base64 encoded image - type: Serverless function - provider: Red Hat - tags: - - java - - jboss - - openjdk - source: - type: GitImport - gitImport: - repository: - url: https://github.com/openshift-dev-console/nodejs-sample - revision: main - contextDir: /backend - service: - targetPort: 3000 - expected: | - apiVersion: console.openshift.io/v1 - kind: ConsoleSample - spec: - title: Java with Maven test - abstract: Build and run Java applications using Maven and OpenJDK. - description: Build and run Java applications using Maven and OpenJDK. - icon: data:image;base64,base64 encoded image - type: Serverless function - provider: Red Hat - tags: - - java - - jboss - - openjdk - source: - type: GitImport - gitImport: - repository: - url: https://github.com/openshift-dev-console/nodejs-sample - revision: main - contextDir: /backend - service: - targetPort: 3000 - - name: Should be able to create a full ConsoleSample with ContainerImport - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsoleSample - spec: - title: Base image test - abstract: Test the minimal Red Hat Universal Base Image (UBI). - description: Test the minimal Red Hat Universal Base Image (UBI). - icon: data:image;base64,base64 encoded image - type: Serverless function - provider: Red Hat - tags: - - java - - jboss - - openjdk - source: - type: ContainerImport - containerImport: - image: registry.access.redhat.com/ubi8/ubi-minimal:8.8-860 - service: - targetPort: 3000 - expected: | - apiVersion: console.openshift.io/v1 - kind: ConsoleSample - spec: - title: Base image test - abstract: Test the minimal Red Hat Universal Base Image (UBI). - description: Test the minimal Red Hat Universal Base Image (UBI). - icon: data:image;base64,base64 encoded image - type: Serverless function - provider: Red Hat - tags: - - java - - jboss - - openjdk - source: - type: ContainerImport - containerImport: - image: registry.access.redhat.com/ubi8/ubi-minimal:8.8-860 - service: - targetPort: 3000 - - name: Should decline a ConsoleSample when reusing a tag - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsoleSample - spec: - title: Java with Maven test - abstract: Build and run Java applications using Maven and OpenJDK. - description: Build and run Java applications using Maven and OpenJDK. - icon: data:image;base64,base64 encoded image - type: Serverless function - provider: Red Hat - tags: - - same-tag-should-be-decline - - same-tag-should-be-decline - source: - type: GitImport - gitImport: - repository: - url: https://github.com/openshift-dev-console/nodejs-sample - expectedError: "spec.tags[1]: Duplicate value: \"same-tag-should-be-decline\"" - - name: Should decline a ConsoleSample with more then 10 tags - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsoleSample - spec: - title: Java with Maven test - abstract: Build and run Java applications using Maven and OpenJDK. - description: Build and run Java applications using Maven and OpenJDK. - icon: data:image;base64,base64 encoded image - type: Serverless function - provider: Red Hat - tags: [tag1, tag2, tag3, tag4, tag5, tag6, tag7, tag8, tag9, tag10, tag11] - source: - type: GitImport - gitImport: - repository: - url: https://github.com/openshift-dev-console/nodejs-sample - expectedError: "spec.tags: Too many: 11: must have at most 10 items" diff --git a/vendor/github.com/openshift/api/console/v1/stable.consoleyamlsample.testsuite.yaml b/vendor/github.com/openshift/api/console/v1/stable.consoleyamlsample.testsuite.yaml deleted file mode 100644 index 1e72d5ac71..0000000000 --- a/vendor/github.com/openshift/api/console/v1/stable.consoleyamlsample.testsuite.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ConsoleYAMLSample" -crd: 00_consoleyamlsample.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ConsoleYAMLSample - initial: | - apiVersion: console.openshift.io/v1 - kind: ConsoleYAMLSample - spec: - description: foo - targetResource: - apiVersion: foo - kind: foo - title: foo - yaml: foo - expected: | - apiVersion: console.openshift.io/v1 - kind: ConsoleYAMLSample - spec: - description: foo - targetResource: - apiVersion: foo - kind: foo - title: foo - yaml: foo diff --git a/vendor/github.com/openshift/api/console/v1/types_console_cli_download.go b/vendor/github.com/openshift/api/console/v1/types_console_cli_download.go index 0e77bedaea..90c32815ce 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_cli_download.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_cli_download.go @@ -9,6 +9,16 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads. // // Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=consoleclidownloads,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/481 +// +openshift:file-pattern=operatorOrdering=00 +// +openshift:capability=Console +// +kubebuilder:metadata:annotations="description=Extension for configuring openshift web console command line interface (CLI) downloads." +// +kubebuilder:metadata:annotations="displayName=ConsoleCLIDownload" +// +kubebuilder:printcolumn:name=Display name,JSONPath=.spec.displayName,type=string +// +kubebuilder:printcolumn:name=Age,JSONPath=.metadata.creationTimestamp,type=string // +openshift:compatibility-gen:level=2 type ConsoleCLIDownload struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/console/v1/types_console_external_log_links.go b/vendor/github.com/openshift/api/console/v1/types_console_external_log_links.go index 6cf252af98..0824e49c17 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_external_log_links.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_external_log_links.go @@ -9,6 +9,17 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // ConsoleExternalLogLink is an extension for customizing OpenShift web console log links. // // Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=consoleexternalloglinks,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/481 +// +openshift:file-pattern=operatorOrdering=00 +// +openshift:capability=Console +// +kubebuilder:metadata:annotations="description=ConsoleExternalLogLink is an extension for customizing OpenShift web console log links." +// +kubebuilder:metadata:annotations="displayName=ConsoleExternalLogLinks" +// +kubebuilder:printcolumn:name=Text,JSONPath=.spec.text,type=string +// +kubebuilder:printcolumn:name=HrefTemplate,JSONPath=.spec.hrefTemplate,type=string +// +kubebuilder:printcolumn:name=Age,JSONPath=.metadata.creationTimestamp,type=date // +openshift:compatibility-gen:level=2 type ConsoleExternalLogLink struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/console/v1/types_console_link.go b/vendor/github.com/openshift/api/console/v1/types_console_link.go index 8ba48907f4..24a5dbadcd 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_link.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_link.go @@ -9,6 +9,18 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // ConsoleLink is an extension for customizing OpenShift web console links. // // Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=consolelinks,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/481 +// +openshift:file-pattern=operatorOrdering=00 +// +openshift:capability=Console +// +kubebuilder:metadata:annotations="description=Extension for customizing OpenShift web console links" +// +kubebuilder:metadata:annotations="displayName=ConsoleLinks" +// +kubebuilder:printcolumn:name=Text,JSONPath=.spec.text,type=string +// +kubebuilder:printcolumn:name=URL,JSONPath=.spec.href,type=string +// +kubebuilder:printcolumn:name=Menu,JSONPath=.spec.menu,type=string +// +kubebuilder:printcolumn:name=Age,JSONPath=.metadata.creationTimestamp,type=date // +openshift:compatibility-gen:level=2 type ConsoleLink struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/console/v1/types_console_notification.go b/vendor/github.com/openshift/api/console/v1/types_console_notification.go index 5408f1044b..0571ca77f2 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_notification.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_notification.go @@ -9,6 +9,17 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // ConsoleNotification is the extension for configuring openshift web console notifications. // // Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=consolenotifications,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/481 +// +openshift:file-pattern=operatorOrdering=00 +// +openshift:capability=Console +// +kubebuilder:metadata:annotations="description=Extension for configuring openshift web console notifications." +// +kubebuilder:metadata:annotations="displayName=ConsoleNotification" +// +kubebuilder:printcolumn:name=Text,JSONPath=.spec.text,type=string +// +kubebuilder:printcolumn:name=Location,JSONPath=.spec.location,type=string +// +kubebuilder:printcolumn:name=Age,JSONPath=.metadata.creationTimestamp,type=date // +openshift:compatibility-gen:level=2 type ConsoleNotification struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/console/v1/types_console_plugin.go b/vendor/github.com/openshift/api/console/v1/types_console_plugin.go index 624ad73b1c..24954687d5 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_plugin.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_plugin.go @@ -11,6 +11,14 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // dynamically loading code from another service running on the cluster. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=consoleplugins,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1186 +// +openshift:file-pattern=operatorOrdering=90 +// +openshift:capability=Console +// +kubebuilder:metadata:annotations="description=Extension for configuring openshift web console plugins." +// +kubebuilder:metadata:annotations="displayName=ConsolePlugin" +// +kubebuilder:metadata:annotations="service.beta.openshift.io/inject-cabundle=true" type ConsolePlugin struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/console/v1/types_console_quick_start.go b/vendor/github.com/openshift/api/console/v1/types_console_quick_start.go index 613dfa9039..bb62fb8fc8 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_quick_start.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_quick_start.go @@ -13,6 +13,13 @@ import ( // workflows in the OpenShift web console. // // Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=consolequickstarts,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/750 +// +openshift:file-pattern=operatorOrdering=00 +// +openshift:capability=Console +// +kubebuilder:metadata:annotations="description=Extension for guiding user through various workflows in the OpenShift web console." +// +kubebuilder:metadata:annotations="displayName=ConsoleQuickStart" // +openshift:compatibility-gen:level=2 type ConsoleQuickStart struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/console/v1/types_console_sample.go b/vendor/github.com/openshift/api/console/v1/types_console_sample.go index 7edb4ba9ea..c0175bf9ba 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_sample.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_sample.go @@ -9,6 +9,13 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // ConsoleSample is an extension to customizing OpenShift web console by adding samples. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=consolesamples,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/481 +// +openshift:file-pattern=operatorOrdering=00 +// +openshift:capability=Console +// +kubebuilder:metadata:annotations="description=ConsoleSample is an extension to customizing OpenShift web console by adding samples." +// +kubebuilder:metadata:annotations="displayName=ConsoleSample" // +openshift:compatibility-gen:level=1 type ConsoleSample struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/console/v1/types_console_yaml_sample.go b/vendor/github.com/openshift/api/console/v1/types_console_yaml_sample.go index 8888b5162c..9cdfa53f4b 100644 --- a/vendor/github.com/openshift/api/console/v1/types_console_yaml_sample.go +++ b/vendor/github.com/openshift/api/console/v1/types_console_yaml_sample.go @@ -9,6 +9,13 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // ConsoleYAMLSample is an extension for customizing OpenShift web console YAML samples. // // Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=consoleyamlsamples,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/481 +// +openshift:file-pattern=operatorOrdering=00 +// +openshift:capability=Console +// +kubebuilder:metadata:annotations="description=Extension for configuring openshift web console YAML samples." +// +kubebuilder:metadata:annotations="displayName=ConsoleYAMLSample" // +openshift:compatibility-gen:level=2 type ConsoleYAMLSample struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..98abc7147b --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,225 @@ +consoleclidownloads.console.openshift.io: + Annotations: + description: Extension for configuring openshift web console command line interface + (CLI) downloads. + displayName: ConsoleCLIDownload + ApprovedPRNumber: https://github.com/openshift/api/pull/481 + CRDName: consoleclidownloads.console.openshift.io + Capability: Console + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "00" + FilenameRunLevel: "" + GroupName: console.openshift.io + HasStatus: true + KindName: ConsoleCLIDownload + Labels: {} + PluralName: consoleclidownloads + PrinterColumns: + - jsonPath: .spec.displayName + name: Display name + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: string + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +consoleexternalloglinks.console.openshift.io: + Annotations: + description: ConsoleExternalLogLink is an extension for customizing OpenShift + web console log links. + displayName: ConsoleExternalLogLinks + ApprovedPRNumber: https://github.com/openshift/api/pull/481 + CRDName: consoleexternalloglinks.console.openshift.io + Capability: Console + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "00" + FilenameRunLevel: "" + GroupName: console.openshift.io + HasStatus: true + KindName: ConsoleExternalLogLink + Labels: {} + PluralName: consoleexternalloglinks + PrinterColumns: + - jsonPath: .spec.text + name: Text + type: string + - jsonPath: .spec.hrefTemplate + name: HrefTemplate + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +consolelinks.console.openshift.io: + Annotations: + description: Extension for customizing OpenShift web console links + displayName: ConsoleLinks + ApprovedPRNumber: https://github.com/openshift/api/pull/481 + CRDName: consolelinks.console.openshift.io + Capability: Console + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "00" + FilenameRunLevel: "" + GroupName: console.openshift.io + HasStatus: true + KindName: ConsoleLink + Labels: {} + PluralName: consolelinks + PrinterColumns: + - jsonPath: .spec.text + name: Text + type: string + - jsonPath: .spec.href + name: URL + type: string + - jsonPath: .spec.menu + name: Menu + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +consolenotifications.console.openshift.io: + Annotations: + description: Extension for configuring openshift web console notifications. + displayName: ConsoleNotification + ApprovedPRNumber: https://github.com/openshift/api/pull/481 + CRDName: consolenotifications.console.openshift.io + Capability: Console + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "00" + FilenameRunLevel: "" + GroupName: console.openshift.io + HasStatus: true + KindName: ConsoleNotification + Labels: {} + PluralName: consolenotifications + PrinterColumns: + - jsonPath: .spec.text + name: Text + type: string + - jsonPath: .spec.location + name: Location + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +consoleplugins.console.openshift.io: + Annotations: + description: Extension for configuring openshift web console plugins. + displayName: ConsolePlugin + service.beta.openshift.io/inject-cabundle: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/1186 + CRDName: consoleplugins.console.openshift.io + Capability: Console + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "90" + FilenameRunLevel: "" + GroupName: console.openshift.io + HasStatus: false + KindName: ConsolePlugin + Labels: {} + PluralName: consoleplugins + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +consolequickstarts.console.openshift.io: + Annotations: + description: Extension for guiding user through various workflows in the OpenShift + web console. + displayName: ConsoleQuickStart + ApprovedPRNumber: https://github.com/openshift/api/pull/750 + CRDName: consolequickstarts.console.openshift.io + Capability: Console + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "00" + FilenameRunLevel: "" + GroupName: console.openshift.io + HasStatus: false + KindName: ConsoleQuickStart + Labels: {} + PluralName: consolequickstarts + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +consolesamples.console.openshift.io: + Annotations: + description: ConsoleSample is an extension to customizing OpenShift web console + by adding samples. + displayName: ConsoleSample + ApprovedPRNumber: https://github.com/openshift/api/pull/481 + CRDName: consolesamples.console.openshift.io + Capability: Console + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "00" + FilenameRunLevel: "" + GroupName: console.openshift.io + HasStatus: false + KindName: ConsoleSample + Labels: {} + PluralName: consolesamples + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +consoleyamlsamples.console.openshift.io: + Annotations: + description: Extension for configuring openshift web console YAML samples. + displayName: ConsoleYAMLSample + ApprovedPRNumber: https://github.com/openshift/api/pull/481 + CRDName: consoleyamlsamples.console.openshift.io + Capability: Console + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "00" + FilenameRunLevel: "" + GroupName: console.openshift.io + HasStatus: false + KindName: ConsoleYAMLSample + Labels: {} + PluralName: consoleyamlsamples + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/console/v1alpha1/90_consoleplugin.crd.yaml b/vendor/github.com/openshift/api/console/v1alpha1/90_consoleplugin.crd.yaml deleted file mode 100644 index f2cb187c8d..0000000000 --- a/vendor/github.com/openshift/api/console/v1alpha1/90_consoleplugin.crd.yaml +++ /dev/null @@ -1,374 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/764 - capability.openshift.io/name: Console - description: Extension for configuring openshift web console plugins. - displayName: ConsolePlugin - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - service.beta.openshift.io/inject-cabundle: "true" - name: consoleplugins.console.openshift.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: webhook - namespace: openshift-console-operator - path: /crdconvert - port: 9443 - conversionReviewVersions: - - v1 - - v1alpha1 - group: console.openshift.io - names: - kind: ConsolePlugin - listKind: ConsolePluginList - plural: consoleplugins - singular: consoleplugin - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ConsolePlugin is an extension for customizing OpenShift web - console by dynamically loading code from another service running on the - cluster. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsolePluginSpec is the desired plugin configuration. - properties: - backend: - description: backend holds the configuration of backend which is serving - console's plugin . - properties: - service: - description: service is a Kubernetes Service that exposes the - plugin using a deployment with an HTTP server. The Service must - use HTTPS and Service serving certificate. The console backend - will proxy the plugins assets from the Service using the service - CA bundle. - properties: - basePath: - default: / - description: basePath is the path to the plugin's assets. - The primary asset it the manifest file called `plugin-manifest.json`, - which is a JSON document that contains metadata about the - plugin and the extensions. - maxLength: 256 - minLength: 1 - pattern: ^[a-zA-Z0-9.\-_~!$&'()*+,;=:@\/]*$ - type: string - name: - description: name of Service that is serving the plugin assets. - maxLength: 128 - minLength: 1 - type: string - namespace: - description: namespace of Service that is serving the plugin - assets. - maxLength: 128 - minLength: 1 - type: string - port: - description: port on which the Service that is serving the - plugin is listening to. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - name - - namespace - - port - type: object - type: - description: "type is the backend type which servers the console's - plugin. Currently only \"Service\" is supported. \n ---" - enum: - - Service - type: string - required: - - type - type: object - displayName: - description: displayName is the display name of the plugin. The dispalyName - should be between 1 and 128 characters. - maxLength: 128 - minLength: 1 - type: string - i18n: - description: i18n is the configuration of plugin's localization resources. - properties: - loadType: - description: loadType indicates how the plugin's localization - resource should be loaded. Valid values are Preload, Lazy and - the empty string. When set to Preload, all localization resources - are fetched when the plugin is loaded. When set to Lazy, localization - resources are lazily loaded as and when they are required by - the console. When omitted or set to the empty string, the behaviour - is equivalent to Lazy type. - enum: - - Preload - - Lazy - - "" - type: string - required: - - loadType - type: object - proxy: - description: proxy is a list of proxies that describe various service - type to which the plugin needs to connect to. - items: - description: ConsolePluginProxy holds information on various service - types to which console's backend will proxy the plugin's requests. - properties: - alias: - description: "alias is a proxy name that identifies the plugin's - proxy. An alias name should be unique per plugin. The console - backend exposes following proxy endpoint: \n /api/proxy/plugin///? - \n Request example path: \n /api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver" - maxLength: 128 - minLength: 1 - pattern: ^[A-Za-z0-9-_]+$ - type: string - authorization: - default: None - description: authorization provides information about authorization - type, which the proxied request should contain - enum: - - UserToken - - None - type: string - caCertificate: - description: caCertificate provides the cert authority certificate - contents, in case the proxied Service is using custom service - CA. By default, the service CA bundle provided by the service-ca - operator is used. - pattern: ^-----BEGIN CERTIFICATE-----([\s\S]*)-----END CERTIFICATE-----\s?$ - type: string - endpoint: - description: endpoint provides information about endpoint to - which the request is proxied to. - properties: - service: - description: 'service is an in-cluster Service that the - plugin will connect to. The Service must use HTTPS. The - console backend exposes an endpoint in order to proxy - communication between the plugin and the Service. Note: - service field is required for now, since currently only - "Service" type is supported.' - properties: - name: - description: name of Service that the plugin needs to - connect to. - maxLength: 128 - minLength: 1 - type: string - namespace: - description: namespace of Service that the plugin needs - to connect to - maxLength: 128 - minLength: 1 - type: string - port: - description: port on which the Service that the plugin - needs to connect to is listening on. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - name - - namespace - - port - type: object - type: - description: "type is the type of the console plugin's proxy. - Currently only \"Service\" is supported. \n ---" - enum: - - Service - type: string - required: - - type - type: object - required: - - alias - - endpoint - type: object - type: array - required: - - backend - - displayName - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "ConsolePlugin is an extension for customizing OpenShift web - console by dynamically loading code from another service running on the - cluster. \n Compatibility level 4: No compatibility is provided, the API - can change at any point for any reason. These capabilities should not be - used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsolePluginSpec is the desired plugin configuration. - properties: - displayName: - description: displayName is the display name of the plugin. - minLength: 1 - type: string - proxy: - description: proxy is a list of proxies that describe various service - type to which the plugin needs to connect to. - items: - description: ConsolePluginProxy holds information on various service - types to which console's backend will proxy the plugin's requests. - properties: - alias: - description: "alias is a proxy name that identifies the plugin's - proxy. An alias name should be unique per plugin. The console - backend exposes following proxy endpoint: \n /api/proxy/plugin///? - \n Request example path: \n /api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver" - maxLength: 128 - minLength: 1 - pattern: ^[A-Za-z0-9-_]+$ - type: string - authorize: - default: false - description: "authorize indicates if the proxied request should - contain the logged-in user's OpenShift access token in the - \"Authorization\" request header. For example: \n Authorization: - Bearer sha256~kV46hPnEYhCWFnB85r5NrprAxggzgb6GOeLbgcKNsH0 - \n By default the access token is not part of the proxied - request." - type: boolean - caCertificate: - description: caCertificate provides the cert authority certificate - contents, in case the proxied Service is using custom service - CA. By default, the service CA bundle provided by the service-ca - operator is used. - pattern: ^-----BEGIN CERTIFICATE-----([\s\S]*)-----END CERTIFICATE-----\s?$ - type: string - service: - description: 'service is an in-cluster Service that the plugin - will connect to. The Service must use HTTPS. The console backend - exposes an endpoint in order to proxy communication between - the plugin and the Service. Note: service field is required - for now, since currently only "Service" type is supported.' - properties: - name: - description: name of Service that the plugin needs to connect - to. - maxLength: 128 - minLength: 1 - type: string - namespace: - description: namespace of Service that the plugin needs - to connect to - maxLength: 128 - minLength: 1 - type: string - port: - description: port on which the Service that the plugin needs - to connect to is listening on. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - name - - namespace - - port - type: object - type: - description: type is the type of the console plugin's proxy. - Currently only "Service" is supported. - pattern: ^(Service)$ - type: string - required: - - alias - - type - type: object - type: array - service: - description: service is a Kubernetes Service that exposes the plugin - using a deployment with an HTTP server. The Service must use HTTPS - and Service serving certificate. The console backend will proxy - the plugins assets from the Service using the service CA bundle. - properties: - basePath: - default: / - description: basePath is the path to the plugin's assets. The - primary asset it the manifest file called `plugin-manifest.json`, - which is a JSON document that contains metadata about the plugin - and the extensions. - minLength: 1 - pattern: ^/ - type: string - name: - description: name of Service that is serving the plugin assets. - maxLength: 128 - minLength: 1 - type: string - namespace: - description: namespace of Service that is serving the plugin assets. - maxLength: 128 - minLength: 1 - type: string - port: - description: port on which the Service that is serving the plugin - is listening to. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - basePath - - name - - namespace - - port - type: object - required: - - service - type: object - required: - - metadata - - spec - type: object - served: true - storage: false diff --git a/vendor/github.com/openshift/api/console/v1alpha1/stable.consoleplugin.testsuite.yaml b/vendor/github.com/openshift/api/console/v1alpha1/stable.consoleplugin.testsuite.yaml deleted file mode 100644 index d861a65434..0000000000 --- a/vendor/github.com/openshift/api/console/v1alpha1/stable.consoleplugin.testsuite.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ConsolePlugin" -crd: 90_consoleplugin.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ConsolePlugin - initial: | - apiVersion: console.openshift.io/v1alpha1 - kind: ConsolePlugin - spec: - service: - name: foo - namespace: foo - port: 80 - expected: | - apiVersion: console.openshift.io/v1alpha1 - kind: ConsolePlugin - spec: - service: - name: foo - namespace: foo - port: 80 - basePath: / diff --git a/vendor/github.com/openshift/api/console/v1alpha1/types_console_plugin.go b/vendor/github.com/openshift/api/console/v1alpha1/types_console_plugin.go index 835e20010d..3533b63994 100644 --- a/vendor/github.com/openshift/api/console/v1alpha1/types_console_plugin.go +++ b/vendor/github.com/openshift/api/console/v1alpha1/types_console_plugin.go @@ -11,6 +11,14 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // dynamically loading code from another service running on the cluster. // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=consoleplugins,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/764 +// +openshift:file-pattern=operatorOrdering=90 +// +openshift:capability=Console +// +kubebuilder:metadata:annotations="description=Extension for configuring openshift web console plugins." +// +kubebuilder:metadata:annotations="displayName=ConsolePlugin" +// +kubebuilder:metadata:annotations="service.beta.openshift.io/inject-cabundle=true" type ConsolePlugin struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/console/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/console/v1alpha1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..d219598d9d --- /dev/null +++ b/vendor/github.com/openshift/api/console/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,24 @@ +consoleplugins.console.openshift.io: + Annotations: + description: Extension for configuring openshift web console plugins. + displayName: ConsolePlugin + service.beta.openshift.io/inject-cabundle: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/764 + CRDName: consoleplugins.console.openshift.io + Capability: Console + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "90" + FilenameRunLevel: "" + GroupName: console.openshift.io + HasStatus: false + KindName: ConsolePlugin + Labels: {} + PluralName: consoleplugins + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1alpha1 + diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md new file mode 100644 index 0000000000..fd496313af --- /dev/null +++ b/vendor/github.com/openshift/api/features.md @@ -0,0 +1,60 @@ +| FeatureGate | Default on Hypershift | Default on SelfManagedHA | TechPreviewNoUpgrade on Hypershift | TechPreviewNoUpgrade on SelfManagedHA | +| ------ | --- | --- | --- | --- | +| AlertingRules| | | Enabled | Enabled | +| AutomatedEtcdBackup| | | Enabled | Enabled | +| CSIDriverSharedResource| | | Enabled | Enabled | +| DNSNameResolver| | | Enabled | Enabled | +| DynamicResourceAllocation| | | Enabled | Enabled | +| Example| | | Enabled | Enabled | +| ExternalRouteCertificate| | | Enabled | Enabled | +| GCPClusterHostedDNS| | | Enabled | Enabled | +| GCPLabelsTags| | | Enabled | Enabled | +| GatewayAPI| | | Enabled | Enabled | +| HardwareSpeed| | | Enabled | Enabled | +| ImagePolicy| | | Enabled | Enabled | +| InsightsConfig| | | Enabled | Enabled | +| InsightsConfigAPI| | | Enabled | Enabled | +| InsightsOnDemandDataGather| | | Enabled | Enabled | +| InstallAlternateInfrastructureAWS| | | Enabled | Enabled | +| MachineAPIProviderOpenStack| | | Enabled | Enabled | +| MachineConfigNodes| | | Enabled | Enabled | +| ManagedBootImages| | | Enabled | Enabled | +| MaxUnavailableStatefulSet| | | Enabled | Enabled | +| MetricsCollectionProfiles| | | Enabled | Enabled | +| MetricsServer| | | Enabled | Enabled | +| MixedCPUsAllocation| | | Enabled | Enabled | +| NetworkDiagnosticsConfig| | | Enabled | Enabled | +| NewOLM| | | Enabled | Enabled | +| NodeDisruptionPolicy| | | Enabled | Enabled | +| NodeSwap| | | Enabled | Enabled | +| OnClusterBuild| | | Enabled | Enabled | +| PinnedImages| | | Enabled | Enabled | +| PlatformOperators| | | Enabled | Enabled | +| RouteExternalCertificate| | | Enabled | Enabled | +| ServiceAccountTokenNodeBinding| | | Enabled | Enabled | +| ServiceAccountTokenNodeBindingValidation| | | Enabled | Enabled | +| ServiceAccountTokenPodNodeInfo| | | Enabled | Enabled | +| SignatureStores| | | Enabled | Enabled | +| SigstoreImageVerification| | | Enabled | Enabled | +| TranslateStreamCloseWebsocketRequests| | | Enabled | Enabled | +| UpgradeStatus| | | Enabled | Enabled | +| ValidatingAdmissionPolicy| | | Enabled | Enabled | +| VolumeGroupSnapshot| | | Enabled | Enabled | +| ExternalOIDC| Enabled | | Enabled | Enabled | +| AdminNetworkPolicy| Enabled | Enabled | Enabled | Enabled | +| AlibabaPlatform| Enabled | Enabled | Enabled | Enabled | +| AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | +| BareMetalLoadBalancer| Enabled | Enabled | Enabled | Enabled | +| BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | +| CloudDualStackNodeIPs| Enabled | Enabled | Enabled | Enabled | +| DisableKubeletCloudCredentialProviders| Enabled | Enabled | Enabled | Enabled | +| ExternalCloudProvider| Enabled | Enabled | Enabled | Enabled | +| ExternalCloudProviderAzure| Enabled | Enabled | Enabled | Enabled | +| ExternalCloudProviderExternal| Enabled | Enabled | Enabled | Enabled | +| ExternalCloudProviderGCP| Enabled | Enabled | Enabled | Enabled | +| KMSv1| Enabled | Enabled | Enabled | Enabled | +| NetworkLiveMigration| Enabled | Enabled | Enabled | Enabled | +| OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | +| PrivateHostedZoneAWS| Enabled | Enabled | Enabled | Enabled | +| VSphereControlPlaneMachineSet| Enabled | Enabled | Enabled | Enabled | +| VSphereStaticIPs| Enabled | Enabled | Enabled | Enabled | diff --git a/vendor/github.com/openshift/api/helm/v1beta1/00_helm-chart-repository.crd.yaml b/vendor/github.com/openshift/api/helm/v1beta1/00_helm-chart-repository.crd.yaml deleted file mode 100644 index bcf81ae9c9..0000000000 --- a/vendor/github.com/openshift/api/helm/v1beta1/00_helm-chart-repository.crd.yaml +++ /dev/null @@ -1,174 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/598 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: helmchartrepositories.helm.openshift.io -spec: - group: helm.openshift.io - names: - kind: HelmChartRepository - listKind: HelmChartRepositoryList - plural: helmchartrepositories - singular: helmchartrepository - scope: Cluster - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: "HelmChartRepository holds cluster-wide configuration for proxied - Helm chart repository \n Compatibility level 2: Stable within a major release - for a minimum of 9 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - connectionConfig: - description: Required configuration for connecting to the chart repo - properties: - ca: - description: ca is an optional reference to a config map by name - containing the PEM-encoded CA bundle. It is used as a trust - anchor to validate the TLS certificate presented by the remote - server. The key "ca-bundle.crt" is used to locate the data. - If empty, the default system roots are used. The namespace for - this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - tlsClientConfig: - description: tlsClientConfig is an optional reference to a secret - by name that contains the PEM-encoded TLS client certificate - and private key to present when connecting to the server. The - key "tls.crt" is used to locate the client certificate. The - key "tls.key" is used to locate the private key. The namespace - for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - url: - description: Chart repository URL - maxLength: 2048 - pattern: ^https?:\/\/ - type: string - type: object - description: - description: Optional human readable repository description, it can - be used by UI for displaying purposes - maxLength: 2048 - minLength: 1 - type: string - disabled: - description: If set to true, disable the repo usage in the cluster/namespace - type: boolean - name: - description: Optional associated human readable repository name, it - can be used by UI for displaying purposes - maxLength: 100 - minLength: 1 - type: string - type: object - status: - description: Observed status of the repository within the cluster.. - properties: - conditions: - description: conditions is a list of conditions and their statuses - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/helm/v1beta1/00_project-helm-chart-repository.crd.yaml b/vendor/github.com/openshift/api/helm/v1beta1/00_project-helm-chart-repository.crd.yaml deleted file mode 100644 index 22dca20fbf..0000000000 --- a/vendor/github.com/openshift/api/helm/v1beta1/00_project-helm-chart-repository.crd.yaml +++ /dev/null @@ -1,192 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1084 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: projecthelmchartrepositories.helm.openshift.io -spec: - group: helm.openshift.io - names: - kind: ProjectHelmChartRepository - listKind: ProjectHelmChartRepositoryList - plural: projecthelmchartrepositories - singular: projecthelmchartrepository - scope: Namespaced - versions: - - name: v1beta1 - schema: - openAPIV3Schema: - description: "ProjectHelmChartRepository holds namespace-wide configuration - for proxied Helm chart repository \n Compatibility level 2: Stable within - a major release for a minimum of 9 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - connectionConfig: - description: Required configuration for connecting to the chart repo - properties: - basicAuthConfig: - description: basicAuthConfig is an optional reference to a secret - by name that contains the basic authentication credentials to - present when connecting to the server. The key "username" is - used locate the username. The key "password" is used to locate - the password. The namespace for this secret must be same as - the namespace where the project helm chart repository is getting - instantiated. - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - ca: - description: ca is an optional reference to a config map by name - containing the PEM-encoded CA bundle. It is used as a trust - anchor to validate the TLS certificate presented by the remote - server. The key "ca-bundle.crt" is used to locate the data. - If empty, the default system roots are used. The namespace for - this configmap must be same as the namespace where the project - helm chart repository is getting instantiated. - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - tlsClientConfig: - description: tlsClientConfig is an optional reference to a secret - by name that contains the PEM-encoded TLS client certificate - and private key to present when connecting to the server. The - key "tls.crt" is used to locate the client certificate. The - key "tls.key" is used to locate the private key. The namespace - for this secret must be same as the namespace where the project - helm chart repository is getting instantiated. - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - url: - description: Chart repository URL - maxLength: 2048 - pattern: ^https?:\/\/ - type: string - type: object - description: - description: Optional human readable repository description, it can - be used by UI for displaying purposes - maxLength: 2048 - minLength: 1 - type: string - disabled: - description: If set to true, disable the repo usage in the namespace - type: boolean - name: - description: Optional associated human readable repository name, it - can be used by UI for displaying purposes - maxLength: 100 - minLength: 1 - type: string - type: object - status: - description: Observed status of the repository within the namespace.. - properties: - conditions: - description: conditions is a list of conditions and their statuses - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/helm/v1beta1/stable.helmchartrepository.testsuite.yaml b/vendor/github.com/openshift/api/helm/v1beta1/stable.helmchartrepository.testsuite.yaml deleted file mode 100644 index 64f1447ccc..0000000000 --- a/vendor/github.com/openshift/api/helm/v1beta1/stable.helmchartrepository.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] HelmChartRepository" -crd: 00_helm-chart-repository.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal HelmChartRepository - initial: | - apiVersion: helm.openshift.io/v1beta1 - kind: HelmChartRepository - spec: {} # No spec is required for a HelmChartRepository - expected: | - apiVersion: helm.openshift.io/v1beta1 - kind: HelmChartRepository - spec: {} diff --git a/vendor/github.com/openshift/api/helm/v1beta1/stable.projecthelmchartrepository.testsuite.yaml b/vendor/github.com/openshift/api/helm/v1beta1/stable.projecthelmchartrepository.testsuite.yaml deleted file mode 100644 index d7c402a534..0000000000 --- a/vendor/github.com/openshift/api/helm/v1beta1/stable.projecthelmchartrepository.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ProjectHelmChartRepository" -crd: 00_project-helm-chart-repository.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ProjectHelmChartRepository - initial: | - apiVersion: helm.openshift.io/v1beta1 - kind: ProjectHelmChartRepository - spec: {} # No spec is required for a ProjectHelmChartRepository - expected: | - apiVersion: helm.openshift.io/v1beta1 - kind: ProjectHelmChartRepository - spec: {} diff --git a/vendor/github.com/openshift/api/helm/v1beta1/types_helm_chart_repository.go b/vendor/github.com/openshift/api/helm/v1beta1/types_helm_chart_repository.go index 826c1496fb..91f25fb673 100644 --- a/vendor/github.com/openshift/api/helm/v1beta1/types_helm_chart_repository.go +++ b/vendor/github.com/openshift/api/helm/v1beta1/types_helm_chart_repository.go @@ -14,6 +14,11 @@ import ( // // Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=2 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=helmchartrepositories,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/598 +// +openshift:file-pattern=operatorOrdering=00 type HelmChartRepository struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/helm/v1beta1/types_project_helm_chart_repository.go b/vendor/github.com/openshift/api/helm/v1beta1/types_project_helm_chart_repository.go index c4cd7759a9..37ff581c14 100644 --- a/vendor/github.com/openshift/api/helm/v1beta1/types_project_helm_chart_repository.go +++ b/vendor/github.com/openshift/api/helm/v1beta1/types_project_helm_chart_repository.go @@ -13,6 +13,11 @@ import ( // // Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=2 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=projecthelmchartrepositories,scope=Namespaced +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1084 +// +openshift:file-pattern=operatorOrdering=00 type ProjectHelmChartRepository struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/helm/v1beta1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/helm/v1beta1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..218c072c16 --- /dev/null +++ b/vendor/github.com/openshift/api/helm/v1beta1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,42 @@ +helmchartrepositories.helm.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/598 + CRDName: helmchartrepositories.helm.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "00" + FilenameRunLevel: "" + GroupName: helm.openshift.io + HasStatus: true + KindName: HelmChartRepository + Labels: {} + PluralName: helmchartrepositories + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1beta1 + +projecthelmchartrepositories.helm.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1084 + CRDName: projecthelmchartrepositories.helm.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "00" + FilenameRunLevel: "" + GroupName: helm.openshift.io + HasStatus: true + KindName: ProjectHelmChartRepository + Labels: {} + PluralName: projecthelmchartrepositories + PrinterColumns: [] + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: [] + Version: v1beta1 + diff --git a/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml b/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml deleted file mode 100644 index dd8f53abed..0000000000 --- a/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml +++ /dev/null @@ -1,2363 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/519 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: configs.imageregistry.operator.openshift.io -spec: - group: imageregistry.operator.openshift.io - names: - kind: Config - listKind: ConfigList - plural: configs - singular: config - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Config is the configuration object for a registry instance managed - by the registry operator \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageRegistrySpec defines the specs for the running registry. - properties: - affinity: - description: affinity is a group of node affinity scheduling rules - for the image registry pod(s). - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys cannot be set - when LabelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys cannot be set - when LabelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - defaultRoute: - description: defaultRoute indicates whether an external facing route - for the registry should be created using the default generated hostname. - type: boolean - disableRedirect: - description: disableRedirect controls whether to route all data through - the Registry, rather than redirecting to the backend. - type: boolean - httpSecret: - description: httpSecret is the value needed by the registry to secure - uploads, generated by default. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - logging: - description: logging is deprecated, use logLevel instead. - format: int64 - type: integer - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - nodeSelector: - additionalProperties: - type: string - description: nodeSelector defines the node selection constraints for - the registry pod. - type: object - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - proxy: - description: proxy defines the proxy to be used when calling master - api, upstream registries, etc. - properties: - http: - description: http defines the proxy to be used by the image registry - when accessing HTTP endpoints. - type: string - https: - description: https defines the proxy to be used by the image registry - when accessing HTTPS endpoints. - type: string - noProxy: - description: noProxy defines a comma-separated list of host names - that shouldn't go through any proxy. - type: string - type: object - readOnly: - description: readOnly indicates whether the registry instance should - reject attempts to push new images or delete existing ones. - type: boolean - replicas: - description: replicas determines the number of registry instances - to run. - format: int32 - type: integer - requests: - description: requests controls how many parallel requests a given - registry instance will handle before queuing additional requests. - properties: - read: - description: read defines limits for image registry's reads. - properties: - maxInQueue: - description: maxInQueue sets the maximum queued api requests - to the registry. - type: integer - maxRunning: - description: maxRunning sets the maximum in flight api requests - to the registry. - type: integer - maxWaitInQueue: - description: maxWaitInQueue sets the maximum time a request - can wait in the queue before being rejected. - format: duration - type: string - type: object - write: - description: write defines limits for image registry's writes. - properties: - maxInQueue: - description: maxInQueue sets the maximum queued api requests - to the registry. - type: integer - maxRunning: - description: maxRunning sets the maximum in flight api requests - to the registry. - type: integer - maxWaitInQueue: - description: maxWaitInQueue sets the maximum time a request - can wait in the queue before being rejected. - format: duration - type: string - type: object - type: object - resources: - description: resources defines the resource requests+limits for the - registry pod. - properties: - claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be set - for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - rolloutStrategy: - description: rolloutStrategy defines rollout strategy for the image - registry deployment. - pattern: ^(RollingUpdate|Recreate)$ - type: string - routes: - description: routes defines additional external facing routes which - should be created for the registry. - items: - description: ImageRegistryConfigRoute holds information on external - route access to image registry. - properties: - hostname: - description: hostname for the route. - type: string - name: - description: name of the route to be created. - type: string - secretName: - description: secretName points to secret containing the certificates - to be used by the route. - type: string - required: - - name - type: object - type: array - storage: - description: storage details for configuring registry storage, e.g. - S3 bucket coordinates. - properties: - azure: - description: azure represents configuration that uses Azure Blob - Storage. - properties: - accountName: - description: accountName defines the account to be used by - the registry. - type: string - cloudName: - description: cloudName is the name of the Azure cloud environment - to be used by the registry. If empty, the operator will - set it based on the infrastructure object. - type: string - container: - description: container defines Azure's container to be used - by registry. - maxLength: 63 - minLength: 3 - pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ - type: string - networkAccess: - default: - type: External - description: 'networkAccess defines the network access properties - for the storage account. Defaults to type: External.' - properties: - internal: - description: 'internal defines the vnet and subnet names - to configure a private endpoint and connect it to the - storage account in order to make it private. when type: - Internal and internal is unset, the image registry operator - will discover vnet and subnet names, and generate a - private endpoint name.' - properties: - networkResourceGroupName: - description: networkResourceGroupName is the resource - group name where the cluster's vnet and subnet are. - When omitted, the registry operator will use the - cluster resource group (from in the infrastructure - status). If you set a networkResourceGroupName on - your install-config.yaml, that value will be used - automatically (for clusters configured with publish:Internal). - Note that both vnet and subnet must be in the same - resource group. It must be between 1 and 90 characters - in length and must consist only of alphanumeric - characters, hyphens (-), periods (.) and underscores - (_), and not end with a period. - maxLength: 90 - minLength: 1 - pattern: ^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$ - type: string - privateEndpointName: - description: privateEndpointName is the name of the - private endpoint for the registry. When provided, - the registry will use it as the name of the private - endpoint it will create for the storage account. - When omitted, the registry will generate one. It - must be between 2 and 64 characters in length and - must consist only of alphanumeric characters, hyphens - (-), periods (.) and underscores (_). It must start - with an alphanumeric character and end with an alphanumeric - character or an underscore. - maxLength: 64 - minLength: 2 - pattern: ^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$ - type: string - subnetName: - description: subnetName is the name of the subnet - the registry operates in. When omitted, the registry - operator will discover and set this by using the - `kubernetes.io_cluster.` tag in the - vnet resource, then using one of listed subnets. - Advanced cluster network configurations that use - network security groups to protect subnets should - ensure the provided subnetName has access to Azure - Storage service. It must be between 1 and 80 characters - in length and must consist only of alphanumeric - characters, hyphens (-), periods (.) and underscores - (_). - maxLength: 80 - minLength: 1 - pattern: ^[0-9A-Za-z](?:[0-9A-Za-z_.-]*[0-9A-Za-z_])?$ - type: string - vnetName: - description: vnetName is the name of the vnet the - registry operates in. When omitted, the registry - operator will discover and set this by using the - `kubernetes.io_cluster.` tag in the - vnet resource. This tag is set automatically by - the installer. Commonly, this will be the same vnet - as the cluster. Advanced cluster network configurations - should ensure the provided vnetName is the vnet - of the nodes where the image registry pods are running - from. It must be between 2 and 64 characters in - length and must consist only of alphanumeric characters, - hyphens (-), periods (.) and underscores (_). It - must start with an alphanumeric character and end - with an alphanumeric character or an underscore. - maxLength: 64 - minLength: 2 - pattern: ^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$ - type: string - type: object - type: - default: External - description: 'type is the network access level to be used - for the storage account. type: Internal means the storage - account will be private, type: External means the storage - account will be publicly accessible. Internal storage - accounts are only exposed within the cluster''s vnet. - External storage accounts are publicly exposed on the - internet. When type: Internal is used, a vnetName, subNetName - and privateEndpointName may optionally be specified. - If unspecificed, the image registry operator will discover - vnet and subnet names, and generate a privateEndpointName. - Defaults to "External".' - enum: - - Internal - - External - type: string - type: object - x-kubernetes-validations: - - message: internal is forbidden when type is not Internal - rule: 'has(self.type) && self.type == ''Internal'' ? true - : !has(self.internal)' - type: object - emptyDir: - description: 'emptyDir represents ephemeral storage on the pod''s - host node. WARNING: this storage cannot be used with more than - 1 replica and is not suitable for production use. When the pod - is removed from a node for any reason, the data in the emptyDir - is deleted forever.' - type: object - gcs: - description: gcs represents configuration that uses Google Cloud - Storage. - properties: - bucket: - description: bucket is the bucket name in which you want to - store the registry's data. Optional, will be generated if - not provided. - type: string - keyID: - description: keyID is the KMS key ID to use for encryption. - Optional, buckets are encrypted by default on GCP. This - allows for the use of a custom encryption key. - type: string - projectID: - description: projectID is the Project ID of the GCP project - that this bucket should be associated with. - type: string - region: - description: region is the GCS location in which your bucket - exists. Optional, will be set based on the installed GCS - Region. - type: string - type: object - ibmcos: - description: ibmcos represents configuration that uses IBM Cloud - Object Storage. - properties: - bucket: - description: bucket is the bucket name in which you want to - store the registry's data. Optional, will be generated if - not provided. - type: string - location: - description: location is the IBM Cloud location in which your - bucket exists. Optional, will be set based on the installed - IBM Cloud location. - type: string - resourceGroupName: - description: resourceGroupName is the name of the IBM Cloud - resource group that this bucket and its service instance - is associated with. Optional, will be set based on the installed - IBM Cloud resource group. - type: string - resourceKeyCRN: - description: resourceKeyCRN is the CRN of the IBM Cloud resource - key that is created for the service instance. Commonly referred - as a service credential and must contain HMAC type credentials. - Optional, will be computed if not provided. - pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+:resource-key:.+$ - type: string - serviceInstanceCRN: - description: serviceInstanceCRN is the CRN of the IBM Cloud - Object Storage service instance that this bucket is associated - with. Optional, will be computed if not provided. - pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+::$ - type: string - type: object - managementState: - description: managementState indicates if the operator manages - the underlying storage unit. If Managed the operator will remove - the storage when this operator gets Removed. - pattern: ^(Managed|Unmanaged)$ - type: string - oss: - description: Oss represents configuration that uses Alibaba Cloud - Object Storage Service. - properties: - bucket: - description: Bucket is the bucket name in which you want to - store the registry's data. About Bucket naming, more details - you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm) - Empty value means no opinion and the platform chooses the - a default, which is subject to change over time. Currently - the default will be autogenerated in the form of -image-registry-- - maxLength: 63 - minLength: 3 - pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ - type: string - encryption: - anyOf: - - not: - required: - - kms - properties: - method: - not: - enum: - - KMS - - properties: - method: - enum: - - KMS - required: - - kms - description: Encryption specifies whether you would like your - data encrypted on the server side. More details, you can - look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm) - properties: - kms: - description: KMS (key management service) is an encryption - type that holds the struct for KMS KeyID - properties: - keyID: - description: KeyID holds the KMS encryption key ID - minLength: 1 - type: string - required: - - keyID - type: object - method: - default: AES256 - description: Method defines the different encrytion modes - available Empty value means no opinion and the platform - chooses the a default, which is subject to change over - time. Currently the default is `AES256`. - enum: - - KMS - - AES256 - type: string - type: object - endpointAccessibility: - default: Internal - description: EndpointAccessibility specifies whether the registry - use the OSS VPC internal endpoint Empty value means no opinion - and the platform chooses the a default, which is subject - to change over time. Currently the default is `Internal`. - enum: - - Internal - - Public - - "" - type: string - region: - description: Region is the Alibaba Cloud Region in which your - bucket exists. For a list of regions, you can look at the - [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html). - Empty value means no opinion and the platform chooses the - a default, which is subject to change over time. Currently - the default will be based on the installed Alibaba Cloud - Region. - type: string - type: object - pvc: - description: pvc represents configuration that uses a PersistentVolumeClaim. - properties: - claim: - description: claim defines the Persisent Volume Claim's name - to be used. - type: string - type: object - s3: - description: s3 represents configuration that uses Amazon Simple - Storage Service. - properties: - bucket: - description: bucket is the bucket name in which you want to - store the registry's data. Optional, will be generated if - not provided. - type: string - cloudFront: - description: cloudFront configures Amazon Cloudfront as the - storage middleware in a registry. - properties: - baseURL: - description: baseURL contains the SCHEME://HOST[/PATH] - at which Cloudfront is served. - type: string - duration: - description: duration is the duration of the Cloudfront - session. - format: duration - type: string - keypairID: - description: keypairID is key pair ID provided by AWS. - type: string - privateKey: - description: privateKey points to secret containing the - private key, provided by AWS. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - required: - - baseURL - - keypairID - - privateKey - type: object - encrypt: - description: encrypt specifies whether the registry stores - the image in encrypted format or not. Optional, defaults - to false. - type: boolean - keyID: - description: keyID is the KMS key ID to use for encryption. - Optional, Encrypt must be true, or this parameter is ignored. - type: string - region: - description: region is the AWS region in which your bucket - exists. Optional, will be set based on the installed AWS - Region. - type: string - regionEndpoint: - description: regionEndpoint is the endpoint for S3 compatible - storage services. It should be a valid URL with scheme, - e.g. https://s3.example.com. Optional, defaults based on - the Region that is provided. - type: string - trustedCA: - description: "trustedCA is a reference to a config map containing - a CA bundle. The image registry and its operator use certificates - from this bundle to verify S3 server certificates. \n The - namespace for the config map referenced by trustedCA is - \"openshift-config\". The key for the bundle in the config - map is \"ca-bundle.crt\"." - properties: - name: - description: name is the metadata.name of the referenced - config map. This field must adhere to standard config - map naming restrictions. The name must consist solely - of alphanumeric characters, hyphens (-) and periods - (.). It has a maximum length of 253 characters. If this - field is not specified or is empty string, the default - trust bundle will be used. - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - type: object - virtualHostedStyle: - description: virtualHostedStyle enables using S3 virtual hosted - style bucket paths with a custom RegionEndpoint Optional, - defaults to false. - type: boolean - type: object - swift: - description: swift represents configuration that uses OpenStack - Object Storage. - properties: - authURL: - description: authURL defines the URL for obtaining an authentication - token. - type: string - authVersion: - description: authVersion specifies the OpenStack Auth's version. - type: string - container: - description: container defines the name of Swift container - where to store the registry's data. - type: string - domain: - description: domain specifies Openstack's domain name for - Identity v3 API. - type: string - domainID: - description: domainID specifies Openstack's domain id for - Identity v3 API. - type: string - regionName: - description: regionName defines Openstack's region in which - container exists. - type: string - tenant: - description: tenant defines Openstack tenant name to be used - by registry. - type: string - tenantID: - description: tenant defines Openstack tenant id to be used - by registry. - type: string - type: object - type: object - tolerations: - description: tolerations defines the tolerations for the registry - pod. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: topologySpreadConstraints specify how to spread matching - pods among the given topology. - items: - description: TopologySpreadConstraint specifies how to spread matching - pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. Pods - that match this label selector are counted to determine the - number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select - the pods over which spreading will be calculated. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are ANDed with labelSelector to select the - group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in - both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. Keys that don't exist - in the incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. \n This is a - beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the number - of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods - in an eligible domain or zero if the number of eligible domains - is less than MinDomains. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same labelSelector - spread as 2/2/1: In this case, the global minimum is 1. | - zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) - on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming - pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies that satisfy - it. It''s a required field. Default value is 1 and 0 is not - allowed.' - format: int32 - type: integer - minDomains: - description: "MinDomains indicates a minimum number of eligible - domains. When the number of eligible domains with matching - topology keys is less than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, and then the calculation of - Skew is performed. And when the number of eligible domains - with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. As a result, when - the number of eligible domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods to those domains. If - value is nil, the constraint behaves as if MinDomains is equal - to 1. Valid values are integers greater than 0. When value - is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For - example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains - is set to 5 and pods with the same labelSelector spread as - 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | - The number of domains is less than 5(MinDomains), so \"global - minimum\" is treated as 0. In this situation, new pod with - the same labelSelector cannot be scheduled, because computed - skew will be 3(3 - 0) if new Pod is scheduled to any of the - three zones, it will violate MaxSkew. \n This is a beta field - and requires the MinDomainsInPodTopologySpread feature gate - to be enabled (enabled by default)." - format: int32 - type: integer - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat - Pod's nodeAffinity/nodeSelector when calculating pod topology - spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector - are included in the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the calculations. \n - If this value is nil, the behavior is equivalent to the Honor - policy. This is a beta-level feature default enabled by the - NodeInclusionPolicyInPodTopologySpread feature flag." - type: string - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node - taints when calculating pod topology spread skew. Options - are: - Honor: nodes without taints, along with tainted nodes - for which the incoming pod has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - \n If this value is nil, the behavior is equivalent to the - Ignore policy. This is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread feature flag." - type: string - topologyKey: - description: TopologyKey is the key of node labels. Nodes that - have a label with this key and identical values are considered - to be in the same topology. We consider each - as a "bucket", and try to put balanced number of pods into - each bucket. We define a domain as a particular instance of - a topology. Also, we define an eligible domain as a domain - whose nodes meet the requirements of nodeAffinityPolicy and - nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone is a domain of - that topology. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a - pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any location, but - giving higher precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" for an - incoming pod if and only if every possible node assignment - for that pod would violate "MaxSkew" on some topology. For - example, in a 3-zone cluster, MaxSkew is set to 1, and pods - with the same labelSelector spread as 3/1/1: | zone1 | zone2 - | zone3 | | P P P | P | P | If WhenUnsatisfiable is - set to DoNotSchedule, incoming pod can only be scheduled to - zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on - zone2(zone3) satisfies MaxSkew(1). In other words, the cluster - can still be imbalanced, but scheduler won''t make it *more* - imbalanced. It''s a required field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - replicas - type: object - status: - description: ImageRegistryStatus reports image registry operational status. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - storage: - description: storage indicates the current applied storage configuration - of the registry. - properties: - azure: - description: azure represents configuration that uses Azure Blob - Storage. - properties: - accountName: - description: accountName defines the account to be used by - the registry. - type: string - cloudName: - description: cloudName is the name of the Azure cloud environment - to be used by the registry. If empty, the operator will - set it based on the infrastructure object. - type: string - container: - description: container defines Azure's container to be used - by registry. - maxLength: 63 - minLength: 3 - pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ - type: string - networkAccess: - default: - type: External - description: 'networkAccess defines the network access properties - for the storage account. Defaults to type: External.' - properties: - internal: - description: 'internal defines the vnet and subnet names - to configure a private endpoint and connect it to the - storage account in order to make it private. when type: - Internal and internal is unset, the image registry operator - will discover vnet and subnet names, and generate a - private endpoint name.' - properties: - networkResourceGroupName: - description: networkResourceGroupName is the resource - group name where the cluster's vnet and subnet are. - When omitted, the registry operator will use the - cluster resource group (from in the infrastructure - status). If you set a networkResourceGroupName on - your install-config.yaml, that value will be used - automatically (for clusters configured with publish:Internal). - Note that both vnet and subnet must be in the same - resource group. It must be between 1 and 90 characters - in length and must consist only of alphanumeric - characters, hyphens (-), periods (.) and underscores - (_), and not end with a period. - maxLength: 90 - minLength: 1 - pattern: ^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$ - type: string - privateEndpointName: - description: privateEndpointName is the name of the - private endpoint for the registry. When provided, - the registry will use it as the name of the private - endpoint it will create for the storage account. - When omitted, the registry will generate one. It - must be between 2 and 64 characters in length and - must consist only of alphanumeric characters, hyphens - (-), periods (.) and underscores (_). It must start - with an alphanumeric character and end with an alphanumeric - character or an underscore. - maxLength: 64 - minLength: 2 - pattern: ^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$ - type: string - subnetName: - description: subnetName is the name of the subnet - the registry operates in. When omitted, the registry - operator will discover and set this by using the - `kubernetes.io_cluster.` tag in the - vnet resource, then using one of listed subnets. - Advanced cluster network configurations that use - network security groups to protect subnets should - ensure the provided subnetName has access to Azure - Storage service. It must be between 1 and 80 characters - in length and must consist only of alphanumeric - characters, hyphens (-), periods (.) and underscores - (_). - maxLength: 80 - minLength: 1 - pattern: ^[0-9A-Za-z](?:[0-9A-Za-z_.-]*[0-9A-Za-z_])?$ - type: string - vnetName: - description: vnetName is the name of the vnet the - registry operates in. When omitted, the registry - operator will discover and set this by using the - `kubernetes.io_cluster.` tag in the - vnet resource. This tag is set automatically by - the installer. Commonly, this will be the same vnet - as the cluster. Advanced cluster network configurations - should ensure the provided vnetName is the vnet - of the nodes where the image registry pods are running - from. It must be between 2 and 64 characters in - length and must consist only of alphanumeric characters, - hyphens (-), periods (.) and underscores (_). It - must start with an alphanumeric character and end - with an alphanumeric character or an underscore. - maxLength: 64 - minLength: 2 - pattern: ^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$ - type: string - type: object - type: - default: External - description: 'type is the network access level to be used - for the storage account. type: Internal means the storage - account will be private, type: External means the storage - account will be publicly accessible. Internal storage - accounts are only exposed within the cluster''s vnet. - External storage accounts are publicly exposed on the - internet. When type: Internal is used, a vnetName, subNetName - and privateEndpointName may optionally be specified. - If unspecificed, the image registry operator will discover - vnet and subnet names, and generate a privateEndpointName. - Defaults to "External".' - enum: - - Internal - - External - type: string - type: object - x-kubernetes-validations: - - message: internal is forbidden when type is not Internal - rule: 'has(self.type) && self.type == ''Internal'' ? true - : !has(self.internal)' - type: object - emptyDir: - description: 'emptyDir represents ephemeral storage on the pod''s - host node. WARNING: this storage cannot be used with more than - 1 replica and is not suitable for production use. When the pod - is removed from a node for any reason, the data in the emptyDir - is deleted forever.' - type: object - gcs: - description: gcs represents configuration that uses Google Cloud - Storage. - properties: - bucket: - description: bucket is the bucket name in which you want to - store the registry's data. Optional, will be generated if - not provided. - type: string - keyID: - description: keyID is the KMS key ID to use for encryption. - Optional, buckets are encrypted by default on GCP. This - allows for the use of a custom encryption key. - type: string - projectID: - description: projectID is the Project ID of the GCP project - that this bucket should be associated with. - type: string - region: - description: region is the GCS location in which your bucket - exists. Optional, will be set based on the installed GCS - Region. - type: string - type: object - ibmcos: - description: ibmcos represents configuration that uses IBM Cloud - Object Storage. - properties: - bucket: - description: bucket is the bucket name in which you want to - store the registry's data. Optional, will be generated if - not provided. - type: string - location: - description: location is the IBM Cloud location in which your - bucket exists. Optional, will be set based on the installed - IBM Cloud location. - type: string - resourceGroupName: - description: resourceGroupName is the name of the IBM Cloud - resource group that this bucket and its service instance - is associated with. Optional, will be set based on the installed - IBM Cloud resource group. - type: string - resourceKeyCRN: - description: resourceKeyCRN is the CRN of the IBM Cloud resource - key that is created for the service instance. Commonly referred - as a service credential and must contain HMAC type credentials. - Optional, will be computed if not provided. - pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+:resource-key:.+$ - type: string - serviceInstanceCRN: - description: serviceInstanceCRN is the CRN of the IBM Cloud - Object Storage service instance that this bucket is associated - with. Optional, will be computed if not provided. - pattern: ^crn:.+:.+:.+:cloud-object-storage:.+:.+:.+::$ - type: string - type: object - managementState: - description: managementState indicates if the operator manages - the underlying storage unit. If Managed the operator will remove - the storage when this operator gets Removed. - pattern: ^(Managed|Unmanaged)$ - type: string - oss: - description: Oss represents configuration that uses Alibaba Cloud - Object Storage Service. - properties: - bucket: - description: Bucket is the bucket name in which you want to - store the registry's data. About Bucket naming, more details - you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm) - Empty value means no opinion and the platform chooses the - a default, which is subject to change over time. Currently - the default will be autogenerated in the form of -image-registry-- - maxLength: 63 - minLength: 3 - pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ - type: string - encryption: - description: Encryption specifies whether you would like your - data encrypted on the server side. More details, you can - look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm) - properties: - kms: - description: KMS (key management service) is an encryption - type that holds the struct for KMS KeyID - properties: - keyID: - description: KeyID holds the KMS encryption key ID - minLength: 1 - type: string - required: - - keyID - type: object - method: - default: AES256 - description: Method defines the different encrytion modes - available Empty value means no opinion and the platform - chooses the a default, which is subject to change over - time. Currently the default is `AES256`. - enum: - - KMS - - AES256 - type: string - type: object - endpointAccessibility: - default: Internal - description: EndpointAccessibility specifies whether the registry - use the OSS VPC internal endpoint Empty value means no opinion - and the platform chooses the a default, which is subject - to change over time. Currently the default is `Internal`. - enum: - - Internal - - Public - - "" - type: string - region: - description: Region is the Alibaba Cloud Region in which your - bucket exists. For a list of regions, you can look at the - [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html). - Empty value means no opinion and the platform chooses the - a default, which is subject to change over time. Currently - the default will be based on the installed Alibaba Cloud - Region. - type: string - type: object - pvc: - description: pvc represents configuration that uses a PersistentVolumeClaim. - properties: - claim: - description: claim defines the Persisent Volume Claim's name - to be used. - type: string - type: object - s3: - description: s3 represents configuration that uses Amazon Simple - Storage Service. - properties: - bucket: - description: bucket is the bucket name in which you want to - store the registry's data. Optional, will be generated if - not provided. - type: string - cloudFront: - description: cloudFront configures Amazon Cloudfront as the - storage middleware in a registry. - properties: - baseURL: - description: baseURL contains the SCHEME://HOST[/PATH] - at which Cloudfront is served. - type: string - duration: - description: duration is the duration of the Cloudfront - session. - format: duration - type: string - keypairID: - description: keypairID is key pair ID provided by AWS. - type: string - privateKey: - description: privateKey points to secret containing the - private key, provided by AWS. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - required: - - baseURL - - keypairID - - privateKey - type: object - encrypt: - description: encrypt specifies whether the registry stores - the image in encrypted format or not. Optional, defaults - to false. - type: boolean - keyID: - description: keyID is the KMS key ID to use for encryption. - Optional, Encrypt must be true, or this parameter is ignored. - type: string - region: - description: region is the AWS region in which your bucket - exists. Optional, will be set based on the installed AWS - Region. - type: string - regionEndpoint: - description: regionEndpoint is the endpoint for S3 compatible - storage services. It should be a valid URL with scheme, - e.g. https://s3.example.com. Optional, defaults based on - the Region that is provided. - type: string - trustedCA: - description: "trustedCA is a reference to a config map containing - a CA bundle. The image registry and its operator use certificates - from this bundle to verify S3 server certificates. \n The - namespace for the config map referenced by trustedCA is - \"openshift-config\". The key for the bundle in the config - map is \"ca-bundle.crt\"." - properties: - name: - description: name is the metadata.name of the referenced - config map. This field must adhere to standard config - map naming restrictions. The name must consist solely - of alphanumeric characters, hyphens (-) and periods - (.). It has a maximum length of 253 characters. If this - field is not specified or is empty string, the default - trust bundle will be used. - maxLength: 253 - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - type: object - virtualHostedStyle: - description: virtualHostedStyle enables using S3 virtual hosted - style bucket paths with a custom RegionEndpoint Optional, - defaults to false. - type: boolean - type: object - swift: - description: swift represents configuration that uses OpenStack - Object Storage. - properties: - authURL: - description: authURL defines the URL for obtaining an authentication - token. - type: string - authVersion: - description: authVersion specifies the OpenStack Auth's version. - type: string - container: - description: container defines the name of Swift container - where to store the registry's data. - type: string - domain: - description: domain specifies Openstack's domain name for - Identity v3 API. - type: string - domainID: - description: domainID specifies Openstack's domain id for - Identity v3 API. - type: string - regionName: - description: regionName defines Openstack's region in which - container exists. - type: string - tenant: - description: tenant defines Openstack tenant name to be used - by registry. - type: string - tenantID: - description: tenant defines Openstack tenant id to be used - by registry. - type: string - type: object - type: object - storageManaged: - description: storageManaged is deprecated, please refer to Storage.managementState - type: boolean - version: - description: version is the level this availability applies to - type: string - required: - - storage - - storageManaged - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml-patch b/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml-patch deleted file mode 100644 index 1bd29f5667..0000000000 --- a/vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml-patch +++ /dev/null @@ -1,13 +0,0 @@ -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/storage/properties/oss/properties/encryption/anyOf - value: - - properties: - method: - not: - enum: ["KMS"] - not: - required: ["kms"] - - properties: - method: - enum: ["KMS"] - required: ["kms"] diff --git a/vendor/github.com/openshift/api/imageregistry/v1/01_imagepruner.crd.yaml b/vendor/github.com/openshift/api/imageregistry/v1/01_imagepruner.crd.yaml deleted file mode 100644 index ac1fdafda8..0000000000 --- a/vendor/github.com/openshift/api/imageregistry/v1/01_imagepruner.crd.yaml +++ /dev/null @@ -1,1210 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/555 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: imagepruners.imageregistry.operator.openshift.io -spec: - group: imageregistry.operator.openshift.io - names: - kind: ImagePruner - listKind: ImagePrunerList - plural: imagepruners - singular: imagepruner - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ImagePruner is the configuration object for an image registry - pruner managed by the registry operator. \n Compatibility level 1: Stable - within a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImagePrunerSpec defines the specs for the running image pruner. - properties: - affinity: - description: affinity is a group of node affinity scheduling rules - for the image pruner pod. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys cannot be set - when LabelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key in (value)` to select - the group of existing pods which pods will be - taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MatchLabelKeys and LabelSelector. Also, - MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged - with `LabelSelector` as `key notin (value)` to - select the group of existing pods which pods will - be taken into consideration for the incoming pod's - pod (anti) affinity. Keys that don't exist in - the incoming pod labels will be ignored. The default - value is empty. The same key is forbidden to exist - in both MismatchLabelKeys and LabelSelector. Also, - MismatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires - enabling MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. If it's null, this PodAffinityTerm - matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key in (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector - isn't set. This is an alpha field and requires enabling - MatchLabelKeysInPodAffinity feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: MismatchLabelKeys is a set of pod label - keys to select which pods will be taken into consideration. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are merged with - `LabelSelector` as `key notin (value)` to select the - group of existing pods which pods will be taken into - consideration for the incoming pod's pod (anti) affinity. - Keys that don't exist in the incoming pod labels will - be ignored. The default value is empty. The same key - is forbidden to exist in both MismatchLabelKeys and - LabelSelector. Also, MismatchLabelKeys cannot be set - when LabelSelector isn't set. This is an alpha field - and requires enabling MatchLabelKeysInPodAffinity - feature gate. - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - failedJobsHistoryLimit: - description: failedJobsHistoryLimit specifies how many failed image - pruner jobs to retain. Defaults to 3 if not set. - format: int32 - type: integer - ignoreInvalidImageReferences: - description: ignoreInvalidImageReferences indicates whether the pruner - can ignore errors while parsing image references. - type: boolean - keepTagRevisions: - description: keepTagRevisions specifies the number of image revisions - for a tag in an image stream that will be preserved. Defaults to - 3. - type: integer - keepYoungerThan: - description: 'keepYoungerThan specifies the minimum age in nanoseconds - of an image and its referrers for it to be considered a candidate - for pruning. DEPRECATED: This field is deprecated in favor of keepYoungerThanDuration. - If both are set, this field is ignored and keepYoungerThanDuration - takes precedence.' - format: int64 - type: integer - keepYoungerThanDuration: - description: keepYoungerThanDuration specifies the minimum age of - an image and its referrers for it to be considered a candidate for - pruning. Defaults to 60m (60 minutes). - format: duration - type: string - logLevel: - default: Normal - description: "logLevel sets the level of log output for the pruner - job. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". - Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - nodeSelector: - additionalProperties: - type: string - description: nodeSelector defines the node selection constraints for - the image pruner pod. - type: object - resources: - description: resources defines the resource requests and limits for - the image pruner pod. - properties: - claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be set - for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - schedule: - description: 'schedule specifies when to execute the job using standard - cronjob syntax: https://wikipedia.org/wiki/Cron. Defaults to `0 - 0 * * *`.' - type: string - successfulJobsHistoryLimit: - description: successfulJobsHistoryLimit specifies how many successful - image pruner jobs to retain. Defaults to 3 if not set. - format: int32 - type: integer - suspend: - description: suspend specifies whether or not to suspend subsequent - executions of this cronjob. Defaults to false. - type: boolean - tolerations: - description: tolerations defines the node tolerations for the image - pruner pod. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - status: - description: ImagePrunerStatus reports image pruner operational status. - properties: - conditions: - description: conditions is a list of conditions and their status. - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change that - has been applied. - format: int64 - type: integer - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/imageregistry/v1/stable.config.testsuite.yaml b/vendor/github.com/openshift/api/imageregistry/v1/stable.config.testsuite.yaml deleted file mode 100644 index 9d64cece98..0000000000 --- a/vendor/github.com/openshift/api/imageregistry/v1/stable.config.testsuite.yaml +++ /dev/null @@ -1,109 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Config" -crd: 00_imageregistry.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Config - initial: | - apiVersion: imageregistry.operator.openshift.io/v1 - kind: Config - spec: - replicas: 1 - expected: | - apiVersion: imageregistry.operator.openshift.io/v1 - kind: Config - spec: - logLevel: Normal - operatorLogLevel: Normal - replicas: 1 - - name: Should be able to configure internal storage network access for Azure - initial: | - apiVersion: imageregistry.operator.openshift.io/v1 - kind: Config - spec: - replicas: 1 - storage: - azure: - networkAccess: - type: Internal - internal: - networkResourceGroupName: .my.resource_group-name - vnetName: foo-bar - subnetName: bar_foo - privateEndpointName: my-private-endpoint - expected: | - apiVersion: imageregistry.operator.openshift.io/v1 - kind: Config - spec: - logLevel: Normal - operatorLogLevel: Normal - replicas: 1 - storage: - azure: - networkAccess: - type: Internal - internal: - networkResourceGroupName: .my.resource_group-name - vnetName: foo-bar - subnetName: bar_foo - privateEndpointName: my-private-endpoint - - name: Should be able to configure internal storage network access for Azure without details - initial: | - apiVersion: imageregistry.operator.openshift.io/v1 - kind: Config - spec: - replicas: 1 - storage: - azure: - networkAccess: - type: Internal - expected: | - apiVersion: imageregistry.operator.openshift.io/v1 - kind: Config - spec: - logLevel: Normal - operatorLogLevel: Normal - replicas: 1 - storage: - azure: - networkAccess: - type: Internal - - name: Should reject configuration with invalid vnet name in internal storage network access config - initial: | - apiVersion: imageregistry.operator.openshift.io/v1 - kind: Config - spec: - replicas: 1 - storage: - azure: - networkAccess: - type: Internal - internal: - vnetName: .invalid - expectedError: "spec.storage.azure.networkAccess.internal.vnetName in body should match '^[0-9A-Za-z][0-9A-Za-z_.-]*[0-9A-Za-z_]$'" - - name: Should reject configuration with invalid subnet name in internal storage network access config - initial: | - apiVersion: imageregistry.operator.openshift.io/v1 - kind: Config - spec: - replicas: 1 - storage: - azure: - networkAccess: - type: Internal - internal: - subnetName: .invalid - expectedError: "spec.storage.azure.networkAccess.internal.subnetName in body should match '^[0-9A-Za-z](?:[0-9A-Za-z_.-]*[0-9A-Za-z_])?$'" - - name: Should reject configuration with invalid network resource group name in internal storage network access config - initial: | - apiVersion: imageregistry.operator.openshift.io/v1 - kind: Config - spec: - replicas: 1 - storage: - azure: - networkAccess: - type: Internal - internal: - networkResourceGroupName: invalid. - expectedError: "spec.storage.azure.networkAccess.internal.networkResourceGroupName in body should match '^[0-9A-Za-z_.-](?:[0-9A-Za-z_.-]*[0-9A-Za-z_-])?$'" diff --git a/vendor/github.com/openshift/api/imageregistry/v1/stable.imagepruner.testsuite.yaml b/vendor/github.com/openshift/api/imageregistry/v1/stable.imagepruner.testsuite.yaml deleted file mode 100644 index 53c055cb20..0000000000 --- a/vendor/github.com/openshift/api/imageregistry/v1/stable.imagepruner.testsuite.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ImagePruner" -crd: 01_imagepruner.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImagePruner - initial: | - apiVersion: imageregistry.operator.openshift.io/v1 - kind: ImagePruner - spec: {} # No spec is required for a ImagePruner - expected: | - apiVersion: imageregistry.operator.openshift.io/v1 - kind: ImagePruner - spec: - logLevel: Normal diff --git a/vendor/github.com/openshift/api/imageregistry/v1/types.go b/vendor/github.com/openshift/api/imageregistry/v1/types.go index 840ac74c92..aecdc8a3ed 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/types.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/types.go @@ -39,6 +39,11 @@ const ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=configs,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/519 +// +openshift:file-pattern=operatorOrdering=00 type Config struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go b/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go index 3c4b6c51c6..43aa2b5cf9 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go @@ -33,6 +33,11 @@ type ImagePrunerList struct { // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=imagepruners,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/555 +// +openshift:file-pattern=operatorOrdering=01 type ImagePruner struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..95613c7ae2 --- /dev/null +++ b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,42 @@ +configs.imageregistry.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/519 + CRDName: configs.imageregistry.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "00" + FilenameRunLevel: "" + GroupName: imageregistry.operator.openshift.io + HasStatus: true + KindName: Config + Labels: {} + PluralName: configs + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +imagepruners.imageregistry.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/555 + CRDName: imagepruners.imageregistry.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "01" + FilenameRunLevel: "" + GroupName: imageregistry.operator.openshift.io + HasStatus: true + KindName: ImagePruner + Labels: {} + PluralName: imagepruners + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/machine/.codegen.yaml b/vendor/github.com/openshift/api/machine/.codegen.yaml index e799336feb..bc2d86d4c6 100644 --- a/vendor/github.com/openshift/api/machine/.codegen.yaml +++ b/vendor/github.com/openshift/api/machine/.codegen.yaml @@ -1,8 +1,3 @@ -schemapatch: - requiredFeatureSets: - - "" - - "Default" - - "TechPreviewNoUpgrade" - - "CustomNoUpgrade" swaggerdocs: commentPolicy: Warn + diff --git a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-CustomNoUpgrade.crd.yaml deleted file mode 100644 index c182e9490c..0000000000 --- a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,955 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1112 - capability.openshift.io/name: MachineAPI - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - release.openshift.io/feature-set: CustomNoUpgrade - creationTimestamp: null - name: controlplanemachinesets.machine.openshift.io -spec: - group: machine.openshift.io - names: - kind: ControlPlaneMachineSet - listKind: ControlPlaneMachineSetList - plural: controlplanemachinesets - singular: controlplanemachineset - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Desired Replicas - jsonPath: .spec.replicas - name: Desired - type: integer - - description: Current Replicas - jsonPath: .status.replicas - name: Current - type: integer - - description: Ready Replicas - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Updated Replicas - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Observed number of unavailable replicas - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - - description: ControlPlaneMachineSet state - jsonPath: .spec.state - name: State - type: string - - description: ControlPlaneMachineSet age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: 'ControlPlaneMachineSet ensures that a specified number of control - plane machine replicas are running at any given time. Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer).' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ControlPlaneMachineSet represents the configuration of the - ControlPlaneMachineSet. - properties: - replicas: - default: 3 - description: Replicas defines how many Control Plane Machines should - be created by this ControlPlaneMachineSet. This field is immutable - and cannot be changed after cluster installation. The ControlPlaneMachineSet - only operates with 3 or 5 node control planes, 3 and 5 are the only - valid values for this field. - enum: - - 3 - - 5 - format: int32 - type: integer - x-kubernetes-validations: - - message: replicas is immutable - rule: self == oldSelf - selector: - description: Label selector for Machines. Existing Machines selected - by this selector will be the ones affected by this ControlPlaneMachineSet. - It must match the template's labels. This field is considered immutable - after creation of the resource. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - x-kubernetes-validations: - - message: selector is immutable - rule: self == oldSelf - state: - default: Inactive - description: State defines whether the ControlPlaneMachineSet is Active - or Inactive. When Inactive, the ControlPlaneMachineSet will not - take any action on the state of the Machines within the cluster. - When Active, the ControlPlaneMachineSet will reconcile the Machines - and will update the Machines as necessary. Once Active, a ControlPlaneMachineSet - cannot be made Inactive. To prevent further action please remove - the ControlPlaneMachineSet. - enum: - - Active - - Inactive - type: string - x-kubernetes-validations: - - message: state cannot be changed once Active - rule: oldSelf != 'Active' || self == oldSelf - strategy: - default: - type: RollingUpdate - description: Strategy defines how the ControlPlaneMachineSet will - update Machines when it detects a change to the ProviderSpec. - properties: - type: - default: RollingUpdate - description: Type defines the type of update strategy that should - be used when updating Machines owned by the ControlPlaneMachineSet. - Valid values are "RollingUpdate" and "OnDelete". The current - default value is "RollingUpdate". - enum: - - RollingUpdate - - OnDelete - type: string - type: object - template: - description: Template describes the Control Plane Machines that will - be created by this ControlPlaneMachineSet. - properties: - machineType: - description: MachineType determines the type of Machines that - should be managed by the ControlPlaneMachineSet. Currently, - the only valid value is machines_v1beta1_machine_openshift_io. - enum: - - machines_v1beta1_machine_openshift_io - type: string - machines_v1beta1_machine_openshift_io: - description: OpenShiftMachineV1Beta1Machine defines the template - for creating Machines from the v1beta1.machine.openshift.io - API group. - properties: - failureDomains: - description: FailureDomains is the list of failure domains - (sometimes called availability zones) in which the ControlPlaneMachineSet - should balance the Control Plane Machines. This will be - merged into the ProviderSpec given in the template. This - field is optional on platforms that do not require placement - information. - properties: - aws: - description: AWS configures failure domain information - for the AWS platform. - items: - description: AWSFailureDomain configures failure domain - information for the AWS platform. - minProperties: 1 - properties: - placement: - description: Placement configures the placement - information for this instance. - properties: - availabilityZone: - description: AvailabilityZone is the availability - zone of the instance. - type: string - required: - - availabilityZone - type: object - subnet: - description: Subnet is a reference to the subnet - to use for this instance. - properties: - arn: - description: ARN of resource. - type: string - filters: - description: Filters is a set of filters used - to identify a resource. - items: - description: AWSResourceFilter is a filter - used to identify an AWS resource - properties: - name: - description: Name of the filter. Filter - names are case-sensitive. - type: string - values: - description: Values includes one or more - filter values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - type: object - type: array - id: - description: ID of resource. - type: string - type: - description: Type determines how the reference - will fetch the AWS resource. - enum: - - ID - - ARN - - Filters - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: id is required when type is ID, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''ID'' ? has(self.id) - : !has(self.id)' - - message: arn is required when type is ARN, and - forbidden otherwise - rule: 'has(self.type) && self.type == ''ARN'' - ? has(self.arn) : !has(self.arn)' - - message: filters is required when type is Filters, - and forbidden otherwise - rule: 'has(self.type) && self.type == ''Filters'' - ? has(self.filters) : !has(self.filters)' - type: object - type: array - azure: - description: Azure configures failure domain information - for the Azure platform. - items: - description: AzureFailureDomain configures failure domain - information for the Azure platform. - properties: - subnet: - description: subnet is the name of the network subnet - in which the VM will be created. When omitted, - the subnet value from the machine providerSpec - template will be used. - maxLength: 80 - pattern: ^[a-zA-Z0-9](?:[a-zA-Z0-9._-]*[a-zA-Z0-9_])?$ - type: string - zone: - description: Availability Zone for the virtual machine. - If nil, the virtual machine should be deployed - to no zone. - type: string - required: - - zone - type: object - type: array - gcp: - description: GCP configures failure domain information - for the GCP platform. - items: - description: GCPFailureDomain configures failure domain - information for the GCP platform - properties: - zone: - description: Zone is the zone in which the GCP machine - provider will create the VM. - type: string - required: - - zone - type: object - type: array - nutanix: - description: nutanix configures failure domain information - for the Nutanix platform. - items: - description: NutanixFailureDomainReference refers to - the failure domain of the Nutanix platform. - properties: - name: - description: name of the failure domain in which - the nutanix machine provider will create the VM. - Failure domains are defined in a cluster's config.openshift.io/Infrastructure - resource. - maxLength: 64 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - openstack: - description: OpenStack configures failure domain information - for the OpenStack platform. - items: - description: OpenStackFailureDomain configures failure - domain information for the OpenStack platform. - minProperties: 1 - properties: - availabilityZone: - description: 'availabilityZone is the nova availability - zone in which the OpenStack machine provider will - create the VM. If not specified, the VM will be - created in the default availability zone specified - in the nova configuration. Availability zone names - must NOT contain : since it is used by admin users - to specify hosts where instances are launched - in server creation. Also, it must not contain - spaces otherwise it will lead to node that belongs - to this availability zone register failure, see - kubernetes/cloud-provider-openstack#1379 for further - information. The maximum length of availability - zone name is 63 as per labels limits.' - maxLength: 63 - minLength: 1 - pattern: '^[^: ]*$' - type: string - rootVolume: - description: rootVolume contains settings that will - be used by the OpenStack machine provider to create - the root volume attached to the VM. If not specified, - no root volume will be created. - properties: - availabilityZone: - description: availabilityZone specifies the - Cinder availability zone where the root volume - will be created. If not specifified, the root - volume will be created in the availability - zone specified by the volume type in the cinder - configuration. If the volume type (configured - in the OpenStack cluster) does not specify - an availability zone, the root volume will - be created in the default availability zone - specified in the cinder configuration. See - https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html - for more details. If the OpenStack cluster - is deployed with the cross_az_attach configuration - option set to false, the root volume will - have to be in the same availability zone as - the VM (defined by OpenStackFailureDomain.AvailabilityZone). - Availability zone names must NOT contain spaces - otherwise it will lead to volume that belongs - to this availability zone register failure, - see kubernetes/cloud-provider-openstack#1379 - for further information. The maximum length - of availability zone name is 63 as per labels - limits. - maxLength: 63 - minLength: 1 - pattern: ^[^ ]*$ - type: string - volumeType: - description: volumeType specifies the type of - the root volume that will be provisioned. - The maximum length of a volume type name is - 255 characters, as per the OpenStack limit. - maxLength: 255 - minLength: 1 - type: string - required: - - volumeType - type: object - type: object - x-kubernetes-validations: - - message: rootVolume.availabilityZone is required when - availabilityZone is set - rule: '!has(self.availabilityZone) || !has(self.rootVolume) - || has(self.rootVolume.availabilityZone)' - type: array - platform: - description: Platform identifies the platform for which - the FailureDomain represents. Currently supported values - are AWS, Azure, GCP, OpenStack, VSphere and Nutanix. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: vsphere configures failure domain information - for the VSphere platform. - items: - description: VSphereFailureDomain configures failure - domain information for the vSphere platform - properties: - name: - description: name of the failure domain in which - the vSphere machine provider will create the VM. - Failure domains are defined in a cluster's config.openshift.io/Infrastructure - resource. When balancing machines across failure - domains, the control plane machine set will inject - configuration from the Infrastructure resource - into the machine providerSpec to allocate the - machine to a failure domain. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - platform - type: object - x-kubernetes-validations: - - message: aws configuration is required when platform is - AWS, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''AWS'' ? has(self.aws) - : !has(self.aws)' - - message: azure configuration is required when platform is - Azure, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''Azure'' - ? has(self.azure) : !has(self.azure)' - - message: gcp configuration is required when platform is - GCP, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''GCP'' ? has(self.gcp) - : !has(self.gcp)' - - message: openstack configuration is required when platform - is OpenStack, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''OpenStack'' - ? has(self.openstack) : !has(self.openstack)' - - message: vsphere configuration is required when platform - is VSphere, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''VSphere'' - ? has(self.vsphere) : !has(self.vsphere)' - - message: nutanix configuration is required when platform - is Nutanix, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''Nutanix'' - ? has(self.nutanix) : !has(self.nutanix)' - metadata: - description: 'ObjectMeta is the standard object metadata More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - Labels are required to match the ControlPlaneMachineSet - selector.' - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels. - This field must contain both the ''machine.openshift.io/cluster-api-machine-role'' - and ''machine.openshift.io/cluster-api-machine-type'' - labels, both with a value of ''master''. It must also - contain a label with the key ''machine.openshift.io/cluster-api-cluster''.' - type: object - x-kubernetes-validations: - - message: label 'machine.openshift.io/cluster-api-machine-role' - is required, and must have value 'master' - rule: '''machine.openshift.io/cluster-api-machine-role'' - in self && self[''machine.openshift.io/cluster-api-machine-role''] - == ''master''' - - message: label 'machine.openshift.io/cluster-api-machine-type' - is required, and must have value 'master' - rule: '''machine.openshift.io/cluster-api-machine-type'' - in self && self[''machine.openshift.io/cluster-api-machine-type''] - == ''master''' - - message: label 'machine.openshift.io/cluster-api-cluster' - is required - rule: '''machine.openshift.io/cluster-api-cluster'' - in self' - required: - - labels - type: object - spec: - description: Spec contains the desired configuration of the - Control Plane Machines. The ProviderSpec within contains - platform specific details for creating the Control Plane - Machines. The ProviderSe should be complete apart from the - platform specific failure domain field. This will be overriden - when the Machines are created based on the FailureDomains - field. - properties: - lifecycleHooks: - description: LifecycleHooks allow users to pause operations - on the machine at certain predefined points within the - machine lifecycle. - properties: - preDrain: - description: PreDrain hooks prevent the machine from - being drained. This also blocks further lifecycle - events, such as termination. - items: - description: LifecycleHook represents a single instance - of a lifecycle hook - properties: - name: - description: Name defines a unique name for - the lifcycle hook. The name should be unique - and descriptive, ideally 1-3 words, in CamelCase - or it may be namespaced, eg. foo.example.com/CamelCase. - Names must be unique and should only be managed - by a single entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the - lifecycle hook. This should be descriptive - enough so that users can identify who/what - is responsible for blocking the lifecycle. - This could be the name of a controller (e.g. - clusteroperator/etcd) or an administrator - managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - preTerminate: - description: PreTerminate hooks prevent the machine - from being terminated. PreTerminate hooks be actioned - after the Machine has been drained. - items: - description: LifecycleHook represents a single instance - of a lifecycle hook - properties: - name: - description: Name defines a unique name for - the lifcycle hook. The name should be unique - and descriptive, ideally 1-3 words, in CamelCase - or it may be namespaced, eg. foo.example.com/CamelCase. - Names must be unique and should only be managed - by a single entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the - lifecycle hook. This should be descriptive - enough so that users can identify who/what - is responsible for blocking the lifecycle. - This could be the name of a controller (e.g. - clusteroperator/etcd) or an administrator - managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - metadata: - description: ObjectMeta will autopopulate the Node created. - Use this to indicate what labels, annotations, name - prefix, etc., should be used when creating the Node. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when - modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - generateName: - description: "GenerateName is an optional prefix, - used by the server, to generate a unique name ONLY - IF the Name field has not been provided. If this - field is used, the name returned to the client will - be different than the name passed. This value will - also be combined with a unique suffix. The provided - value has the same validation rules as the Name - field, and may be truncated by the length of the - suffix required to make the value unique on the - server. \n If this field is specified and the generated - name exists, the server will NOT return a 409 - - instead, it will either return 201 Created or 500 - with Reason ServerTimeout indicating a unique name - could not be found in the time allotted, and the - client should retry (optionally after the time indicated - in the Retry-After header). \n Applied only if Name - is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" - type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can - be used to organize and categorize (scope and select) - objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some - resources may allow a client to request the generation - of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within each - name must be unique. An empty namespace is equivalent - to the \"default\" namespace, but \"default\" is - the canonical representation. Not all objects are - required to be scoped to a namespace - the value - of this field for those objects will be empty. \n - Must be a DNS_LABEL. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this object. - If ALL objects in the list have been deleted, this - object will be garbage collected. If this object - is managed by a controller, then an entry in this - list will point to this controller, with the controller - field set to true. There cannot be more than one - managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. An owning - object must be in the same namespace as the dependent, - or be cluster-scoped, so there is no namespace - field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the - "foregroundDeletion" finalizer, then the owner - cannot be deleted from the key-value store - until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with - this field and enforces the foreground deletion. - Defaults to false. To set this field, a user - needs "delete" permission of the owner, otherwise - 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points - to the managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - type: array - type: object - providerID: - description: ProviderID is the identification ID of the - machine provided by the provider. This field must match - the provider ID as seen on the node object corresponding - to this machine. This field is required by higher level - consumers of cluster-api. Example use case is cluster - autoscaler with cluster-api as provider. Clean-up logic - in the autoscaler compares machines to nodes to find - out machines at provider which could not get registered - as Kubernetes nodes. With cluster-api as a generic out-of-tree - provider for autoscaler, this field is required by autoscaler - to be able to have a provider view of the list of machines. - Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered - machines and are marked for delete. This field will - be set by the actuators and consumed by higher level - entities like autoscaler that will be interfacing with - cluster-api as generic provider. - type: string - providerSpec: - description: ProviderSpec details Provider-specific configuration - to use during node creation. - properties: - value: - description: Value is an inlined, serialized representation - of the resource configuration. It is recommended - that providers maintain their own versioned API - types that should be serialized/deserialized from - this field, akin to component config. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - taints: - description: The list of the taints to be applied to the - corresponding Node in additive manner. This list will - not overwrite any other taints added to the Node on - an ongoing basis by other entities. These taints should - be actively reconciled e.g. if you ask the machine controller - to apply a taint and then manually remove the taint - the machine controller will put it back) but not have - the machine controller remove any taints - items: - description: The node this Taint is attached to has - the "effect" on any pod that does not tolerate the - Taint. - properties: - effect: - description: Required. The effect of the taint on - pods that do not tolerate the taint. Valid effects - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: TimeAdded represents the time at which - the taint was added. It is only written for NoExecute - taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - required: - - metadata - - spec - type: object - required: - - machineType - type: object - x-kubernetes-validations: - - message: machines_v1beta1_machine_openshift_io configuration is - required when machineType is machines_v1beta1_machine_openshift_io, - and forbidden otherwise - rule: 'has(self.machineType) && self.machineType == ''machines_v1beta1_machine_openshift_io'' - ? has(self.machines_v1beta1_machine_openshift_io) : !has(self.machines_v1beta1_machine_openshift_io)' - required: - - replicas - - selector - - template - type: object - status: - description: ControlPlaneMachineSetStatus represents the status of the - ControlPlaneMachineSet CRD. - properties: - conditions: - description: 'Conditions represents the observations of the ControlPlaneMachineSet''s - current state. Known .status.conditions.type are: Available, Degraded - and Progressing.' - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - description: ObservedGeneration is the most recent generation observed - for this ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's - generation, which is updated on mutation by the API Server. - format: int64 - type: integer - readyReplicas: - description: ReadyReplicas is the number of Control Plane Machines - created by the ControlPlaneMachineSet controller which are ready. - Note that this value may be higher than the desired number of replicas - while rolling updates are in-progress. - format: int32 - type: integer - replicas: - description: Replicas is the number of Control Plane Machines created - by the ControlPlaneMachineSet controller. Note that during update - operations this value may differ from the desired replica count. - format: int32 - type: integer - unavailableReplicas: - description: UnavailableReplicas is the number of Control Plane Machines - that are still required before the ControlPlaneMachineSet reaches - the desired available capacity. When this value is non-zero, the - number of ReadyReplicas is less than the desired Replicas. - format: int32 - type: integer - updatedReplicas: - description: UpdatedReplicas is the number of non-terminated Control - Plane Machines created by the ControlPlaneMachineSet controller - that have the desired provider spec and are ready. This value is - set to 0 when a change is detected to the desired spec. When the - update strategy is RollingUpdate, this will also coincide with starting - the process of updating the Machines. When the update strategy is - OnDelete, this value will remain at 0 until a user deletes an existing - replica and its replacement has become ready. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.labelSelector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-Default.crd.yaml b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-Default.crd.yaml deleted file mode 100644 index 4c0d93ff80..0000000000 --- a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-Default.crd.yaml +++ /dev/null @@ -1,955 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1112 - capability.openshift.io/name: MachineAPI - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - release.openshift.io/feature-set: Default - creationTimestamp: null - name: controlplanemachinesets.machine.openshift.io -spec: - group: machine.openshift.io - names: - kind: ControlPlaneMachineSet - listKind: ControlPlaneMachineSetList - plural: controlplanemachinesets - singular: controlplanemachineset - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Desired Replicas - jsonPath: .spec.replicas - name: Desired - type: integer - - description: Current Replicas - jsonPath: .status.replicas - name: Current - type: integer - - description: Ready Replicas - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Updated Replicas - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Observed number of unavailable replicas - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - - description: ControlPlaneMachineSet state - jsonPath: .spec.state - name: State - type: string - - description: ControlPlaneMachineSet age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: 'ControlPlaneMachineSet ensures that a specified number of control - plane machine replicas are running at any given time. Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer).' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ControlPlaneMachineSet represents the configuration of the - ControlPlaneMachineSet. - properties: - replicas: - default: 3 - description: Replicas defines how many Control Plane Machines should - be created by this ControlPlaneMachineSet. This field is immutable - and cannot be changed after cluster installation. The ControlPlaneMachineSet - only operates with 3 or 5 node control planes, 3 and 5 are the only - valid values for this field. - enum: - - 3 - - 5 - format: int32 - type: integer - x-kubernetes-validations: - - message: replicas is immutable - rule: self == oldSelf - selector: - description: Label selector for Machines. Existing Machines selected - by this selector will be the ones affected by this ControlPlaneMachineSet. - It must match the template's labels. This field is considered immutable - after creation of the resource. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - x-kubernetes-validations: - - message: selector is immutable - rule: self == oldSelf - state: - default: Inactive - description: State defines whether the ControlPlaneMachineSet is Active - or Inactive. When Inactive, the ControlPlaneMachineSet will not - take any action on the state of the Machines within the cluster. - When Active, the ControlPlaneMachineSet will reconcile the Machines - and will update the Machines as necessary. Once Active, a ControlPlaneMachineSet - cannot be made Inactive. To prevent further action please remove - the ControlPlaneMachineSet. - enum: - - Active - - Inactive - type: string - x-kubernetes-validations: - - message: state cannot be changed once Active - rule: oldSelf != 'Active' || self == oldSelf - strategy: - default: - type: RollingUpdate - description: Strategy defines how the ControlPlaneMachineSet will - update Machines when it detects a change to the ProviderSpec. - properties: - type: - default: RollingUpdate - description: Type defines the type of update strategy that should - be used when updating Machines owned by the ControlPlaneMachineSet. - Valid values are "RollingUpdate" and "OnDelete". The current - default value is "RollingUpdate". - enum: - - RollingUpdate - - OnDelete - type: string - type: object - template: - description: Template describes the Control Plane Machines that will - be created by this ControlPlaneMachineSet. - properties: - machineType: - description: MachineType determines the type of Machines that - should be managed by the ControlPlaneMachineSet. Currently, - the only valid value is machines_v1beta1_machine_openshift_io. - enum: - - machines_v1beta1_machine_openshift_io - type: string - machines_v1beta1_machine_openshift_io: - description: OpenShiftMachineV1Beta1Machine defines the template - for creating Machines from the v1beta1.machine.openshift.io - API group. - properties: - failureDomains: - description: FailureDomains is the list of failure domains - (sometimes called availability zones) in which the ControlPlaneMachineSet - should balance the Control Plane Machines. This will be - merged into the ProviderSpec given in the template. This - field is optional on platforms that do not require placement - information. - properties: - aws: - description: AWS configures failure domain information - for the AWS platform. - items: - description: AWSFailureDomain configures failure domain - information for the AWS platform. - minProperties: 1 - properties: - placement: - description: Placement configures the placement - information for this instance. - properties: - availabilityZone: - description: AvailabilityZone is the availability - zone of the instance. - type: string - required: - - availabilityZone - type: object - subnet: - description: Subnet is a reference to the subnet - to use for this instance. - properties: - arn: - description: ARN of resource. - type: string - filters: - description: Filters is a set of filters used - to identify a resource. - items: - description: AWSResourceFilter is a filter - used to identify an AWS resource - properties: - name: - description: Name of the filter. Filter - names are case-sensitive. - type: string - values: - description: Values includes one or more - filter values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - type: object - type: array - id: - description: ID of resource. - type: string - type: - description: Type determines how the reference - will fetch the AWS resource. - enum: - - ID - - ARN - - Filters - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: id is required when type is ID, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''ID'' ? has(self.id) - : !has(self.id)' - - message: arn is required when type is ARN, and - forbidden otherwise - rule: 'has(self.type) && self.type == ''ARN'' - ? has(self.arn) : !has(self.arn)' - - message: filters is required when type is Filters, - and forbidden otherwise - rule: 'has(self.type) && self.type == ''Filters'' - ? has(self.filters) : !has(self.filters)' - type: object - type: array - azure: - description: Azure configures failure domain information - for the Azure platform. - items: - description: AzureFailureDomain configures failure domain - information for the Azure platform. - properties: - subnet: - description: subnet is the name of the network subnet - in which the VM will be created. When omitted, - the subnet value from the machine providerSpec - template will be used. - maxLength: 80 - pattern: ^[a-zA-Z0-9](?:[a-zA-Z0-9._-]*[a-zA-Z0-9_])?$ - type: string - zone: - description: Availability Zone for the virtual machine. - If nil, the virtual machine should be deployed - to no zone. - type: string - required: - - zone - type: object - type: array - gcp: - description: GCP configures failure domain information - for the GCP platform. - items: - description: GCPFailureDomain configures failure domain - information for the GCP platform - properties: - zone: - description: Zone is the zone in which the GCP machine - provider will create the VM. - type: string - required: - - zone - type: object - type: array - nutanix: - description: nutanix configures failure domain information - for the Nutanix platform. - items: - description: NutanixFailureDomainReference refers to - the failure domain of the Nutanix platform. - properties: - name: - description: name of the failure domain in which - the nutanix machine provider will create the VM. - Failure domains are defined in a cluster's config.openshift.io/Infrastructure - resource. - maxLength: 64 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - openstack: - description: OpenStack configures failure domain information - for the OpenStack platform. - items: - description: OpenStackFailureDomain configures failure - domain information for the OpenStack platform. - minProperties: 1 - properties: - availabilityZone: - description: 'availabilityZone is the nova availability - zone in which the OpenStack machine provider will - create the VM. If not specified, the VM will be - created in the default availability zone specified - in the nova configuration. Availability zone names - must NOT contain : since it is used by admin users - to specify hosts where instances are launched - in server creation. Also, it must not contain - spaces otherwise it will lead to node that belongs - to this availability zone register failure, see - kubernetes/cloud-provider-openstack#1379 for further - information. The maximum length of availability - zone name is 63 as per labels limits.' - maxLength: 63 - minLength: 1 - pattern: '^[^: ]*$' - type: string - rootVolume: - description: rootVolume contains settings that will - be used by the OpenStack machine provider to create - the root volume attached to the VM. If not specified, - no root volume will be created. - properties: - availabilityZone: - description: availabilityZone specifies the - Cinder availability zone where the root volume - will be created. If not specifified, the root - volume will be created in the availability - zone specified by the volume type in the cinder - configuration. If the volume type (configured - in the OpenStack cluster) does not specify - an availability zone, the root volume will - be created in the default availability zone - specified in the cinder configuration. See - https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html - for more details. If the OpenStack cluster - is deployed with the cross_az_attach configuration - option set to false, the root volume will - have to be in the same availability zone as - the VM (defined by OpenStackFailureDomain.AvailabilityZone). - Availability zone names must NOT contain spaces - otherwise it will lead to volume that belongs - to this availability zone register failure, - see kubernetes/cloud-provider-openstack#1379 - for further information. The maximum length - of availability zone name is 63 as per labels - limits. - maxLength: 63 - minLength: 1 - pattern: ^[^ ]*$ - type: string - volumeType: - description: volumeType specifies the type of - the root volume that will be provisioned. - The maximum length of a volume type name is - 255 characters, as per the OpenStack limit. - maxLength: 255 - minLength: 1 - type: string - required: - - volumeType - type: object - type: object - x-kubernetes-validations: - - message: rootVolume.availabilityZone is required when - availabilityZone is set - rule: '!has(self.availabilityZone) || !has(self.rootVolume) - || has(self.rootVolume.availabilityZone)' - type: array - platform: - description: Platform identifies the platform for which - the FailureDomain represents. Currently supported values - are AWS, Azure, GCP, OpenStack, VSphere and Nutanix. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: vsphere configures failure domain information - for the VSphere platform. - items: - description: VSphereFailureDomain configures failure - domain information for the vSphere platform - properties: - name: - description: name of the failure domain in which - the vSphere machine provider will create the VM. - Failure domains are defined in a cluster's config.openshift.io/Infrastructure - resource. When balancing machines across failure - domains, the control plane machine set will inject - configuration from the Infrastructure resource - into the machine providerSpec to allocate the - machine to a failure domain. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - platform - type: object - x-kubernetes-validations: - - message: aws configuration is required when platform is - AWS, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''AWS'' ? has(self.aws) - : !has(self.aws)' - - message: azure configuration is required when platform is - Azure, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''Azure'' - ? has(self.azure) : !has(self.azure)' - - message: gcp configuration is required when platform is - GCP, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''GCP'' ? has(self.gcp) - : !has(self.gcp)' - - message: openstack configuration is required when platform - is OpenStack, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''OpenStack'' - ? has(self.openstack) : !has(self.openstack)' - - message: vsphere configuration is required when platform - is VSphere, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''VSphere'' - ? has(self.vsphere) : !has(self.vsphere)' - - message: nutanix configuration is required when platform - is Nutanix, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''Nutanix'' - ? has(self.nutanix) : !has(self.nutanix)' - metadata: - description: 'ObjectMeta is the standard object metadata More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - Labels are required to match the ControlPlaneMachineSet - selector.' - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels. - This field must contain both the ''machine.openshift.io/cluster-api-machine-role'' - and ''machine.openshift.io/cluster-api-machine-type'' - labels, both with a value of ''master''. It must also - contain a label with the key ''machine.openshift.io/cluster-api-cluster''.' - type: object - x-kubernetes-validations: - - message: label 'machine.openshift.io/cluster-api-machine-role' - is required, and must have value 'master' - rule: '''machine.openshift.io/cluster-api-machine-role'' - in self && self[''machine.openshift.io/cluster-api-machine-role''] - == ''master''' - - message: label 'machine.openshift.io/cluster-api-machine-type' - is required, and must have value 'master' - rule: '''machine.openshift.io/cluster-api-machine-type'' - in self && self[''machine.openshift.io/cluster-api-machine-type''] - == ''master''' - - message: label 'machine.openshift.io/cluster-api-cluster' - is required - rule: '''machine.openshift.io/cluster-api-cluster'' - in self' - required: - - labels - type: object - spec: - description: Spec contains the desired configuration of the - Control Plane Machines. The ProviderSpec within contains - platform specific details for creating the Control Plane - Machines. The ProviderSe should be complete apart from the - platform specific failure domain field. This will be overriden - when the Machines are created based on the FailureDomains - field. - properties: - lifecycleHooks: - description: LifecycleHooks allow users to pause operations - on the machine at certain predefined points within the - machine lifecycle. - properties: - preDrain: - description: PreDrain hooks prevent the machine from - being drained. This also blocks further lifecycle - events, such as termination. - items: - description: LifecycleHook represents a single instance - of a lifecycle hook - properties: - name: - description: Name defines a unique name for - the lifcycle hook. The name should be unique - and descriptive, ideally 1-3 words, in CamelCase - or it may be namespaced, eg. foo.example.com/CamelCase. - Names must be unique and should only be managed - by a single entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the - lifecycle hook. This should be descriptive - enough so that users can identify who/what - is responsible for blocking the lifecycle. - This could be the name of a controller (e.g. - clusteroperator/etcd) or an administrator - managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - preTerminate: - description: PreTerminate hooks prevent the machine - from being terminated. PreTerminate hooks be actioned - after the Machine has been drained. - items: - description: LifecycleHook represents a single instance - of a lifecycle hook - properties: - name: - description: Name defines a unique name for - the lifcycle hook. The name should be unique - and descriptive, ideally 1-3 words, in CamelCase - or it may be namespaced, eg. foo.example.com/CamelCase. - Names must be unique and should only be managed - by a single entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the - lifecycle hook. This should be descriptive - enough so that users can identify who/what - is responsible for blocking the lifecycle. - This could be the name of a controller (e.g. - clusteroperator/etcd) or an administrator - managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - metadata: - description: ObjectMeta will autopopulate the Node created. - Use this to indicate what labels, annotations, name - prefix, etc., should be used when creating the Node. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when - modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - generateName: - description: "GenerateName is an optional prefix, - used by the server, to generate a unique name ONLY - IF the Name field has not been provided. If this - field is used, the name returned to the client will - be different than the name passed. This value will - also be combined with a unique suffix. The provided - value has the same validation rules as the Name - field, and may be truncated by the length of the - suffix required to make the value unique on the - server. \n If this field is specified and the generated - name exists, the server will NOT return a 409 - - instead, it will either return 201 Created or 500 - with Reason ServerTimeout indicating a unique name - could not be found in the time allotted, and the - client should retry (optionally after the time indicated - in the Retry-After header). \n Applied only if Name - is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" - type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can - be used to organize and categorize (scope and select) - objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some - resources may allow a client to request the generation - of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within each - name must be unique. An empty namespace is equivalent - to the \"default\" namespace, but \"default\" is - the canonical representation. Not all objects are - required to be scoped to a namespace - the value - of this field for those objects will be empty. \n - Must be a DNS_LABEL. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this object. - If ALL objects in the list have been deleted, this - object will be garbage collected. If this object - is managed by a controller, then an entry in this - list will point to this controller, with the controller - field set to true. There cannot be more than one - managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. An owning - object must be in the same namespace as the dependent, - or be cluster-scoped, so there is no namespace - field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the - "foregroundDeletion" finalizer, then the owner - cannot be deleted from the key-value store - until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with - this field and enforces the foreground deletion. - Defaults to false. To set this field, a user - needs "delete" permission of the owner, otherwise - 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points - to the managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - type: array - type: object - providerID: - description: ProviderID is the identification ID of the - machine provided by the provider. This field must match - the provider ID as seen on the node object corresponding - to this machine. This field is required by higher level - consumers of cluster-api. Example use case is cluster - autoscaler with cluster-api as provider. Clean-up logic - in the autoscaler compares machines to nodes to find - out machines at provider which could not get registered - as Kubernetes nodes. With cluster-api as a generic out-of-tree - provider for autoscaler, this field is required by autoscaler - to be able to have a provider view of the list of machines. - Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered - machines and are marked for delete. This field will - be set by the actuators and consumed by higher level - entities like autoscaler that will be interfacing with - cluster-api as generic provider. - type: string - providerSpec: - description: ProviderSpec details Provider-specific configuration - to use during node creation. - properties: - value: - description: Value is an inlined, serialized representation - of the resource configuration. It is recommended - that providers maintain their own versioned API - types that should be serialized/deserialized from - this field, akin to component config. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - taints: - description: The list of the taints to be applied to the - corresponding Node in additive manner. This list will - not overwrite any other taints added to the Node on - an ongoing basis by other entities. These taints should - be actively reconciled e.g. if you ask the machine controller - to apply a taint and then manually remove the taint - the machine controller will put it back) but not have - the machine controller remove any taints - items: - description: The node this Taint is attached to has - the "effect" on any pod that does not tolerate the - Taint. - properties: - effect: - description: Required. The effect of the taint on - pods that do not tolerate the taint. Valid effects - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: TimeAdded represents the time at which - the taint was added. It is only written for NoExecute - taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - required: - - metadata - - spec - type: object - required: - - machineType - type: object - x-kubernetes-validations: - - message: machines_v1beta1_machine_openshift_io configuration is - required when machineType is machines_v1beta1_machine_openshift_io, - and forbidden otherwise - rule: 'has(self.machineType) && self.machineType == ''machines_v1beta1_machine_openshift_io'' - ? has(self.machines_v1beta1_machine_openshift_io) : !has(self.machines_v1beta1_machine_openshift_io)' - required: - - replicas - - selector - - template - type: object - status: - description: ControlPlaneMachineSetStatus represents the status of the - ControlPlaneMachineSet CRD. - properties: - conditions: - description: 'Conditions represents the observations of the ControlPlaneMachineSet''s - current state. Known .status.conditions.type are: Available, Degraded - and Progressing.' - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - description: ObservedGeneration is the most recent generation observed - for this ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's - generation, which is updated on mutation by the API Server. - format: int64 - type: integer - readyReplicas: - description: ReadyReplicas is the number of Control Plane Machines - created by the ControlPlaneMachineSet controller which are ready. - Note that this value may be higher than the desired number of replicas - while rolling updates are in-progress. - format: int32 - type: integer - replicas: - description: Replicas is the number of Control Plane Machines created - by the ControlPlaneMachineSet controller. Note that during update - operations this value may differ from the desired replica count. - format: int32 - type: integer - unavailableReplicas: - description: UnavailableReplicas is the number of Control Plane Machines - that are still required before the ControlPlaneMachineSet reaches - the desired available capacity. When this value is non-zero, the - number of ReadyReplicas is less than the desired Replicas. - format: int32 - type: integer - updatedReplicas: - description: UpdatedReplicas is the number of non-terminated Control - Plane Machines created by the ControlPlaneMachineSet controller - that have the desired provider spec and are ready. This value is - set to 0 when a change is detected to the desired spec. When the - update strategy is RollingUpdate, this will also coincide with starting - the process of updating the Machines. When the update strategy is - OnDelete, this value will remain at 0 until a user deletes an existing - replica and its replacement has become ready. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.labelSelector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index e814a8bcff..0000000000 --- a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,955 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1112 - capability.openshift.io/name: MachineAPI - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - creationTimestamp: null - name: controlplanemachinesets.machine.openshift.io -spec: - group: machine.openshift.io - names: - kind: ControlPlaneMachineSet - listKind: ControlPlaneMachineSetList - plural: controlplanemachinesets - singular: controlplanemachineset - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Desired Replicas - jsonPath: .spec.replicas - name: Desired - type: integer - - description: Current Replicas - jsonPath: .status.replicas - name: Current - type: integer - - description: Ready Replicas - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Updated Replicas - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Observed number of unavailable replicas - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - - description: ControlPlaneMachineSet state - jsonPath: .spec.state - name: State - type: string - - description: ControlPlaneMachineSet age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: 'ControlPlaneMachineSet ensures that a specified number of control - plane machine replicas are running at any given time. Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer).' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ControlPlaneMachineSet represents the configuration of the - ControlPlaneMachineSet. - properties: - replicas: - default: 3 - description: Replicas defines how many Control Plane Machines should - be created by this ControlPlaneMachineSet. This field is immutable - and cannot be changed after cluster installation. The ControlPlaneMachineSet - only operates with 3 or 5 node control planes, 3 and 5 are the only - valid values for this field. - enum: - - 3 - - 5 - format: int32 - type: integer - x-kubernetes-validations: - - message: replicas is immutable - rule: self == oldSelf - selector: - description: Label selector for Machines. Existing Machines selected - by this selector will be the ones affected by this ControlPlaneMachineSet. - It must match the template's labels. This field is considered immutable - after creation of the resource. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - x-kubernetes-validations: - - message: selector is immutable - rule: self == oldSelf - state: - default: Inactive - description: State defines whether the ControlPlaneMachineSet is Active - or Inactive. When Inactive, the ControlPlaneMachineSet will not - take any action on the state of the Machines within the cluster. - When Active, the ControlPlaneMachineSet will reconcile the Machines - and will update the Machines as necessary. Once Active, a ControlPlaneMachineSet - cannot be made Inactive. To prevent further action please remove - the ControlPlaneMachineSet. - enum: - - Active - - Inactive - type: string - x-kubernetes-validations: - - message: state cannot be changed once Active - rule: oldSelf != 'Active' || self == oldSelf - strategy: - default: - type: RollingUpdate - description: Strategy defines how the ControlPlaneMachineSet will - update Machines when it detects a change to the ProviderSpec. - properties: - type: - default: RollingUpdate - description: Type defines the type of update strategy that should - be used when updating Machines owned by the ControlPlaneMachineSet. - Valid values are "RollingUpdate" and "OnDelete". The current - default value is "RollingUpdate". - enum: - - RollingUpdate - - OnDelete - type: string - type: object - template: - description: Template describes the Control Plane Machines that will - be created by this ControlPlaneMachineSet. - properties: - machineType: - description: MachineType determines the type of Machines that - should be managed by the ControlPlaneMachineSet. Currently, - the only valid value is machines_v1beta1_machine_openshift_io. - enum: - - machines_v1beta1_machine_openshift_io - type: string - machines_v1beta1_machine_openshift_io: - description: OpenShiftMachineV1Beta1Machine defines the template - for creating Machines from the v1beta1.machine.openshift.io - API group. - properties: - failureDomains: - description: FailureDomains is the list of failure domains - (sometimes called availability zones) in which the ControlPlaneMachineSet - should balance the Control Plane Machines. This will be - merged into the ProviderSpec given in the template. This - field is optional on platforms that do not require placement - information. - properties: - aws: - description: AWS configures failure domain information - for the AWS platform. - items: - description: AWSFailureDomain configures failure domain - information for the AWS platform. - minProperties: 1 - properties: - placement: - description: Placement configures the placement - information for this instance. - properties: - availabilityZone: - description: AvailabilityZone is the availability - zone of the instance. - type: string - required: - - availabilityZone - type: object - subnet: - description: Subnet is a reference to the subnet - to use for this instance. - properties: - arn: - description: ARN of resource. - type: string - filters: - description: Filters is a set of filters used - to identify a resource. - items: - description: AWSResourceFilter is a filter - used to identify an AWS resource - properties: - name: - description: Name of the filter. Filter - names are case-sensitive. - type: string - values: - description: Values includes one or more - filter values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - type: object - type: array - id: - description: ID of resource. - type: string - type: - description: Type determines how the reference - will fetch the AWS resource. - enum: - - ID - - ARN - - Filters - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: id is required when type is ID, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''ID'' ? has(self.id) - : !has(self.id)' - - message: arn is required when type is ARN, and - forbidden otherwise - rule: 'has(self.type) && self.type == ''ARN'' - ? has(self.arn) : !has(self.arn)' - - message: filters is required when type is Filters, - and forbidden otherwise - rule: 'has(self.type) && self.type == ''Filters'' - ? has(self.filters) : !has(self.filters)' - type: object - type: array - azure: - description: Azure configures failure domain information - for the Azure platform. - items: - description: AzureFailureDomain configures failure domain - information for the Azure platform. - properties: - subnet: - description: subnet is the name of the network subnet - in which the VM will be created. When omitted, - the subnet value from the machine providerSpec - template will be used. - maxLength: 80 - pattern: ^[a-zA-Z0-9](?:[a-zA-Z0-9._-]*[a-zA-Z0-9_])?$ - type: string - zone: - description: Availability Zone for the virtual machine. - If nil, the virtual machine should be deployed - to no zone. - type: string - required: - - zone - type: object - type: array - gcp: - description: GCP configures failure domain information - for the GCP platform. - items: - description: GCPFailureDomain configures failure domain - information for the GCP platform - properties: - zone: - description: Zone is the zone in which the GCP machine - provider will create the VM. - type: string - required: - - zone - type: object - type: array - nutanix: - description: nutanix configures failure domain information - for the Nutanix platform. - items: - description: NutanixFailureDomainReference refers to - the failure domain of the Nutanix platform. - properties: - name: - description: name of the failure domain in which - the nutanix machine provider will create the VM. - Failure domains are defined in a cluster's config.openshift.io/Infrastructure - resource. - maxLength: 64 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - openstack: - description: OpenStack configures failure domain information - for the OpenStack platform. - items: - description: OpenStackFailureDomain configures failure - domain information for the OpenStack platform. - minProperties: 1 - properties: - availabilityZone: - description: 'availabilityZone is the nova availability - zone in which the OpenStack machine provider will - create the VM. If not specified, the VM will be - created in the default availability zone specified - in the nova configuration. Availability zone names - must NOT contain : since it is used by admin users - to specify hosts where instances are launched - in server creation. Also, it must not contain - spaces otherwise it will lead to node that belongs - to this availability zone register failure, see - kubernetes/cloud-provider-openstack#1379 for further - information. The maximum length of availability - zone name is 63 as per labels limits.' - maxLength: 63 - minLength: 1 - pattern: '^[^: ]*$' - type: string - rootVolume: - description: rootVolume contains settings that will - be used by the OpenStack machine provider to create - the root volume attached to the VM. If not specified, - no root volume will be created. - properties: - availabilityZone: - description: availabilityZone specifies the - Cinder availability zone where the root volume - will be created. If not specifified, the root - volume will be created in the availability - zone specified by the volume type in the cinder - configuration. If the volume type (configured - in the OpenStack cluster) does not specify - an availability zone, the root volume will - be created in the default availability zone - specified in the cinder configuration. See - https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html - for more details. If the OpenStack cluster - is deployed with the cross_az_attach configuration - option set to false, the root volume will - have to be in the same availability zone as - the VM (defined by OpenStackFailureDomain.AvailabilityZone). - Availability zone names must NOT contain spaces - otherwise it will lead to volume that belongs - to this availability zone register failure, - see kubernetes/cloud-provider-openstack#1379 - for further information. The maximum length - of availability zone name is 63 as per labels - limits. - maxLength: 63 - minLength: 1 - pattern: ^[^ ]*$ - type: string - volumeType: - description: volumeType specifies the type of - the root volume that will be provisioned. - The maximum length of a volume type name is - 255 characters, as per the OpenStack limit. - maxLength: 255 - minLength: 1 - type: string - required: - - volumeType - type: object - type: object - x-kubernetes-validations: - - message: rootVolume.availabilityZone is required when - availabilityZone is set - rule: '!has(self.availabilityZone) || !has(self.rootVolume) - || has(self.rootVolume.availabilityZone)' - type: array - platform: - description: Platform identifies the platform for which - the FailureDomain represents. Currently supported values - are AWS, Azure, GCP, OpenStack, VSphere and Nutanix. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: vsphere configures failure domain information - for the VSphere platform. - items: - description: VSphereFailureDomain configures failure - domain information for the vSphere platform - properties: - name: - description: name of the failure domain in which - the vSphere machine provider will create the VM. - Failure domains are defined in a cluster's config.openshift.io/Infrastructure - resource. When balancing machines across failure - domains, the control plane machine set will inject - configuration from the Infrastructure resource - into the machine providerSpec to allocate the - machine to a failure domain. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - platform - type: object - x-kubernetes-validations: - - message: aws configuration is required when platform is - AWS, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''AWS'' ? has(self.aws) - : !has(self.aws)' - - message: azure configuration is required when platform is - Azure, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''Azure'' - ? has(self.azure) : !has(self.azure)' - - message: gcp configuration is required when platform is - GCP, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''GCP'' ? has(self.gcp) - : !has(self.gcp)' - - message: openstack configuration is required when platform - is OpenStack, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''OpenStack'' - ? has(self.openstack) : !has(self.openstack)' - - message: vsphere configuration is required when platform - is VSphere, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''VSphere'' - ? has(self.vsphere) : !has(self.vsphere)' - - message: nutanix configuration is required when platform - is Nutanix, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''Nutanix'' - ? has(self.nutanix) : !has(self.nutanix)' - metadata: - description: 'ObjectMeta is the standard object metadata More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - Labels are required to match the ControlPlaneMachineSet - selector.' - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels. - This field must contain both the ''machine.openshift.io/cluster-api-machine-role'' - and ''machine.openshift.io/cluster-api-machine-type'' - labels, both with a value of ''master''. It must also - contain a label with the key ''machine.openshift.io/cluster-api-cluster''.' - type: object - x-kubernetes-validations: - - message: label 'machine.openshift.io/cluster-api-machine-role' - is required, and must have value 'master' - rule: '''machine.openshift.io/cluster-api-machine-role'' - in self && self[''machine.openshift.io/cluster-api-machine-role''] - == ''master''' - - message: label 'machine.openshift.io/cluster-api-machine-type' - is required, and must have value 'master' - rule: '''machine.openshift.io/cluster-api-machine-type'' - in self && self[''machine.openshift.io/cluster-api-machine-type''] - == ''master''' - - message: label 'machine.openshift.io/cluster-api-cluster' - is required - rule: '''machine.openshift.io/cluster-api-cluster'' - in self' - required: - - labels - type: object - spec: - description: Spec contains the desired configuration of the - Control Plane Machines. The ProviderSpec within contains - platform specific details for creating the Control Plane - Machines. The ProviderSe should be complete apart from the - platform specific failure domain field. This will be overriden - when the Machines are created based on the FailureDomains - field. - properties: - lifecycleHooks: - description: LifecycleHooks allow users to pause operations - on the machine at certain predefined points within the - machine lifecycle. - properties: - preDrain: - description: PreDrain hooks prevent the machine from - being drained. This also blocks further lifecycle - events, such as termination. - items: - description: LifecycleHook represents a single instance - of a lifecycle hook - properties: - name: - description: Name defines a unique name for - the lifcycle hook. The name should be unique - and descriptive, ideally 1-3 words, in CamelCase - or it may be namespaced, eg. foo.example.com/CamelCase. - Names must be unique and should only be managed - by a single entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the - lifecycle hook. This should be descriptive - enough so that users can identify who/what - is responsible for blocking the lifecycle. - This could be the name of a controller (e.g. - clusteroperator/etcd) or an administrator - managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - preTerminate: - description: PreTerminate hooks prevent the machine - from being terminated. PreTerminate hooks be actioned - after the Machine has been drained. - items: - description: LifecycleHook represents a single instance - of a lifecycle hook - properties: - name: - description: Name defines a unique name for - the lifcycle hook. The name should be unique - and descriptive, ideally 1-3 words, in CamelCase - or it may be namespaced, eg. foo.example.com/CamelCase. - Names must be unique and should only be managed - by a single entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the - lifecycle hook. This should be descriptive - enough so that users can identify who/what - is responsible for blocking the lifecycle. - This could be the name of a controller (e.g. - clusteroperator/etcd) or an administrator - managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - metadata: - description: ObjectMeta will autopopulate the Node created. - Use this to indicate what labels, annotations, name - prefix, etc., should be used when creating the Node. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when - modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - generateName: - description: "GenerateName is an optional prefix, - used by the server, to generate a unique name ONLY - IF the Name field has not been provided. If this - field is used, the name returned to the client will - be different than the name passed. This value will - also be combined with a unique suffix. The provided - value has the same validation rules as the Name - field, and may be truncated by the length of the - suffix required to make the value unique on the - server. \n If this field is specified and the generated - name exists, the server will NOT return a 409 - - instead, it will either return 201 Created or 500 - with Reason ServerTimeout indicating a unique name - could not be found in the time allotted, and the - client should retry (optionally after the time indicated - in the Retry-After header). \n Applied only if Name - is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" - type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can - be used to organize and categorize (scope and select) - objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some - resources may allow a client to request the generation - of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within each - name must be unique. An empty namespace is equivalent - to the \"default\" namespace, but \"default\" is - the canonical representation. Not all objects are - required to be scoped to a namespace - the value - of this field for those objects will be empty. \n - Must be a DNS_LABEL. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this object. - If ALL objects in the list have been deleted, this - object will be garbage collected. If this object - is managed by a controller, then an entry in this - list will point to this controller, with the controller - field set to true. There cannot be more than one - managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. An owning - object must be in the same namespace as the dependent, - or be cluster-scoped, so there is no namespace - field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the - "foregroundDeletion" finalizer, then the owner - cannot be deleted from the key-value store - until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with - this field and enforces the foreground deletion. - Defaults to false. To set this field, a user - needs "delete" permission of the owner, otherwise - 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points - to the managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - type: array - type: object - providerID: - description: ProviderID is the identification ID of the - machine provided by the provider. This field must match - the provider ID as seen on the node object corresponding - to this machine. This field is required by higher level - consumers of cluster-api. Example use case is cluster - autoscaler with cluster-api as provider. Clean-up logic - in the autoscaler compares machines to nodes to find - out machines at provider which could not get registered - as Kubernetes nodes. With cluster-api as a generic out-of-tree - provider for autoscaler, this field is required by autoscaler - to be able to have a provider view of the list of machines. - Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered - machines and are marked for delete. This field will - be set by the actuators and consumed by higher level - entities like autoscaler that will be interfacing with - cluster-api as generic provider. - type: string - providerSpec: - description: ProviderSpec details Provider-specific configuration - to use during node creation. - properties: - value: - description: Value is an inlined, serialized representation - of the resource configuration. It is recommended - that providers maintain their own versioned API - types that should be serialized/deserialized from - this field, akin to component config. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - taints: - description: The list of the taints to be applied to the - corresponding Node in additive manner. This list will - not overwrite any other taints added to the Node on - an ongoing basis by other entities. These taints should - be actively reconciled e.g. if you ask the machine controller - to apply a taint and then manually remove the taint - the machine controller will put it back) but not have - the machine controller remove any taints - items: - description: The node this Taint is attached to has - the "effect" on any pod that does not tolerate the - Taint. - properties: - effect: - description: Required. The effect of the taint on - pods that do not tolerate the taint. Valid effects - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: TimeAdded represents the time at which - the taint was added. It is only written for NoExecute - taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - required: - - metadata - - spec - type: object - required: - - machineType - type: object - x-kubernetes-validations: - - message: machines_v1beta1_machine_openshift_io configuration is - required when machineType is machines_v1beta1_machine_openshift_io, - and forbidden otherwise - rule: 'has(self.machineType) && self.machineType == ''machines_v1beta1_machine_openshift_io'' - ? has(self.machines_v1beta1_machine_openshift_io) : !has(self.machines_v1beta1_machine_openshift_io)' - required: - - replicas - - selector - - template - type: object - status: - description: ControlPlaneMachineSetStatus represents the status of the - ControlPlaneMachineSet CRD. - properties: - conditions: - description: 'Conditions represents the observations of the ControlPlaneMachineSet''s - current state. Known .status.conditions.type are: Available, Degraded - and Progressing.' - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - description: ObservedGeneration is the most recent generation observed - for this ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's - generation, which is updated on mutation by the API Server. - format: int64 - type: integer - readyReplicas: - description: ReadyReplicas is the number of Control Plane Machines - created by the ControlPlaneMachineSet controller which are ready. - Note that this value may be higher than the desired number of replicas - while rolling updates are in-progress. - format: int32 - type: integer - replicas: - description: Replicas is the number of Control Plane Machines created - by the ControlPlaneMachineSet controller. Note that during update - operations this value may differ from the desired replica count. - format: int32 - type: integer - unavailableReplicas: - description: UnavailableReplicas is the number of Control Plane Machines - that are still required before the ControlPlaneMachineSet reaches - the desired available capacity. When this value is non-zero, the - number of ReadyReplicas is less than the desired Replicas. - format: int32 - type: integer - updatedReplicas: - description: UpdatedReplicas is the number of non-terminated Control - Plane Machines created by the ControlPlaneMachineSet controller - that have the desired provider spec and are ready. This value is - set to 0 when a change is detected to the desired spec. When the - update strategy is RollingUpdate, this will also coincide with starting - the process of updating the Machines. When the update strategy is - OnDelete, this value will remain at 0 until a user deletes an existing - replica and its replacement has become ready. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.labelSelector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/openshift/api/machine/v1/custom.controlplanemachineset.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/custom.controlplanemachineset.testsuite.yaml deleted file mode 100644 index 350be2bf31..0000000000 --- a/vendor/github.com/openshift/api/machine/v1/custom.controlplanemachineset.testsuite.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] ControlPlaneMachineSet" -crd: 0000_10_controlplanemachineset-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should reject a VSphere platform failure domain without any VSphere config - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: VSphere - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": vsphere configuration is required when platform is VSphere" - - name: Should reject a VSphere configured failure domain without a platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - vsphere: - - name: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.platform: Required value" diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.aws.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.aws.testsuite.yaml deleted file mode 100644 index f599fcc2db..0000000000 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.aws.testsuite.yaml +++ /dev/null @@ -1,368 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ControlPlaneMachineSet (AWS)" -crd: 0000_10_controlplanemachineset-Default.crd.yaml -tests: - onCreate: - - name: Should reject an AWS platform failure domain without any AWS config - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": aws configuration is required when platform is AWS" - - name: Should reject an AWS configured failure domain without a platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - aws: - - placement: - availabilityZone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.platform: Required value" - - name: Should reject an AWS configured failure domain with the wrong platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: BareMetal - aws: - - placement: - availabilityZone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": aws configuration is required when platform is AWS, and forbidden otherwise" - - name: Should reject an AWS failure domain with the subnet type omitted - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.aws[0].subnet.type: Required value, : Invalid value: \"null\"" - - name: Should reject an AWS failure domain with the subnet type ID and no ID provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ID - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.aws[0].subnet: Invalid value: \"object\": id is required when type is ID, and forbidden otherwise" - - name: Should accept an AWS failure domain with the subnet type ID and an ID provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ID - id: foo - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ID - id: foo - - name: Should reject an AWS failure domain with the subnet type ID and an ARN provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ID - id: foo - arn: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.aws[0].subnet: Invalid value: \"object\": arn is required when type is ARN, and forbidden otherwise" - - name: Should reject an AWS failure domain with the subnet type ID and a Filter provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ID - id: foo - filters: - - name: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.aws[0].subnet: Invalid value: \"object\": filters is required when type is Filters, and forbidden otherwise" - - name: Should accept an AWS failure domain with the subnet type ARN and an ARN provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ARN - arn: foo - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ARN - arn: foo - - name: Should accept an AWS failure domain with the subnet type Filters and a Filter provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: Filters - filters: - - name: foo - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: Filters - filters: - - name: foo - - name: Should reject an AWS failure domain with the subnet type ARN and an ID provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ARN - id: foo - arn: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.aws[0].subnet: Invalid value: \"object\": id is required when type is ID, and forbidden otherwise" diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.azure.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.azure.testsuite.yaml deleted file mode 100644 index 6b6295e536..0000000000 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.azure.testsuite.yaml +++ /dev/null @@ -1,74 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ControlPlaneMachineSet" -crd: 0000_10_controlplanemachineset-Default.crd.yaml -tests: - onCreate: - - name: Should reject an Azure platform failure domain without any Azure config - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: Azure - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": azure configuration is required when platform is Azure" - - name: Should reject an Azure configured failure domain without a platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - azure: - - zone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.platform: Required value" - - name: Should reject an Azure configured failure domain with the wrong platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: BareMetal - azure: - - zone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": azure configuration is required when platform is Azure, and forbidden otherwise" diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.gcp.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.gcp.testsuite.yaml deleted file mode 100644 index 24e617286c..0000000000 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.gcp.testsuite.yaml +++ /dev/null @@ -1,74 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ControlPlaneMachineSet" -crd: 0000_10_controlplanemachineset-Default.crd.yaml -tests: - onCreate: - - name: Should reject an GCP platform failure domain without any GCP config - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: GCP - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": gcp configuration is required when platform is GCP" - - name: Should reject an GCP configured failure domain without a platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - aws: - - zone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.platform: Required value" - - name: Should reject an GCP configured failure domain with the wrong platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: BareMetal - gcp: - - zone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": gcp configuration is required when platform is GCP, and forbidden otherwise" diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml deleted file mode 100644 index ae65d8f7f4..0000000000 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml +++ /dev/null @@ -1,632 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ControlPlaneMachineSet" -crd: 0000_10_controlplanemachineset-Default.crd.yaml -tests: - onCreate: - - name: Should reject an OpenStack platform failure domain without any OpenStack config - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": openstack configuration is required when platform is OpenStack" - - name: Should reject an OpenStack configured failure domain without a platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - openstack: - - availabilityZone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.platform: Required value" - - name: Should reject an OpenStack configured failure domain with an empty OpenStack config - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack in body must be of type array: \"object\"" - - name: Should accept no failureDomains - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: "" - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: "" - - name: Should reject an OpenStack configured failure domain with the wrong platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: BareMetal - openstack: - - availabilityZone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": openstack configuration is required when platform is OpenStack, and forbidden otherwise" - - name: Should accept an OpenStack failure domain with only the availabilityZone provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - - name: Should accept an OpenStack failure domain with only the rootVolume provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - availabilityZone: foo - volumeType: fast - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - availabilityZone: foo - volumeType: fast - - name: Should accept an OpenStack failure domain with only the root volume type provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - volumeType: typeone - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - volumeType: typeone - - name: Should accept an OpenStack failure domain with both availabilityZone and rootVolume provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - rootVolume: - availabilityZone: foo - volumeType: fast - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - rootVolume: - availabilityZone: foo - volumeType: fast - - name: Should accept an OpenStack failure domain with both availabilityZone and root volume type provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - rootVolume: - availabilityZone: foo - volumeType: bar - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - rootVolume: - availabilityZone: foo - volumeType: bar - - name: Should reject an OpenStack failure domain with no rootVolume volumeType provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - availabilityZone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType: Required value, : Invalid value: \"null\": some validation rules were not checked" - - name: Should reject an OpenStack failure domain with an empty rootVolume volumeType provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - volumeType: "" - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType: Invalid value: \"\": spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType in body should be at least 1 chars long" - - name: Should reject an OpenStack failure domain with too long a rootVolume volumeType name - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - rootVolume: - volumeType: a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType: Too long: may not be longer than 255" - - name: Should reject an OpenStack failure domain with both availabilityZone and root volume provided but with missing root volume availabilityZone - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - rootVolume: - volumeType: bar - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0]: Invalid value: \"object\": rootVolume.availabilityZone is required when availabilityZone is set" - - name: Should reject an empty OpenStack failure domain - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - - {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[1] in body should have at least 1 properties" - - name: Should reject an OpenStack failure domain with an empty availabilityZone provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: "" - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].availabilityZone in body should be at least 1 chars long" - - name: Should reject an OpenStack failure domain with an empty rootVolume availabilityZone provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - availabilityZone: "" - volumeType: fast - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.availabilityZone in body should be at least 1 chars long" - - name: Should reject an OpenStack failure domain with an invalid availabilityZone provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo:bar - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].availabilityZone in body should match" - - name: Should reject an OpenStack failure domain with an invalid availabilityZone provided for rootVolume - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - availabilityZone: "foo bar" - volumeType: fast - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.availabilityZone in body should match" diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.testsuite.yaml deleted file mode 100644 index dd4f09ccf6..0000000000 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.testsuite.yaml +++ /dev/null @@ -1,488 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ControlPlaneMachineSet" -crd: 0000_10_controlplanemachineset-Default.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ControlPlaneMachineSet - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - - name: Should reject a missing machineType - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.template.machineType: Required value" - - name: Should reject a missing machines_v1beta1_machine_openshift_io - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - expectedError: "spec.template: Invalid value: \"object\": machines_v1beta1_machine_openshift_io configuration is required when machineType is machines_v1beta1_machine_openshift_io, and forbidden otherwise" - - name: Should reject a worker role label - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: worker - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.metadata.labels: Invalid value: \"object\": label 'machine.openshift.io/cluster-api-machine-role' is required, and must have value 'master'" - - name: Should reject a missing role label - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.metadata.labels: Invalid value: \"object\": label 'machine.openshift.io/cluster-api-machine-role' is required, and must have value 'master'" - - name: Should reject a worker type label - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: worker - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.metadata.labels: Invalid value: \"object\": label 'machine.openshift.io/cluster-api-machine-type' is required, and must have value 'master'" - - name: Should reject a missing type label - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.metadata.labels: Invalid value: \"object\": label 'machine.openshift.io/cluster-api-machine-type' is required, and must have value 'master'" - - name: Should reject a missing cluster ID label - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - spec: - providerSpec: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.metadata.labels: Invalid value: \"object\": label 'machine.openshift.io/cluster-api-cluster' is required" - - name: Should be able to create an Active ControlPlaneMachineSet - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - state: Active - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Active - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - onUpdate: - - name: Replicas should be immutable - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - updated: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 5 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.replicas: Invalid value: \"integer\": replicas is immutable" - - name: Selector should be immutable - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - updated: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - foo: bar - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.selector: Invalid value: \"object\": selector is immutable" - - name: Should default the strategy when removed - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: OnDelete - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - updated: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - - name: Should allow the state to change to Active - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - updated: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Active - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Active - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - - name: Should not allow the state to change from Active - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Active - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - updated: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.state: Invalid value: \"string\": state cannot be changed once Active" diff --git a/vendor/github.com/openshift/api/machine/v1/techpreview.controlplanemachineset.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/techpreview.controlplanemachineset.testsuite.yaml deleted file mode 100644 index 519b0cad2c..0000000000 --- a/vendor/github.com/openshift/api/machine/v1/techpreview.controlplanemachineset.testsuite.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] ControlPlaneMachineSet" -crd: 0000_10_controlplanemachineset-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should reject an VSphere platform failure domain without any VSphere config - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: VSphere - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": vsphere configuration is required when platform is VSphere" - - name: Should reject an VSphere configured failure domain without a platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - vsphere: - - name: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.platform: Required value" diff --git a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go index c31926f0c9..a2e7ae03e1 100644 --- a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go +++ b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go @@ -8,10 +8,9 @@ import ( // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time. // +k8s:openapi-gen=true -// +kubebuilder:resource:scope=Namespaced +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=controlplanemachinesets,scope=Namespaced // +kubebuilder:subresource:status // +kubebuilder:subresource:scale:specpath=.spec.replicas,statuspath=.status.replicas // +kubebuilder:printcolumn:name="Desired",type="integer",JSONPath=".spec.replicas",description="Desired Replicas" @@ -21,6 +20,13 @@ import ( // +kubebuilder:printcolumn:name="Unavailable",type="integer",JSONPath=".status.unavailableReplicas",description="Observed number of unavailable replicas" // +kubebuilder:printcolumn:name="State",type="string",JSONPath=".spec.state",description="ControlPlaneMachineSet state" // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="ControlPlaneMachineSet age" +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1112 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=control-plane-machine-set,operatorOrdering=01 +// +openshift:capability=MachineAPI +// +kubebuilder:metadata:annotations="exclude.release.openshift.io/internal-openshift-hosted=true" +// +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true + +// ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time. // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 type ControlPlaneMachineSet struct { diff --git a/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..258caa113b --- /dev/null +++ b/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,51 @@ +controlplanemachinesets.machine.openshift.io: + Annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/1112 + CRDName: controlplanemachinesets.machine.openshift.io + Capability: MachineAPI + Category: "" + FeatureGates: [] + FilenameOperatorName: control-plane-machine-set + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: machine.openshift.io + HasStatus: true + KindName: ControlPlaneMachineSet + Labels: {} + PluralName: controlplanemachinesets + PrinterColumns: + - description: Desired Replicas + jsonPath: .spec.replicas + name: Desired + type: integer + - description: Current Replicas + jsonPath: .status.replicas + name: Current + type: integer + - description: Ready Replicas + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Updated Replicas + jsonPath: .status.updatedReplicas + name: Updated + type: integer + - description: Observed number of unavailable replicas + jsonPath: .status.unavailableReplicas + name: Unavailable + type: integer + - description: ControlPlaneMachineSet state + jsonPath: .spec.state + name: State + type: string + - description: ControlPlaneMachineSet age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machine.crd.yaml b/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machine.crd.yaml deleted file mode 100644 index 8d8a95af98..0000000000 --- a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machine.crd.yaml +++ /dev/null @@ -1,492 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/948 - capability.openshift.io/name: MachineAPI - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: machines.machine.openshift.io -spec: - group: machine.openshift.io - names: - kind: Machine - listKind: MachineList - plural: machines - singular: machine - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Phase of machine - jsonPath: .status.phase - name: Phase - type: string - - description: Type of instance - jsonPath: .metadata.labels['machine\.openshift\.io/instance-type'] - name: Type - type: string - - description: Region associated with machine - jsonPath: .metadata.labels['machine\.openshift\.io/region'] - name: Region - type: string - - description: Zone associated with machine - jsonPath: .metadata.labels['machine\.openshift\.io/zone'] - name: Zone - type: string - - description: Machine age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Node associated with machine - jsonPath: .status.nodeRef.name - name: Node - priority: 1 - type: string - - description: Provider ID of machine created in cloud provider - jsonPath: .spec.providerID - name: ProviderID - priority: 1 - type: string - - description: State of instance - jsonPath: .metadata.annotations['machine\.openshift\.io/instance-state'] - name: State - priority: 1 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: 'Machine is the Schema for the machines API Compatibility level - 2: Stable within a major release for a minimum of 9 months or 3 minor releases - (whichever is longer).' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MachineSpec defines the desired state of Machine - properties: - lifecycleHooks: - description: LifecycleHooks allow users to pause operations on the - machine at certain predefined points within the machine lifecycle. - properties: - preDrain: - description: PreDrain hooks prevent the machine from being drained. - This also blocks further lifecycle events, such as termination. - items: - description: LifecycleHook represents a single instance of a - lifecycle hook - properties: - name: - description: Name defines a unique name for the lifcycle - hook. The name should be unique and descriptive, ideally - 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. - Names must be unique and should only be managed by a single - entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the lifecycle hook. - This should be descriptive enough so that users can identify - who/what is responsible for blocking the lifecycle. This - could be the name of a controller (e.g. clusteroperator/etcd) - or an administrator managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - preTerminate: - description: PreTerminate hooks prevent the machine from being - terminated. PreTerminate hooks be actioned after the Machine - has been drained. - items: - description: LifecycleHook represents a single instance of a - lifecycle hook - properties: - name: - description: Name defines a unique name for the lifcycle - hook. The name should be unique and descriptive, ideally - 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. - Names must be unique and should only be managed by a single - entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the lifecycle hook. - This should be descriptive enough so that users can identify - who/what is responsible for blocking the lifecycle. This - could be the name of a controller (e.g. clusteroperator/etcd) - or an administrator managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - metadata: - description: ObjectMeta will autopopulate the Node created. Use this - to indicate what labels, annotations, name prefix, etc., should - be used when creating the Node. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - generateName: - description: "GenerateName is an optional prefix, used by the - server, to generate a unique name ONLY IF the Name field has - not been provided. If this field is used, the name returned - to the client will be different than the name passed. This value - will also be combined with a unique suffix. The provided value - has the same validation rules as the Name field, and may be - truncated by the length of the suffix required to make the value - unique on the server. \n If this field is specified and the - generated name exists, the server will NOT return a 409 - instead, - it will either return 201 Created or 500 with Reason ServerTimeout - indicating a unique name could not be found in the time allotted, - and the client should retry (optionally after the time indicated - in the Retry-After header). \n Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" - type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a - client to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within each name must - be unique. An empty namespace is equivalent to the \"default\" - namespace, but \"default\" is the canonical representation. - Not all objects are required to be scoped to a namespace - the - value of this field for those objects will be empty. \n Must - be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in - this list will point to this controller, with the controller - field set to true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let - you identify an owning object. An owning object must be in - the same namespace as the dependent, or be cluster-scoped, - so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field - and enforces the foreground deletion. Defaults to false. - To set this field, a user needs "delete" permission of - the owner, otherwise 422 (Unprocessable Entity) will be - returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - providerID: - description: ProviderID is the identification ID of the machine provided - by the provider. This field must match the provider ID as seen on - the node object corresponding to this machine. This field is required - by higher level consumers of cluster-api. Example use case is cluster - autoscaler with cluster-api as provider. Clean-up logic in the autoscaler - compares machines to nodes to find out machines at provider which - could not get registered as Kubernetes nodes. With cluster-api as - a generic out-of-tree provider for autoscaler, this field is required - by autoscaler to be able to have a provider view of the list of - machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines - and are marked for delete. This field will be set by the actuators - and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - providerSpec: - description: ProviderSpec details Provider-specific configuration - to use during node creation. - properties: - value: - description: Value is an inlined, serialized representation of - the resource configuration. It is recommended that providers - maintain their own versioned API types that should be serialized/deserialized - from this field, akin to component config. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - taints: - description: The list of the taints to be applied to the corresponding - Node in additive manner. This list will not overwrite any other - taints added to the Node on an ongoing basis by other entities. - These taints should be actively reconciled e.g. if you ask the machine - controller to apply a taint and then manually remove the taint the - machine controller will put it back) but not have the machine controller - remove any taints - items: - description: The node this Taint is attached to has the "effect" - on any pod that does not tolerate the Taint. - properties: - effect: - description: Required. The effect of the taint on pods that - do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Required. The taint key to be applied to a node. - type: string - timeAdded: - description: TimeAdded represents the time at which the taint - was added. It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - status: - description: MachineStatus defines the observed state of Machine - properties: - addresses: - description: Addresses is a list of addresses assigned to the machine. - Queried from cloud provider, if available. - items: - description: NodeAddress contains information for the node's address. - properties: - address: - description: The node address. - type: string - type: - description: Node address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - conditions: - description: Conditions defines the current state of the Machine - items: - description: Condition defines an observation of a Machine API resource - operational state. - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. This field may be empty. - type: string - reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. - type: string - severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. - type: string - type: object - type: array - errorMessage: - description: "ErrorMessage will be set in the event that there is - a terminal problem reconciling the Machine and will contain a more - verbose string suitable for logging and human consumption. \n This - field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over time (like - service outages), but instead indicate that something is fundamentally - wrong with the Machine's spec or the configuration of the controller, - and that manual intervention is required. Examples of terminal errors - would be invalid combinations of settings in the spec, values that - are unsupported by the controller, or the responsible controller - itself being critically misconfigured. \n Any transient errors that - occur during the reconciliation of Machines can be added as events - to the Machine object and/or logged in the controller's output." - type: string - errorReason: - description: "ErrorReason will be set in the event that there is a - terminal problem reconciling the Machine and will contain a succinct - value suitable for machine interpretation. \n This field should - not be set for transitive errors that a controller faces that are - expected to be fixed automatically over time (like service outages), - but instead indicate that something is fundamentally wrong with - the Machine's spec or the configuration of the controller, and that - manual intervention is required. Examples of terminal errors would - be invalid combinations of settings in the spec, values that are - unsupported by the controller, or the responsible controller itself - being critically misconfigured. \n Any transient errors that occur - during the reconciliation of Machines can be added as events to - the Machine object and/or logged in the controller's output." - type: string - lastOperation: - description: LastOperation describes the last-operation performed - by the machine-controller. This API should be useful as a history - in terms of the latest operation performed on the specific machine. - It should also convey the state of the latest-operation for example - if it is still on-going, failed or completed successfully. - properties: - description: - description: Description is the human-readable description of - the last operation. - type: string - lastUpdated: - description: LastUpdated is the timestamp at which LastOperation - API was last-updated. - format: date-time - type: string - state: - description: State is the current status of the last performed - operation. E.g. Processing, Failed, Successful etc - type: string - type: - description: Type is the type of operation which was last performed. - E.g. Create, Delete, Update etc - type: string - type: object - lastUpdated: - description: LastUpdated identifies when this status was last observed. - format: date-time - type: string - nodeRef: - description: NodeRef will point to the corresponding Node if it exists. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - x-kubernetes-map-type: atomic - phase: - description: 'Phase represents the current phase of machine actuation. - One of: Failed, Provisioning, Provisioned, Running, Deleting' - type: string - providerStatus: - description: ProviderStatus details a Provider-specific status. It - is recommended that providers maintain their own versioned API types - that should be serialized/deserialized from this field. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machinehealthcheck.yaml b/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machinehealthcheck.yaml deleted file mode 100644 index 86b3f81109..0000000000 --- a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machinehealthcheck.yaml +++ /dev/null @@ -1,270 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1032 - capability.openshift.io/name: MachineAPI - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - creationTimestamp: null - name: machinehealthchecks.machine.openshift.io -spec: - group: machine.openshift.io - names: - kind: MachineHealthCheck - listKind: MachineHealthCheckList - plural: machinehealthchecks - shortNames: - - mhc - - mhcs - singular: machinehealthcheck - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Maximum number of unhealthy machines allowed - jsonPath: .spec.maxUnhealthy - name: MaxUnhealthy - type: string - - description: Number of machines currently monitored - jsonPath: .status.expectedMachines - name: ExpectedMachines - type: integer - - description: Current observed healthy machines - jsonPath: .status.currentHealthy - name: CurrentHealthy - type: integer - name: v1beta1 - schema: - openAPIV3Schema: - description: 'MachineHealthCheck is the Schema for the machinehealthchecks - API Compatibility level 2: Stable within a major release for a minimum of - 9 months or 3 minor releases (whichever is longer).' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of machine health check policy - properties: - maxUnhealthy: - anyOf: - - type: integer - - type: string - default: 100% - description: Any farther remediation is only allowed if at most "MaxUnhealthy" - machines selected by "selector" are not healthy. Expects either - a postive integer value or a percentage value. Percentage values - must be positive whole numbers and are capped at 100%. Both 0 and - 0% are valid and will block all remediation. - pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ - x-kubernetes-int-or-string: true - nodeStartupTimeout: - default: 10m - description: Machines older than this duration without a node will - be considered to have failed and will be remediated. To prevent - Machines without Nodes from being removed, disable startup checks - by setting this value explicitly to "0". Expects an unsigned duration - string of decimal numbers each with optional fraction and a unit - suffix, eg "300ms", "1.5h" or "2h45m". Valid time units are "ns", - "us" (or "µs"), "ms", "s", "m", "h". - pattern: ^0|([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - type: string - remediationTemplate: - description: "RemediationTemplate is a reference to a remediation - template provided by an infrastructure provider. \n This field is - completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off - remediation of the machine to a controller that lives outside of - Machine API Operator." - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - x-kubernetes-map-type: atomic - selector: - description: 'Label selector to match machines whose health will be - exercised. Note: An empty selector will match all machines.' - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: UnhealthyConditions contains a list of the conditions - that determine whether a node is considered unhealthy. The conditions - are combined in a logical OR, i.e. if any of the conditions is met, - the node is unhealthy. - items: - description: UnhealthyCondition represents a Node condition type - and value with a timeout specified as a duration. When the named - condition has been in the given status for at least the timeout - value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - description: Expects an unsigned duration string of decimal - numbers each with optional fraction and a unit suffix, eg - "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" - (or "µs"), "ms", "s", "m", "h". - pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - type: string - type: - minLength: 1 - type: string - type: object - minItems: 1 - type: array - type: object - status: - description: Most recently observed status of MachineHealthCheck resource - properties: - conditions: - description: Conditions defines the current state of the MachineHealthCheck - items: - description: Condition defines an observation of a Machine API resource - operational state. - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. This field may be empty. - type: string - reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. - type: string - severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. - type: string - type: object - type: array - currentHealthy: - description: total number of machines counted by this machine health - check - minimum: 0 - type: integer - expectedMachines: - description: total number of machines counted by this machine health - check - minimum: 0 - type: integer - remediationsAllowed: - description: RemediationsAllowed is the number of further remediations - allowed by this machine health check before maxUnhealthy short circuiting - will be applied - format: int32 - minimum: 0 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machineset.crd.yaml b/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machineset.crd.yaml deleted file mode 100644 index b191293ea5..0000000000 --- a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machineset.crd.yaml +++ /dev/null @@ -1,562 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1032 - capability.openshift.io/name: MachineAPI - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - creationTimestamp: null - name: machinesets.machine.openshift.io -spec: - group: machine.openshift.io - names: - kind: MachineSet - listKind: MachineSetList - plural: machinesets - singular: machineset - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Desired Replicas - jsonPath: .spec.replicas - name: Desired - type: integer - - description: Current Replicas - jsonPath: .status.replicas - name: Current - type: integer - - description: Ready Replicas - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Observed number of available replicas - jsonPath: .status.availableReplicas - name: Available - type: string - - description: Machineset age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: 'MachineSet ensures that a specified number of machines replicas - are running at any given time. Compatibility level 2: Stable within a major - release for a minimum of 9 months or 3 minor releases (whichever is longer).' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MachineSetSpec defines the desired state of MachineSet - properties: - deletePolicy: - description: DeletePolicy defines the policy used to identify nodes - to delete when downscaling. Defaults to "Random". Valid values - are "Random, "Newest", "Oldest" - enum: - - Random - - Newest - - Oldest - type: string - minReadySeconds: - description: MinReadySeconds is the minimum number of seconds for - which a newly created machine should be ready. Defaults to 0 (machine - will be considered available as soon as it is ready) - format: int32 - type: integer - replicas: - default: 1 - description: Replicas is the number of desired replicas. This is a - pointer to distinguish between explicit zero and unspecified. Defaults - to 1. - format: int32 - type: integer - selector: - description: 'Selector is a label query over machines that should - match the replica count. Label keys and values that must match in - order to be controlled by this MachineSet. It must match the machine - template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - template: - description: Template is the object that describes the machine that - will be created if insufficient replicas are detected. - properties: - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' - type: object - generateName: - description: "GenerateName is an optional prefix, used by - the server, to generate a unique name ONLY IF the Name field - has not been provided. If this field is used, the name returned - to the client will be different than the name passed. This - value will also be combined with a unique suffix. The provided - value has the same validation rules as the Name field, and - may be truncated by the length of the suffix required to - make the value unique on the server. \n If this field is - specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created - or 500 with Reason ServerTimeout indicating a unique name - could not be found in the time allotted, and the client - should retry (optionally after the time indicated in the - Retry-After header). \n Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" - type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. May - match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow - a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence - and configuration definition. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within each name - must be unique. An empty namespace is equivalent to the - \"default\" namespace, but \"default\" is the canonical - representation. Not all objects are required to be scoped - to a namespace - the value of this field for those objects - will be empty. \n Must be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this object. If ALL - objects in the list have been deleted, this object will - be garbage collected. If this object is managed by a controller, - then an entry in this list will point to this controller, - with the controller field set to true. There cannot be more - than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. An owning object - must be in the same namespace as the dependent, or be - cluster-scoped, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the - key-value store until this reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this - field and enforces the foreground deletion. Defaults - to false. To set this field, a user needs "delete" - permission of the owner, otherwise 422 (Unprocessable - Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - spec: - description: 'Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - lifecycleHooks: - description: LifecycleHooks allow users to pause operations - on the machine at certain predefined points within the machine - lifecycle. - properties: - preDrain: - description: PreDrain hooks prevent the machine from being - drained. This also blocks further lifecycle events, - such as termination. - items: - description: LifecycleHook represents a single instance - of a lifecycle hook - properties: - name: - description: Name defines a unique name for the - lifcycle hook. The name should be unique and descriptive, - ideally 1-3 words, in CamelCase or it may be namespaced, - eg. foo.example.com/CamelCase. Names must be unique - and should only be managed by a single entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the lifecycle - hook. This should be descriptive enough so that - users can identify who/what is responsible for - blocking the lifecycle. This could be the name - of a controller (e.g. clusteroperator/etcd) or - an administrator managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - preTerminate: - description: PreTerminate hooks prevent the machine from - being terminated. PreTerminate hooks be actioned after - the Machine has been drained. - items: - description: LifecycleHook represents a single instance - of a lifecycle hook - properties: - name: - description: Name defines a unique name for the - lifcycle hook. The name should be unique and descriptive, - ideally 1-3 words, in CamelCase or it may be namespaced, - eg. foo.example.com/CamelCase. Names must be unique - and should only be managed by a single entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the lifecycle - hook. This should be descriptive enough so that - users can identify who/what is responsible for - blocking the lifecycle. This could be the name - of a controller (e.g. clusteroperator/etcd) or - an administrator managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - metadata: - description: ObjectMeta will autopopulate the Node created. - Use this to indicate what labels, annotations, name prefix, - etc., should be used when creating the Node. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - generateName: - description: "GenerateName is an optional prefix, used - by the server, to generate a unique name ONLY IF the - Name field has not been provided. If this field is used, - the name returned to the client will be different than - the name passed. This value will also be combined with - a unique suffix. The provided value has the same validation - rules as the Name field, and may be truncated by the - length of the suffix required to make the value unique - on the server. \n If this field is specified and the - generated name exists, the server will NOT return a - 409 - instead, it will either return 201 Created or - 500 with Reason ServerTimeout indicating a unique name - could not be found in the time allotted, and the client - should retry (optionally after the time indicated in - the Retry-After header). \n Applied only if Name is - not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" - type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within each - name must be unique. An empty namespace is equivalent - to the \"default\" namespace, but \"default\" is the - canonical representation. Not all objects are required - to be scoped to a namespace - the value of this field - for those objects will be empty. \n Must be a DNS_LABEL. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this object. - If ALL objects in the list have been deleted, this object - will be garbage collected. If this object is managed - by a controller, then an entry in this list will point - to this controller, with the controller field set to - true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. An owning object - must be in the same namespace as the dependent, or - be cluster-scoped, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from - the key-value store until this reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this - field and enforces the foreground deletion. Defaults - to false. To set this field, a user needs "delete" - permission of the owner, otherwise 422 (Unprocessable - Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - providerID: - description: ProviderID is the identification ID of the machine - provided by the provider. This field must match the provider - ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. - Example use case is cluster autoscaler with cluster-api - as provider. Clean-up logic in the autoscaler compares machines - to nodes to find out machines at provider which could not - get registered as Kubernetes nodes. With cluster-api as - a generic out-of-tree provider for autoscaler, this field - is required by autoscaler to be able to have a provider - view of the list of machines. Another list of nodes is queried - from the k8s apiserver and then a comparison is done to - find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by - higher level entities like autoscaler that will be interfacing - with cluster-api as generic provider. - type: string - providerSpec: - description: ProviderSpec details Provider-specific configuration - to use during node creation. - properties: - value: - description: Value is an inlined, serialized representation - of the resource configuration. It is recommended that - providers maintain their own versioned API types that - should be serialized/deserialized from this field, akin - to component config. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - taints: - description: The list of the taints to be applied to the corresponding - Node in additive manner. This list will not overwrite any - other taints added to the Node on an ongoing basis by other - entities. These taints should be actively reconciled e.g. - if you ask the machine controller to apply a taint and then - manually remove the taint the machine controller will put - it back) but not have the machine controller remove any - taints - items: - description: The node this Taint is attached to has the - "effect" on any pod that does not tolerate the Taint. - properties: - effect: - description: Required. The effect of the taint on pods - that do not tolerate the taint. Valid effects are - NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: TimeAdded represents the time at which - the taint was added. It is only written for NoExecute - taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - type: object - status: - description: MachineSetStatus defines the observed state of MachineSet - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachineSet. - format: int32 - type: integer - errorMessage: - type: string - errorReason: - description: "In the event that there is a terminal problem reconciling - the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason - will be populated with a succinct value suitable for machine interpretation, - while ErrorMessage will contain a more verbose string suitable for - logging and human consumption. \n These fields should not be set - for transitive errors that a controller faces that are expected - to be fixed automatically over time (like service outages), but - instead indicate that something is fundamentally wrong with the - MachineTemplate's spec or the configuration of the machine controller, - and that manual intervention is required. Examples of terminal errors - would be invalid combinations of settings in the spec, values that - are unsupported by the machine controller, or the responsible machine - controller itself being critically misconfigured. \n Any transient - errors that occur during the reconciliation of Machines can be added - as events to the MachineSet object and/or logged in the controller's - output." - type: string - fullyLabeledReplicas: - description: The number of replicas that have labels matching the - labels of the machine template of the MachineSet. - format: int32 - type: integer - observedGeneration: - description: ObservedGeneration reflects the generation of the most - recently observed MachineSet. - format: int64 - type: integer - readyReplicas: - description: The number of ready replicas for this MachineSet. A machine - is considered ready when the node has been created and is "Ready". - format: int32 - type: integer - replicas: - description: Replicas is the most recently observed number of replicas. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.labelSelector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/openshift/api/machine/v1beta1/stable.machine.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1beta1/stable.machine.testsuite.yaml deleted file mode 100644 index 2a7e0d62c6..0000000000 --- a/vendor/github.com/openshift/api/machine/v1beta1/stable.machine.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Machine" -crd: 0000_10_machine.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Machine - initial: | - apiVersion: machine.openshift.io/v1beta1 - kind: Machine - spec: {} # No spec is required for a Machine - expected: | - apiVersion: machine.openshift.io/v1beta1 - kind: Machine - spec: {} diff --git a/vendor/github.com/openshift/api/machine/v1beta1/stable.machinehealthcheck.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1beta1/stable.machinehealthcheck.testsuite.yaml deleted file mode 100644 index 703bcdef1d..0000000000 --- a/vendor/github.com/openshift/api/machine/v1beta1/stable.machinehealthcheck.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] MachineHealthCheck" -crd: 0000_10_machinehealthcheck.yaml -tests: - onCreate: - - name: Should be able to create a minimal MachineHealthCheck - initial: | - apiVersion: machine.openshift.io/v1beta1 - kind: MachineHealthCheck - spec: {} # No spec is required for a MachineHealthCheck - expected: | - apiVersion: machine.openshift.io/v1beta1 - kind: MachineHealthCheck - spec: - maxUnhealthy: 100% - nodeStartupTimeout: 10m diff --git a/vendor/github.com/openshift/api/machine/v1beta1/stable.machineset.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1beta1/stable.machineset.testsuite.yaml deleted file mode 100644 index f4dbda11be..0000000000 --- a/vendor/github.com/openshift/api/machine/v1beta1/stable.machineset.testsuite.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] MachineSet" -crd: 0000_10_machineset.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal MachineSet - initial: | - apiVersion: machine.openshift.io/v1beta1 - kind: MachineSet - spec: {} # No spec is required for a MachineSet - expected: | - apiVersion: machine.openshift.io/v1beta1 - kind: MachineSet - spec: - replicas: 1 diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go b/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go index 3f4b128937..a2752733df 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go @@ -176,7 +176,14 @@ const ( // Machine is the Schema for the machines API // +k8s:openapi-gen=true +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=machines,scope=Namespaced // +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/948 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=machine-api,operatorOrdering=01 +// +openshift:capability=MachineAPI +// +kubebuilder:metadata:annotations="exclude.release.openshift.io/internal-openshift-hosted=true" +// +kubebuilder:metadata:annotations="include.release.openshift.io/self-managed-high-availability=true" // +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=".status.phase",description="Phase of machine" // +kubebuilder:printcolumn:name="Type",type="string",JSONPath=".metadata.labels['machine\\.openshift\\.io/instance-type']",description="Type of instance" // +kubebuilder:printcolumn:name="Region",type="string",JSONPath=".metadata.labels['machine\\.openshift\\.io/region']",description="Region associated with machine" diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_machinehealthcheck.go b/vendor/github.com/openshift/api/machine/v1beta1/types_machinehealthcheck.go index 1ad80fe25a..9963690f8f 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_machinehealthcheck.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_machinehealthcheck.go @@ -13,8 +13,14 @@ type RemediationStrategyType string // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // MachineHealthCheck is the Schema for the machinehealthchecks API +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=machinehealthchecks,scope=Namespaced,shortName=mhc;mhcs // +kubebuilder:subresource:status -// +kubebuilder:resource:shortName=mhc;mhcs +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1032 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=machine-api,operatorOrdering=01 +// +openshift:capability=MachineAPI +// +kubebuilder:metadata:annotations="exclude.release.openshift.io/internal-openshift-hosted=true" +// +kubebuilder:metadata:annotations="include.release.openshift.io/self-managed-high-availability=true" // +k8s:openapi-gen=true // +kubebuilder:printcolumn:name="MaxUnhealthy",type="string",JSONPath=".spec.maxUnhealthy",description="Maximum number of unhealthy machines allowed" // +kubebuilder:printcolumn:name="ExpectedMachines",type="integer",JSONPath=".status.expectedMachines",description="Number of machines currently monitored" diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go b/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go index fb5afebc1b..aadb519b7d 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go @@ -9,7 +9,14 @@ import ( // MachineSet ensures that a specified number of machines replicas are running at any given time. // +k8s:openapi-gen=true +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=machinesets,scope=Namespaced // +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1032 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=machine-api,operatorOrdering=01 +// +openshift:capability=MachineAPI +// +kubebuilder:metadata:annotations="exclude.release.openshift.io/internal-openshift-hosted=true" +// +kubebuilder:metadata:annotations="include.release.openshift.io/self-managed-high-availability=true" // +kubebuilder:subresource:scale:specpath=.spec.replicas,statuspath=.status.replicas,selectorpath=.status.labelSelector // +kubebuilder:printcolumn:name="Desired",type="integer",JSONPath=".spec.replicas",description="Desired Replicas" // +kubebuilder:printcolumn:name="Current",type="integer",JSONPath=".status.replicas",description="Current Replicas" diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..34e093b258 --- /dev/null +++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,138 @@ +machines.machine.openshift.io: + Annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/948 + CRDName: machines.machine.openshift.io + Capability: MachineAPI + Category: "" + FeatureGates: [] + FilenameOperatorName: machine-api + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: machine.openshift.io + HasStatus: true + KindName: Machine + Labels: {} + PluralName: machines + PrinterColumns: + - description: Phase of machine + jsonPath: .status.phase + name: Phase + type: string + - description: Type of instance + jsonPath: .metadata.labels['machine\.openshift\.io/instance-type'] + name: Type + type: string + - description: Region associated with machine + jsonPath: .metadata.labels['machine\.openshift\.io/region'] + name: Region + type: string + - description: Zone associated with machine + jsonPath: .metadata.labels['machine\.openshift\.io/zone'] + name: Zone + type: string + - description: Machine age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Node associated with machine + jsonPath: .status.nodeRef.name + name: Node + priority: 1 + type: string + - description: Provider ID of machine created in cloud provider + jsonPath: .spec.providerID + name: ProviderID + priority: 1 + type: string + - description: State of instance + jsonPath: .metadata.annotations['machine\.openshift\.io/instance-state'] + name: State + priority: 1 + type: string + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: [] + Version: v1beta1 + +machinehealthchecks.machine.openshift.io: + Annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/1032 + CRDName: machinehealthchecks.machine.openshift.io + Capability: MachineAPI + Category: "" + FeatureGates: [] + FilenameOperatorName: machine-api + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: machine.openshift.io + HasStatus: true + KindName: MachineHealthCheck + Labels: {} + PluralName: machinehealthchecks + PrinterColumns: + - description: Maximum number of unhealthy machines allowed + jsonPath: .spec.maxUnhealthy + name: MaxUnhealthy + type: string + - description: Number of machines currently monitored + jsonPath: .status.expectedMachines + name: ExpectedMachines + type: integer + - description: Current observed healthy machines + jsonPath: .status.currentHealthy + name: CurrentHealthy + type: integer + Scope: Namespaced + ShortNames: + - mhc + - mhcs + TopLevelFeatureGates: [] + Version: v1beta1 + +machinesets.machine.openshift.io: + Annotations: + exclude.release.openshift.io/internal-openshift-hosted: "true" + include.release.openshift.io/self-managed-high-availability: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/1032 + CRDName: machinesets.machine.openshift.io + Capability: MachineAPI + Category: "" + FeatureGates: [] + FilenameOperatorName: machine-api + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: machine.openshift.io + HasStatus: true + KindName: MachineSet + Labels: {} + PluralName: machinesets + PrinterColumns: + - description: Desired Replicas + jsonPath: .spec.replicas + name: Desired + type: integer + - description: Current Replicas + jsonPath: .status.replicas + name: Current + type: integer + - description: Ready Replicas + jsonPath: .status.readyReplicas + name: Ready + type: integer + - description: Observed number of available replicas + jsonPath: .status.availableReplicas + name: Available + type: string + - description: Machineset age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: [] + Version: v1beta1 + diff --git a/vendor/github.com/openshift/api/monitoring/v1alpha1/0000_50_monitoring_01_alertingrules.crd.yaml b/vendor/github.com/openshift/api/monitoring/v1alpha1/0000_50_monitoring_01_alertingrules.crd.yaml deleted file mode 100644 index 7adf119dcd..0000000000 --- a/vendor/github.com/openshift/api/monitoring/v1alpha1/0000_50_monitoring_01_alertingrules.crd.yaml +++ /dev/null @@ -1,205 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1179 - description: OpenShift Monitoring alerting rules - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: alertingrules.monitoring.openshift.io -spec: - group: monitoring.openshift.io - names: - kind: AlertingRule - listKind: AlertingRuleList - plural: alertingrules - singular: alertingrule - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "AlertingRule represents a set of user-defined Prometheus rule - groups containing alerting rules. This resource is the supported method - for cluster admins to create alerts based on metrics recorded by the platform - monitoring stack in OpenShift, i.e. the Prometheus instance deployed to - the openshift-monitoring namespace. You might use this to create custom - alerting rules not shipped with OpenShift based on metrics from components - such as the node_exporter, which provides machine-level metrics such as - CPU usage, or kube-state-metrics, which provides metrics on Kubernetes usage. - \n The API is mostly compatible with the upstream PrometheusRule type from - the prometheus-operator. The primary difference being that recording rules - are not allowed here -- only alerting rules. For each AlertingRule resource - created, a corresponding PrometheusRule will be created in the openshift-monitoring - namespace. OpenShift requires admins to use the AlertingRule resource rather - than the upstream type in order to allow better OpenShift specific defaulting - and validation, while not modifying the upstream APIs directly. \n You can - find upstream API documentation for PrometheusRule resources here: \n https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md - \n Compatibility level 4: No compatibility is provided, the API can change - at any point for any reason. These capabilities should not be used by applications - needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec describes the desired state of this AlertingRule object. - properties: - groups: - description: "groups is a list of grouped alerting rules. Rule groups - are the unit at which Prometheus parallelizes rule processing. All - rules in a single group share a configured evaluation interval. - \ All rules in the group will be processed together on this interval, - sequentially, and all rules will be processed. \n It's common to - group related alerting rules into a single AlertingRule resources, - and within that resource, closely related alerts, or simply alerts - with the same interval, into individual groups. You are also free - to create AlertingRule resources with only a single rule group, - but be aware that this can have a performance impact on Prometheus - if the group is extremely large or has very complex query expressions - to evaluate. Spreading very complex rules across multiple groups - to allow them to be processed in parallel is also a common use-case." - items: - description: RuleGroup is a list of sequentially evaluated alerting - rules. - properties: - interval: - description: "interval is how often rules in the group are evaluated. - \ If not specified, it defaults to the global.evaluation_interval - configured in Prometheus, which itself defaults to 30 seconds. - \ You can check if this value has been modified from the default - on your cluster by inspecting the platform Prometheus configuration: - \n $ oc -n openshift-monitoring describe prometheus k8s \n - The relevant field in that resource is: spec.evaluationInterval - \n This is represented as a Prometheus duration, e.g. 1d, - 1h30m, 5m, 10s. You can find the upstream documentation here: - \n https://prometheus.io/docs/prometheus/latest/configuration/configuration/#duration" - pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ - type: string - name: - description: name is the name of the group. - type: string - rules: - description: rules is a list of sequentially evaluated alerting - rules. Prometheus may process rule groups in parallel, but - rules within a single group are always processed sequentially, - and all rules are processed. - items: - description: 'Rule describes an alerting rule. See Prometheus - documentation: - https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules' - properties: - alert: - description: alert is the name of the alert. Must be a - valid label value, i.e. only contain ASCII letters, - numbers, and underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - annotations: - additionalProperties: - type: string - description: "annotations to add to each alert. These - are values that can be used to store longer additional - information that you won't query on, such as alert descriptions - or runbook links, e.g.: \n annotations: summary: HAProxy - reload failure description: | This alert fires when - HAProxy fails to reload its configuration, which will - result in the router not picking up recently created - or modified routes." - type: object - expr: - anyOf: - - type: integer - - type: string - description: "expr is the PromQL expression to evaluate. - Every evaluation cycle this is evaluated at the current - time, and all resultant time series become pending or - firing alerts. This is most often a string representing - a PromQL expression, e.g.: \n mapi_current_pending_csr - > mapi_max_pending_csr \n In rare cases this could be - a simple integer, e.g. a simple \"1\" if the intent - is to create an alert that is always firing. This is - sometimes used to create an always-firing \"Watchdog\" - alert in order to ensure the alerting pipeline is functional." - x-kubernetes-int-or-string: true - for: - description: 'for is the time period after which alerts - are considered firing after first returning results. Alerts - which have not yet fired for long enough are considered - pending. This is represented as a Prometheus duration, - for details on the format see: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#duration' - pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ - type: string - labels: - additionalProperties: - type: string - description: "labels to add or overwrite for each alert. - \ The results of the PromQL expression for the alert - will result in an existing set of labels for the alert, - after evaluating the expression, for any label specified - here with the same name as a label in that set, the - label here wins and overwrites the previous value. These - should typically be short identifying values that may - be useful to query against. A common example is the - alert severity: \n labels: severity: warning" - type: object - required: - - alert - - expr - type: object - minItems: 1 - type: array - required: - - name - - rules - type: object - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - groups - type: object - status: - description: status describes the current state of this AlertOverrides - object. - properties: - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with. - format: int64 - type: integer - prometheusRule: - description: prometheusRule is the generated PrometheusRule for this - AlertingRule. Each AlertingRule instance results in a generated - PrometheusRule object in the same namespace, which is always the - openshift-monitoring namespace. - properties: - name: - description: name of the referenced PrometheusRule. - type: string - required: - - name - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/openshift/api/monitoring/v1alpha1/0000_50_monitoring_02_alertrelabelconfigs.crd.yaml b/vendor/github.com/openshift/api/monitoring/v1alpha1/0000_50_monitoring_02_alertrelabelconfigs.crd.yaml deleted file mode 100644 index 532b45adc4..0000000000 --- a/vendor/github.com/openshift/api/monitoring/v1alpha1/0000_50_monitoring_02_alertrelabelconfigs.crd.yaml +++ /dev/null @@ -1,195 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1179 - description: OpenShift Monitoring alert relabel configurations - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: alertrelabelconfigs.monitoring.openshift.io -spec: - group: monitoring.openshift.io - names: - kind: AlertRelabelConfig - listKind: AlertRelabelConfigList - plural: alertrelabelconfigs - singular: alertrelabelconfig - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "AlertRelabelConfig defines a set of relabel configs for alerts. - \n Compatibility level 4: No compatibility is provided, the API can change - at any point for any reason. These capabilities should not be used by applications - needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec describes the desired state of this AlertRelabelConfig - object. - properties: - configs: - description: configs is a list of sequentially evaluated alert relabel - configs. - items: - description: 'RelabelConfig allows dynamic rewriting of label sets - for alerts. See Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' - properties: - action: - default: Replace - description: 'action to perform based on regex matching. Must - be one of: Replace, Keep, Drop, HashMod, LabelMap, LabelDrop, - or LabelKeep. Default is: ''Replace''' - enum: - - Replace - - Keep - - Drop - - HashMod - - LabelMap - - LabelDrop - - LabelKeep - type: string - modulus: - description: modulus to take of the hash of the source label - values. This can be combined with the 'HashMod' action to - set 'target_label' to the 'modulus' of a hash of the concatenated - 'source_labels'. - format: int64 - type: integer - regex: - description: 'regex against which the extracted value is matched. - Default is: ''(.*)''' - type: string - replacement: - description: 'replacement value against which a regex replace - is performed if the regular expression matches. This is required - if the action is ''Replace'' or ''LabelMap''. Regex capture - groups are available. Default is: ''$1''' - type: string - separator: - description: separator placed between concatenated source label - values. When omitted, Prometheus will use its default value - of ';'. - type: string - sourceLabels: - description: sourceLabels select values from existing labels. - Their content is concatenated using the configured separator - and matched against the configured regular expression for - the Replace, Keep, and Drop actions. - items: - description: LabelName is a valid Prometheus label name which - may only contain ASCII letters, numbers, and underscores. - pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ - type: string - type: array - targetLabel: - description: targetLabel to which the resulting value is written - in a 'Replace' action. It is mandatory for 'Replace' and 'HashMod' - actions. Regex capture groups are available. - type: string - type: object - minItems: 1 - type: array - required: - - configs - type: object - status: - description: status describes the current state of this AlertRelabelConfig - object. - properties: - conditions: - description: conditions contains details on the state of the AlertRelabelConfig, - may be empty. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/openshift/api/monitoring/v1alpha1/techpreview.alertingrule.testsuite.yaml b/vendor/github.com/openshift/api/monitoring/v1alpha1/techpreview.alertingrule.testsuite.yaml deleted file mode 100644 index ca4fcf3834..0000000000 --- a/vendor/github.com/openshift/api/monitoring/v1alpha1/techpreview.alertingrule.testsuite.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreview] AlertingRule" -crd: 0000_50_monitoring_01_alertingrules.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal AlertingRule - initial: | - apiVersion: monitoring.openshift.io/v1alpha1 - kind: AlertingRule - spec: - groups: - - name: foo - rules: - - alert: foo - expr: foo - expected: | - apiVersion: monitoring.openshift.io/v1alpha1 - kind: AlertingRule - spec: - groups: - - name: foo - rules: - - alert: foo - expr: foo diff --git a/vendor/github.com/openshift/api/monitoring/v1alpha1/techpreview.alertrelabelconfig.testsuite.yaml b/vendor/github.com/openshift/api/monitoring/v1alpha1/techpreview.alertrelabelconfig.testsuite.yaml deleted file mode 100644 index c7978fd5f9..0000000000 --- a/vendor/github.com/openshift/api/monitoring/v1alpha1/techpreview.alertrelabelconfig.testsuite.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreview] AlertRelabelConfig" -crd: 0000_50_monitoring_02_alertrelabelconfigs.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal AlertRelabelConfig - initial: | - apiVersion: monitoring.openshift.io/v1alpha1 - kind: AlertRelabelConfig - spec: - configs: - # At least one item is required but all fields are optional, - # Use action as it is defaulted when not set. - - action: Replace - expected: | - apiVersion: monitoring.openshift.io/v1alpha1 - kind: AlertRelabelConfig - spec: - configs: - - action: Replace diff --git a/vendor/github.com/openshift/api/monitoring/v1alpha1/types.go b/vendor/github.com/openshift/api/monitoring/v1alpha1/types.go index 4a82de51ee..d2776037e6 100644 --- a/vendor/github.com/openshift/api/monitoring/v1alpha1/types.go +++ b/vendor/github.com/openshift/api/monitoring/v1alpha1/types.go @@ -31,7 +31,13 @@ import ( // +genclient // +k8s:openapi-gen=true // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=alertingrules,scope=Namespaced // +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1179 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=monitoring,operatorOrdering=01 +// +openshift:enable:FeatureGate=AlertingRules +// +kubebuilder:metadata:annotations="description=OpenShift Monitoring alerting rules" type AlertingRule struct { metav1.TypeMeta `json:",inline"` @@ -230,6 +236,13 @@ type PrometheusRuleRef struct { // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. // +openshift:compatibility-gen:level=4 // +k8s:openapi-gen=true +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=alertrelabelconfigs,scope=Namespaced +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1179 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=monitoring,operatorOrdering=02 +// +openshift:enable:FeatureGate=AlertingRules +// +kubebuilder:metadata:annotations="description=OpenShift Monitoring alert relabel configurations" type AlertRelabelConfig struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/monitoring/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/monitoring/v1alpha1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..2dcb2bc84b --- /dev/null +++ b/vendor/github.com/openshift/api/monitoring/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,48 @@ +alertrelabelconfigs.monitoring.openshift.io: + Annotations: + description: OpenShift Monitoring alert relabel configurations + ApprovedPRNumber: https://github.com/openshift/api/pull/1179 + CRDName: alertrelabelconfigs.monitoring.openshift.io + Capability: "" + Category: "" + FeatureGates: + - AlertingRules + FilenameOperatorName: monitoring + FilenameOperatorOrdering: "02" + FilenameRunLevel: "0000_50" + GroupName: monitoring.openshift.io + HasStatus: true + KindName: AlertRelabelConfig + Labels: {} + PluralName: alertrelabelconfigs + PrinterColumns: [] + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: + - AlertingRules + Version: v1alpha1 + +alertingrules.monitoring.openshift.io: + Annotations: + description: OpenShift Monitoring alerting rules + ApprovedPRNumber: https://github.com/openshift/api/pull/1179 + CRDName: alertingrules.monitoring.openshift.io + Capability: "" + Category: "" + FeatureGates: + - AlertingRules + FilenameOperatorName: monitoring + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_50" + GroupName: monitoring.openshift.io + HasStatus: true + KindName: AlertingRule + Labels: {} + PluralName: alertingrules + PrinterColumns: [] + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: + - AlertingRules + Version: v1alpha1 + diff --git a/vendor/github.com/openshift/api/network/.codegen.yaml b/vendor/github.com/openshift/api/network/.codegen.yaml index 55f3a272c8..ab56605cdc 100644 --- a/vendor/github.com/openshift/api/network/.codegen.yaml +++ b/vendor/github.com/openshift/api/network/.codegen.yaml @@ -1,6 +1 @@ schemapatch: - requiredFeatureSets: - - "" - - "Default" - - "TechPreviewNoUpgrade" - - "CustomNoUpgrade" diff --git a/vendor/github.com/openshift/api/network/v1/001-clusternetwork-crd.yaml b/vendor/github.com/openshift/api/network/v1/001-clusternetwork-crd.yaml deleted file mode 100644 index 6cde4de8fa..0000000000 --- a/vendor/github.com/openshift/api/network/v1/001-clusternetwork-crd.yaml +++ /dev/null @@ -1,130 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/527 - name: clusternetworks.network.openshift.io -spec: - group: network.openshift.io - names: - kind: ClusterNetwork - listKind: ClusterNetworkList - plural: clusternetworks - singular: clusternetwork - scope: Cluster - versions: - - additionalPrinterColumns: - - description: The primary cluster network CIDR - jsonPath: .network - name: Cluster Network - type: string - - description: The service network CIDR - jsonPath: .serviceNetwork - name: Service Network - type: string - - description: The OpenShift SDN network plug-in in use - jsonPath: .pluginName - name: Plugin Name - type: string - name: v1 - schema: - openAPIV3Schema: - description: "ClusterNetwork describes the cluster network. There is normally - only one object of this type, named \"default\", which is created by the - SDN network plugin based on the master configuration when the cluster is - brought up for the first time. \n Compatibility level 1: Stable within a - major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - clusterNetworks: - description: ClusterNetworks is a list of ClusterNetwork objects that - defines the global overlay network's L3 space by specifying a set of - CIDR and netmasks that the SDN can allocate addresses from. - items: - description: ClusterNetworkEntry defines an individual cluster network. - The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved - for external ips, CIDRs reserved for service networks, and CIDRs reserved - for ingress ips. - properties: - CIDR: - description: CIDR defines the total range of a cluster networks - address space. - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - type: string - hostSubnetLength: - description: HostSubnetLength is the number of bits of the accompanying - CIDR address to allocate to each node. eg, 8 would mean that each - node would have a /24 slice of the overlay network for its pods. - format: int32 - maximum: 30 - minimum: 2 - type: integer - required: - - CIDR - - hostSubnetLength - type: object - type: array - hostsubnetlength: - description: HostSubnetLength is the number of bits of network to allocate - to each node. eg, 8 would mean that each node would have a /24 slice - of the overlay network for its pods - format: int32 - maximum: 30 - minimum: 2 - type: integer - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - mtu: - description: MTU is the MTU for the overlay network. This should be 50 - less than the MTU of the network connecting the nodes. It is normally - autodetected by the cluster network operator. - format: int32 - maximum: 65536 - minimum: 576 - type: integer - network: - description: Network is a CIDR string specifying the global overlay network's - L3 space - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - type: string - pluginName: - description: PluginName is the name of the network plugin being used - type: string - serviceNetwork: - description: ServiceNetwork is the CIDR range that Service IP addresses - are allocated from - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - type: string - vxlanPort: - description: VXLANPort sets the VXLAN destination port used by the cluster. - It is set by the master configuration file on startup and cannot be - edited manually. Valid values for VXLANPort are integers 1-65535 inclusive - and if unset defaults to 4789. Changing VXLANPort allows users to resolve - issues between openshift SDN and other software trying to use the same - VXLAN destination port. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - clusterNetworks - - serviceNetwork - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/openshift/api/network/v1/002-hostsubnet-crd.yaml b/vendor/github.com/openshift/api/network/v1/002-hostsubnet-crd.yaml deleted file mode 100644 index dc1a80770e..0000000000 --- a/vendor/github.com/openshift/api/network/v1/002-hostsubnet-crd.yaml +++ /dev/null @@ -1,107 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/527 - name: hostsubnets.network.openshift.io -spec: - group: network.openshift.io - names: - kind: HostSubnet - listKind: HostSubnetList - plural: hostsubnets - singular: hostsubnet - scope: Cluster - versions: - - additionalPrinterColumns: - - description: The name of the node - jsonPath: .host - name: Host - type: string - - description: The IP address to be used as a VTEP by other nodes in the overlay - network - jsonPath: .hostIP - name: Host IP - type: string - - description: The CIDR range of the overlay network assigned to the node for - its pods - jsonPath: .subnet - name: Subnet - type: string - - description: The network egress CIDRs - jsonPath: .egressCIDRs - name: Egress CIDRs - type: string - - description: The network egress IP addresses - jsonPath: .egressIPs - name: Egress IPs - type: string - name: v1 - schema: - openAPIV3Schema: - description: "HostSubnet describes the container subnet network on a node. - The HostSubnet object must have the same name as the Node object it corresponds - to. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - egressCIDRs: - description: EgressCIDRs is the list of CIDR ranges available for automatically - assigning egress IPs to this node from. If this field is set then EgressIPs - should be treated as read-only. - items: - description: HostSubnetEgressCIDR represents one egress CIDR from which - to assign IP addresses for this node represented by the HostSubnet - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - type: string - type: array - egressIPs: - description: EgressIPs is the list of automatic egress IP addresses currently - hosted by this node. If EgressCIDRs is empty, this can be set by hand; - if EgressCIDRs is set then the master will overwrite the value here - with its own allocation of egress IPs. - items: - description: HostSubnetEgressIP represents one egress IP address currently - hosted on the node represented by HostSubnet - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ - type: string - type: array - host: - description: Host is the name of the node. (This is the same as the object's - name, but both fields must be set.) - pattern: ^[a-z0-9.-]+$ - type: string - hostIP: - description: HostIP is the IP address to be used as a VTEP by other nodes - in the overlay network - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - subnet: - description: Subnet is the CIDR range of the overlay network assigned - to the node for its pods - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - type: string - required: - - host - - hostIP - - subnet - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/openshift/api/network/v1/003-netnamespace-crd.yaml b/vendor/github.com/openshift/api/network/v1/003-netnamespace-crd.yaml deleted file mode 100644 index b279ba0f59..0000000000 --- a/vendor/github.com/openshift/api/network/v1/003-netnamespace-crd.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/527 - name: netnamespaces.network.openshift.io -spec: - group: network.openshift.io - names: - kind: NetNamespace - listKind: NetNamespaceList - plural: netnamespaces - singular: netnamespace - scope: Cluster - versions: - - additionalPrinterColumns: - - description: The network identifier of the network namespace - jsonPath: .netid - name: NetID - type: integer - - description: The network egress IP addresses - jsonPath: .egressIPs - name: Egress IPs - type: string - name: v1 - schema: - openAPIV3Schema: - description: "NetNamespace describes a single isolated network. When using - the redhat/openshift-ovs-multitenant plugin, every Namespace will have a - corresponding NetNamespace object with the same name. (When using redhat/openshift-ovs-subnet, - NetNamespaces are not used.) \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - egressIPs: - description: EgressIPs is a list of reserved IPs that will be used as - the source for external traffic coming from pods in this namespace. - (If empty, external traffic will be masqueraded to Node IPs.) - items: - description: NetNamespaceEgressIP is a single egress IP out of a list - of reserved IPs used as source of external traffic coming from pods - in this namespace - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ - type: string - type: array - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - netid: - description: NetID is the network identifier of the network namespace - assigned to each overlay network packet. This can be manipulated with - the "oc adm pod-network" commands. - format: int32 - maximum: 16777215 - minimum: 0 - type: integer - netname: - description: NetName is the name of the network namespace. (This is the - same as the object's name, but both fields must be set.) - pattern: ^[a-z0-9.-]+$ - type: string - required: - - netid - - netname - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/openshift/api/network/v1/004-egressnetworkpolicy-crd.yaml b/vendor/github.com/openshift/api/network/v1/004-egressnetworkpolicy-crd.yaml deleted file mode 100644 index 0e5a14e805..0000000000 --- a/vendor/github.com/openshift/api/network/v1/004-egressnetworkpolicy-crd.yaml +++ /dev/null @@ -1,90 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/527 - name: egressnetworkpolicies.network.openshift.io -spec: - group: network.openshift.io - names: - kind: EgressNetworkPolicy - listKind: EgressNetworkPolicyList - plural: egressnetworkpolicies - singular: egressnetworkpolicy - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "EgressNetworkPolicy describes the current egress network policy - for a Namespace. When using the 'redhat/openshift-ovs-multitenant' network - plugin, traffic from a pod to an IP address outside the cluster will be - checked against each EgressNetworkPolicyRule in the pod's namespace's EgressNetworkPolicy, - in order. If no rule matches (or no EgressNetworkPolicy is present) then - the traffic will be allowed by default. \n Compatibility level 1: Stable - within a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the current egress network policy - properties: - egress: - description: egress contains the list of egress policy rules - items: - description: EgressNetworkPolicyRule contains a single egress network - policy rule - properties: - to: - description: to is the target that traffic is allowed/denied - to - properties: - cidrSelector: - description: CIDRSelector is the CIDR range to allow/deny - traffic to. If this is set, dnsName must be unset Ideally - we would have liked to use the cidr openapi format for - this property. But openshift-sdn only supports v4 while - specifying the cidr format allows both v4 and v6 cidrs - We are therefore using a regex pattern to validate instead. - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$ - type: string - dnsName: - description: DNSName is the domain name to allow/deny traffic - to. If this is set, cidrSelector must be unset - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - type: object - type: - description: type marks this as an "Allow" or "Deny" rule - pattern: ^Allow|Deny$ - type: string - required: - - to - - type - type: object - type: array - required: - - egress - type: object - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/openshift/api/network/v1/generated.proto b/vendor/github.com/openshift/api/network/v1/generated.proto index 213de6cf55..b7016bfb25 100644 --- a/vendor/github.com/openshift/api/network/v1/generated.proto +++ b/vendor/github.com/openshift/api/network/v1/generated.proto @@ -16,10 +16,13 @@ option go_package = "github.com/openshift/api/network/v1"; // when the cluster is brought up for the first time. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -// +kubebuilder:resource:scope="Cluster" -// +kubebuilder:printcolumn:name="Cluster Network",type=string,JSONPath=`.network`,description="The primary cluster network CIDR" -// +kubebuilder:printcolumn:name="Service Network",type=string,JSONPath=`.serviceNetwork`,description="The service network CIDR" -// +kubebuilder:printcolumn:name="Plugin Name",type=string,JSONPath=`.pluginName`,description="The Openshift SDN network plug-in in use" +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clusternetworks,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/527 +// +openshift:file-pattern=operatorOrdering=001 +// +kubebuilder:printcolumn:name="Cluster Network",type=string,JSONPath=.network,description="The primary cluster network CIDR" +// +kubebuilder:printcolumn:name="Service Network",type=string,JSONPath=.serviceNetwork,description="The service network CIDR" +// +kubebuilder:printcolumn:name="Plugin Name",type=string,JSONPath=.pluginName,description="The OpenShift SDN network plug-in in use" // +openshift:compatibility-gen:level=1 message ClusterNetwork { // metadata is the standard object's metadata. @@ -95,6 +98,10 @@ message ClusterNetworkList { // is present) then the traffic will be allowed by default. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=egressnetworkpolicies,scope=Namespaced +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/527 +// +openshift:file-pattern=operatorOrdering=004 // +openshift:compatibility-gen:level=1 message EgressNetworkPolicy { // metadata is the standard object's metadata. @@ -151,11 +158,15 @@ message EgressNetworkPolicySpec { // same name as the Node object it corresponds to. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.host`,description="The name of the node" -// +kubebuilder:printcolumn:name="Host IP",type=string,JSONPath=`.hostIP`,description="The IP address to be used as a VTEP by other nodes in the overlay network" -// +kubebuilder:printcolumn:name="Subnet",type=string,JSONPath=`.subnet`,description="The CIDR range of the overlay network assigned to the node for its pods" -// +kubebuilder:printcolumn:name="Egress CIDRs",type=string,JSONPath=`.egressCIDRs`,description="The network egress CIDRs" -// +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=`.egressIPs`,description="The network egress IP addresses" +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=hostsubnets,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/527 +// +openshift:file-pattern=operatorOrdering=002 +// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=.host,description="The name of the node" +// +kubebuilder:printcolumn:name="Host IP",type=string,JSONPath=.hostIP,description="The IP address to be used as a VTEP by other nodes in the overlay network" +// +kubebuilder:printcolumn:name="Subnet",type=string,JSONPath=.subnet,description="The CIDR range of the overlay network assigned to the node for its pods" +// +kubebuilder:printcolumn:name="Egress CIDRs",type=string,JSONPath=.egressCIDRs,description="The network egress CIDRs" +// +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=.egressIPs,description="The network egress IP addresses" // +openshift:compatibility-gen:level=1 message HostSubnet { // metadata is the standard object's metadata. @@ -205,8 +216,12 @@ message HostSubnetList { // (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.) // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -// +kubebuilder:printcolumn:name="NetID",type=integer,JSONPath=`.netid`,description="The network identifier of the network namespace" -// +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=`.egressIPs`,description="The network egress IP addresses" +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=netnamespaces,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/527 +// +openshift:file-pattern=operatorOrdering=003 +// +kubebuilder:printcolumn:name="NetID",type=integer,JSONPath=.netid,description="The network identifier of the network namespace" +// +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=.egressIPs,description="The network egress IP addresses" // +openshift:compatibility-gen:level=1 message NetNamespace { // metadata is the standard object's metadata. diff --git a/vendor/github.com/openshift/api/network/v1/stable.clusternetwork.testsuite.yaml b/vendor/github.com/openshift/api/network/v1/stable.clusternetwork.testsuite.yaml deleted file mode 100644 index 1593231c80..0000000000 --- a/vendor/github.com/openshift/api/network/v1/stable.clusternetwork.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ClusterNetwork" -crd: 001-clusternetwork-crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ClusterNetwork - initial: | - apiVersion: network.openshift.io/v1 - kind: ClusterNetwork - clusterNetworks: [] - serviceNetwork: 1.2.3.4/32 - expected: | - apiVersion: network.openshift.io/v1 - kind: ClusterNetwork - clusterNetworks: [] - serviceNetwork: 1.2.3.4/32 diff --git a/vendor/github.com/openshift/api/network/v1/stable.egressnetworkpolicy.testsuite.yaml b/vendor/github.com/openshift/api/network/v1/stable.egressnetworkpolicy.testsuite.yaml deleted file mode 100644 index 6ae75505f0..0000000000 --- a/vendor/github.com/openshift/api/network/v1/stable.egressnetworkpolicy.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] EgressNetworkPolicy" -crd: 004-egressnetworkpolicy-crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal EgressNetworkPolicy - initial: | - apiVersion: network.openshift.io/v1 - kind: EgressNetworkPolicy - spec: - egress: [] - expected: | - apiVersion: network.openshift.io/v1 - kind: EgressNetworkPolicy - spec: - egress: [] diff --git a/vendor/github.com/openshift/api/network/v1/stable.hostsubnet.testsuite.yaml b/vendor/github.com/openshift/api/network/v1/stable.hostsubnet.testsuite.yaml deleted file mode 100644 index 4740019daa..0000000000 --- a/vendor/github.com/openshift/api/network/v1/stable.hostsubnet.testsuite.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] HostSubnet" -crd: 002-hostsubnet-crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal HostSubnet - initial: | - apiVersion: network.openshift.io/v1 - kind: HostSubnet - host: foo - hostIP: 1.2.3.4 - subnet: 1.2.3.0/24 - expected: | - apiVersion: network.openshift.io/v1 - kind: HostSubnet - host: foo - hostIP: 1.2.3.4 - subnet: 1.2.3.0/24 diff --git a/vendor/github.com/openshift/api/network/v1/stable.netnamespace.testsuite.yaml b/vendor/github.com/openshift/api/network/v1/stable.netnamespace.testsuite.yaml deleted file mode 100644 index 887ce749b4..0000000000 --- a/vendor/github.com/openshift/api/network/v1/stable.netnamespace.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] NetNamespace" -crd: 003-netnamespace-crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal NetNamespace - initial: | - apiVersion: network.openshift.io/v1 - kind: NetNamespace - netname: foo - netid: 0 - expected: | - apiVersion: network.openshift.io/v1 - kind: NetNamespace - netname: foo - netid: 0 diff --git a/vendor/github.com/openshift/api/network/v1/types.go b/vendor/github.com/openshift/api/network/v1/types.go index e71c6cf5a3..f39e786c20 100644 --- a/vendor/github.com/openshift/api/network/v1/types.go +++ b/vendor/github.com/openshift/api/network/v1/types.go @@ -17,10 +17,13 @@ const ( // when the cluster is brought up for the first time. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -// +kubebuilder:resource:scope="Cluster" -// +kubebuilder:printcolumn:name="Cluster Network",type=string,JSONPath=`.network`,description="The primary cluster network CIDR" -// +kubebuilder:printcolumn:name="Service Network",type=string,JSONPath=`.serviceNetwork`,description="The service network CIDR" -// +kubebuilder:printcolumn:name="Plugin Name",type=string,JSONPath=`.pluginName`,description="The Openshift SDN network plug-in in use" +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clusternetworks,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/527 +// +openshift:file-pattern=operatorOrdering=001 +// +kubebuilder:printcolumn:name="Cluster Network",type=string,JSONPath=.network,description="The primary cluster network CIDR" +// +kubebuilder:printcolumn:name="Service Network",type=string,JSONPath=.serviceNetwork,description="The service network CIDR" +// +kubebuilder:printcolumn:name="Plugin Name",type=string,JSONPath=.pluginName,description="The OpenShift SDN network plug-in in use" // +openshift:compatibility-gen:level=1 type ClusterNetwork struct { metav1.TypeMeta `json:",inline"` @@ -113,11 +116,15 @@ type HostSubnetEgressCIDR string // same name as the Node object it corresponds to. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=`.host`,description="The name of the node" -// +kubebuilder:printcolumn:name="Host IP",type=string,JSONPath=`.hostIP`,description="The IP address to be used as a VTEP by other nodes in the overlay network" -// +kubebuilder:printcolumn:name="Subnet",type=string,JSONPath=`.subnet`,description="The CIDR range of the overlay network assigned to the node for its pods" -// +kubebuilder:printcolumn:name="Egress CIDRs",type=string,JSONPath=`.egressCIDRs`,description="The network egress CIDRs" -// +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=`.egressIPs`,description="The network egress IP addresses" +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=hostsubnets,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/527 +// +openshift:file-pattern=operatorOrdering=002 +// +kubebuilder:printcolumn:name="Host",type=string,JSONPath=.host,description="The name of the node" +// +kubebuilder:printcolumn:name="Host IP",type=string,JSONPath=.hostIP,description="The IP address to be used as a VTEP by other nodes in the overlay network" +// +kubebuilder:printcolumn:name="Subnet",type=string,JSONPath=.subnet,description="The CIDR range of the overlay network assigned to the node for its pods" +// +kubebuilder:printcolumn:name="Egress CIDRs",type=string,JSONPath=.egressCIDRs,description="The network egress CIDRs" +// +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=.egressIPs,description="The network egress IP addresses" // +openshift:compatibility-gen:level=1 type HostSubnet struct { metav1.TypeMeta `json:",inline"` @@ -182,8 +189,12 @@ type NetNamespaceEgressIP string // (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.) // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -// +kubebuilder:printcolumn:name="NetID",type=integer,JSONPath=`.netid`,description="The network identifier of the network namespace" -// +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=`.egressIPs`,description="The network egress IP addresses" +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=netnamespaces,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/527 +// +openshift:file-pattern=operatorOrdering=003 +// +kubebuilder:printcolumn:name="NetID",type=integer,JSONPath=.netid,description="The network identifier of the network namespace" +// +kubebuilder:printcolumn:name="Egress IPs",type=string,JSONPath=.egressIPs,description="The network egress IP addresses" // +openshift:compatibility-gen:level=1 type NetNamespace struct { metav1.TypeMeta `json:",inline"` @@ -270,6 +281,10 @@ type EgressNetworkPolicySpec struct { // is present) then the traffic will be allowed by default. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=egressnetworkpolicies,scope=Namespaced +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/527 +// +openshift:file-pattern=operatorOrdering=004 // +openshift:compatibility-gen:level=1 type EgressNetworkPolicy struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/network/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/network/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..2f32210d28 --- /dev/null +++ b/vendor/github.com/openshift/api/network/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,126 @@ +clusternetworks.network.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/527 + CRDName: clusternetworks.network.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "001" + FilenameRunLevel: "" + GroupName: network.openshift.io + HasStatus: false + KindName: ClusterNetwork + Labels: {} + PluralName: clusternetworks + PrinterColumns: + - description: The primary cluster network CIDR + jsonPath: .network + name: Cluster Network + type: string + - description: The service network CIDR + jsonPath: .serviceNetwork + name: Service Network + type: string + - description: The OpenShift SDN network plug-in in use + jsonPath: .pluginName + name: Plugin Name + type: string + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +egressnetworkpolicies.network.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/527 + CRDName: egressnetworkpolicies.network.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "004" + FilenameRunLevel: "" + GroupName: network.openshift.io + HasStatus: false + KindName: EgressNetworkPolicy + Labels: {} + PluralName: egressnetworkpolicies + PrinterColumns: [] + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +hostsubnets.network.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/527 + CRDName: hostsubnets.network.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "002" + FilenameRunLevel: "" + GroupName: network.openshift.io + HasStatus: false + KindName: HostSubnet + Labels: {} + PluralName: hostsubnets + PrinterColumns: + - description: The name of the node + jsonPath: .host + name: Host + type: string + - description: The IP address to be used as a VTEP by other nodes in the overlay + network + jsonPath: .hostIP + name: Host IP + type: string + - description: The CIDR range of the overlay network assigned to the node for its + pods + jsonPath: .subnet + name: Subnet + type: string + - description: The network egress CIDRs + jsonPath: .egressCIDRs + name: Egress CIDRs + type: string + - description: The network egress IP addresses + jsonPath: .egressIPs + name: Egress IPs + type: string + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +netnamespaces.network.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/527 + CRDName: netnamespaces.network.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "003" + FilenameRunLevel: "" + GroupName: network.openshift.io + HasStatus: false + KindName: NetNamespace + Labels: {} + PluralName: netnamespaces + PrinterColumns: + - description: The network identifier of the network namespace + jsonPath: .netid + name: NetID + type: integer + - description: The network egress IP addresses + jsonPath: .egressIPs + name: Egress IPs + type: string + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml b/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml deleted file mode 100644 index 06d14ed0e8..0000000000 --- a/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml +++ /dev/null @@ -1,245 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1524 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: dnsnameresolvers.network.openshift.io -spec: - group: network.openshift.io - names: - kind: DNSNameResolver - listKind: DNSNameResolverList - plural: dnsnameresolvers - singular: dnsnameresolver - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "DNSNameResolver stores the DNS name resolution information of - a DNS name. It can be enabled by the TechPreviewNoUpgrade feature set. It - can also be enabled by the feature gate DNSNameResolver when using CustomNoUpgrade - feature set. \n Compatibility level 4: No compatibility is provided, the - API can change at any point for any reason. These capabilities should not - be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - DNSNameResolver. - properties: - name: - description: name is the DNS name for which the DNS name resolution - information will be stored. For a regular DNS name, only the DNS - name resolution information of the regular DNS name will be stored. - For a wildcard DNS name, the DNS name resolution information of - all the DNS names that match the wildcard DNS name will be stored. - For a wildcard DNS name, the '*' will match only one label. Additionally, - only a single '*' can be used at the beginning of the wildcard DNS - name. For example, '*.example.com.' will match 'sub1.example.com.' - but won't match 'sub2.sub1.example.com.' - maxLength: 254 - pattern: ^(\*\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\.){2,}$ - type: string - x-kubernetes-validations: - - message: spec.name is immutable - rule: self == oldSelf - required: - - name - type: object - status: - description: status is the most recently observed status of the DNSNameResolver. - properties: - resolvedNames: - description: resolvedNames contains a list of matching DNS names and - their corresponding IP addresses along with their TTL and last DNS - lookup times. - items: - description: DNSNameResolverResolvedName describes the details of - a resolved DNS name. - properties: - conditions: - description: 'conditions provide information about the state - of the DNS name. Known .status.conditions.type is: "Degraded". - "Degraded" is true when the last resolution failed for the - DNS name, and false otherwise.' - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - dnsName: - description: dnsName is the resolved DNS name matching the name - field of DNSNameResolverSpec. This field can store both regular - and wildcard DNS names which match the spec.name field. When - the spec.name field contains a regular DNS name, this field - will store the same regular DNS name after it is successfully - resolved. When the spec.name field contains a wildcard DNS - name, each resolvedName.dnsName will store the regular DNS - names which match the wildcard DNS name and have been successfully - resolved. If the wildcard DNS name can also be successfully - resolved, then this field will store the wildcard DNS name - as well. - maxLength: 254 - pattern: ^(\*\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\.){2,}$ - type: string - resolutionFailures: - description: resolutionFailures keeps the count of how many - consecutive times the DNS resolution failed for the dnsName. - If the DNS resolution succeeds then the field will be set - to zero. Upon every failure, the value of the field will be - incremented by one. The details about the DNS name will be - removed, if the value of resolutionFailures reaches 5 and - the TTL of all the associated IP addresses have expired. - format: int32 - type: integer - resolvedAddresses: - description: resolvedAddresses gives the list of associated - IP addresses and their corresponding TTLs and last lookup - times for the dnsName. - items: - description: DNSNameResolverResolvedAddress describes the - details of an IP address for a resolved DNS name. - properties: - ip: - anyOf: - - format: ipv4 - - format: ipv6 - description: ip is an IP address associated with the dnsName. - The validity of the IP address expires after lastLookupTime - + ttlSeconds. To refresh the information, a DNS lookup - will be performed upon the expiration of the IP address's - validity. If the information is not refreshed then it - will be removed with a grace period after the expiration - of the IP address's validity. - type: string - lastLookupTime: - description: lastLookupTime is the timestamp when the - last DNS lookup was completed successfully. The validity - of the IP address expires after lastLookupTime + ttlSeconds. - The value of this field will be updated to the current - time on a successful DNS lookup. If the information - is not refreshed then it will be removed with a grace - period after the expiration of the IP address's validity. - format: date-time - type: string - ttlSeconds: - description: ttlSeconds is the time-to-live value of the - IP address. The validity of the IP address expires after - lastLookupTime + ttlSeconds. On a successful DNS lookup - the value of this field will be updated with the current - time-to-live value. If the information is not refreshed - then it will be removed with a grace period after the - expiration of the IP address's validity. - format: int32 - type: integer - required: - - ip - - lastLookupTime - - ttlSeconds - type: object - type: array - x-kubernetes-list-map-keys: - - ip - x-kubernetes-list-type: map - required: - - dnsName - - resolvedAddresses - type: object - type: array - x-kubernetes-list-map-keys: - - dnsName - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml-patch b/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml-patch deleted file mode 100644 index 975ae7c93f..0000000000 --- a/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml-patch +++ /dev/null @@ -1,5 +0,0 @@ -- op: add - path: /spec/versions/name=v1alpha1/schema/openAPIV3Schema/properties/status/properties/resolvedNames/items/properties/resolvedAddresses/items/properties/ip/anyOf - value: - - format: ipv4 - - format: ipv6 diff --git a/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml b/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml deleted file mode 100644 index 5ca1f6eaed..0000000000 --- a/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml +++ /dev/null @@ -1,245 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1524 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: dnsnameresolvers.network.openshift.io -spec: - group: network.openshift.io - names: - kind: DNSNameResolver - listKind: DNSNameResolverList - plural: dnsnameresolvers - singular: dnsnameresolver - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "DNSNameResolver stores the DNS name resolution information of - a DNS name. It can be enabled by the TechPreviewNoUpgrade feature set. It - can also be enabled by the feature gate DNSNameResolver when using CustomNoUpgrade - feature set. \n Compatibility level 4: No compatibility is provided, the - API can change at any point for any reason. These capabilities should not - be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - DNSNameResolver. - properties: - name: - description: name is the DNS name for which the DNS name resolution - information will be stored. For a regular DNS name, only the DNS - name resolution information of the regular DNS name will be stored. - For a wildcard DNS name, the DNS name resolution information of - all the DNS names that match the wildcard DNS name will be stored. - For a wildcard DNS name, the '*' will match only one label. Additionally, - only a single '*' can be used at the beginning of the wildcard DNS - name. For example, '*.example.com.' will match 'sub1.example.com.' - but won't match 'sub2.sub1.example.com.' - maxLength: 254 - pattern: ^(\*\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\.){2,}$ - type: string - x-kubernetes-validations: - - message: spec.name is immutable - rule: self == oldSelf - required: - - name - type: object - status: - description: status is the most recently observed status of the DNSNameResolver. - properties: - resolvedNames: - description: resolvedNames contains a list of matching DNS names and - their corresponding IP addresses along with their TTL and last DNS - lookup times. - items: - description: DNSNameResolverResolvedName describes the details of - a resolved DNS name. - properties: - conditions: - description: 'conditions provide information about the state - of the DNS name. Known .status.conditions.type is: "Degraded". - "Degraded" is true when the last resolution failed for the - DNS name, and false otherwise.' - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - dnsName: - description: dnsName is the resolved DNS name matching the name - field of DNSNameResolverSpec. This field can store both regular - and wildcard DNS names which match the spec.name field. When - the spec.name field contains a regular DNS name, this field - will store the same regular DNS name after it is successfully - resolved. When the spec.name field contains a wildcard DNS - name, each resolvedName.dnsName will store the regular DNS - names which match the wildcard DNS name and have been successfully - resolved. If the wildcard DNS name can also be successfully - resolved, then this field will store the wildcard DNS name - as well. - maxLength: 254 - pattern: ^(\*\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\.){2,}$ - type: string - resolutionFailures: - description: resolutionFailures keeps the count of how many - consecutive times the DNS resolution failed for the dnsName. - If the DNS resolution succeeds then the field will be set - to zero. Upon every failure, the value of the field will be - incremented by one. The details about the DNS name will be - removed, if the value of resolutionFailures reaches 5 and - the TTL of all the associated IP addresses have expired. - format: int32 - type: integer - resolvedAddresses: - description: resolvedAddresses gives the list of associated - IP addresses and their corresponding TTLs and last lookup - times for the dnsName. - items: - description: DNSNameResolverResolvedAddress describes the - details of an IP address for a resolved DNS name. - properties: - ip: - anyOf: - - format: ipv4 - - format: ipv6 - description: ip is an IP address associated with the dnsName. - The validity of the IP address expires after lastLookupTime - + ttlSeconds. To refresh the information, a DNS lookup - will be performed upon the expiration of the IP address's - validity. If the information is not refreshed then it - will be removed with a grace period after the expiration - of the IP address's validity. - type: string - lastLookupTime: - description: lastLookupTime is the timestamp when the - last DNS lookup was completed successfully. The validity - of the IP address expires after lastLookupTime + ttlSeconds. - The value of this field will be updated to the current - time on a successful DNS lookup. If the information - is not refreshed then it will be removed with a grace - period after the expiration of the IP address's validity. - format: date-time - type: string - ttlSeconds: - description: ttlSeconds is the time-to-live value of the - IP address. The validity of the IP address expires after - lastLookupTime + ttlSeconds. On a successful DNS lookup - the value of this field will be updated with the current - time-to-live value. If the information is not refreshed - then it will be removed with a grace period after the - expiration of the IP address's validity. - format: int32 - type: integer - required: - - ip - - lastLookupTime - - ttlSeconds - type: object - type: array - x-kubernetes-list-map-keys: - - ip - x-kubernetes-list-type: map - required: - - dnsName - - resolvedAddresses - type: object - type: array - x-kubernetes-list-map-keys: - - dnsName - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml-patch b/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml-patch deleted file mode 100644 index 975ae7c93f..0000000000 --- a/vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml-patch +++ /dev/null @@ -1,5 +0,0 @@ -- op: add - path: /spec/versions/name=v1alpha1/schema/openAPIV3Schema/properties/status/properties/resolvedNames/items/properties/resolvedAddresses/items/properties/ip/anyOf - value: - - format: ipv4 - - format: ipv6 diff --git a/vendor/github.com/openshift/api/network/v1alpha1/custom.dnsnameresolver.testsuite.yaml b/vendor/github.com/openshift/api/network/v1alpha1/custom.dnsnameresolver.testsuite.yaml deleted file mode 100644 index 24175b6d73..0000000000 --- a/vendor/github.com/openshift/api/network/v1alpha1/custom.dnsnameresolver.testsuite.yaml +++ /dev/null @@ -1,402 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] DNSNameResolver" -crd: 0000_70_dnsnameresolver_00-techpreview.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal DNSNameResolver with a regular DNS name - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - spec: - name: www.example.com. - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - spec: - name: www.example.com. - - name: Should be able to create a minimal DNSNameResolver with a wildcard DNS name - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - spec: - name: "*.example.com." - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - spec: - name: "*.example.com." - - name: Should be able to specify DNS name with a '-' in a label - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - spec: - name: www.example-domain.com. - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - spec: - name: www.example-domain.com. - - name: Should not be able to specify invalid DNS name - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www_example_com - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"www_example_com\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should not be able to specify DNS name with a label starting with '-' - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: -example.com. - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"-example.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should not be able to specify DNS name with a label ending with '-' - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: example-.com. - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"example-.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should not be able to specify DNS name without a trailing period - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"www.example.com\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should not be able to specify just the TLD in a DNS name - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: com. - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should not be able to specify a wildcard before TLD in DNS name - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: "*.com." - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"*.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should not be able to specify a DNS name with a label containing uppercase letters - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: ABCD.com. - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"ABCD.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should not be able to specify a DNS name with a label containing more than 63 characters - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz123456789012.com. - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz123456789012.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should be able to specify a DNS name with a label containing 63 characters - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz12345678901.com. - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - spec: - name: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz12345678901.com. - onUpdate: - - name: Should not be able to update spec.name field - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.newexample.com. - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"string\": spec.name is immutable" - - name: Should be able to add valid IPv4 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "192.168.1.1" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "192.168.1.1" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - - name: Should be able to add lowest valid IPv4 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "0.0.0.0" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "0.0.0.0" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - - name: Should be able to add highest valid IPv4 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "255.255.255.255" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "255.255.255.255" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - - name: Should not be able to add invalid IPv4 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "256.256.256.256" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expectedStatusError: "DNSNameResolver.network.openshift.io \"example\" is invalid: [: Invalid value: \"\": \"status.resolvedNames[0].resolvedAddresses[0].ip\" must validate at least one schema (anyOf), status.resolvedNames[0].resolvedAddresses[0].ip: Invalid value: \"256.256.256.256\": status.resolvedNames[0].resolvedAddresses[0].ip in body must be of type ipv4: \"256.256.256.256\", : Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]" - - name: Should be able to add valid IPv6 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "2001:db8:3333:4444:5555:6666:7777:8888" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "2001:db8:3333:4444:5555:6666:7777:8888" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - - name: Should be able to add lowest valid IPv6 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "::" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "::" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - - name: Should be able to add highest valid IPv6 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - - name: Should not be able to add invalid IPv6 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "10000:10000:10000:10000:10000:10000:10000:10000" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expectedStatusError: "DNSNameResolver.network.openshift.io \"example\" is invalid: [: Invalid value: \"\": \"status.resolvedNames[0].resolvedAddresses[0].ip\" must validate at least one schema (anyOf), status.resolvedNames[0].resolvedAddresses[0].ip: Invalid value: \"10000:10000:10000:10000:10000:10000:10000:10000\": status.resolvedNames[0].resolvedAddresses[0].ip in body must be of type ipv4: \"10000:10000:10000:10000:10000:10000:10000:10000\", : Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]" diff --git a/vendor/github.com/openshift/api/network/v1alpha1/techpreview.dnsnameresolver.testsuite.yaml b/vendor/github.com/openshift/api/network/v1alpha1/techpreview.dnsnameresolver.testsuite.yaml deleted file mode 100644 index 411e5ffcdc..0000000000 --- a/vendor/github.com/openshift/api/network/v1alpha1/techpreview.dnsnameresolver.testsuite.yaml +++ /dev/null @@ -1,402 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] DNSNameResolver" -crd: 0000_70_dnsnameresolver_00-techpreview.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal DNSNameResolver - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - spec: - name: www.example.com. - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - spec: - name: www.example.com. - - name: Should be able to create a minimal DNSNameResolver with a wildcard DNS name - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - spec: - name: "*.example.com." - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - spec: - name: "*.example.com." - - name: Should be able to specify DNS name with a '-' in a label - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - spec: - name: www.example-domain.com. - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - spec: - name: www.example-domain.com. - - name: Should not be able to specify invalid DNS name - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www_example_com - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"www_example_com\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should not be able to specify DNS name with a label starting with '-' - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: -example.com. - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"-example.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should not be able to specify DNS name with a label ending with '-' - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: example-.com. - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"example-.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should not be able to specify DNS name without a trailing period - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"www.example.com\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should not be able to specify just the TLD in a DNS name - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: com. - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should not be able to specify a wildcard before TLD in DNS name - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: "*.com." - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"*.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should not be able to specify a DNS name with a label containing uppercase letters - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: ABCD.com. - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"ABCD.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should not be able to specify a DNS name with a label containing more than 63 characters - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz123456789012.com. - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz123456789012.com.\": spec.name in body should match '^(\\*\\.)?([a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?\\.){2,}$'" - - name: Should be able to specify a DNS name with a label containing 63 characters - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz12345678901.com. - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - spec: - name: abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz12345678901.com. - onUpdate: - - name: Should not be able to update spec.name field - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.newexample.com. - expectedError: "DNSNameResolver.network.openshift.io \"example\" is invalid: spec.name: Invalid value: \"string\": spec.name is immutable" - - name: Should be able to add valid IPv4 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "192.168.1.1" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "192.168.1.1" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - - name: Should be able to add lowest valid IPv4 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "0.0.0.0" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "0.0.0.0" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - - name: Should be able to add highest valid IPv4 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "255.255.255.255" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "255.255.255.255" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - - name: Should not be able to add invalid IPv4 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "256.256.256.256" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expectedStatusError: "DNSNameResolver.network.openshift.io \"example\" is invalid: [: Invalid value: \"\": \"status.resolvedNames[0].resolvedAddresses[0].ip\" must validate at least one schema (anyOf), status.resolvedNames[0].resolvedAddresses[0].ip: Invalid value: \"256.256.256.256\": status.resolvedNames[0].resolvedAddresses[0].ip in body must be of type ipv4: \"256.256.256.256\", : Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]" - - name: Should be able to add valid IPv6 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "2001:db8:3333:4444:5555:6666:7777:8888" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "2001:db8:3333:4444:5555:6666:7777:8888" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - - name: Should be able to add lowest valid IPv6 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "::" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "::" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - - name: Should be able to add highest valid IPv6 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expected: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - - name: Should not be able to add invalid IPv6 address - initial: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - updated: | - apiVersion: network.openshift.io/v1alpha1 - kind: DNSNameResolver - metadata: - name: example - spec: - name: www.example.com. - status: - resolvedNames: - - dnsName: www.example.com. - resolvedAddresses: - - ip: "10000:10000:10000:10000:10000:10000:10000:10000" - ttlSeconds: 60 - lastLookupTime: "2023-08-08T15:07:04Z" - expectedStatusError: "DNSNameResolver.network.openshift.io \"example\" is invalid: [: Invalid value: \"\": \"status.resolvedNames[0].resolvedAddresses[0].ip\" must validate at least one schema (anyOf), status.resolvedNames[0].resolvedAddresses[0].ip: Invalid value: \"10000:10000:10000:10000:10000:10000:10000:10000\": status.resolvedNames[0].resolvedAddresses[0].ip in body must be of type ipv4: \"10000:10000:10000:10000:10000:10000:10000:10000\", : Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]" diff --git a/vendor/github.com/openshift/api/network/v1alpha1/types_dnsnameresolver.go b/vendor/github.com/openshift/api/network/v1alpha1/types_dnsnameresolver.go index 4e0199d7e7..394f2e4ac0 100644 --- a/vendor/github.com/openshift/api/network/v1alpha1/types_dnsnameresolver.go +++ b/vendor/github.com/openshift/api/network/v1alpha1/types_dnsnameresolver.go @@ -8,7 +8,11 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:object:root=true // +kubebuilder:subresource:status +// +kubebuilder:resource:path=dnsnameresolvers,scope=Namespaced +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1524 +// +openshift:file-pattern=cvoRunLevel=0000_70,operatorName=dns,operatorOrdering=00 // +openshift:compatibility-gen:level=4 +// +openshift:enable:FeatureGate=DNSNameResolver // DNSNameResolver stores the DNS name resolution information of a DNS name. It can be enabled by the TechPreviewNoUpgrade feature set. // It can also be enabled by the feature gate DNSNameResolver when using CustomNoUpgrade feature set. @@ -121,7 +125,6 @@ type DNSNameResolverResolvedAddress struct { } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // +openshift:compatibility-gen:level=4 // DNSNameResolverList contains a list of DNSNameResolvers. diff --git a/vendor/github.com/openshift/api/network/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/network/v1alpha1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..0070eb584e --- /dev/null +++ b/vendor/github.com/openshift/api/network/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,23 @@ +dnsnameresolvers.network.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1524 + CRDName: dnsnameresolvers.network.openshift.io + Capability: "" + Category: "" + FeatureGates: + - DNSNameResolver + FilenameOperatorName: dns + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_70" + GroupName: network.openshift.io + HasStatus: true + KindName: DNSNameResolver + Labels: {} + PluralName: dnsnameresolvers + PrinterColumns: [] + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: + - DNSNameResolver + Version: v1alpha1 + diff --git a/vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml b/vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml deleted file mode 100644 index 6019c14c2a..0000000000 --- a/vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml +++ /dev/null @@ -1,250 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/851 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - creationTimestamp: null - name: egressrouters.network.operator.openshift.io -spec: - group: network.operator.openshift.io - names: - kind: EgressRouter - listKind: EgressRouterList - plural: egressrouters - singular: egressrouter - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[*].type - name: Condition - type: string - - jsonPath: .status.conditions[*].status - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: "EgressRouter is a feature allowing the user to define an egress - router that acts as a bridge between pods and external systems. The egress - router runs a service that redirects egress traffic originating from a pod - or a group of pods to a remote external system or multiple destinations - as per configuration. \n It is consumed by the cluster-network-operator. - More specifically, given an EgressRouter CR with , the CNO will create - and manage: - A service called - An egress pod called - A - NAD called \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer). \n - EgressRouter is a single egressrouter pod configuration object." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of the desired egress router. - oneOf: - - properties: - mode: - enum: - - Redirect - required: - - redirect - properties: - addresses: - description: List of IP addresses to configure on the pod's secondary - interface. - items: - description: EgressRouterAddress contains a pair of IP CIDR and - gateway to be configured on the router's interface - properties: - gateway: - anyOf: - - format: ipv4 - - format: ipv6 - description: IP address of the next-hop gateway, if it cannot - be automatically determined. Can be IPv4 or IPv6. - type: string - ip: - description: IP is the address to configure on the router's - interface. Can be IPv4 or IPv6. - type: string - required: - - ip - type: object - type: array - mode: - default: Redirect - description: Mode depicts the mode that is used for the egress router. - The default mode is "Redirect" and is the only supported mode currently. - enum: - - Redirect - type: string - networkInterface: - default: - macvlan: - mode: Bridge - description: Specification of interface to create/use. The default - is macvlan. Currently only macvlan is supported. - oneOf: - - required: - - macvlan - properties: - macvlan: - default: - mode: Bridge - description: Arguments specific to the interfaceType macvlan - properties: - master: - description: Name of the master interface. Need not be specified - if it can be inferred from the IP address. - type: string - mode: - default: Bridge - description: Mode depicts the mode that is used for the macvlan - interface; one of Bridge|Private|VEPA|Passthru. The default - mode is "Bridge". - enum: - - Bridge - - Private - - VEPA - - Passthru - type: string - required: - - mode - type: object - type: object - redirect: - description: Redirect represents the configuration parameters specific - to redirect mode. - properties: - fallbackIP: - anyOf: - - format: ipv4 - - format: ipv6 - description: FallbackIP specifies the remote destination's IP - address. Can be IPv4 or IPv6. If no redirect rules are specified, - all traffic from the router are redirected to this IP. If redirect - rules are specified, then any connections on any other port - (undefined in the rules) on the router will be redirected to - this IP. If redirect rules are specified and no fallback IP - is provided, connections on other ports will simply be rejected. - type: string - redirectRules: - description: List of L4RedirectRules that define the DNAT redirection - from the pod to the destination in redirect mode. - items: - description: L4RedirectRule defines a DNAT redirection from - a given port to a destination IP and port. - properties: - destinationIP: - anyOf: - - format: ipv4 - - format: ipv6 - description: IP specifies the remote destination's IP address. - Can be IPv4 or IPv6. - type: string - port: - description: Port is the port number to which clients should - send traffic to be redirected. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - protocol: - description: Protocol can be TCP, SCTP or UDP. - enum: - - TCP - - UDP - - SCTP - type: string - targetPort: - description: TargetPort allows specifying the port number - on the remote destination to which the traffic gets redirected - to. If unspecified, the value from "Port" is used. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - destinationIP - - port - - protocol - type: object - type: array - type: object - required: - - addresses - - mode - - networkInterface - type: object - status: - description: Observed status of EgressRouter. - properties: - conditions: - description: Observed status of the egress router - items: - description: EgressRouterStatusCondition represents the state of - the egress router's managed and monitored components. - properties: - lastTransitionTime: - description: LastTransitionTime is the time of the last update - to the current status property. - format: date-time - nullable: true - type: string - message: - description: Message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be - rendered as new lines. - type: string - reason: - description: Reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: Type specifies the aspect reported by this condition; - one of Available, Progressing, Degraded - enum: - - Available - - Progressing - - Degraded - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - required: - - conditions - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml-patch b/vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml-patch deleted file mode 100644 index 3f1cc0342b..0000000000 --- a/vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml-patch +++ /dev/null @@ -1,26 +0,0 @@ -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/addresses/items/properties/gateway/anyOf - value: - - format: ipv4 - - format: ipv6 -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/redirect/properties/fallbackIP/anyOf - value: - - format: ipv4 - - format: ipv6 -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/redirect/properties/redirectRules/items/properties/destinationIP/anyOf - value: - - format: ipv4 - - format: ipv6 -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/oneOf - value: - - properties: - mode: - enum: ["Redirect"] - required: ["redirect"] -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/networkInterface/oneOf - value: - - required: ["macvlan"] diff --git a/vendor/github.com/openshift/api/networkoperator/v1/generated.proto b/vendor/github.com/openshift/api/networkoperator/v1/generated.proto index 540637af44..2f813e2a5e 100644 --- a/vendor/github.com/openshift/api/networkoperator/v1/generated.proto +++ b/vendor/github.com/openshift/api/networkoperator/v1/generated.proto @@ -27,11 +27,16 @@ option go_package = "github.com/openshift/api/networkoperator/v1"; // // EgressRouter is a single egressrouter pod configuration object. // +k8s:openapi-gen=true +// +openshift:compatibility-gen:level=1 +// +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:resource:path=egressrouters,scope=Namespaced +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/851 +// +openshift:file-pattern=operatorOrdering=001 +// +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true +// +kubebuilder:metadata:annotations=include.release.openshift.io/ibm-cloud-managed=true // +kubebuilder:printcolumn:name="Condition",type=string,JSONPath=".status.conditions[*].type" // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=".status.conditions[*].status" -// +openshift:compatibility-gen:level=1 message EgressRouter { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata diff --git a/vendor/github.com/openshift/api/networkoperator/v1/stable.egressrouter.testsuite.yaml b/vendor/github.com/openshift/api/networkoperator/v1/stable.egressrouter.testsuite.yaml deleted file mode 100644 index 2d4a476d34..0000000000 --- a/vendor/github.com/openshift/api/networkoperator/v1/stable.egressrouter.testsuite.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] EgressRouter" -crd: 001-egressrouter.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal EgressRouter - initial: | - apiVersion: network.operator.openshift.io/v1 - kind: EgressRouter - spec: - mode: Redirect - redirect: {} - addresses: [] - expected: | - apiVersion: network.operator.openshift.io/v1 - kind: EgressRouter - spec: - mode: Redirect - redirect: {} - addresses: [] - networkInterface: - macvlan: - mode: Bridge diff --git a/vendor/github.com/openshift/api/networkoperator/v1/types_egressrouter.go b/vendor/github.com/openshift/api/networkoperator/v1/types_egressrouter.go index 4acebb177d..9f11590e05 100644 --- a/vendor/github.com/openshift/api/networkoperator/v1/types_egressrouter.go +++ b/vendor/github.com/openshift/api/networkoperator/v1/types_egressrouter.go @@ -20,11 +20,16 @@ import ( // // EgressRouter is a single egressrouter pod configuration object. // +k8s:openapi-gen=true +// +openshift:compatibility-gen:level=1 +// +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:resource:path=egressrouters,scope=Namespaced +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/851 +// +openshift:file-pattern=operatorOrdering=001 +// +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true +// +kubebuilder:metadata:annotations=include.release.openshift.io/ibm-cloud-managed=true // +kubebuilder:printcolumn:name="Condition",type=string,JSONPath=".status.conditions[*].type" // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=".status.conditions[*].status" -// +openshift:compatibility-gen:level=1 type EgressRouter struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/networkoperator/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/networkoperator/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..8af113091e --- /dev/null +++ b/vendor/github.com/openshift/api/networkoperator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,29 @@ +egressrouters.network.operator.openshift.io: + Annotations: + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/851 + CRDName: egressrouters.network.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "001" + FilenameRunLevel: "" + GroupName: network.operator.openshift.io + HasStatus: true + KindName: EgressRouter + Labels: {} + PluralName: egressrouters + PrinterColumns: + - jsonPath: .status.conditions[*].type + name: Condition + type: string + - jsonPath: .status.conditions[*].status + name: Status + type: string + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/operator/.codegen.yaml b/vendor/github.com/openshift/api/operator/.codegen.yaml index 0791e8be76..1f30181f13 100644 --- a/vendor/github.com/openshift/api/operator/.codegen.yaml +++ b/vendor/github.com/openshift/api/operator/.codegen.yaml @@ -1,8 +1,6 @@ schemapatch: - requiredFeatureSets: - - "" - - "Default" - - "TechPreviewNoUpgrade" - - "CustomNoUpgrade" swaggerdocs: commentPolicy: Warn + + + diff --git a/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml deleted file mode 100644 index 4f514f9034..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml +++ /dev/null @@ -1,171 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/612 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: configs.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: Config - plural: configs - singular: config - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Config specifies the behavior of the config operator which is - responsible for creating the initial configuration of other components on - the cluster. The operator also handles installation, migration or synchronization - of cloud configurations for AWS and Azure cloud based clusters \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Config Operator. - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status defines the observed status of the Config Operator. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index 3d3edffc28..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,264 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/752 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: etcds.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: Etcd - plural: etcds - singular: etcd - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Etcd provides information to configure an operator to manage - etcd. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - controlPlaneHardwareSpeed: - description: HardwareSpeed allows user to change the etcd tuning profile - which configures the latency parameters for heartbeat interval and - leader election timeouts allowing the cluster to tolerate longer - round-trip-times between etcd members. Valid values are "", "Standard" - and "Slower". "" means no opinion and the platform is left to choose - a reasonable default which is subject to change without notice. - enum: - - "" - - Standard - - Slower - type: string - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - controlPlaneHardwareSpeed: - description: ControlPlaneHardwareSpeed declares valid hardware speed - tolerance levels - enum: - - "" - - Standard - - Slower - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml deleted file mode 100644 index 899ddcc0ae..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml +++ /dev/null @@ -1,252 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/752 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - name: etcds.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: Etcd - plural: etcds - singular: etcd - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Etcd provides information to configure an operator to manage - etcd. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - controlPlaneHardwareSpeed: - description: ControlPlaneHardwareSpeed declares valid hardware speed - tolerance levels - enum: - - "" - - Standard - - Slower - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml deleted file mode 100644 index f8824e90f8..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml +++ /dev/null @@ -1,266 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: kubeapiservers.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: KubeAPIServer - plural: kubeapiservers - singular: kubeapiserver - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "KubeAPIServer provides information to configure an operator - to manage kube-apiserver. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Kubernetes API Server - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Force)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the Kubernetes - API Server - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - serviceAccountIssuers: - description: 'serviceAccountIssuers tracks history of used service - account issuers. The item without expiration time represents the - currently used service account issuer. The other items represents - service account issuers that were used previously and are still - being trusted. The default expiration for the items is set by the - platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection' - items: - properties: - expirationTime: - description: expirationTime is the time after which this service - account issuer will be pruned and removed from the trusted - list of service account issuers. - format: date-time - type: string - name: - description: name is the name of the service account issuer - --- - type: string - type: object - type: array - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml-patch deleted file mode 100644 index 8145f00c49..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml-patch +++ /dev/null @@ -1,3 +0,0 @@ -- op: replace - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/managementState/pattern - value: "^(Managed|Force)$" diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml deleted file mode 100644 index ffcd76e3f6..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml +++ /dev/null @@ -1,257 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: kubecontrollermanagers.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: KubeControllerManager - plural: kubecontrollermanagers - singular: kubecontrollermanager - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "KubeControllerManager provides information to configure an operator - to manage kube-controller-manager. \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Kubernetes Controller Manager - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Force)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - useMoreSecureServiceCA: - default: false - description: useMoreSecureServiceCA indicates that the service-ca.crt - provided in SA token volumes should include only enough certificates - to validate service serving certificates. Once set to true, it cannot - be set to false. Even if someone finds a way to set it back to false, - the service-ca.crt files that previously existed will only have - the more secure content. - type: boolean - type: object - status: - description: status is the most recently observed status of the Kubernetes - Controller Manager - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml-patch deleted file mode 100644 index 8145f00c49..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml-patch +++ /dev/null @@ -1,3 +0,0 @@ -- op: replace - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/managementState/pattern - value: "^(Managed|Force)$" diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml deleted file mode 100644 index 9d209dcf8b..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml +++ /dev/null @@ -1,247 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: kubeschedulers.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: KubeScheduler - plural: kubeschedulers - singular: kubescheduler - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "KubeScheduler provides information to configure an operator - to manage scheduler. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Kubernetes Scheduler - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Force)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the Kubernetes - Scheduler - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml-patch deleted file mode 100644 index 8145f00c49..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml-patch +++ /dev/null @@ -1,3 +0,0 @@ -- op: replace - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/managementState/pattern - value: "^(Managed|Force)$" diff --git a/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml deleted file mode 100644 index 13675f8d11..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml +++ /dev/null @@ -1,176 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: openshiftapiservers.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: OpenShiftAPIServer - plural: openshiftapiservers - singular: openshiftapiserver - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "OpenShiftAPIServer provides information to configure an operator - to manage openshift-apiserver. \n Compatibility level 1: Stable within a - major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - OpenShift API Server. - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status defines the observed status of the OpenShift API Server. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - latestAvailableRevision: - description: latestAvailableRevision is the latest revision used as - suffix of revisioned secrets like encryption-config. A new revision - causes a new deployment of pods. - format: int32 - minimum: 0 - type: integer - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml deleted file mode 100644 index aa6fda11ba..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml +++ /dev/null @@ -1,185 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/692 - capability.openshift.io/name: CloudCredential - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: cloudcredentials.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: CloudCredential - listKind: CloudCredentialList - plural: cloudcredentials - singular: cloudcredential - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "CloudCredential provides a means to configure an operator to - manage CredentialsRequests. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CloudCredentialSpec is the specification of the desired behavior - of the cloud-credential-operator. - properties: - credentialsMode: - description: 'CredentialsMode allows informing CCO that it should - not attempt to dynamically determine the root cloud credentials - capabilities, and it should just run in the specified mode. It also - allows putting the operator into "manual" mode if desired. Leaving - the field in default mode runs CCO so that the cluster''s cloud - credentials will be dynamically probed for capabilities (on supported - clouds/platforms). Supported modes: AWS/Azure/GCP: "" (Default), - "Mint", "Passthrough", "Manual" Others: Do not set value as other - platforms only support running in "Passthrough"' - enum: - - "" - - Manual - - Mint - - Passthrough - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: CloudCredentialStatus defines the observed status of the - cloud-credential-operator. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml deleted file mode 100644 index 26aa2c516d..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml +++ /dev/null @@ -1,165 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/503 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: kubestorageversionmigrators.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: KubeStorageVersionMigrator - listKind: KubeStorageVersionMigratorList - plural: kubestorageversionmigrators - singular: kubestorageversionmigrator - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "KubeStorageVersionMigrator provides information to configure - an operator to manage kube-storage-version-migrator. \n Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml deleted file mode 100644 index d40670a059..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml +++ /dev/null @@ -1,173 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: authentications.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: Authentication - plural: authentications - singular: authentication - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Authentication provides information to configure an operator - to manage authentication. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - oauthAPIServer: - description: OAuthAPIServer holds status specific only to oauth-apiserver - properties: - latestAvailableRevision: - description: LatestAvailableRevision is the latest revision used - as suffix of revisioned secrets like encryption-config. A new - revision causes a new deployment of pods. - format: int32 - minimum: 0 - type: integer - type: object - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml deleted file mode 100644 index 08c53a233d..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml +++ /dev/null @@ -1,166 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: openshiftcontrollermanagers.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: OpenShiftControllerManager - plural: openshiftcontrollermanagers - singular: openshiftcontrollermanager - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "OpenShiftControllerManager provides information to configure - an operator to manage openshift-controller-manager. \n Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml deleted file mode 100644 index 608409b688..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml +++ /dev/null @@ -1,182 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/670 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: storages.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: Storage - plural: storages - singular: storage - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Storage provides a means to configure an operator to manage - the cluster storage operator. `cluster` is the canonical name. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - vsphereStorageDriver: - description: 'VSphereStorageDriver indicates the storage driver to - use on VSphere clusters. Once this field is set to CSIWithMigrationDriver, - it can not be changed. If this is empty, the platform will choose - a good default, which may change over time without notice. The current - default is CSIWithMigrationDriver and may not be changed. DEPRECATED: - This field will be removed in a future release.' - enum: - - "" - - LegacyDeprecatedInTreeDriver - - CSIWithMigrationDriver - type: string - x-kubernetes-validations: - - message: VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver - rule: self != "LegacyDeprecatedInTreeDriver" - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml deleted file mode 100644 index 8e51b2d8bc..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml +++ /dev/null @@ -1,2237 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/616 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: ingresscontrollers.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: IngressController - listKind: IngressControllerList - plural: ingresscontrollers - singular: ingresscontroller - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "IngressController describes a managed ingress controller for - the cluster. The controller can service OpenShift Route and Kubernetes Ingress - resources. \n When an IngressController is created, a new ingress controller - deployment is created to allow external traffic to reach the services that - expose Ingress or Route resources. Updating this resource may lead to disruption - for public facing network connections as a new ingress controller revision - may be rolled out. \n https://kubernetes.io/docs/concepts/services-networking/ingress-controllers - \n Whenever possible, sensible defaults for the platform are used. See each - field for more details. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - IngressController. - properties: - clientTLS: - description: clientTLS specifies settings for requesting and verifying - client certificates, which can be used to enable mutual TLS for - edge-terminated and reencrypt routes. - properties: - allowedSubjectPatterns: - description: allowedSubjectPatterns specifies a list of regular - expressions that should be matched against the distinguished - name on a valid client certificate to filter requests. The - regular expressions must use PCRE syntax. If this list is empty, - no filtering is performed. If the list is nonempty, then at - least one pattern must match a client certificate's distinguished - name or else the ingress controller rejects the certificate - and denies the connection. - items: - type: string - type: array - x-kubernetes-list-type: atomic - clientCA: - description: clientCA specifies a configmap containing the PEM-encoded - CA certificate bundle that should be used to verify a client's - certificate. The administrator must create this configmap in - the openshift-config namespace. - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - clientCertificatePolicy: - description: "clientCertificatePolicy specifies whether the ingress - controller requires clients to provide certificates. This field - accepts the values \"Required\" or \"Optional\". \n Note that - the ingress controller only checks client certificates for edge-terminated - and reencrypt TLS routes; it cannot check certificates for cleartext - HTTP or passthrough TLS routes." - enum: - - "" - - Required - - Optional - type: string - required: - - clientCA - - clientCertificatePolicy - type: object - defaultCertificate: - description: "defaultCertificate is a reference to a secret containing - the default certificate served by the ingress controller. When Routes - don't specify their own certificate, defaultCertificate is used. - \n The secret must contain the following keys and data: \n tls.crt: - certificate file contents tls.key: key file contents \n If unset, - a wildcard certificate is automatically generated and used. The - certificate is valid for the ingress controller domain (and subdomains) - and the generated certificate's CA will be automatically integrated - with the cluster's trust store. \n If a wildcard certificate is - used and shared by multiple HTTP/2 enabled routes (which implies - ALPN) then clients (i.e., notably browsers) are at liberty to reuse - open connections. This means a client can reuse a connection to - another route and that is likely to fail. This behaviour is generally - known as connection coalescing. \n The in-use certificate (whether - generated or user-specified) will be automatically integrated with - OpenShift's built-in OAuth server." - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - domain: - description: "domain is a DNS name serviced by the ingress controller - and is used to configure multiple features: \n * For the LoadBalancerService - endpoint publishing strategy, domain is used to configure DNS records. - See endpointPublishingStrategy. \n * When using a generated default - certificate, the certificate will be valid for domain and its subdomains. - See defaultCertificate. \n * The value is published to individual - Route statuses so that end-users know where to target external DNS - records. \n domain must be unique among all IngressControllers, - and cannot be updated. \n If empty, defaults to ingress.config.openshift.io/cluster - .spec.domain." - type: string - endpointPublishingStrategy: - description: "endpointPublishingStrategy is used to publish the ingress - controller endpoints to other networks, enable load balancer integrations, - etc. \n If unset, the default is based on infrastructure.config.openshift.io/cluster - .status.platform: \n AWS: LoadBalancerService (with External - scope) Azure: LoadBalancerService (with External scope) GCP: - \ LoadBalancerService (with External scope) IBMCloud: LoadBalancerService - (with External scope) AlibabaCloud: LoadBalancerService (with External - scope) Libvirt: HostNetwork \n Any other platform types (including - None) default to HostNetwork. \n endpointPublishingStrategy cannot - be updated." - properties: - hostNetwork: - description: hostNetwork holds parameters for the HostNetwork - endpoint publishing strategy. Present only if type is HostNetwork. - properties: - httpPort: - default: 80 - description: httpPort is the port on the host which should - be used to listen for HTTP requests. This field should be - set when port 80 is already in use. The value should not - coincide with the NodePort range of the cluster. When the - value is 0 or is not specified it defaults to 80. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - httpsPort: - default: 443 - description: httpsPort is the port on the host which should - be used to listen for HTTPS requests. This field should - be set when port 443 is already in use. The value should - not coincide with the NodePort range of the cluster. When - the value is 0 or is not specified it defaults to 443. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY - protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." - enum: - - "" - - TCP - - PROXY - type: string - statsPort: - default: 1936 - description: statsPort is the port on the host where the stats - from the router are published. The value should not coincide - with the NodePort range of the cluster. If an external load - balancer is configured to forward connections to this IngressController, - the load balancer should use this port for health checks. - The load balancer can send HTTP probes on this port on a - given node, with the path /healthz/ready to determine if - the ingress controller is ready to receive traffic on the - node. For proper operation the load balancer must not forward - traffic to a node until the health check reports ready. - The load balancer should also stop forwarding requests within - a maximum of 45 seconds after /healthz/ready starts reporting - not-ready. Probing every 5 to 10 seconds, with a 5-second - timeout and with a threshold of two successful or failed - requests to become healthy or unhealthy respectively, are - well-tested values. When the value is 0 or is not specified - it defaults to 1936. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - type: object - loadBalancer: - description: loadBalancer holds parameters for the load balancer. - Present only if type is LoadBalancerService. - properties: - allowedSourceRanges: - description: "allowedSourceRanges specifies an allowlist of - IP address ranges to which access to the load balancer should - be restricted. Each range must be specified using CIDR - notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range - is specified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 - are used by default, which allows all source addresses. - \n To facilitate migration from earlier versions of OpenShift - that did not have the allowedSourceRanges field, you may - set the service.beta.kubernetes.io/load-balancer-source-ranges - annotation on the \"router-\" service - in the \"openshift-ingress\" namespace, and this annotation - will take effect if allowedSourceRanges is empty on OpenShift - 4.12." - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - nullable: true - type: array - dnsManagementPolicy: - default: Managed - description: 'dnsManagementPolicy indicates if the lifecycle - of the wildcard DNS record associated with the load balancer - service will be managed by the ingress operator. It defaults - to Managed. Valid values are: Managed and Unmanaged.' - enum: - - Managed - - Unmanaged - type: string - providerParameters: - description: "providerParameters holds desired load balancer - information specific to the underlying infrastructure provider. - \n If empty, defaults will be applied. See specific providerParameters - fields for details about their defaults." - properties: - aws: - description: "aws provides configuration settings that - are specific to AWS load balancers. \n If empty, defaults - will be applied. See specific aws fields for details - about their defaults." - properties: - classicLoadBalancer: - description: classicLoadBalancerParameters holds configuration - parameters for an AWS classic load balancer. Present - only if type is Classic. - properties: - connectionIdleTimeout: - description: connectionIdleTimeout specifies the - maximum time period that a connection may be - idle before the load balancer closes the connection. The - value must be parseable as a time duration value; - see . A - nil or zero value means no opinion, in which - case a default value is used. The default value - for this field is 60s. This default is subject - to change. - format: duration - type: string - type: object - networkLoadBalancer: - description: networkLoadBalancerParameters holds configuration - parameters for an AWS network load balancer. Present - only if type is NLB. - type: object - type: - description: "type is the type of AWS load balancer - to instantiate for an ingresscontroller. \n Valid - values are: \n * \"Classic\": A Classic Load Balancer - that makes routing decisions at either the transport - layer (TCP/SSL) or the application layer (HTTP/HTTPS). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - \n * \"NLB\": A Network Load Balancer that makes - routing decisions at the transport layer (TCP/SSL). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" - enum: - - Classic - - NLB - type: string - required: - - type - type: object - gcp: - description: "gcp provides configuration settings that - are specific to GCP load balancers. \n If empty, defaults - will be applied. See specific gcp fields for details - about their defaults." - properties: - clientAccess: - description: "clientAccess describes how client access - is restricted for internal load balancers. \n Valid - values are: * \"Global\": Specifying an internal - load balancer with Global client access allows clients - from any region within the VPC to communicate with - the load balancer. \n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access - \n * \"Local\": Specifying an internal load balancer - with Local client access means only clients within - the same region (and VPC) as the GCP load balancer - can communicate with the load balancer. Note that - this is the default behavior. \n https://cloud.google.com/load-balancing/docs/internal#client_access" - enum: - - Global - - Local - type: string - type: object - ibm: - description: "ibm provides configuration settings that - are specific to IBM Cloud load balancers. \n If empty, - defaults will be applied. See specific ibm fields for - details about their defaults." - properties: - protocol: - description: "protocol specifies whether the load - balancer uses PROXY protocol to forward connections - to the IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: - \"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\" - \n PROXY protocol can be used with load balancers - that support it to communicate the source addresses - of client connections when forwarding those connections - to the IngressController. Using PROXY protocol - enables the IngressController to report those source - addresses instead of reporting the load balancer's - address in HTTP headers and logs. Note that enabling - PROXY protocol on the IngressController will cause - connections to fail if you are not using a load - balancer that uses PROXY protocol to forward connections - to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n Valid values - for protocol are TCP, PROXY and omitted. When omitted, - this means no opinion and the platform is left to - choose a reasonable default, which is subject to - change over time. The current default is TCP, without - the proxy protocol enabled." - enum: - - "" - - TCP - - PROXY - type: string - type: object - type: - description: type is the underlying infrastructure provider - for the load balancer. Allowed values are "AWS", "Azure", - "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and - "VSphere". - enum: - - AWS - - Azure - - BareMetal - - GCP - - Nutanix - - OpenStack - - VSphere - - IBM - type: string - required: - - type - type: object - scope: - description: scope indicates the scope at which the load balancer - is exposed. Possible values are "External" and "Internal". - enum: - - Internal - - External - type: string - required: - - dnsManagementPolicy - - scope - type: object - nodePort: - description: nodePort holds parameters for the NodePortService - endpoint publishing strategy. Present only if type is NodePortService. - properties: - protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY - protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." - enum: - - "" - - TCP - - PROXY - type: string - type: object - private: - description: private holds parameters for the Private endpoint - publishing strategy. Present only if type is Private. - properties: - protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY - protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." - enum: - - "" - - TCP - - PROXY - type: string - type: object - type: - description: "type is the publishing strategy to use. Valid values - are: \n * LoadBalancerService \n Publishes the ingress controller - using a Kubernetes LoadBalancer Service. \n In this configuration, - the ingress controller deployment uses container networking. - A LoadBalancer Service is created to publish the deployment. - \n See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - \n If domain is set, a wildcard DNS record will be managed to - point at the LoadBalancer Service's external name. DNS records - are managed only in DNS zones defined by dns.config.openshift.io/cluster - .spec.publicZone and .spec.privateZone. \n Wildcard DNS management - is currently supported only on the AWS, Azure, and GCP platforms. - \n * HostNetwork \n Publishes the ingress controller on node - ports where the ingress controller is deployed. \n In this configuration, - the ingress controller deployment uses host networking, bound - to node ports 80 and 443. The user is responsible for configuring - an external load balancer to publish the ingress controller - via the node ports. \n * Private \n Does not publish the ingress - controller. \n In this configuration, the ingress controller - deployment uses container networking, and is not explicitly - published. The user must manually publish the ingress controller. - \n * NodePortService \n Publishes the ingress controller using - a Kubernetes NodePort Service. \n In this configuration, the - ingress controller deployment uses container networking. A NodePort - Service is created to publish the deployment. The specific node - ports are dynamically allocated by OpenShift; however, to support - static port allocations, user changes to the node port field - of the managed NodePort Service will preserved." - enum: - - LoadBalancerService - - HostNetwork - - Private - - NodePortService - type: string - required: - - type - type: object - httpCompression: - description: httpCompression defines a policy for HTTP traffic compression. - By default, there is no HTTP compression. - properties: - mimeTypes: - description: "mimeTypes is a list of MIME types that should have - compression applied. This list can be empty, in which case the - ingress controller does not apply compression. \n Note: Not - all MIME types benefit from compression, but HAProxy will still - use resources to try to compress if instructed to. Generally - speaking, text (html, css, js, etc.) formats benefit from compression, - but formats that are already compressed (image, audio, video, - etc.) benefit little in exchange for the time and cpu spent - on compressing again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2" - items: - description: "CompressionMIMEType defines the format of a single - MIME type. E.g. \"text/css; charset=utf-8\", \"text/html\", - \"text/*\", \"image/svg+xml\", \"application/octet-stream\", - \"X-custom/customsub\", etc. \n The format should follow the - Content-Type definition in RFC 1341: Content-Type := type - \"/\" subtype *[\";\" parameter] - The type in Content-Type - can be one of: application, audio, image, message, multipart, - text, video, or a custom type preceded by \"X-\" and followed - by a token as defined below. - The token is a string of at - least one character, and not containing white space, control - characters, or any of the characters in the tspecials set. - - The tspecials set contains the characters ()<>@,;:\\\"/[]?.= - - The subtype in Content-Type is also a token. - The optional - parameter/s following the subtype are defined as: token \"=\" - (token / quoted-string) - The quoted-string, as defined in - RFC 822, is surrounded by double quotes and can contain white - space plus any character EXCEPT \\, \", and CR. It can also - contain any single ASCII character as long as it is escaped - by \\." - pattern: ^(?i)(x-[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|application|audio|image|message|multipart|text|video)/[^][ - ()\\<>@,;:"/?.=\x00-\x1F\x7F]+(; *[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+=([^][ - ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|"(\\[\x00-\x7F]|[^\x0D"\\])*"))*$ - type: string - type: array - x-kubernetes-list-type: set - type: object - httpEmptyRequestsPolicy: - default: Respond - description: "httpEmptyRequestsPolicy describes how HTTP connections - should be handled if the connection times out before a request is - received. Allowed values for this field are \"Respond\" and \"Ignore\". - \ If the field is set to \"Respond\", the ingress controller sends - an HTTP 400 or 408 response, logs the connection (if access logging - is enabled), and counts the connection in the appropriate metrics. - \ If the field is set to \"Ignore\", the ingress controller closes - the connection without sending a response, logging the connection, - or incrementing metrics. The default value is \"Respond\". \n Typically, - these connections come from load balancers' health probes or Web - browsers' speculative connections (\"preconnect\") and can be safely - ignored. However, these requests may also be caused by network - errors, and so setting this field to \"Ignore\" may impede detection - and diagnosis of problems. In addition, these requests may be caused - by port scans, in which case logging empty requests may aid in detecting - intrusion attempts." - enum: - - Respond - - Ignore - type: string - httpErrorCodePages: - description: httpErrorCodePages specifies a configmap with custom - error pages. The administrator must create this configmap in the - openshift-config namespace. This configmap should have keys in the - format "error-page-.http", where is an - HTTP error code. For example, "error-page-503.http" defines an error - page for HTTP 503 responses. Currently only error pages for 503 - and 404 responses can be customized. Each value in the configmap - should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http - If this field is empty, the ingress controller uses the default - error pages. - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - httpHeaders: - description: "httpHeaders defines policy for HTTP headers. \n If this - field is empty, the default values are used." - properties: - actions: - description: 'actions specifies options for modifying headers - and their values. Note that this option only applies to cleartext - HTTP connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). Headers cannot be modified for TLS - passthrough connections. Setting the HSTS (`Strict-Transport-Security`) - header is not supported via actions. `Strict-Transport-Security` - may only be configured using the "haproxy.router.openshift.io/hsts_header" - route annotation, and only in accordance with the policy specified - in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here - are applied after any actions related to the following other - fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, - spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. - In case of HTTP request headers, the actions specified in spec.httpHeaders.actions - on the Route will be executed after the actions specified in - the IngressController''s spec.httpHeaders.actions field. In - case of HTTP response headers, the actions specified in spec.httpHeaders.actions - on the IngressController will be executed after the actions - specified in the Route''s spec.httpHeaders.actions field. Headers - set using this API cannot be captured for use in access logs. - The following header names are reserved and may not be modified - via this API: Strict-Transport-Security, Proxy, Host, Cookie, - Set-Cookie. Note that the total size of all net added headers - *after* interpolating dynamic values must not exceed the value - of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. - Please refer to the documentation for that API field for more - details.' - properties: - request: - description: 'request is a list of HTTP request headers to - modify. Actions defined here will modify the request headers - of all requests passing through an ingress controller. These - actions are applied to all Routes i.e. for all connections - handled by the ingress controller defined within a cluster. - IngressController actions for request headers will be executed - before Route actions. Currently, actions may define to either - `Set` or `Delete` headers values. Actions are applied in - sequence as defined in this list. A maximum of 20 request - header actions may be configured. Sample fetchers allowed - are "req.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[req.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]".' - items: - description: IngressControllerHTTPHeader specifies configuration - for setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: set specifies how the HTTP header should - be set. This field is required when type is Set - and forbidden otherwise. - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and - may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Host, Cookie, Set-Cookie. It must be no more - than 255 characters in length. Header name must be - unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: host header may not be modified via header - actions - rule: self.lowerAscii() != 'host' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are req.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - response: - description: 'response is a list of HTTP response headers - to modify. Actions defined here will modify the response - headers of all requests passing through an ingress controller. - These actions are applied to all Routes i.e. for all connections - handled by the ingress controller defined within a cluster. - IngressController actions for response headers will be executed - after Route actions. Currently, actions may define to either - `Set` or `Delete` headers values. Actions are applied in - sequence as defined in this list. A maximum of 20 response - header actions may be configured. Sample fetchers allowed - are "res.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[res.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]".' - items: - description: IngressControllerHTTPHeader specifies configuration - for setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: set specifies how the HTTP header should - be set. This field is required when type is Set - and forbidden otherwise. - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and - may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Host, Cookie, Set-Cookie. It must be no more - than 255 characters in length. Header name must be - unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: host header may not be modified via header - actions - rule: self.lowerAscii() != 'host' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are res.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - type: object - forwardedHeaderPolicy: - description: "forwardedHeaderPolicy specifies when and how the - IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, - X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version - HTTP headers. The value may be one of the following: \n * \"Append\", - which specifies that the IngressController appends the headers, - preserving existing headers. \n * \"Replace\", which specifies - that the IngressController sets the headers, replacing any existing - Forwarded or X-Forwarded-* headers. \n * \"IfNone\", which specifies - that the IngressController sets the headers if they are not - already set. \n * \"Never\", which specifies that the IngressController - never sets the headers, preserving any existing headers. \n - By default, the policy is \"Append\"." - enum: - - Append - - Replace - - IfNone - - Never - type: string - headerNameCaseAdjustments: - description: "headerNameCaseAdjustments specifies case adjustments - that can be applied to HTTP header names. Each adjustment is - specified as an HTTP header name with the desired capitalization. - \ For example, specifying \"X-Forwarded-For\" indicates that - the \"x-forwarded-for\" HTTP header should be adjusted to have - the specified capitalization. \n These adjustments are only - applied to cleartext, edge-terminated, and re-encrypt routes, - and only when using HTTP/1. \n For request headers, these adjustments - are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true - annotation. For response headers, these adjustments are applied - to all HTTP responses. \n If this field is empty, no request - headers are adjusted." - items: - description: IngressControllerHTTPHeaderNameCaseAdjustment is - the name of an HTTP header (for example, "X-Forwarded-For") - in the desired capitalization. The value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - maxLength: 1024 - minLength: 0 - pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - nullable: true - type: array - uniqueId: - description: "uniqueId describes configuration for a custom HTTP - header that the ingress controller should inject into incoming - HTTP requests. Typically, this header is configured to have - a value that is unique to the HTTP request. The header can - be used by applications or included in access logs to facilitate - tracing individual HTTP requests. \n If this field is empty, - no such header is injected into requests." - properties: - format: - description: 'format specifies the format for the injected - HTTP header''s value. This field has no effect unless name - is specified. For the HAProxy-based ingress controller - implementation, this format uses the same syntax as the - HTTP log format. If the field is empty, the default value - is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the corresponding - HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3' - maxLength: 1024 - minLength: 0 - pattern: ^(%(%|(\{[-+]?[QXE](,[-+]?[QXE])*\})?([A-Za-z]+|\[[.0-9A-Z_a-z]+(\([^)]+\))?(,[.0-9A-Z_a-z]+(\([^)]+\))?)*\]))|[^%[:cntrl:]])*$ - type: string - name: - description: name specifies the name of the HTTP header (for - example, "unique-id") that the ingress controller should - inject into HTTP requests. The field's value must be a - valid HTTP header name as defined in RFC 2616 section 4.2. If - the field is empty, no header is injected. - maxLength: 1024 - minLength: 0 - pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - type: object - type: object - logging: - description: logging defines parameters for what should be logged - where. If this field is empty, operational logs are enabled but - access logs are disabled. - properties: - access: - description: "access describes how the client requests should - be logged. \n If this field is empty, access logging is disabled." - properties: - destination: - description: destination is where access logs go. - properties: - container: - description: container holds parameters for the Container - logging destination. Present only if type is Container. - properties: - maxLength: - default: 1024 - description: "maxLength is the maximum length of the - log message. \n Valid values are integers in the - range 480 to 8192, inclusive. \n When omitted, the - default value is 1024." - format: int32 - maximum: 8192 - minimum: 480 - type: integer - type: object - syslog: - description: syslog holds parameters for a syslog endpoint. Present - only if type is Syslog. - oneOf: - - properties: - address: - format: ipv4 - - properties: - address: - format: ipv6 - properties: - address: - description: address is the IP address of the syslog - endpoint that receives log messages. - type: string - facility: - description: "facility specifies the syslog facility - of log messages. \n If this field is empty, the - facility is \"local1\"." - enum: - - kern - - user - - mail - - daemon - - auth - - syslog - - lpr - - news - - uucp - - cron - - auth2 - - ftp - - ntp - - audit - - alert - - cron2 - - local0 - - local1 - - local2 - - local3 - - local4 - - local5 - - local6 - - local7 - type: string - maxLength: - default: 1024 - description: "maxLength is the maximum length of the - log message. \n Valid values are integers in the - range 480 to 4096, inclusive. \n When omitted, the - default value is 1024." - format: int32 - maximum: 4096 - minimum: 480 - type: integer - port: - description: port is the UDP port number of the syslog - endpoint that receives log messages. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - type: - description: "type is the type of destination for logs. - \ It must be one of the following: \n * Container \n - The ingress operator configures the sidecar container - named \"logs\" on the ingress controller pod and configures - the ingress controller to write logs to the sidecar. - \ The logs are then available as container logs. The - expectation is that the administrator configures a custom - logging solution that reads logs from this sidecar. - \ Note that using container logs means that logs may - be dropped if the rate of logs exceeds the container - runtime's or the custom logging solution's capacity. - \n * Syslog \n Logs are sent to a syslog endpoint. The - administrator must specify an endpoint that can receive - syslog messages. The expectation is that the administrator - has configured a custom syslog instance." - enum: - - Container - - Syslog - type: string - required: - - type - type: object - httpCaptureCookies: - description: httpCaptureCookies specifies HTTP cookies that - should be captured in access logs. If this field is empty, - no cookies are captured. - items: - description: IngressControllerCaptureHTTPCookie describes - an HTTP cookie that should be captured. - properties: - matchType: - description: matchType specifies the type of match to - be performed on the cookie name. Allowed values are - "Exact" for an exact string match and "Prefix" for - a string prefix match. If "Exact" is specified, a - name must be specified in the name field. If "Prefix" - is provided, a prefix must be specified in the namePrefix - field. For example, specifying matchType "Prefix" - and namePrefix "foo" will capture a cookie named "foo" - or "foobar" but not one named "bar". The first matching - cookie is captured. - enum: - - Exact - - Prefix - type: string - maxLength: - description: maxLength specifies a maximum length of - the string that will be logged, which includes the - cookie name, cookie value, and one-character delimiter. If - the log entry exceeds this length, the value will - be truncated in the log message. Note that the ingress - controller may impose a separate bound on the total - length of HTTP headers in a request. - maximum: 1024 - minimum: 1 - type: integer - name: - description: name specifies a cookie name. Its value - must be a valid HTTP cookie name as defined in RFC - 6265 section 4.1. - maxLength: 1024 - minLength: 0 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ - type: string - namePrefix: - description: namePrefix specifies a cookie name prefix. Its - value must be a valid HTTP cookie name as defined - in RFC 6265 section 4.1. - maxLength: 1024 - minLength: 0 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ - type: string - required: - - matchType - - maxLength - type: object - maxItems: 1 - nullable: true - type: array - httpCaptureHeaders: - description: "httpCaptureHeaders defines HTTP headers that - should be captured in access logs. If this field is empty, - no headers are captured. \n Note that this option only applies - to cleartext HTTP connections and to secure HTTP connections - for which the ingress controller terminates encryption (that - is, edge-terminated or reencrypt connections). Headers - cannot be captured for TLS passthrough connections." - properties: - request: - description: "request specifies which HTTP request headers - to capture. \n If this field is empty, no request headers - are captured." - items: - description: IngressControllerCaptureHTTPHeader describes - an HTTP header that should be captured. - properties: - maxLength: - description: maxLength specifies a maximum length - for the header value. If a header value exceeds - this length, the value will be truncated in the - log message. Note that the ingress controller - may impose a separate bound on the total length - of HTTP headers in a request. - minimum: 1 - type: integer - name: - description: name specifies a header name. Its - value must be a valid HTTP header name as defined - in RFC 2616 section 4.2. - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - required: - - maxLength - - name - type: object - nullable: true - type: array - response: - description: "response specifies which HTTP response headers - to capture. \n If this field is empty, no response headers - are captured." - items: - description: IngressControllerCaptureHTTPHeader describes - an HTTP header that should be captured. - properties: - maxLength: - description: maxLength specifies a maximum length - for the header value. If a header value exceeds - this length, the value will be truncated in the - log message. Note that the ingress controller - may impose a separate bound on the total length - of HTTP headers in a request. - minimum: 1 - type: integer - name: - description: name specifies a header name. Its - value must be a valid HTTP header name as defined - in RFC 2616 section 4.2. - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - required: - - maxLength - - name - type: object - nullable: true - type: array - type: object - httpLogFormat: - description: "httpLogFormat specifies the format of the log - message for an HTTP request. \n If this field is empty, - log messages use the implementation's default HTTP log format. - \ For HAProxy's default HTTP log format, see the HAProxy - documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 - \n Note that this format only applies to cleartext HTTP - connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). It does not affect the log format - for TLS passthrough connections." - type: string - logEmptyRequests: - default: Log - description: logEmptyRequests specifies how connections on - which no request is received should be logged. Typically, - these empty requests come from load balancers' health probes - or Web browsers' speculative connections ("preconnect"), - in which case logging these requests may be undesirable. However, - these requests may also be caused by network errors, in - which case logging empty requests may be useful for diagnosing - the errors. In addition, these requests may be caused by - port scans, in which case logging empty requests may aid - in detecting intrusion attempts. Allowed values for this - field are "Log" and "Ignore". The default value is "Log". - enum: - - Log - - Ignore - type: string - required: - - destination - type: object - type: object - namespaceSelector: - description: "namespaceSelector is used to filter the set of namespaces - serviced by the ingress controller. This is useful for implementing - shards. \n If unset, the default is no filtering." - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - nodePlacement: - description: "nodePlacement enables explicit control over the scheduling - of the ingress controller. \n If unset, defaults are used. See NodePlacement - for more details." - properties: - nodeSelector: - description: "nodeSelector is the node selector applied to ingress - controller deployments. \n If set, the specified selector is - used and replaces the default. \n If unset, the default depends - on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses - status. \n When defaultPlacement is Workers, the default is: - \n kubernetes.io/os: linux node-role.kubernetes.io/worker: '' - \n When defaultPlacement is ControlPlane, the default is: \n - kubernetes.io/os: linux node-role.kubernetes.io/master: '' \n - These defaults are subject to change. \n Note that using nodeSelector.matchExpressions - is not supported. Only nodeSelector.matchLabels may be used. - \ This is a limitation of the Kubernetes API: the pod spec does - not allow complex expressions for node selectors." - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - tolerations: - description: "tolerations is a list of tolerations applied to - ingress controller deployments. \n The default is an empty list. - \n See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/" - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: "replicas is the desired number of ingress controller - replicas. If unset, the default depends on the value of the defaultPlacement - field in the cluster config.openshift.io/v1/ingresses status. \n - The value of replicas is set based on the value of a chosen field - in the Infrastructure CR. If defaultPlacement is set to ControlPlane, - the chosen field will be controlPlaneTopology. If it is set to Workers - the chosen field will be infrastructureTopology. Replicas will then - be set to 1 or 2 based whether the chosen field's value is SingleReplica - or HighlyAvailable, respectively. \n These defaults are subject - to change." - format: int32 - type: integer - routeAdmission: - description: "routeAdmission defines a policy for handling new route - claims (for example, to allow or deny claims across namespaces). - \n If empty, defaults will be applied. See specific routeAdmission - fields for details about their defaults." - properties: - namespaceOwnership: - description: "namespaceOwnership describes how host name claims - across namespaces should be handled. \n Value must be one of: - \n - Strict: Do not allow routes in different namespaces to - claim the same host. \n - InterNamespaceAllowed: Allow routes - to claim different paths of the same host name across namespaces. - \n If empty, the default is Strict." - enum: - - InterNamespaceAllowed - - Strict - type: string - wildcardPolicy: - description: "wildcardPolicy describes how routes with wildcard - policies should be handled for the ingress controller. WildcardPolicy - controls use of routes [1] exposed by the ingress controller - based on the route's wildcard policy. \n [1] https://github.com/openshift/api/blob/master/route/v1/types.go - \n Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed - will cause admitted routes with a wildcard policy of Subdomain - to stop working. These routes must be updated to a wildcard - policy of None to be readmitted by the ingress controller. \n - WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed - values. \n If empty, defaults to \"WildcardsDisallowed\"." - enum: - - WildcardsAllowed - - WildcardsDisallowed - type: string - type: object - routeSelector: - description: "routeSelector is used to filter the set of Routes serviced - by the ingress controller. This is useful for implementing shards. - \n If unset, the default is no filtering." - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections - for ingresscontrollers. \n If unset, the default is based on the - apiservers.config.openshift.io/cluster resource. \n Note that when - using the Old, Intermediate, and Modern profile types, the effective - profile configuration is subject to change between releases. For - example, given a specification to use the Intermediate profile deployed - on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new - profile configuration to be applied to the ingress controller, resulting - in a rollout." - properties: - custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - minTLSVersion: VersionTLS11" - nullable: true - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators - may remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - items: - type: string - type: array - minTLSVersion: - description: "minTLSVersion is used to specify the minimal - version of the TLS protocol that is negotiated during the - TLS handshake. For example, to use TLS versions 1.1, 1.2 - and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: - currently the highest minTLSVersion allowed is VersionTLS12" - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: "intermediate is a TLS security profile based on: - \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12" - nullable: true - type: object - modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: - VersionTLS13 \n NOTE: Currently unsupported." - nullable: true - type: object - old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10" - nullable: true - type: object - type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found - to be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - tuningOptions: - anyOf: - - properties: - maxConnections: - enum: - - -1 - - 0 - - properties: - maxConnections: - format: int32 - maximum: 2000000 - minimum: 2000 - description: "tuningOptions defines parameters for adjusting the performance - of ingress controller pods. All fields are optional and will use - their respective defaults if not set. See specific tuningOptions - fields for more details. \n Setting fields within tuningOptions - is generally not recommended. The default values are suitable for - most configurations." - properties: - clientFinTimeout: - description: "clientFinTimeout defines how long a connection will - be held open while waiting for the client response to the server/backend - closing the connection. \n If unset, the default timeout is - 1s" - format: duration - type: string - clientTimeout: - description: "clientTimeout defines how long a connection will - be held open while waiting for a client response. \n If unset, - the default timeout is 30s" - format: duration - type: string - headerBufferBytes: - description: "headerBufferBytes describes how much memory should - be reserved (in bytes) for IngressController connection sessions. - Note that this value must be at least 16384 if HTTP/2 is enabled - for the IngressController (https://tools.ietf.org/html/rfc7540). - If this field is empty, the IngressController will use a default - value of 32768 bytes. \n Setting this field is generally not - recommended as headerBufferBytes values that are too small may - break the IngressController and headerBufferBytes values that - are too large could cause the IngressController to use significantly - more memory than necessary." - format: int32 - minimum: 16384 - type: integer - headerBufferMaxRewriteBytes: - description: "headerBufferMaxRewriteBytes describes how much memory - should be reserved (in bytes) from headerBufferBytes for HTTP - header rewriting and appending for IngressController connection - sessions. Note that incoming HTTP requests will be limited to - (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning - headerBufferBytes must be greater than headerBufferMaxRewriteBytes. - If this field is empty, the IngressController will use a default - value of 8192 bytes. \n Setting this field is generally not - recommended as headerBufferMaxRewriteBytes values that are too - small may break the IngressController and headerBufferMaxRewriteBytes - values that are too large could cause the IngressController - to use significantly more memory than necessary." - format: int32 - minimum: 4096 - type: integer - healthCheckInterval: - description: "healthCheckInterval defines how long the router - waits between two consecutive health checks on its configured - backends. This value is applied globally as a default for all - routes, but may be overridden per-route by the route annotation - \"router.openshift.io/haproxy.health.check.interval\". \n Expects - an unsigned duration string of decimal numbers, each with optional - fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". - Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" - U+03BC), \"ms\", \"s\", \"m\", \"h\". \n Setting this to less - than 5s can cause excess traffic due to too frequent TCP health - checks and accompanying SYN packet storms. Alternatively, setting - this too high can result in increased latency, due to backend - servers that are no longer available, but haven't yet been detected - as such. \n An empty or zero healthCheckInterval means no opinion - and IngressController chooses a default, which is subject to - change over time. Currently the default healthCheckInterval - value is 5s. \n Currently the minimum allowed value is 1s and - the maximum allowed value is 2147483647ms (24.85 days). Both - are subject to change over time." - pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ - type: string - maxConnections: - description: "maxConnections defines the maximum number of simultaneous - connections that can be established per HAProxy process. Increasing - this value allows each ingress controller pod to handle more - connections but at the cost of additional system resources being - consumed. \n Permitted values are: empty, 0, -1, and the range - 2000-2000000. \n If this field is empty or 0, the IngressController - will use the default value of 50000, but the default is subject - to change in future releases. \n If the value is -1 then HAProxy - will dynamically compute a maximum value based on the available - ulimits in the running container. Selecting -1 (i.e., auto) - will result in a large value being computed (~520000 on OpenShift - >=4.10 clusters) and therefore each HAProxy process will incur - significant memory usage compared to the current default of - 50000. \n Setting a value that is greater than the current operating - system limit will prevent the HAProxy process from starting. - \n If you choose a discrete value (e.g., 750000) and the router - pod is migrated to a new node, there's no guarantee that that - new node has identical ulimits configured. In such a scenario - the pod would fail to start. If you have nodes with different - ulimits configured (e.g., different tuned profiles) and you - choose a discrete value then the guidance is to use -1 and let - the value be computed dynamically at runtime. \n You can monitor - memory usage for router containers with the following metric: - 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'. - \n You can monitor memory usage of individual HAProxy processes - in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'." - format: int32 - type: integer - reloadInterval: - description: "reloadInterval defines the minimum interval at which - the router is allowed to reload to accept new changes. Increasing - this value can prevent the accumulation of HAProxy processes, - depending on the scenario. Increasing this interval can also - lessen load imbalance on a backend's servers when using the - roundrobin balancing algorithm. Alternatively, decreasing this - value may decrease latency since updates to HAProxy's configuration - can take effect more quickly. \n The value must be a time duration - value; see . Currently, - the minimum value allowed is 1s, and the maximum allowed value - is 120s. Minimum and maximum allowed values may change in future - versions of OpenShift. Note that if a duration outside of these - bounds is provided, the value of reloadInterval will be capped/floored - and not rejected (e.g. a duration of over 120s will be capped - to 120s; the IngressController will not reject and replace this - disallowed value with the default). \n A zero value for reloadInterval - tells the IngressController to choose the default, which is - currently 5s and subject to change without notice. \n This field - expects an unsigned duration string of decimal numbers, each - with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" - or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" - U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\". \n Note: - Setting a value significantly larger than the default of 5s - can cause latency in observing updates to routes and their endpoints. - HAProxy's configuration will be reloaded less frequently, and - newly created routes will not be served until the subsequent - reload." - pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ - type: string - serverFinTimeout: - description: "serverFinTimeout defines how long a connection will - be held open while waiting for the server/backend response to - the client closing the connection. \n If unset, the default - timeout is 1s" - format: duration - type: string - serverTimeout: - description: "serverTimeout defines how long a connection will - be held open while waiting for a server/backend response. \n - If unset, the default timeout is 30s" - format: duration - type: string - threadCount: - description: "threadCount defines the number of threads created - per HAProxy process. Creating more threads allows each ingress - controller pod to handle more connections, at the cost of more - system resources being used. HAProxy currently supports up to - 64 threads. If this field is empty, the IngressController will - use the default value. The current default is 4 threads, but - this may change in future releases. \n Setting this field is - generally not recommended. Increasing the number of HAProxy - threads allows ingress controller pods to utilize more CPU time - under load, potentially starving other pods if set too high. - Reducing the number of threads may cause the ingress controller - to perform poorly." - format: int32 - maximum: 64 - minimum: 1 - type: integer - tlsInspectDelay: - description: "tlsInspectDelay defines how long the router can - hold data to find a matching route. \n Setting this too short - can cause the router to fall back to the default certificate - for edge-terminated or reencrypt routes even when a better matching - certificate could be used. \n If unset, the default inspect - delay is 5s" - format: duration - type: string - tunnelTimeout: - description: "tunnelTimeout defines how long a tunnel connection - (including websockets) will be held open while the tunnel is - idle. \n If unset, the default timeout is 1h" - format: duration - type: string - type: object - unsupportedConfigOverrides: - description: unsupportedConfigOverrides allows specifying unsupported - configuration options. Its use is unsupported. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the IngressController. - properties: - availableReplicas: - description: availableReplicas is number of observed available replicas - according to the ingress controller deployment. - format: int32 - type: integer - conditions: - description: "conditions is a list of conditions and their status. - \n Available means the ingress controller deployment is available - and servicing route and ingress resources (i.e, .status.availableReplicas - equals .spec.replicas) \n There are additional conditions which - indicate the status of other ingress controller features and capabilities. - \n * LoadBalancerManaged - True if the following conditions are - met: * The endpoint publishing strategy requires a service load - balancer. - False if any of those conditions are unsatisfied. \n - * LoadBalancerReady - True if the following conditions are met: - * A load balancer is managed. * The load balancer is ready. - False - if any of those conditions are unsatisfied. \n * DNSManaged - True - if the following conditions are met: * The endpoint publishing strategy - and platform support DNS. * The ingress controller domain is set. - * dns.config.openshift.io/cluster configures DNS zones. - False - if any of those conditions are unsatisfied. \n * DNSReady - True - if the following conditions are met: * DNS is managed. * DNS records - have been successfully created. - False if any of those conditions - are unsatisfied." - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - domain: - description: domain is the actual domain in use. - type: string - endpointPublishingStrategy: - description: endpointPublishingStrategy is the actual strategy in - use. - properties: - hostNetwork: - description: hostNetwork holds parameters for the HostNetwork - endpoint publishing strategy. Present only if type is HostNetwork. - properties: - httpPort: - default: 80 - description: httpPort is the port on the host which should - be used to listen for HTTP requests. This field should be - set when port 80 is already in use. The value should not - coincide with the NodePort range of the cluster. When the - value is 0 or is not specified it defaults to 80. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - httpsPort: - default: 443 - description: httpsPort is the port on the host which should - be used to listen for HTTPS requests. This field should - be set when port 443 is already in use. The value should - not coincide with the NodePort range of the cluster. When - the value is 0 or is not specified it defaults to 443. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY - protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." - enum: - - "" - - TCP - - PROXY - type: string - statsPort: - default: 1936 - description: statsPort is the port on the host where the stats - from the router are published. The value should not coincide - with the NodePort range of the cluster. If an external load - balancer is configured to forward connections to this IngressController, - the load balancer should use this port for health checks. - The load balancer can send HTTP probes on this port on a - given node, with the path /healthz/ready to determine if - the ingress controller is ready to receive traffic on the - node. For proper operation the load balancer must not forward - traffic to a node until the health check reports ready. - The load balancer should also stop forwarding requests within - a maximum of 45 seconds after /healthz/ready starts reporting - not-ready. Probing every 5 to 10 seconds, with a 5-second - timeout and with a threshold of two successful or failed - requests to become healthy or unhealthy respectively, are - well-tested values. When the value is 0 or is not specified - it defaults to 1936. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - type: object - loadBalancer: - description: loadBalancer holds parameters for the load balancer. - Present only if type is LoadBalancerService. - properties: - allowedSourceRanges: - description: "allowedSourceRanges specifies an allowlist of - IP address ranges to which access to the load balancer should - be restricted. Each range must be specified using CIDR - notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range - is specified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 - are used by default, which allows all source addresses. - \n To facilitate migration from earlier versions of OpenShift - that did not have the allowedSourceRanges field, you may - set the service.beta.kubernetes.io/load-balancer-source-ranges - annotation on the \"router-\" service - in the \"openshift-ingress\" namespace, and this annotation - will take effect if allowedSourceRanges is empty on OpenShift - 4.12." - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - nullable: true - type: array - dnsManagementPolicy: - default: Managed - description: 'dnsManagementPolicy indicates if the lifecycle - of the wildcard DNS record associated with the load balancer - service will be managed by the ingress operator. It defaults - to Managed. Valid values are: Managed and Unmanaged.' - enum: - - Managed - - Unmanaged - type: string - providerParameters: - description: "providerParameters holds desired load balancer - information specific to the underlying infrastructure provider. - \n If empty, defaults will be applied. See specific providerParameters - fields for details about their defaults." - properties: - aws: - description: "aws provides configuration settings that - are specific to AWS load balancers. \n If empty, defaults - will be applied. See specific aws fields for details - about their defaults." - properties: - classicLoadBalancer: - description: classicLoadBalancerParameters holds configuration - parameters for an AWS classic load balancer. Present - only if type is Classic. - properties: - connectionIdleTimeout: - description: connectionIdleTimeout specifies the - maximum time period that a connection may be - idle before the load balancer closes the connection. The - value must be parseable as a time duration value; - see . A - nil or zero value means no opinion, in which - case a default value is used. The default value - for this field is 60s. This default is subject - to change. - format: duration - type: string - type: object - networkLoadBalancer: - description: networkLoadBalancerParameters holds configuration - parameters for an AWS network load balancer. Present - only if type is NLB. - type: object - type: - description: "type is the type of AWS load balancer - to instantiate for an ingresscontroller. \n Valid - values are: \n * \"Classic\": A Classic Load Balancer - that makes routing decisions at either the transport - layer (TCP/SSL) or the application layer (HTTP/HTTPS). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - \n * \"NLB\": A Network Load Balancer that makes - routing decisions at the transport layer (TCP/SSL). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" - enum: - - Classic - - NLB - type: string - required: - - type - type: object - gcp: - description: "gcp provides configuration settings that - are specific to GCP load balancers. \n If empty, defaults - will be applied. See specific gcp fields for details - about their defaults." - properties: - clientAccess: - description: "clientAccess describes how client access - is restricted for internal load balancers. \n Valid - values are: * \"Global\": Specifying an internal - load balancer with Global client access allows clients - from any region within the VPC to communicate with - the load balancer. \n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access - \n * \"Local\": Specifying an internal load balancer - with Local client access means only clients within - the same region (and VPC) as the GCP load balancer - can communicate with the load balancer. Note that - this is the default behavior. \n https://cloud.google.com/load-balancing/docs/internal#client_access" - enum: - - Global - - Local - type: string - type: object - ibm: - description: "ibm provides configuration settings that - are specific to IBM Cloud load balancers. \n If empty, - defaults will be applied. See specific ibm fields for - details about their defaults." - properties: - protocol: - description: "protocol specifies whether the load - balancer uses PROXY protocol to forward connections - to the IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: - \"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\" - \n PROXY protocol can be used with load balancers - that support it to communicate the source addresses - of client connections when forwarding those connections - to the IngressController. Using PROXY protocol - enables the IngressController to report those source - addresses instead of reporting the load balancer's - address in HTTP headers and logs. Note that enabling - PROXY protocol on the IngressController will cause - connections to fail if you are not using a load - balancer that uses PROXY protocol to forward connections - to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n Valid values - for protocol are TCP, PROXY and omitted. When omitted, - this means no opinion and the platform is left to - choose a reasonable default, which is subject to - change over time. The current default is TCP, without - the proxy protocol enabled." - enum: - - "" - - TCP - - PROXY - type: string - type: object - type: - description: type is the underlying infrastructure provider - for the load balancer. Allowed values are "AWS", "Azure", - "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and - "VSphere". - enum: - - AWS - - Azure - - BareMetal - - GCP - - Nutanix - - OpenStack - - VSphere - - IBM - type: string - required: - - type - type: object - scope: - description: scope indicates the scope at which the load balancer - is exposed. Possible values are "External" and "Internal". - enum: - - Internal - - External - type: string - required: - - dnsManagementPolicy - - scope - type: object - nodePort: - description: nodePort holds parameters for the NodePortService - endpoint publishing strategy. Present only if type is NodePortService. - properties: - protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY - protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." - enum: - - "" - - TCP - - PROXY - type: string - type: object - private: - description: private holds parameters for the Private endpoint - publishing strategy. Present only if type is Private. - properties: - protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY - protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." - enum: - - "" - - TCP - - PROXY - type: string - type: object - type: - description: "type is the publishing strategy to use. Valid values - are: \n * LoadBalancerService \n Publishes the ingress controller - using a Kubernetes LoadBalancer Service. \n In this configuration, - the ingress controller deployment uses container networking. - A LoadBalancer Service is created to publish the deployment. - \n See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - \n If domain is set, a wildcard DNS record will be managed to - point at the LoadBalancer Service's external name. DNS records - are managed only in DNS zones defined by dns.config.openshift.io/cluster - .spec.publicZone and .spec.privateZone. \n Wildcard DNS management - is currently supported only on the AWS, Azure, and GCP platforms. - \n * HostNetwork \n Publishes the ingress controller on node - ports where the ingress controller is deployed. \n In this configuration, - the ingress controller deployment uses host networking, bound - to node ports 80 and 443. The user is responsible for configuring - an external load balancer to publish the ingress controller - via the node ports. \n * Private \n Does not publish the ingress - controller. \n In this configuration, the ingress controller - deployment uses container networking, and is not explicitly - published. The user must manually publish the ingress controller. - \n * NodePortService \n Publishes the ingress controller using - a Kubernetes NodePort Service. \n In this configuration, the - ingress controller deployment uses container networking. A NodePort - Service is created to publish the deployment. The specific node - ports are dynamically allocated by OpenShift; however, to support - static port allocations, user changes to the node port field - of the managed NodePort Service will preserved." - enum: - - LoadBalancerService - - HostNetwork - - Private - - NodePortService - type: string - required: - - type - type: object - namespaceSelector: - description: namespaceSelector is the actual namespaceSelector in - use. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - observedGeneration: - description: observedGeneration is the most recent generation observed. - format: int64 - type: integer - routeSelector: - description: routeSelector is the actual routeSelector in use. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - selector: - description: selector is a label selector, in string format, for ingress - controller pods corresponding to the IngressController. The number - of matching pods should equal the value of availableReplicas. - type: string - tlsProfile: - description: tlsProfile is the TLS connection configuration that is - in effect. - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators may - remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - items: - type: string - type: array - minTLSVersion: - description: "minTLSVersion is used to specify the minimal version - of the TLS protocol that is negotiated during the TLS handshake. - For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n - minTLSVersion: VersionTLS11 \n NOTE: currently the highest minTLSVersion - allowed is VersionTLS12" - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.availableReplicas - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-patch deleted file mode 100644 index f9336304f8..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-patch +++ /dev/null @@ -1,32 +0,0 @@ -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/logging/properties/access/properties/destination/properties/syslog/oneOf - value: - - properties: - address: - format: ipv4 - - properties: - address: - format: ipv6 -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/tuningOptions/anyOf - # We explicitly choose anyOf to allow: - # - # - the enum - # - the range - # - and null - # - # If we specify oneOf that only allows for one of 'the enum' or 'the - # range'. Anything outside of that is invalid. However, we want to - # allow 'null' because maxConnections is an optional field. Using - # anyOf allows for 'the enum', 'the range', or 'null'. By allowing - # 'null' we provide a consistent user experience given that there - # are other optional integer fields in tuningOptions. - value: - - properties: - maxConnections: - enum: [ -1, 0 ] - - properties: - maxConnections: - format: int32 - minimum: 2000 - maximum: 2000000 diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_insights-operator_00-insightsoperator.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_insights-operator_00-insightsoperator.crd.yaml deleted file mode 100644 index aa6612045f..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_insights-operator_00-insightsoperator.crd.yaml +++ /dev/null @@ -1,350 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1237 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: insightsoperators.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: InsightsOperator - listKind: InsightsOperatorList - plural: insightsoperators - singular: insightsoperator - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "InsightsOperator holds cluster-wide information about the Insights - Operator. \n Compatibility level 1: Stable within a major release for a - minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Insights. - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the Insights - operator. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - gatherStatus: - description: gatherStatus provides basic information about the last - Insights data gathering. When omitted, this means no data gathering - has taken place yet. - properties: - gatherers: - description: gatherers is a list of active gatherers (and their - statuses) in the last gathering. - items: - description: gathererStatus represents information about a particular - data gatherer. - properties: - conditions: - description: conditions provide details on the status of - each gatherer. - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This - struct is intended for direct use as an array at the - field path .status.conditions. For example, \n type - FooStatus struct{ // Represents the observations of - a foo's current state. // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\" - // +patchMergeKey=type // +patchStrategy=merge // +listType=map - // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the - API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the - .status.conditions[x].observedGeneration is 9, the - condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define - expected values and meanings for this field, and - whether the values are considered a guaranteed API. - The value should be a CamelCase string. This field - may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, - False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in - foo.example.com/CamelCase. --- Many .condition.type - values are consistent across resources like Available, - but because arbitrary conditions can be useful (see - .node.status.conditions), the ability to deconflict - is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - minItems: 1 - type: array - x-kubernetes-list-type: atomic - lastGatherDuration: - description: lastGatherDuration represents the time spent - gathering. - pattern: ^([1-9][0-9]*(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - type: string - name: - description: name is the name of the gatherer. - maxLength: 256 - minLength: 5 - type: string - required: - - conditions - - lastGatherDuration - - name - type: object - type: array - x-kubernetes-list-type: atomic - lastGatherDuration: - description: lastGatherDuration is the total time taken to process - all gatherers during the last gather event. - pattern: ^0|([1-9][0-9]*(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - type: string - lastGatherTime: - description: lastGatherTime is the last time when Insights data - gathering finished. An empty value means that no data has been - gathered yet. - format: date-time - type: string - type: object - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - insightsReport: - description: insightsReport provides general Insights analysis results. - When omitted, this means no data gathering has taken place yet. - properties: - downloadedAt: - description: downloadedAt is the time when the last Insights report - was downloaded. An empty value means that there has not been - any Insights report downloaded yet and it usually appears in - disconnected clusters (or clusters when the Insights data gathering - is disabled). - format: date-time - type: string - healthChecks: - description: healthChecks provides basic information about active - Insights health checks in a cluster. - items: - description: healthCheck represents an Insights health check - attributes. - properties: - advisorURI: - description: advisorURI provides the URL link to the Insights - Advisor. - pattern: ^https:\/\/\S+ - type: string - description: - description: description provides basic description of the - healtcheck. - maxLength: 2048 - minLength: 10 - type: string - state: - description: state determines what the current state of - the health check is. Health check is enabled by default - and can be disabled by the user in the Insights advisor - user interface. - enum: - - Enabled - - Disabled - type: string - totalRisk: - description: totalRisk of the healthcheck. Indicator of - the total risk posed by the detected issue; combination - of impact and likelihood. The values can be from 1 to - 4, and the higher the number, the more important the issue. - format: int32 - maximum: 4 - minimum: 1 - type: integer - required: - - advisorURI - - description - - state - - totalRisk - type: object - type: array - x-kubernetes-list-type: atomic - type: object - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.availableReplicas - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml deleted file mode 100644 index 32f24d23aa..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml +++ /dev/null @@ -1,167 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: servicecas.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: ServiceCA - listKind: ServiceCAList - plural: servicecas - singular: serviceca - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ServiceCA provides information to configure an operator to manage - the service cert controllers \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-CustomNoUpgrade.crd.yaml deleted file mode 100644 index bd518eca55..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,890 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: networks.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: Network - listKind: NetworkList - plural: networks - singular: network - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Network describes the cluster's desired network configuration. - It is consumed by the cluster-network-operator. \n Compatibility level 1: - Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NetworkSpec is the top-level network configuration object. - properties: - additionalNetworks: - description: additionalNetworks is a list of extra networks to make - available to pods when multiple networks are enabled. - items: - description: AdditionalNetworkDefinition configures an extra network - that is available but not created by default. Instead, pods must - request them by name. type must be specified, along with exactly - one "Config" that matches the type. - properties: - name: - description: name is the name of the network. This will be populated - in the resulting CRD This must be unique. - type: string - namespace: - description: namespace is the namespace of the network. This - will be populated in the resulting CRD If not given the network - will be created in the default namespace. - type: string - rawCNIConfig: - description: rawCNIConfig is the raw CNI configuration json - to create in the NetworkAttachmentDefinition CRD - type: string - simpleMacvlanConfig: - description: SimpleMacvlanConfig configures the macvlan interface - in case of type:NetworkTypeSimpleMacvlan - properties: - ipamConfig: - description: IPAMConfig configures IPAM module will be used - for IP Address Management (IPAM). - properties: - staticIPAMConfig: - description: StaticIPAMConfig configures the static - IP address in case of type:IPAMTypeStatic - properties: - addresses: - description: Addresses configures IP address for - the interface - items: - description: StaticIPAMAddresses provides IP address - and Gateway for static IPAM addresses - properties: - address: - description: Address is the IP address in - CIDR format - type: string - gateway: - description: Gateway is IP inside of subnet - to designate as the gateway - type: string - type: object - type: array - dns: - description: DNS configures DNS for the interface - properties: - domain: - description: Domain configures the domainname - the local domain used for short hostname lookups - type: string - nameservers: - description: Nameservers points DNS servers - for IP lookup - items: - type: string - type: array - search: - description: Search configures priority ordered - search domains for short hostname lookups - items: - type: string - type: array - type: object - routes: - description: Routes configures IP routes for the - interface - items: - description: StaticIPAMRoutes provides Destination/Gateway - pairs for static IPAM routes - properties: - destination: - description: Destination points the IP route - destination - type: string - gateway: - description: Gateway is the route's next-hop - IP address If unset, a default gateway is - assumed (as determined by the CNI plugin). - type: string - type: object - type: array - type: object - type: - description: Type is the type of IPAM module will be - used for IP Address Management(IPAM). The supported - values are IPAMTypeDHCP, IPAMTypeStatic - type: string - type: object - master: - description: master is the host interface to create the - macvlan interface from. If not specified, it will be default - route interface - type: string - mode: - description: 'mode is the macvlan mode: bridge, private, - vepa, passthru. The default is bridge' - type: string - mtu: - description: mtu is the mtu to use for the macvlan interface. - if unset, host's kernel will select the value. - format: int32 - minimum: 0 - type: integer - type: object - type: - description: type is the type of network The supported values - are NetworkTypeRaw, NetworkTypeSimpleMacvlan - type: string - type: object - type: array - clusterNetwork: - description: clusterNetwork is the IP address pool to use for pod - IPs. Some network providers, e.g. OpenShift SDN, support multiple - ClusterNetworks. Others only support one. This is equivalent to - the cluster-cidr. - items: - description: ClusterNetworkEntry is a subnet from which to allocate - PodIPs. A network of size HostPrefix (in CIDR notation) will be - allocated when nodes join the cluster. If the HostPrefix field - is not used by the plugin, it can be left unset. Not all network - providers support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - defaultNetwork: - description: defaultNetwork is the "default" network that all pods - will receive - properties: - openshiftSDNConfig: - description: openShiftSDNConfig configures the openshift-sdn plugin - properties: - enableUnidling: - description: enableUnidling controls whether or not the service - proxy will support idling and unidling of services. By default, - unidling is enabled. - type: boolean - mode: - description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" - type: string - mtu: - description: mtu is the mtu to use for the tunnel interface. - Defaults to 1450 if unset. This must be 50 bytes smaller - than the machine's uplink. - format: int32 - minimum: 0 - type: integer - useExternalOpenvswitch: - description: 'useExternalOpenvswitch used to control whether - the operator would deploy an OVS DaemonSet itself or expect - someone else to start OVS. As of 4.6, OVS is always run - as a system service, and this flag is ignored. DEPRECATED: - non-functional as of 4.6' - type: boolean - vxlanPort: - description: vxlanPort is the port to use for all vxlan packets. - The default is 4789. - format: int32 - minimum: 0 - type: integer - type: object - ovnKubernetesConfig: - description: ovnKubernetesConfig configures the ovn-kubernetes - plugin. - properties: - egressIPConfig: - description: egressIPConfig holds the configuration for EgressIP - options. - properties: - reachabilityTotalTimeoutSeconds: - description: reachabilityTotalTimeout configures the EgressIP - node reachability check total timeout in seconds. If - the EgressIP node cannot be reached within this timeout, - the node is declared down. Setting a large value may - cause the EgressIP feature to react slowly to node changes. - In particular, it may react slowly for EgressIP nodes - that really have a genuine problem and are unreachable. - When omitted, this means the user has no opinion and - the platform is left to choose a reasonable default, - which is subject to change over time. The current default - is 1 second. A value of 0 disables the EgressIP node's - reachability check. - format: int32 - maximum: 60 - minimum: 0 - type: integer - type: object - gatewayConfig: - description: gatewayConfig holds the configuration for node - gateway options. - properties: - ipForwarding: - description: IPForwarding controls IP forwarding for all - traffic on OVN-Kubernetes managed interfaces (such as - br-ex). By default this is set to Restricted, and Kubernetes - related traffic is still forwarded appropriately, but - other IP traffic will not be routed by the OCP node. - If there is a desire to allow the host to forward traffic - across OVN-Kubernetes managed interfaces, then set this - field to "Global". The supported values are "Restricted" - and "Global". - type: string - ipv4: - description: ipv4 allows users to configure IP settings - for IPv4 connections. When omitted, this means no opinion - and the default configuration is used. Check individual - members fields within ipv4 for details of default values. - properties: - internalMasqueradeSubnet: - description: internalMasqueradeSubnet contains the - masquerade addresses in IPV4 CIDR format used internally - by ovn-kubernetes to enable host to service traffic. - Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge - interface. The values can be changed after installation. - The subnet chosen should not overlap with other - networks specified for OVN-Kubernetes as well as - other networks used on the host. Additionally the - subnet must be large enough to accommodate 6 IPs - (maximum prefix length /29). When omitted, this - means no opinion and the platform is left to choose - a reasonable default which is subject to change - over time. The current default subnet is 169.254.169.0/29 - The value must be in proper IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: CIDR format must contain exactly one '/' - rule: self.indexOf('/') == self.lastIndexOf('/') - - message: subnet must be in the range /0 to /29 inclusive - rule: '[int(self.split(''/'')[1])].all(x, x <= 29 - && x >= 0)' - - message: a valid IPv4 address must contain 4 octets - rule: self.split('/')[0].split('.').size() == 4 - - message: first IP address octet must not contain - leading zeros, must be greater than 0 and less - or equal to 255 - rule: '[self.findAll(''[0-9]+'')[0]].all(x, x != - ''0'' && int(x) <= 255 && !x.startsWith(''0''))' - - message: IP address octets must not contain leading - zeros, and must be less or equal to 255 - rule: '[self.findAll(''[0-9]+'')[1], self.findAll(''[0-9]+'')[2], - self.findAll(''[0-9]+'')[3]].all(x, int(x) <= - 255 && (x == ''0'' || !x.startsWith(''0'')))' - type: object - ipv6: - description: ipv6 allows users to configure IP settings - for IPv6 connections. When omitted, this means no opinion - and the default configuration is used. Check individual - members fields within ipv6 for details of default values. - properties: - internalMasqueradeSubnet: - description: internalMasqueradeSubnet contains the - masquerade addresses in IPV6 CIDR format used internally - by ovn-kubernetes to enable host to service traffic. - Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge - interface. The values can be changed after installation. - The subnet chosen should not overlap with other - networks specified for OVN-Kubernetes as well as - other networks used on the host. Additionally the - subnet must be large enough to accommodate 6 IPs - (maximum prefix length /125). When omitted, this - means no opinion and the platform is left to choose - a reasonable default which is subject to change - over time. The current default subnet is fd69::/125 - Note that IPV6 dual addresses are not permitted - type: string - x-kubernetes-validations: - - message: CIDR format must contain exactly one '/' - rule: self.indexOf('/') == self.lastIndexOf('/') - - message: subnet must be in the range /0 to /125 - inclusive - rule: self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, - x <= 125 && x >= 0) - - message: IPv6 addresses must contain at most one - '::' and may only be shortened once - rule: self.indexOf('::') == self.lastIndexOf('::') - - message: a valid IPv6 address must contain 8 segments - unless elided (::), in which case it must contain - at most 6 non-empty segments - rule: 'self.contains(''::'') ? self.split(''/'')[0].split('':'').size() - <= 8 : self.split(''/'')[0].split('':'').size() - == 8' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 1 - rule: 'self.split(''/'')[0].split('':'').size() - >=1 ? [self.split(''/'')[0].split('':'', 8)[0]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 2 - rule: 'self.split(''/'')[0].split('':'').size() - >=2 ? [self.split(''/'')[0].split('':'', 8)[1]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 3 - rule: 'self.split(''/'')[0].split('':'').size() - >=3 ? [self.split(''/'')[0].split('':'', 8)[2]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 4 - rule: 'self.split(''/'')[0].split('':'').size() - >=4 ? [self.split(''/'')[0].split('':'', 8)[3]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 5 - rule: 'self.split(''/'')[0].split('':'').size() - >=5 ? [self.split(''/'')[0].split('':'', 8)[4]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 6 - rule: 'self.split(''/'')[0].split('':'').size() - >=6 ? [self.split(''/'')[0].split('':'', 8)[5]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 7 - rule: 'self.split(''/'')[0].split('':'').size() - >=7 ? [self.split(''/'')[0].split('':'', 8)[6]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 8 - rule: 'self.split(''/'')[0].split('':'').size() - >=8 ? [self.split(''/'')[0].split('':'', 8)[7]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: IPv6 dual addresses are not permitted, - value should not contain `.` characters - rule: '!self.contains(''.'')' - type: object - routingViaHost: - default: false - description: RoutingViaHost allows pod egress traffic - to exit via the ovn-k8s-mp0 management port into the - host before sending it out. If this is not set, traffic - will always egress directly from OVN to outside without - touching the host stack. Setting this to true means - hardware offload will not be supported. Default is false - if GatewayConfig is specified. - type: boolean - type: object - genevePort: - description: geneve port is the UDP port to be used by geneve - encapulation. Default is 6081 - format: int32 - minimum: 1 - type: integer - hybridOverlayConfig: - description: HybridOverlayConfig configures an additional - overlay network for peers that are not using OVN. - properties: - hybridClusterNetwork: - description: HybridClusterNetwork defines a network space - given to nodes on an additional overlay network. - items: - description: ClusterNetworkEntry is a subnet from which - to allocate PodIPs. A network of size HostPrefix (in - CIDR notation) will be allocated when nodes join the - cluster. If the HostPrefix field is not used by the - plugin, it can be left unset. Not all network providers - support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - hybridOverlayVXLANPort: - description: HybridOverlayVXLANPort defines the VXLAN - port number to be used by the additional overlay network. - Default is 4789 - format: int32 - type: integer - type: object - ipsecConfig: - default: - mode: Disabled - description: ipsecConfig enables and configures IPsec for - pods on the pod network within the cluster. - properties: - mode: - description: mode defines the behaviour of the ipsec configuration - within the platform. Valid values are `Disabled`, `External` - and `Full`. When 'Disabled', ipsec will not be enabled - at the node level. When 'External', ipsec is enabled - on the node level but requires the user to configure - the secure communication parameters. This mode is for - external secure communications and the configuration - can be done using the k8s-nmstate operator. When 'Full', - ipsec is configured on the node level and inter-pod - secure communication within the cluster is configured. - Note with `Full`, if ipsec is desired for communication - with external (to the cluster) entities (such as storage - arrays), this is left to the user to configure. - enum: - - Disabled - - External - - Full - type: string - type: object - x-kubernetes-validations: - - message: ipsecConfig.mode is required - rule: self == oldSelf || has(self.mode) - mtu: - description: mtu is the MTU to use for the tunnel interface. - This must be 100 bytes smaller than the uplink mtu. Default - is 1400 - format: int32 - minimum: 0 - type: integer - policyAuditConfig: - description: policyAuditConfig is the configuration for network - policy audit events. If unset, reported defaults are used. - properties: - destination: - default: "null" - description: 'destination is the location for policy log - messages. Regardless of this config, persistent logs - will always be dumped to the host at /var/log/ovn/ however - Additionally syslog output may be configured as follows. - Valid values are: - "libc" -> to use the libc syslog() - function of the host node''s journdald process - "udp:host:port" - -> for sending syslog over UDP - "unix:file" -> for - using the UNIX domain socket directly - "null" -> to - discard all messages logged to syslog The default is - "null"' - type: string - maxFileSize: - default: 50 - description: maxFilesSize is the max size an ACL_audit - log file is allowed to reach before rotation occurs - Units are in MB and the Default is 50MB - format: int32 - minimum: 1 - type: integer - maxLogFiles: - default: 5 - description: maxLogFiles specifies the maximum number - of ACL_audit log files that can be present. - format: int32 - minimum: 1 - type: integer - rateLimit: - default: 20 - description: rateLimit is the approximate maximum number - of messages to generate per-second per-node. If unset - the default of 20 msg/sec is used. - format: int32 - minimum: 1 - type: integer - syslogFacility: - default: local0 - description: syslogFacility the RFC5424 facility for generated - messages, e.g. "kern". Default is "local0" - type: string - type: object - v4InternalSubnet: - description: v4InternalSubnet is a v4 subnet used internally - by ovn-kubernetes in case the default one is being already - used by something else. It must not overlap with any other - subnet being used by OpenShift or by the node network. The - size of the subnet must be larger than the number of nodes. - The value cannot be changed after installation. Default - is 100.64.0.0/16 - type: string - v6InternalSubnet: - description: v6InternalSubnet is a v6 subnet used internally - by ovn-kubernetes in case the default one is being already - used by something else. It must not overlap with any other - subnet being used by OpenShift or by the node network. The - size of the subnet must be larger than the number of nodes. - The value cannot be changed after installation. Default - is fd98::/48 - type: string - type: object - type: - description: type is the type of network All NetworkTypes are - supported except for NetworkTypeRaw - type: string - type: object - deployKubeProxy: - description: deployKubeProxy specifies whether or not a standalone - kube-proxy should be deployed by the operator. Some network providers - include kube-proxy or similar functionality. If unset, the plugin - will attempt to select the correct value, which is false when OpenShift - SDN and ovn-kubernetes are used and true otherwise. - type: boolean - disableMultiNetwork: - description: disableMultiNetwork specifies whether or not multiple - pod network support should be disabled. If unset, this property - defaults to 'false' and multiple network support is enabled. - type: boolean - disableNetworkDiagnostics: - default: false - description: disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck - CRs from a test pod to every node, apiserver and LB should be disabled - or not. If unset, this property defaults to 'false' and network - diagnostics is enabled. Setting this to 'true' would reduce the - additional load of the pods performing the checks. - type: boolean - exportNetworkFlows: - description: exportNetworkFlows enables and configures the export - of network flow metadata from the pod network by using protocols - NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes - plugin. If unset, flows will not be exported to any collector. - properties: - ipfix: - description: ipfix defines IPFIX configuration. - properties: - collectors: - description: ipfixCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - netFlow: - description: netFlow defines the NetFlow configuration. - properties: - collectors: - description: netFlow defines the NetFlow collectors that will - consume the flow data exported from OVS. It is a list of - strings formatted as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - sFlow: - description: sFlow defines the SFlow configuration. - properties: - collectors: - description: sFlowCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - type: object - kubeProxyConfig: - description: kubeProxyConfig lets us configure desired proxy configuration. - If not specified, sensible defaults will be chosen by OpenShift - directly. Not consumed by all network providers - currently only - openshift-sdn. - properties: - bindAddress: - description: The address to "bind" on Defaults to 0.0.0.0 - type: string - iptablesSyncPeriod: - description: 'An internal kube-proxy parameter. In older releases - of OCP, this sometimes needed to be adjusted in large clusters - for performance reasons, but this is no longer necessary, and - there is no reason to change this from the default value. Default: - 30s' - type: string - proxyArguments: - additionalProperties: - description: ProxyArgumentList is a list of arguments to pass - to the kubeproxy process - items: - type: string - type: array - description: Any additional arguments to pass to the kubeproxy - process - type: object - type: object - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - migration: - description: migration enables and configures the cluster network - migration. The migration procedure allows to change the network - type and the MTU. - properties: - features: - description: features contains the features migration configuration. - Set this to migrate feature configuration when changing the - cluster default network provider. if unset, the default operation - is to migrate all the configuration of supported features. - properties: - egressFirewall: - default: true - description: egressFirewall specifies whether or not the Egress - Firewall configuration is migrated automatically when changing - the cluster default network provider. If unset, this property - defaults to 'true' and Egress Firewall configure is migrated. - type: boolean - egressIP: - default: true - description: egressIP specifies whether or not the Egress - IP configuration is migrated automatically when changing - the cluster default network provider. If unset, this property - defaults to 'true' and Egress IP configure is migrated. - type: boolean - multicast: - default: true - description: multicast specifies whether or not the multicast - configuration is migrated automatically when changing the - cluster default network provider. If unset, this property - defaults to 'true' and multicast configure is migrated. - type: boolean - type: object - mode: - description: mode indicates the mode of network migration. The - supported values are "Live", "Offline" and omitted. A "Live" - migration operation will not cause service interruption by migrating - the CNI of each node one by one. The cluster network will work - as normal during the network migration. An "Offline" migration - operation will cause service interruption. During an "Offline" - migration, two rounds of node reboots are required. The cluster - network will be malfunctioning during the network migration. - When omitted, this means no opinion and the platform is left - to choose a reasonable default which is subject to change over - time. The current default value is "Offline". - enum: - - Live - - Offline - - "" - type: string - mtu: - description: mtu contains the MTU migration configuration. Set - this to allow changing the MTU values for the default network. - If unset, the operation of changing the MTU for the default - network will be rejected. - properties: - machine: - description: machine contains MTU migration configuration - for the machine's uplink. Needs to be migrated along with - the default network MTU unless the current uplink MTU already - accommodates the default network MTU. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: network contains information about MTU migration - for the default network. Migrations are only allowed to - MTU values lower than the machine's uplink MTU by the minimum - appropriate offset. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - networkType: - description: networkType is the target type of network migration. - Set this to the target network type to allow changing the default - network. If unset, the operation of changing cluster default - network plugin will be rejected. The supported values are OpenShiftSDN, - OVNKubernetes - type: string - type: object - x-kubernetes-validations: - - message: networkType migration in mode other than 'Live' may not - be configured at the same time as mtu migration - rule: '!has(self.mtu) || !has(self.networkType) || self.networkType - == '''' || has(self.mode) && self.mode == ''Live''' - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - serviceNetwork: - description: serviceNetwork is the ip address pool to use for Service - IPs Currently, all existing network providers only support a single - value here, but this is an array to allow for growth. - items: - type: string - type: array - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - useMultiNetworkPolicy: - description: useMultiNetworkPolicy enables a controller which allows - for MultiNetworkPolicy objects to be used on additional networks - as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy - objects, but NetworkPolicy objects only apply to the primary interface. - With MultiNetworkPolicy, you can control the traffic that a pod - can receive over the secondary interfaces. If unset, this property - defaults to 'false' and MultiNetworkPolicy objects are ignored. - If 'disableMultiNetwork' is 'true' then the value of this field - is ignored. - type: boolean - type: object - status: - description: NetworkStatus is detailed operator status, which is distilled - up to the Network clusteroperator object. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-Default.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-Default.crd.yaml deleted file mode 100644 index f9c413638d..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-Default.crd.yaml +++ /dev/null @@ -1,885 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - name: networks.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: Network - listKind: NetworkList - plural: networks - singular: network - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Network describes the cluster's desired network configuration. - It is consumed by the cluster-network-operator. \n Compatibility level 1: - Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NetworkSpec is the top-level network configuration object. - properties: - additionalNetworks: - description: additionalNetworks is a list of extra networks to make - available to pods when multiple networks are enabled. - items: - description: AdditionalNetworkDefinition configures an extra network - that is available but not created by default. Instead, pods must - request them by name. type must be specified, along with exactly - one "Config" that matches the type. - properties: - name: - description: name is the name of the network. This will be populated - in the resulting CRD This must be unique. - type: string - namespace: - description: namespace is the namespace of the network. This - will be populated in the resulting CRD If not given the network - will be created in the default namespace. - type: string - rawCNIConfig: - description: rawCNIConfig is the raw CNI configuration json - to create in the NetworkAttachmentDefinition CRD - type: string - simpleMacvlanConfig: - description: SimpleMacvlanConfig configures the macvlan interface - in case of type:NetworkTypeSimpleMacvlan - properties: - ipamConfig: - description: IPAMConfig configures IPAM module will be used - for IP Address Management (IPAM). - properties: - staticIPAMConfig: - description: StaticIPAMConfig configures the static - IP address in case of type:IPAMTypeStatic - properties: - addresses: - description: Addresses configures IP address for - the interface - items: - description: StaticIPAMAddresses provides IP address - and Gateway for static IPAM addresses - properties: - address: - description: Address is the IP address in - CIDR format - type: string - gateway: - description: Gateway is IP inside of subnet - to designate as the gateway - type: string - type: object - type: array - dns: - description: DNS configures DNS for the interface - properties: - domain: - description: Domain configures the domainname - the local domain used for short hostname lookups - type: string - nameservers: - description: Nameservers points DNS servers - for IP lookup - items: - type: string - type: array - search: - description: Search configures priority ordered - search domains for short hostname lookups - items: - type: string - type: array - type: object - routes: - description: Routes configures IP routes for the - interface - items: - description: StaticIPAMRoutes provides Destination/Gateway - pairs for static IPAM routes - properties: - destination: - description: Destination points the IP route - destination - type: string - gateway: - description: Gateway is the route's next-hop - IP address If unset, a default gateway is - assumed (as determined by the CNI plugin). - type: string - type: object - type: array - type: object - type: - description: Type is the type of IPAM module will be - used for IP Address Management(IPAM). The supported - values are IPAMTypeDHCP, IPAMTypeStatic - type: string - type: object - master: - description: master is the host interface to create the - macvlan interface from. If not specified, it will be default - route interface - type: string - mode: - description: 'mode is the macvlan mode: bridge, private, - vepa, passthru. The default is bridge' - type: string - mtu: - description: mtu is the mtu to use for the macvlan interface. - if unset, host's kernel will select the value. - format: int32 - minimum: 0 - type: integer - type: object - type: - description: type is the type of network The supported values - are NetworkTypeRaw, NetworkTypeSimpleMacvlan - type: string - type: object - type: array - clusterNetwork: - description: clusterNetwork is the IP address pool to use for pod - IPs. Some network providers, e.g. OpenShift SDN, support multiple - ClusterNetworks. Others only support one. This is equivalent to - the cluster-cidr. - items: - description: ClusterNetworkEntry is a subnet from which to allocate - PodIPs. A network of size HostPrefix (in CIDR notation) will be - allocated when nodes join the cluster. If the HostPrefix field - is not used by the plugin, it can be left unset. Not all network - providers support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - defaultNetwork: - description: defaultNetwork is the "default" network that all pods - will receive - properties: - openshiftSDNConfig: - description: openShiftSDNConfig configures the openshift-sdn plugin - properties: - enableUnidling: - description: enableUnidling controls whether or not the service - proxy will support idling and unidling of services. By default, - unidling is enabled. - type: boolean - mode: - description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" - type: string - mtu: - description: mtu is the mtu to use for the tunnel interface. - Defaults to 1450 if unset. This must be 50 bytes smaller - than the machine's uplink. - format: int32 - minimum: 0 - type: integer - useExternalOpenvswitch: - description: 'useExternalOpenvswitch used to control whether - the operator would deploy an OVS DaemonSet itself or expect - someone else to start OVS. As of 4.6, OVS is always run - as a system service, and this flag is ignored. DEPRECATED: - non-functional as of 4.6' - type: boolean - vxlanPort: - description: vxlanPort is the port to use for all vxlan packets. - The default is 4789. - format: int32 - minimum: 0 - type: integer - type: object - ovnKubernetesConfig: - description: ovnKubernetesConfig configures the ovn-kubernetes - plugin. - properties: - egressIPConfig: - description: egressIPConfig holds the configuration for EgressIP - options. - properties: - reachabilityTotalTimeoutSeconds: - description: reachabilityTotalTimeout configures the EgressIP - node reachability check total timeout in seconds. If - the EgressIP node cannot be reached within this timeout, - the node is declared down. Setting a large value may - cause the EgressIP feature to react slowly to node changes. - In particular, it may react slowly for EgressIP nodes - that really have a genuine problem and are unreachable. - When omitted, this means the user has no opinion and - the platform is left to choose a reasonable default, - which is subject to change over time. The current default - is 1 second. A value of 0 disables the EgressIP node's - reachability check. - format: int32 - maximum: 60 - minimum: 0 - type: integer - type: object - gatewayConfig: - description: gatewayConfig holds the configuration for node - gateway options. - properties: - ipForwarding: - description: IPForwarding controls IP forwarding for all - traffic on OVN-Kubernetes managed interfaces (such as - br-ex). By default this is set to Restricted, and Kubernetes - related traffic is still forwarded appropriately, but - other IP traffic will not be routed by the OCP node. - If there is a desire to allow the host to forward traffic - across OVN-Kubernetes managed interfaces, then set this - field to "Global". The supported values are "Restricted" - and "Global". - type: string - ipv4: - description: ipv4 allows users to configure IP settings - for IPv4 connections. When omitted, this means no opinion - and the default configuration is used. Check individual - members fields within ipv4 for details of default values. - properties: - internalMasqueradeSubnet: - description: internalMasqueradeSubnet contains the - masquerade addresses in IPV4 CIDR format used internally - by ovn-kubernetes to enable host to service traffic. - Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge - interface. The values can be changed after installation. - The subnet chosen should not overlap with other - networks specified for OVN-Kubernetes as well as - other networks used on the host. Additionally the - subnet must be large enough to accommodate 6 IPs - (maximum prefix length /29). When omitted, this - means no opinion and the platform is left to choose - a reasonable default which is subject to change - over time. The current default subnet is 169.254.169.0/29 - The value must be in proper IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: CIDR format must contain exactly one '/' - rule: self.indexOf('/') == self.lastIndexOf('/') - - message: subnet must be in the range /0 to /29 inclusive - rule: '[int(self.split(''/'')[1])].all(x, x <= 29 - && x >= 0)' - - message: a valid IPv4 address must contain 4 octets - rule: self.split('/')[0].split('.').size() == 4 - - message: first IP address octet must not contain - leading zeros, must be greater than 0 and less - or equal to 255 - rule: '[self.findAll(''[0-9]+'')[0]].all(x, x != - ''0'' && int(x) <= 255 && !x.startsWith(''0''))' - - message: IP address octets must not contain leading - zeros, and must be less or equal to 255 - rule: '[self.findAll(''[0-9]+'')[1], self.findAll(''[0-9]+'')[2], - self.findAll(''[0-9]+'')[3]].all(x, int(x) <= - 255 && (x == ''0'' || !x.startsWith(''0'')))' - type: object - ipv6: - description: ipv6 allows users to configure IP settings - for IPv6 connections. When omitted, this means no opinion - and the default configuration is used. Check individual - members fields within ipv6 for details of default values. - properties: - internalMasqueradeSubnet: - description: internalMasqueradeSubnet contains the - masquerade addresses in IPV6 CIDR format used internally - by ovn-kubernetes to enable host to service traffic. - Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge - interface. The values can be changed after installation. - The subnet chosen should not overlap with other - networks specified for OVN-Kubernetes as well as - other networks used on the host. Additionally the - subnet must be large enough to accommodate 6 IPs - (maximum prefix length /125). When omitted, this - means no opinion and the platform is left to choose - a reasonable default which is subject to change - over time. The current default subnet is fd69::/125 - Note that IPV6 dual addresses are not permitted - type: string - x-kubernetes-validations: - - message: CIDR format must contain exactly one '/' - rule: self.indexOf('/') == self.lastIndexOf('/') - - message: subnet must be in the range /0 to /125 - inclusive - rule: self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, - x <= 125 && x >= 0) - - message: IPv6 addresses must contain at most one - '::' and may only be shortened once - rule: self.indexOf('::') == self.lastIndexOf('::') - - message: a valid IPv6 address must contain 8 segments - unless elided (::), in which case it must contain - at most 6 non-empty segments - rule: 'self.contains(''::'') ? self.split(''/'')[0].split('':'').size() - <= 8 : self.split(''/'')[0].split('':'').size() - == 8' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 1 - rule: 'self.split(''/'')[0].split('':'').size() - >=1 ? [self.split(''/'')[0].split('':'', 8)[0]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 2 - rule: 'self.split(''/'')[0].split('':'').size() - >=2 ? [self.split(''/'')[0].split('':'', 8)[1]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 3 - rule: 'self.split(''/'')[0].split('':'').size() - >=3 ? [self.split(''/'')[0].split('':'', 8)[2]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 4 - rule: 'self.split(''/'')[0].split('':'').size() - >=4 ? [self.split(''/'')[0].split('':'', 8)[3]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 5 - rule: 'self.split(''/'')[0].split('':'').size() - >=5 ? [self.split(''/'')[0].split('':'', 8)[4]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 6 - rule: 'self.split(''/'')[0].split('':'').size() - >=6 ? [self.split(''/'')[0].split('':'', 8)[5]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 7 - rule: 'self.split(''/'')[0].split('':'').size() - >=7 ? [self.split(''/'')[0].split('':'', 8)[6]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 8 - rule: 'self.split(''/'')[0].split('':'').size() - >=8 ? [self.split(''/'')[0].split('':'', 8)[7]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: IPv6 dual addresses are not permitted, - value should not contain `.` characters - rule: '!self.contains(''.'')' - type: object - routingViaHost: - default: false - description: RoutingViaHost allows pod egress traffic - to exit via the ovn-k8s-mp0 management port into the - host before sending it out. If this is not set, traffic - will always egress directly from OVN to outside without - touching the host stack. Setting this to true means - hardware offload will not be supported. Default is false - if GatewayConfig is specified. - type: boolean - type: object - genevePort: - description: geneve port is the UDP port to be used by geneve - encapulation. Default is 6081 - format: int32 - minimum: 1 - type: integer - hybridOverlayConfig: - description: HybridOverlayConfig configures an additional - overlay network for peers that are not using OVN. - properties: - hybridClusterNetwork: - description: HybridClusterNetwork defines a network space - given to nodes on an additional overlay network. - items: - description: ClusterNetworkEntry is a subnet from which - to allocate PodIPs. A network of size HostPrefix (in - CIDR notation) will be allocated when nodes join the - cluster. If the HostPrefix field is not used by the - plugin, it can be left unset. Not all network providers - support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - hybridOverlayVXLANPort: - description: HybridOverlayVXLANPort defines the VXLAN - port number to be used by the additional overlay network. - Default is 4789 - format: int32 - type: integer - type: object - ipsecConfig: - default: - mode: Disabled - description: ipsecConfig enables and configures IPsec for - pods on the pod network within the cluster. - properties: - mode: - description: mode defines the behaviour of the ipsec configuration - within the platform. Valid values are `Disabled`, `External` - and `Full`. When 'Disabled', ipsec will not be enabled - at the node level. When 'External', ipsec is enabled - on the node level but requires the user to configure - the secure communication parameters. This mode is for - external secure communications and the configuration - can be done using the k8s-nmstate operator. When 'Full', - ipsec is configured on the node level and inter-pod - secure communication within the cluster is configured. - Note with `Full`, if ipsec is desired for communication - with external (to the cluster) entities (such as storage - arrays), this is left to the user to configure. - enum: - - Disabled - - External - - Full - type: string - type: object - x-kubernetes-validations: - - message: ipsecConfig.mode is required - rule: self == oldSelf || has(self.mode) - mtu: - description: mtu is the MTU to use for the tunnel interface. - This must be 100 bytes smaller than the uplink mtu. Default - is 1400 - format: int32 - minimum: 0 - type: integer - policyAuditConfig: - description: policyAuditConfig is the configuration for network - policy audit events. If unset, reported defaults are used. - properties: - destination: - default: "null" - description: 'destination is the location for policy log - messages. Regardless of this config, persistent logs - will always be dumped to the host at /var/log/ovn/ however - Additionally syslog output may be configured as follows. - Valid values are: - "libc" -> to use the libc syslog() - function of the host node''s journdald process - "udp:host:port" - -> for sending syslog over UDP - "unix:file" -> for - using the UNIX domain socket directly - "null" -> to - discard all messages logged to syslog The default is - "null"' - type: string - maxFileSize: - default: 50 - description: maxFilesSize is the max size an ACL_audit - log file is allowed to reach before rotation occurs - Units are in MB and the Default is 50MB - format: int32 - minimum: 1 - type: integer - maxLogFiles: - default: 5 - description: maxLogFiles specifies the maximum number - of ACL_audit log files that can be present. - format: int32 - minimum: 1 - type: integer - rateLimit: - default: 20 - description: rateLimit is the approximate maximum number - of messages to generate per-second per-node. If unset - the default of 20 msg/sec is used. - format: int32 - minimum: 1 - type: integer - syslogFacility: - default: local0 - description: syslogFacility the RFC5424 facility for generated - messages, e.g. "kern". Default is "local0" - type: string - type: object - v4InternalSubnet: - description: v4InternalSubnet is a v4 subnet used internally - by ovn-kubernetes in case the default one is being already - used by something else. It must not overlap with any other - subnet being used by OpenShift or by the node network. The - size of the subnet must be larger than the number of nodes. - The value cannot be changed after installation. Default - is 100.64.0.0/16 - type: string - v6InternalSubnet: - description: v6InternalSubnet is a v6 subnet used internally - by ovn-kubernetes in case the default one is being already - used by something else. It must not overlap with any other - subnet being used by OpenShift or by the node network. The - size of the subnet must be larger than the number of nodes. - The value cannot be changed after installation. Default - is fd98::/48 - type: string - type: object - type: - description: type is the type of network All NetworkTypes are - supported except for NetworkTypeRaw - type: string - type: object - deployKubeProxy: - description: deployKubeProxy specifies whether or not a standalone - kube-proxy should be deployed by the operator. Some network providers - include kube-proxy or similar functionality. If unset, the plugin - will attempt to select the correct value, which is false when OpenShift - SDN and ovn-kubernetes are used and true otherwise. - type: boolean - disableMultiNetwork: - description: disableMultiNetwork specifies whether or not multiple - pod network support should be disabled. If unset, this property - defaults to 'false' and multiple network support is enabled. - type: boolean - disableNetworkDiagnostics: - default: false - description: disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck - CRs from a test pod to every node, apiserver and LB should be disabled - or not. If unset, this property defaults to 'false' and network - diagnostics is enabled. Setting this to 'true' would reduce the - additional load of the pods performing the checks. - type: boolean - exportNetworkFlows: - description: exportNetworkFlows enables and configures the export - of network flow metadata from the pod network by using protocols - NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes - plugin. If unset, flows will not be exported to any collector. - properties: - ipfix: - description: ipfix defines IPFIX configuration. - properties: - collectors: - description: ipfixCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - netFlow: - description: netFlow defines the NetFlow configuration. - properties: - collectors: - description: netFlow defines the NetFlow collectors that will - consume the flow data exported from OVS. It is a list of - strings formatted as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - sFlow: - description: sFlow defines the SFlow configuration. - properties: - collectors: - description: sFlowCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - type: object - kubeProxyConfig: - description: kubeProxyConfig lets us configure desired proxy configuration. - If not specified, sensible defaults will be chosen by OpenShift - directly. Not consumed by all network providers - currently only - openshift-sdn. - properties: - bindAddress: - description: The address to "bind" on Defaults to 0.0.0.0 - type: string - iptablesSyncPeriod: - description: 'An internal kube-proxy parameter. In older releases - of OCP, this sometimes needed to be adjusted in large clusters - for performance reasons, but this is no longer necessary, and - there is no reason to change this from the default value. Default: - 30s' - type: string - proxyArguments: - additionalProperties: - description: ProxyArgumentList is a list of arguments to pass - to the kubeproxy process - items: - type: string - type: array - description: Any additional arguments to pass to the kubeproxy - process - type: object - type: object - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - migration: - description: migration enables and configures the cluster network - migration. The migration procedure allows to change the network - type and the MTU. - properties: - features: - description: features contains the features migration configuration. - Set this to migrate feature configuration when changing the - cluster default network provider. if unset, the default operation - is to migrate all the configuration of supported features. - properties: - egressFirewall: - default: true - description: egressFirewall specifies whether or not the Egress - Firewall configuration is migrated automatically when changing - the cluster default network provider. If unset, this property - defaults to 'true' and Egress Firewall configure is migrated. - type: boolean - egressIP: - default: true - description: egressIP specifies whether or not the Egress - IP configuration is migrated automatically when changing - the cluster default network provider. If unset, this property - defaults to 'true' and Egress IP configure is migrated. - type: boolean - multicast: - default: true - description: multicast specifies whether or not the multicast - configuration is migrated automatically when changing the - cluster default network provider. If unset, this property - defaults to 'true' and multicast configure is migrated. - type: boolean - type: object - mode: - description: mode indicates the mode of network migration. The - supported values are "Live", "Offline" and omitted. A "Live" - migration operation will not cause service interruption by migrating - the CNI of each node one by one. The cluster network will work - as normal during the network migration. An "Offline" migration - operation will cause service interruption. During an "Offline" - migration, two rounds of node reboots are required. The cluster - network will be malfunctioning during the network migration. - When omitted, this means no opinion and the platform is left - to choose a reasonable default which is subject to change over - time. The current default value is "Offline". - enum: - - Live - - Offline - - "" - type: string - mtu: - description: mtu contains the MTU migration configuration. Set - this to allow changing the MTU values for the default network. - If unset, the operation of changing the MTU for the default - network will be rejected. - properties: - machine: - description: machine contains MTU migration configuration - for the machine's uplink. Needs to be migrated along with - the default network MTU unless the current uplink MTU already - accommodates the default network MTU. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: network contains information about MTU migration - for the default network. Migrations are only allowed to - MTU values lower than the machine's uplink MTU by the minimum - appropriate offset. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - networkType: - description: networkType is the target type of network migration. - Set this to the target network type to allow changing the default - network. If unset, the operation of changing cluster default - network plugin will be rejected. The supported values are OpenShiftSDN, - OVNKubernetes - type: string - type: object - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - serviceNetwork: - description: serviceNetwork is the ip address pool to use for Service - IPs Currently, all existing network providers only support a single - value here, but this is an array to allow for growth. - items: - type: string - type: array - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - useMultiNetworkPolicy: - description: useMultiNetworkPolicy enables a controller which allows - for MultiNetworkPolicy objects to be used on additional networks - as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy - objects, but NetworkPolicy objects only apply to the primary interface. - With MultiNetworkPolicy, you can control the traffic that a pod - can receive over the secondary interfaces. If unset, this property - defaults to 'false' and MultiNetworkPolicy objects are ignored. - If 'disableMultiNetwork' is 'true' then the value of this field - is ignored. - type: boolean - type: object - status: - description: NetworkStatus is detailed operator status, which is distilled - up to the Network clusteroperator object. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index d58c9f1253..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,890 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: networks.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: Network - listKind: NetworkList - plural: networks - singular: network - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Network describes the cluster's desired network configuration. - It is consumed by the cluster-network-operator. \n Compatibility level 1: - Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NetworkSpec is the top-level network configuration object. - properties: - additionalNetworks: - description: additionalNetworks is a list of extra networks to make - available to pods when multiple networks are enabled. - items: - description: AdditionalNetworkDefinition configures an extra network - that is available but not created by default. Instead, pods must - request them by name. type must be specified, along with exactly - one "Config" that matches the type. - properties: - name: - description: name is the name of the network. This will be populated - in the resulting CRD This must be unique. - type: string - namespace: - description: namespace is the namespace of the network. This - will be populated in the resulting CRD If not given the network - will be created in the default namespace. - type: string - rawCNIConfig: - description: rawCNIConfig is the raw CNI configuration json - to create in the NetworkAttachmentDefinition CRD - type: string - simpleMacvlanConfig: - description: SimpleMacvlanConfig configures the macvlan interface - in case of type:NetworkTypeSimpleMacvlan - properties: - ipamConfig: - description: IPAMConfig configures IPAM module will be used - for IP Address Management (IPAM). - properties: - staticIPAMConfig: - description: StaticIPAMConfig configures the static - IP address in case of type:IPAMTypeStatic - properties: - addresses: - description: Addresses configures IP address for - the interface - items: - description: StaticIPAMAddresses provides IP address - and Gateway for static IPAM addresses - properties: - address: - description: Address is the IP address in - CIDR format - type: string - gateway: - description: Gateway is IP inside of subnet - to designate as the gateway - type: string - type: object - type: array - dns: - description: DNS configures DNS for the interface - properties: - domain: - description: Domain configures the domainname - the local domain used for short hostname lookups - type: string - nameservers: - description: Nameservers points DNS servers - for IP lookup - items: - type: string - type: array - search: - description: Search configures priority ordered - search domains for short hostname lookups - items: - type: string - type: array - type: object - routes: - description: Routes configures IP routes for the - interface - items: - description: StaticIPAMRoutes provides Destination/Gateway - pairs for static IPAM routes - properties: - destination: - description: Destination points the IP route - destination - type: string - gateway: - description: Gateway is the route's next-hop - IP address If unset, a default gateway is - assumed (as determined by the CNI plugin). - type: string - type: object - type: array - type: object - type: - description: Type is the type of IPAM module will be - used for IP Address Management(IPAM). The supported - values are IPAMTypeDHCP, IPAMTypeStatic - type: string - type: object - master: - description: master is the host interface to create the - macvlan interface from. If not specified, it will be default - route interface - type: string - mode: - description: 'mode is the macvlan mode: bridge, private, - vepa, passthru. The default is bridge' - type: string - mtu: - description: mtu is the mtu to use for the macvlan interface. - if unset, host's kernel will select the value. - format: int32 - minimum: 0 - type: integer - type: object - type: - description: type is the type of network The supported values - are NetworkTypeRaw, NetworkTypeSimpleMacvlan - type: string - type: object - type: array - clusterNetwork: - description: clusterNetwork is the IP address pool to use for pod - IPs. Some network providers, e.g. OpenShift SDN, support multiple - ClusterNetworks. Others only support one. This is equivalent to - the cluster-cidr. - items: - description: ClusterNetworkEntry is a subnet from which to allocate - PodIPs. A network of size HostPrefix (in CIDR notation) will be - allocated when nodes join the cluster. If the HostPrefix field - is not used by the plugin, it can be left unset. Not all network - providers support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - defaultNetwork: - description: defaultNetwork is the "default" network that all pods - will receive - properties: - openshiftSDNConfig: - description: openShiftSDNConfig configures the openshift-sdn plugin - properties: - enableUnidling: - description: enableUnidling controls whether or not the service - proxy will support idling and unidling of services. By default, - unidling is enabled. - type: boolean - mode: - description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" - type: string - mtu: - description: mtu is the mtu to use for the tunnel interface. - Defaults to 1450 if unset. This must be 50 bytes smaller - than the machine's uplink. - format: int32 - minimum: 0 - type: integer - useExternalOpenvswitch: - description: 'useExternalOpenvswitch used to control whether - the operator would deploy an OVS DaemonSet itself or expect - someone else to start OVS. As of 4.6, OVS is always run - as a system service, and this flag is ignored. DEPRECATED: - non-functional as of 4.6' - type: boolean - vxlanPort: - description: vxlanPort is the port to use for all vxlan packets. - The default is 4789. - format: int32 - minimum: 0 - type: integer - type: object - ovnKubernetesConfig: - description: ovnKubernetesConfig configures the ovn-kubernetes - plugin. - properties: - egressIPConfig: - description: egressIPConfig holds the configuration for EgressIP - options. - properties: - reachabilityTotalTimeoutSeconds: - description: reachabilityTotalTimeout configures the EgressIP - node reachability check total timeout in seconds. If - the EgressIP node cannot be reached within this timeout, - the node is declared down. Setting a large value may - cause the EgressIP feature to react slowly to node changes. - In particular, it may react slowly for EgressIP nodes - that really have a genuine problem and are unreachable. - When omitted, this means the user has no opinion and - the platform is left to choose a reasonable default, - which is subject to change over time. The current default - is 1 second. A value of 0 disables the EgressIP node's - reachability check. - format: int32 - maximum: 60 - minimum: 0 - type: integer - type: object - gatewayConfig: - description: gatewayConfig holds the configuration for node - gateway options. - properties: - ipForwarding: - description: IPForwarding controls IP forwarding for all - traffic on OVN-Kubernetes managed interfaces (such as - br-ex). By default this is set to Restricted, and Kubernetes - related traffic is still forwarded appropriately, but - other IP traffic will not be routed by the OCP node. - If there is a desire to allow the host to forward traffic - across OVN-Kubernetes managed interfaces, then set this - field to "Global". The supported values are "Restricted" - and "Global". - type: string - ipv4: - description: ipv4 allows users to configure IP settings - for IPv4 connections. When omitted, this means no opinion - and the default configuration is used. Check individual - members fields within ipv4 for details of default values. - properties: - internalMasqueradeSubnet: - description: internalMasqueradeSubnet contains the - masquerade addresses in IPV4 CIDR format used internally - by ovn-kubernetes to enable host to service traffic. - Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge - interface. The values can be changed after installation. - The subnet chosen should not overlap with other - networks specified for OVN-Kubernetes as well as - other networks used on the host. Additionally the - subnet must be large enough to accommodate 6 IPs - (maximum prefix length /29). When omitted, this - means no opinion and the platform is left to choose - a reasonable default which is subject to change - over time. The current default subnet is 169.254.169.0/29 - The value must be in proper IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: CIDR format must contain exactly one '/' - rule: self.indexOf('/') == self.lastIndexOf('/') - - message: subnet must be in the range /0 to /29 inclusive - rule: '[int(self.split(''/'')[1])].all(x, x <= 29 - && x >= 0)' - - message: a valid IPv4 address must contain 4 octets - rule: self.split('/')[0].split('.').size() == 4 - - message: first IP address octet must not contain - leading zeros, must be greater than 0 and less - or equal to 255 - rule: '[self.findAll(''[0-9]+'')[0]].all(x, x != - ''0'' && int(x) <= 255 && !x.startsWith(''0''))' - - message: IP address octets must not contain leading - zeros, and must be less or equal to 255 - rule: '[self.findAll(''[0-9]+'')[1], self.findAll(''[0-9]+'')[2], - self.findAll(''[0-9]+'')[3]].all(x, int(x) <= - 255 && (x == ''0'' || !x.startsWith(''0'')))' - type: object - ipv6: - description: ipv6 allows users to configure IP settings - for IPv6 connections. When omitted, this means no opinion - and the default configuration is used. Check individual - members fields within ipv6 for details of default values. - properties: - internalMasqueradeSubnet: - description: internalMasqueradeSubnet contains the - masquerade addresses in IPV6 CIDR format used internally - by ovn-kubernetes to enable host to service traffic. - Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge - interface. The values can be changed after installation. - The subnet chosen should not overlap with other - networks specified for OVN-Kubernetes as well as - other networks used on the host. Additionally the - subnet must be large enough to accommodate 6 IPs - (maximum prefix length /125). When omitted, this - means no opinion and the platform is left to choose - a reasonable default which is subject to change - over time. The current default subnet is fd69::/125 - Note that IPV6 dual addresses are not permitted - type: string - x-kubernetes-validations: - - message: CIDR format must contain exactly one '/' - rule: self.indexOf('/') == self.lastIndexOf('/') - - message: subnet must be in the range /0 to /125 - inclusive - rule: self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, - x <= 125 && x >= 0) - - message: IPv6 addresses must contain at most one - '::' and may only be shortened once - rule: self.indexOf('::') == self.lastIndexOf('::') - - message: a valid IPv6 address must contain 8 segments - unless elided (::), in which case it must contain - at most 6 non-empty segments - rule: 'self.contains(''::'') ? self.split(''/'')[0].split('':'').size() - <= 8 : self.split(''/'')[0].split('':'').size() - == 8' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 1 - rule: 'self.split(''/'')[0].split('':'').size() - >=1 ? [self.split(''/'')[0].split('':'', 8)[0]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 2 - rule: 'self.split(''/'')[0].split('':'').size() - >=2 ? [self.split(''/'')[0].split('':'', 8)[1]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 3 - rule: 'self.split(''/'')[0].split('':'').size() - >=3 ? [self.split(''/'')[0].split('':'', 8)[2]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 4 - rule: 'self.split(''/'')[0].split('':'').size() - >=4 ? [self.split(''/'')[0].split('':'', 8)[3]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 5 - rule: 'self.split(''/'')[0].split('':'').size() - >=5 ? [self.split(''/'')[0].split('':'', 8)[4]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 6 - rule: 'self.split(''/'')[0].split('':'').size() - >=6 ? [self.split(''/'')[0].split('':'', 8)[5]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 7 - rule: 'self.split(''/'')[0].split('':'').size() - >=7 ? [self.split(''/'')[0].split('':'', 8)[6]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 8 - rule: 'self.split(''/'')[0].split('':'').size() - >=8 ? [self.split(''/'')[0].split('':'', 8)[7]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: IPv6 dual addresses are not permitted, - value should not contain `.` characters - rule: '!self.contains(''.'')' - type: object - routingViaHost: - default: false - description: RoutingViaHost allows pod egress traffic - to exit via the ovn-k8s-mp0 management port into the - host before sending it out. If this is not set, traffic - will always egress directly from OVN to outside without - touching the host stack. Setting this to true means - hardware offload will not be supported. Default is false - if GatewayConfig is specified. - type: boolean - type: object - genevePort: - description: geneve port is the UDP port to be used by geneve - encapulation. Default is 6081 - format: int32 - minimum: 1 - type: integer - hybridOverlayConfig: - description: HybridOverlayConfig configures an additional - overlay network for peers that are not using OVN. - properties: - hybridClusterNetwork: - description: HybridClusterNetwork defines a network space - given to nodes on an additional overlay network. - items: - description: ClusterNetworkEntry is a subnet from which - to allocate PodIPs. A network of size HostPrefix (in - CIDR notation) will be allocated when nodes join the - cluster. If the HostPrefix field is not used by the - plugin, it can be left unset. Not all network providers - support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - hybridOverlayVXLANPort: - description: HybridOverlayVXLANPort defines the VXLAN - port number to be used by the additional overlay network. - Default is 4789 - format: int32 - type: integer - type: object - ipsecConfig: - default: - mode: Disabled - description: ipsecConfig enables and configures IPsec for - pods on the pod network within the cluster. - properties: - mode: - description: mode defines the behaviour of the ipsec configuration - within the platform. Valid values are `Disabled`, `External` - and `Full`. When 'Disabled', ipsec will not be enabled - at the node level. When 'External', ipsec is enabled - on the node level but requires the user to configure - the secure communication parameters. This mode is for - external secure communications and the configuration - can be done using the k8s-nmstate operator. When 'Full', - ipsec is configured on the node level and inter-pod - secure communication within the cluster is configured. - Note with `Full`, if ipsec is desired for communication - with external (to the cluster) entities (such as storage - arrays), this is left to the user to configure. - enum: - - Disabled - - External - - Full - type: string - type: object - x-kubernetes-validations: - - message: ipsecConfig.mode is required - rule: self == oldSelf || has(self.mode) - mtu: - description: mtu is the MTU to use for the tunnel interface. - This must be 100 bytes smaller than the uplink mtu. Default - is 1400 - format: int32 - minimum: 0 - type: integer - policyAuditConfig: - description: policyAuditConfig is the configuration for network - policy audit events. If unset, reported defaults are used. - properties: - destination: - default: "null" - description: 'destination is the location for policy log - messages. Regardless of this config, persistent logs - will always be dumped to the host at /var/log/ovn/ however - Additionally syslog output may be configured as follows. - Valid values are: - "libc" -> to use the libc syslog() - function of the host node''s journdald process - "udp:host:port" - -> for sending syslog over UDP - "unix:file" -> for - using the UNIX domain socket directly - "null" -> to - discard all messages logged to syslog The default is - "null"' - type: string - maxFileSize: - default: 50 - description: maxFilesSize is the max size an ACL_audit - log file is allowed to reach before rotation occurs - Units are in MB and the Default is 50MB - format: int32 - minimum: 1 - type: integer - maxLogFiles: - default: 5 - description: maxLogFiles specifies the maximum number - of ACL_audit log files that can be present. - format: int32 - minimum: 1 - type: integer - rateLimit: - default: 20 - description: rateLimit is the approximate maximum number - of messages to generate per-second per-node. If unset - the default of 20 msg/sec is used. - format: int32 - minimum: 1 - type: integer - syslogFacility: - default: local0 - description: syslogFacility the RFC5424 facility for generated - messages, e.g. "kern". Default is "local0" - type: string - type: object - v4InternalSubnet: - description: v4InternalSubnet is a v4 subnet used internally - by ovn-kubernetes in case the default one is being already - used by something else. It must not overlap with any other - subnet being used by OpenShift or by the node network. The - size of the subnet must be larger than the number of nodes. - The value cannot be changed after installation. Default - is 100.64.0.0/16 - type: string - v6InternalSubnet: - description: v6InternalSubnet is a v6 subnet used internally - by ovn-kubernetes in case the default one is being already - used by something else. It must not overlap with any other - subnet being used by OpenShift or by the node network. The - size of the subnet must be larger than the number of nodes. - The value cannot be changed after installation. Default - is fd98::/48 - type: string - type: object - type: - description: type is the type of network All NetworkTypes are - supported except for NetworkTypeRaw - type: string - type: object - deployKubeProxy: - description: deployKubeProxy specifies whether or not a standalone - kube-proxy should be deployed by the operator. Some network providers - include kube-proxy or similar functionality. If unset, the plugin - will attempt to select the correct value, which is false when OpenShift - SDN and ovn-kubernetes are used and true otherwise. - type: boolean - disableMultiNetwork: - description: disableMultiNetwork specifies whether or not multiple - pod network support should be disabled. If unset, this property - defaults to 'false' and multiple network support is enabled. - type: boolean - disableNetworkDiagnostics: - default: false - description: disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck - CRs from a test pod to every node, apiserver and LB should be disabled - or not. If unset, this property defaults to 'false' and network - diagnostics is enabled. Setting this to 'true' would reduce the - additional load of the pods performing the checks. - type: boolean - exportNetworkFlows: - description: exportNetworkFlows enables and configures the export - of network flow metadata from the pod network by using protocols - NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes - plugin. If unset, flows will not be exported to any collector. - properties: - ipfix: - description: ipfix defines IPFIX configuration. - properties: - collectors: - description: ipfixCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - netFlow: - description: netFlow defines the NetFlow configuration. - properties: - collectors: - description: netFlow defines the NetFlow collectors that will - consume the flow data exported from OVS. It is a list of - strings formatted as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - sFlow: - description: sFlow defines the SFlow configuration. - properties: - collectors: - description: sFlowCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - type: object - kubeProxyConfig: - description: kubeProxyConfig lets us configure desired proxy configuration. - If not specified, sensible defaults will be chosen by OpenShift - directly. Not consumed by all network providers - currently only - openshift-sdn. - properties: - bindAddress: - description: The address to "bind" on Defaults to 0.0.0.0 - type: string - iptablesSyncPeriod: - description: 'An internal kube-proxy parameter. In older releases - of OCP, this sometimes needed to be adjusted in large clusters - for performance reasons, but this is no longer necessary, and - there is no reason to change this from the default value. Default: - 30s' - type: string - proxyArguments: - additionalProperties: - description: ProxyArgumentList is a list of arguments to pass - to the kubeproxy process - items: - type: string - type: array - description: Any additional arguments to pass to the kubeproxy - process - type: object - type: object - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - migration: - description: migration enables and configures the cluster network - migration. The migration procedure allows to change the network - type and the MTU. - properties: - features: - description: features contains the features migration configuration. - Set this to migrate feature configuration when changing the - cluster default network provider. if unset, the default operation - is to migrate all the configuration of supported features. - properties: - egressFirewall: - default: true - description: egressFirewall specifies whether or not the Egress - Firewall configuration is migrated automatically when changing - the cluster default network provider. If unset, this property - defaults to 'true' and Egress Firewall configure is migrated. - type: boolean - egressIP: - default: true - description: egressIP specifies whether or not the Egress - IP configuration is migrated automatically when changing - the cluster default network provider. If unset, this property - defaults to 'true' and Egress IP configure is migrated. - type: boolean - multicast: - default: true - description: multicast specifies whether or not the multicast - configuration is migrated automatically when changing the - cluster default network provider. If unset, this property - defaults to 'true' and multicast configure is migrated. - type: boolean - type: object - mode: - description: mode indicates the mode of network migration. The - supported values are "Live", "Offline" and omitted. A "Live" - migration operation will not cause service interruption by migrating - the CNI of each node one by one. The cluster network will work - as normal during the network migration. An "Offline" migration - operation will cause service interruption. During an "Offline" - migration, two rounds of node reboots are required. The cluster - network will be malfunctioning during the network migration. - When omitted, this means no opinion and the platform is left - to choose a reasonable default which is subject to change over - time. The current default value is "Offline". - enum: - - Live - - Offline - - "" - type: string - mtu: - description: mtu contains the MTU migration configuration. Set - this to allow changing the MTU values for the default network. - If unset, the operation of changing the MTU for the default - network will be rejected. - properties: - machine: - description: machine contains MTU migration configuration - for the machine's uplink. Needs to be migrated along with - the default network MTU unless the current uplink MTU already - accommodates the default network MTU. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: network contains information about MTU migration - for the default network. Migrations are only allowed to - MTU values lower than the machine's uplink MTU by the minimum - appropriate offset. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - networkType: - description: networkType is the target type of network migration. - Set this to the target network type to allow changing the default - network. If unset, the operation of changing cluster default - network plugin will be rejected. The supported values are OpenShiftSDN, - OVNKubernetes - type: string - type: object - x-kubernetes-validations: - - message: networkType migration in mode other than 'Live' may not - be configured at the same time as mtu migration - rule: '!has(self.mtu) || !has(self.networkType) || self.networkType - == '''' || has(self.mode) && self.mode == ''Live''' - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - serviceNetwork: - description: serviceNetwork is the ip address pool to use for Service - IPs Currently, all existing network providers only support a single - value here, but this is an array to allow for growth. - items: - type: string - type: array - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - useMultiNetworkPolicy: - description: useMultiNetworkPolicy enables a controller which allows - for MultiNetworkPolicy objects to be used on additional networks - as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy - objects, but NetworkPolicy objects only apply to the primary interface. - With MultiNetworkPolicy, you can control the traffic that a pod - can receive over the secondary interfaces. If unset, this property - defaults to 'false' and MultiNetworkPolicy objects are ignored. - If 'disableMultiNetwork' is 'true' then the value of this field - is ignored. - type: boolean - type: object - status: - description: NetworkStatus is detailed operator status, which is distilled - up to the Network clusteroperator object. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00.crd.yaml deleted file mode 100644 index 94797ad165..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00.crd.yaml +++ /dev/null @@ -1,575 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: dnses.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: DNS - listKind: DNSList - plural: dnses - singular: dns - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "DNS manages the CoreDNS component to provide a name resolution - service for pods and services in the cluster. \n This supports the DNS-based - service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md - \n More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - DNS. - properties: - cache: - description: 'cache describes the caching configuration that applies - to all server blocks listed in the Corefile. This field allows a - cluster admin to optionally configure: * positiveTTL which is a - duration for which positive responses should be cached. * negativeTTL - which is a duration for which negative responses should be cached. - If this is not configured, OpenShift will configure positive and - negative caching with a default value that is subject to change. - At the time of writing, the default positiveTTL is 900 seconds and - the default negativeTTL is 30 seconds or as noted in the respective - Corefile for your version of OpenShift.' - properties: - negativeTTL: - description: "negativeTTL is optional and specifies the amount - of time that a negative response should be cached. \n If configured, - it must be a value of 1s (1 second) or greater up to a theoretical - maximum of several years. This field expects an unsigned duration - string of decimal numbers, each with optional fraction and a - unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values - that are fractions of a second are rounded down to the nearest - second. If the configured value is less than 1s, the default - value will be used. If not configured, the value will be 0s - and OpenShift will use a default value of 30 seconds unless - noted otherwise in the respective Corefile for your version - of OpenShift. The default value of 30 seconds is subject to - change." - pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ - type: string - positiveTTL: - description: "positiveTTL is optional and specifies the amount - of time that a positive response should be cached. \n If configured, - it must be a value of 1s (1 second) or greater up to a theoretical - maximum of several years. This field expects an unsigned duration - string of decimal numbers, each with optional fraction and a - unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values - that are fractions of a second are rounded down to the nearest - second. If the configured value is less than 1s, the default - value will be used. If not configured, the value will be 0s - and OpenShift will use a default value of 900 seconds unless - noted otherwise in the respective Corefile for your version - of OpenShift. The default value of 900 seconds is subject to - change." - pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ - type: string - type: object - logLevel: - default: Normal - description: 'logLevel describes the desired logging verbosity for - CoreDNS. Any one of the following values may be specified: * Normal - logs errors from upstream resolvers. * Debug logs errors, NXDOMAIN - responses, and NODATA responses. * Trace logs errors and all responses. - Setting logLevel: Trace will produce extremely verbose logs. Valid - values are: "Normal", "Debug", "Trace". Defaults to "Normal".' - enum: - - Normal - - Debug - - Trace - type: string - managementState: - description: managementState indicates whether the DNS operator should - manage cluster DNS - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - nodePlacement: - description: "nodePlacement provides explicit control over the scheduling - of DNS pods. \n Generally, it is useful to run a DNS pod on every - node so that DNS queries are always handled by a local DNS pod instead - of going over the network to a DNS pod on another node. However, - security policies may require restricting the placement of DNS pods - to specific nodes. For example, if a security policy prohibits pods - on arbitrary nodes from communicating with the API, a node selector - can be specified to restrict DNS pods to nodes that are permitted - to communicate with the API. Conversely, if running DNS pods on - nodes with a particular taint is desired, a toleration can be specified - for that taint. \n If unset, defaults are used. See nodePlacement - for more details." - properties: - nodeSelector: - additionalProperties: - type: string - description: "nodeSelector is the node selector applied to DNS - pods. \n If empty, the default is used, which is currently the - following: \n kubernetes.io/os: linux \n This default is subject - to change. \n If set, the specified selector is used and replaces - the default." - type: object - tolerations: - description: "tolerations is a list of tolerations applied to - DNS pods. \n If empty, the DNS operator sets a toleration for - the \"node-role.kubernetes.io/master\" taint. This default - is subject to change. Specifying tolerations without including - a toleration for the \"node-role.kubernetes.io/master\" taint - may be risky as it could lead to an outage if all worker nodes - become unavailable. \n Note that the daemon controller adds - some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/" - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - operatorLogLevel: - default: Normal - description: 'operatorLogLevel controls the logging level of the DNS - Operator. Valid values are: "Normal", "Debug", "Trace". Defaults - to "Normal". setting operatorLogLevel: Trace will produce extremely - verbose logs.' - enum: - - Normal - - Debug - - Trace - type: string - servers: - description: "servers is a list of DNS resolvers that provide name - query delegation for one or more subdomains outside the scope of - the cluster domain. If servers consists of more than one Server, - longest suffix match will be used to determine the Server. \n For - example, if there are two Servers, one for \"foo.com\" and another - for \"a.foo.com\", and the name query is for \"www.a.foo.com\", - it will be routed to the Server with Zone \"a.foo.com\". \n If this - field is nil, no servers are created." - items: - description: Server defines the schema for a server that runs per - instance of CoreDNS. - properties: - forwardPlugin: - description: forwardPlugin defines a schema for configuring - CoreDNS to proxy DNS messages to upstream resolvers. - properties: - policy: - default: Random - description: "policy is used to determine the order in which - upstream servers are selected for querying. Any one of - the following values may be specified: \n * \"Random\" - picks a random upstream server for each query. * \"RoundRobin\" - picks upstream servers in a round-robin order, moving - to the next server for each new query. * \"Sequential\" - tries querying upstream servers in a sequential order - until one responds, starting with the first server for - each new query. \n The default value is \"Random\"" - enum: - - Random - - RoundRobin - - Sequential - type: string - protocolStrategy: - description: protocolStrategy specifies the protocol to - use for upstream DNS requests. Valid values for protocolStrategy - are "TCP" and omitted. When omitted, this means no opinion - and the platform is left to choose a reasonable default, - which is subject to change over time. The current default - is to use the protocol of the original client request. - "TCP" specifies that the platform should use TCP for all - upstream DNS requests, even if the client request uses - UDP. "TCP" is useful for UDP-specific issues such as those - created by non-compliant upstream resolvers, but may consume - more bandwidth or increase DNS response time. Note that - protocolStrategy only affects the protocol of DNS requests - that CoreDNS makes to upstream resolvers. It does not - affect the protocol of DNS requests between clients and - CoreDNS. - enum: - - TCP - - "" - type: string - transportConfig: - description: "transportConfig is used to configure the transport - type, server name, and optional custom CA or CA bundle - to use when forwarding DNS requests to an upstream resolver. - \n The default value is \"\" (empty) which results in - a standard cleartext connection being used when forwarding - DNS requests to an upstream resolver." - properties: - tls: - description: tls contains the additional configuration - options to use when Transport is set to "TLS". - properties: - caBundle: - description: "caBundle references a ConfigMap that - must contain either a single CA Certificate or - a CA Bundle. This allows cluster administrators - to provide their own CA or CA bundle for validating - the certificate of upstream resolvers. \n 1. The - configmap must contain a `ca-bundle.crt` key. - 2. The value must be a PEM encoded CA certificate - or CA bundle. 3. The administrator must create - this configmap in the openshift-config namespace. - 4. The upstream server certificate must contain - a Subject Alternative Name (SAN) that matches - ServerName." - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - serverName: - description: serverName is the upstream server to - connect to when forwarding DNS queries. This is - required when Transport is set to "TLS". ServerName - will be validated against the DNS naming conventions - in RFC 1123 and should match the TLS certificate - installed in the upstream resolver(s). - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - required: - - serverName - type: object - transport: - description: "transport allows cluster administrators - to opt-in to using a DNS-over-TLS connection between - cluster DNS and an upstream resolver(s). Configuring - TLS as the transport at this level without configuring - a CABundle will result in the system certificates - being used to verify the serving certificate of the - upstream resolver(s). \n Possible values: \"\" (empty) - - This means no explicit choice has been made and - the platform chooses the default which is subject - to change over time. The current default is \"Cleartext\". - \"Cleartext\" - Cluster admin specified cleartext - option. This results in the same functionality as - an empty value but may be useful when a cluster admin - wants to be more explicit about the transport, or - wants to switch from \"TLS\" to \"Cleartext\" explicitly. - \"TLS\" - This indicates that DNS queries should be - sent over a TLS connection. If Transport is set to - TLS, you MUST also set ServerName. If a port is not - included with the upstream IP, port 853 will be tried - by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1." - enum: - - TLS - - Cleartext - - "" - type: string - type: object - upstreams: - description: "upstreams is a list of resolvers to forward - name queries for subdomains of Zones. Each instance of - CoreDNS performs health checking of Upstreams. When a - healthy upstream returns an error during the exchange, - another resolver is tried from Upstreams. The Upstreams - are selected in the order specified in Policy. Each upstream - is represented by an IP address or IP:port if the upstream - listens on a port other than 53. \n A maximum of 15 upstreams - is allowed per ForwardPlugin." - items: - type: string - maxItems: 15 - type: array - type: object - name: - description: name is required and specifies a unique name for - the server. Name must comply with the Service Name Syntax - of rfc6335. - type: string - zones: - description: zones is required and specifies the subdomains - that Server is authoritative for. Zones must conform to the - rfc1123 definition of a subdomain. Specifying the cluster - domain (i.e., "cluster.local") is invalid. - items: - type: string - type: array - type: object - type: array - upstreamResolvers: - default: {} - description: "upstreamResolvers defines a schema for configuring CoreDNS - to proxy DNS messages to upstream resolvers for the case of the - default (\".\") server \n If this field is not specified, the upstream - used will default to /etc/resolv.conf, with policy \"sequential\"" - properties: - policy: - default: Sequential - description: "Policy is used to determine the order in which upstream - servers are selected for querying. Any one of the following - values may be specified: \n * \"Random\" picks a random upstream - server for each query. * \"RoundRobin\" picks upstream servers - in a round-robin order, moving to the next server for each new - query. * \"Sequential\" tries querying upstream servers in a - sequential order until one responds, starting with the first - server for each new query. \n The default value is \"Sequential\"" - enum: - - Random - - RoundRobin - - Sequential - type: string - protocolStrategy: - description: protocolStrategy specifies the protocol to use for - upstream DNS requests. Valid values for protocolStrategy are - "TCP" and omitted. When omitted, this means no opinion and the - platform is left to choose a reasonable default, which is subject - to change over time. The current default is to use the protocol - of the original client request. "TCP" specifies that the platform - should use TCP for all upstream DNS requests, even if the client - request uses UDP. "TCP" is useful for UDP-specific issues such - as those created by non-compliant upstream resolvers, but may - consume more bandwidth or increase DNS response time. Note that - protocolStrategy only affects the protocol of DNS requests that - CoreDNS makes to upstream resolvers. It does not affect the - protocol of DNS requests between clients and CoreDNS. - enum: - - TCP - - "" - type: string - transportConfig: - description: "transportConfig is used to configure the transport - type, server name, and optional custom CA or CA bundle to use - when forwarding DNS requests to an upstream resolver. \n The - default value is \"\" (empty) which results in a standard cleartext - connection being used when forwarding DNS requests to an upstream - resolver." - properties: - tls: - description: tls contains the additional configuration options - to use when Transport is set to "TLS". - properties: - caBundle: - description: "caBundle references a ConfigMap that must - contain either a single CA Certificate or a CA Bundle. - This allows cluster administrators to provide their - own CA or CA bundle for validating the certificate of - upstream resolvers. \n 1. The configmap must contain - a `ca-bundle.crt` key. 2. The value must be a PEM encoded - CA certificate or CA bundle. 3. The administrator must - create this configmap in the openshift-config namespace. - 4. The upstream server certificate must contain a Subject - Alternative Name (SAN) that matches ServerName." - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - serverName: - description: serverName is the upstream server to connect - to when forwarding DNS queries. This is required when - Transport is set to "TLS". ServerName will be validated - against the DNS naming conventions in RFC 1123 and should - match the TLS certificate installed in the upstream - resolver(s). - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - required: - - serverName - type: object - transport: - description: "transport allows cluster administrators to opt-in - to using a DNS-over-TLS connection between cluster DNS and - an upstream resolver(s). Configuring TLS as the transport - at this level without configuring a CABundle will result - in the system certificates being used to verify the serving - certificate of the upstream resolver(s). \n Possible values: - \"\" (empty) - This means no explicit choice has been made - and the platform chooses the default which is subject to - change over time. The current default is \"Cleartext\". - \"Cleartext\" - Cluster admin specified cleartext option. - This results in the same functionality as an empty value - but may be useful when a cluster admin wants to be more - explicit about the transport, or wants to switch from \"TLS\" - to \"Cleartext\" explicitly. \"TLS\" - This indicates that - DNS queries should be sent over a TLS connection. If Transport - is set to TLS, you MUST also set ServerName. If a port is - not included with the upstream IP, port 853 will be tried - by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1." - enum: - - TLS - - Cleartext - - "" - type: string - type: object - upstreams: - default: - - type: SystemResolvConf - description: "Upstreams is a list of resolvers to forward name - queries for the \".\" domain. Each instance of CoreDNS performs - health checking of Upstreams. When a healthy upstream returns - an error during the exchange, another resolver is tried from - Upstreams. The Upstreams are selected in the order specified - in Policy. \n A maximum of 15 upstreams is allowed per ForwardPlugin. - If no Upstreams are specified, /etc/resolv.conf is used by default" - items: - anyOf: - - not: - required: - - address - - port - properties: - type: - enum: - - "" - - SystemResolvConf - - optional: - - port - properties: - type: - enum: - - Network - required: - - address - description: "Upstream can either be of type SystemResolvConf, - or of type Network. \n * For an Upstream of type SystemResolvConf, - no further fields are necessary: The upstream will be configured - to use /etc/resolv.conf. * For an Upstream of type Network, - a NetworkResolver field needs to be defined with an IP address - or IP:port if the upstream listens on a port other than 53." - properties: - address: - anyOf: - - format: ipv4 - - format: ipv6 - description: Address must be defined when Type is set to - Network. It will be ignored otherwise. It must be a valid - ipv4 or ipv6 address. - type: string - port: - default: 53 - description: Port may be defined when Type is set to Network. - It will be ignored otherwise. Port must be between 65535 - format: int32 - maximum: 65535 - minimum: 1 - type: integer - type: - description: "Type defines whether this upstream contains - an IP/IP:port resolver or the local /etc/resolv.conf. - Type accepts 2 possible values: SystemResolvConf or Network. - \n * When SystemResolvConf is used, the Upstream structure - does not require any further fields to be defined: /etc/resolv.conf - will be used * When Network is used, the Upstream structure - must contain at least an Address" - enum: - - SystemResolvConf - - Network - - "" - type: string - required: - - type - type: object - maxItems: 15 - type: array - type: object - type: object - status: - description: status is the most recently observed status of the DNS. - properties: - clusterDomain: - description: "clusterDomain is the local cluster DNS domain suffix - for DNS services. This will be a subdomain as defined in RFC 1034, - section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: - \"cluster.local\" \n More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service" - type: string - clusterIP: - description: "clusterIP is the service IP through which this DNS is - made available. \n In the case of the default DNS, this will be - a well known IP that is used as the default nameserver for pods - that are using the default ClusterFirst DNS policy. \n In general, - this IP can be specified in a pod's spec.dnsConfig.nameservers list - or used explicitly when performing name resolution from within the - cluster. Example: dig foo.com @ \n More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - type: string - conditions: - description: "conditions provide information about the state of the - DNS on the cluster. \n These are the supported DNS conditions: \n - * Available - True if the following conditions are met: * DNS controller - daemonset is available. - False if any of those conditions are unsatisfied." - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - required: - - clusterDomain - - clusterIP - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00.crd.yaml-patch deleted file mode 100644 index 285a526729..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00.crd.yaml-patch +++ /dev/null @@ -1,21 +0,0 @@ -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/upstreamResolvers/default - value: {} -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/upstreamResolvers/properties/upstreams/items/properties/address/anyOf - value: - - format: ipv4 - - format: ipv6 -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/upstreamResolvers/properties/upstreams/items/anyOf - value: - - properties: - type: - enum: [ "","SystemResolvConf" ] # empty string because client-side validation will not see the default value - not: - required: [ "address", "port" ] - - properties: - type: - enum: [ "Network" ] - required: [ "address" ] - optional: [ "port" ] diff --git a/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml deleted file mode 100644 index b6d9a9003b..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml +++ /dev/null @@ -1,167 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/562 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: csisnapshotcontrollers.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: CSISnapshotController - plural: csisnapshotcontrollers - singular: csisnapshotcontroller - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "CSISnapshotController provides a means to configure an operator - to manage the CSI snapshots. `cluster` is the canonical name. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config.crd.yaml deleted file mode 100644 index 299c776d8d..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config.crd.yaml +++ /dev/null @@ -1,246 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1453 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: machineconfigurations.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: MachineConfiguration - plural: machineconfigurations - singular: machineconfiguration - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "MachineConfiguration provides information to configure an operator - to manage Machine Configuration. \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Machine Config Operator - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the Machine - Config Operator - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml deleted file mode 100644 index 52f6f37ea5..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml +++ /dev/null @@ -1,367 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/701 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: clustercsidrivers.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: ClusterCSIDriver - plural: clustercsidrivers - singular: clustercsidriver - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ClusterCSIDriver object allows management and configuration - of a CSI driver operator installed by default in OpenShift. Name of the - object must be name of the CSI driver it operates. See CSIDriverName type - for list of allowed values. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - properties: - name: - enum: - - ebs.csi.aws.com - - efs.csi.aws.com - - disk.csi.azure.com - - file.csi.azure.com - - filestore.csi.storage.gke.io - - pd.csi.storage.gke.io - - cinder.csi.openstack.org - - csi.vsphere.vmware.com - - manila.csi.openstack.org - - csi.ovirt.org - - csi.kubevirt.io - - csi.sharedresource.openshift.io - - diskplugin.csi.alibabacloud.com - - vpc.block.csi.ibm.io - - powervs.csi.ibm.com - - secrets-store.csi.k8s.io - - smb.csi.k8s.io - type: string - type: object - spec: - description: spec holds user settable values for configuration - properties: - driverConfig: - description: driverConfig can be used to specify platform specific - driver configuration. When omitted, this means no opinion and the - platform is left to choose reasonable defaults. These defaults are - subject to change over time. - properties: - aws: - description: aws is used to configure the AWS CSI driver. - properties: - kmsKeyARN: - description: kmsKeyARN sets the cluster default storage class - to encrypt volumes with a user-defined KMS key, rather than - the default KMS key used by AWS. The value may be either - the ARN or Alias ARN of a KMS key. - pattern: ^arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$ - type: string - type: object - azure: - description: azure is used to configure the Azure CSI driver. - properties: - diskEncryptionSet: - description: diskEncryptionSet sets the cluster default storage - class to encrypt volumes with a customer-managed encryption - set, rather than the default platform-managed keys. - properties: - name: - description: name is the name of the disk encryption set - that will be set on the default storage class. The value - should consist of only alphanumberic characters, underscores - (_), hyphens, and be at most 80 characters in length. - maxLength: 80 - pattern: ^[a-zA-Z0-9\_-]+$ - type: string - resourceGroup: - description: resourceGroup defines the Azure resource - group that contains the disk encryption set. The value - should consist of only alphanumberic characters, underscores - (_), parentheses, hyphens and periods. The value should - not end in a period and be at most 90 characters in - length. - maxLength: 90 - pattern: ^[\w\.\-\(\)]*[\w\-\(\)]$ - type: string - subscriptionID: - description: 'subscriptionID defines the Azure subscription - that contains the disk encryption set. The value should - meet the following conditions: 1. It should be a 128-bit - number. 2. It should be 36 characters (32 hexadecimal - characters and 4 hyphens) long. 3. It should be displayed - in five groups separated by hyphens (-). 4. The first - group should be 8 characters long. 5. The second, third, - and fourth groups should be 4 characters long. 6. The - fifth group should be 12 characters long. An Example - SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378' - maxLength: 36 - pattern: ^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$ - type: string - required: - - name - - resourceGroup - - subscriptionID - type: object - type: object - driverType: - description: 'driverType indicates type of CSI driver for which - the driverConfig is being applied to. Valid values are: AWS, - Azure, GCP, IBMCloud, vSphere and omitted. Consumers should - treat unknown values as a NO-OP.' - enum: - - "" - - AWS - - Azure - - GCP - - IBMCloud - - vSphere - type: string - gcp: - description: gcp is used to configure the GCP CSI driver. - properties: - kmsKey: - description: kmsKey sets the cluster default storage class - to encrypt volumes with customer-supplied encryption keys, - rather than the default keys managed by GCP. - properties: - keyRing: - description: keyRing is the name of the KMS Key Ring which - the KMS Key belongs to. The value should correspond - to an existing KMS key ring and should consist of only - alphanumeric characters, hyphens (-) and underscores - (_), and be at most 63 characters in length. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9\_-]+$ - type: string - location: - description: location is the GCP location in which the - Key Ring exists. The value must match an existing GCP - location, or "global". Defaults to global, if not set. - pattern: ^[a-zA-Z0-9\_-]+$ - type: string - name: - description: name is the name of the customer-managed - encryption key to be used for disk encryption. The value - should correspond to an existing KMS key and should - consist of only alphanumeric characters, hyphens (-) - and underscores (_), and be at most 63 characters in - length. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9\_-]+$ - type: string - projectID: - description: projectID is the ID of the Project in which - the KMS Key Ring exists. It must be 6 to 30 lowercase - letters, digits, or hyphens. It must start with a letter. - Trailing hyphens are prohibited. - maxLength: 30 - minLength: 6 - pattern: ^[a-z][a-z0-9-]+[a-z0-9]$ - type: string - required: - - keyRing - - name - - projectID - type: object - type: object - ibmcloud: - description: ibmcloud is used to configure the IBM Cloud CSI driver. - properties: - encryptionKeyCRN: - description: encryptionKeyCRN is the IBM Cloud CRN of the - customer-managed root key to use for disk encryption of - volumes for the default storage classes. - maxLength: 154 - minLength: 144 - pattern: ^crn:v[0-9]+:bluemix:(public|private):(kms|hs-crypto):[a-z-]+:a/[0-9a-f]+:[0-9a-f-]{36}:key:[0-9a-f-]{36}$ - type: string - required: - - encryptionKeyCRN - type: object - vSphere: - description: vsphere is used to configure the vsphere CSI driver. - properties: - topologyCategories: - description: topologyCategories indicates tag categories with - which vcenter resources such as hostcluster or datacenter - were tagged with. If cluster Infrastructure object has a - topology, values specified in Infrastructure object will - be used and modifications to topologyCategories will be - rejected. - items: - type: string - type: array - type: object - required: - - driverType - type: object - x-kubernetes-validations: - - message: ibmcloud must be set if driverType is 'IBMCloud', but remain - unset otherwise - rule: 'has(self.driverType) && self.driverType == ''IBMCloud'' ? - has(self.ibmcloud) : !has(self.ibmcloud)' - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - storageClassState: - description: StorageClassState determines if CSI operator should create - and manage storage classes. If this field value is empty or Managed - - CSI operator will continuously reconcile storage class and create - if necessary. If this field value is Unmanaged - CSI operator will - not reconcile any previously created storage class. If this field - value is Removed - CSI operator will delete the storage class it - created previously. When omitted, this means the user has no opinion - and the platform chooses a reasonable default, which is subject - to change over time. The current default behaviour is Managed. - enum: - - "" - - Managed - - Unmanaged - - Removed - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch deleted file mode 100644 index ce0db8be98..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch +++ /dev/null @@ -1,23 +0,0 @@ -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/metadata/properties - value: - name: - type: string - enum: - - ebs.csi.aws.com - - efs.csi.aws.com - - disk.csi.azure.com - - file.csi.azure.com - - filestore.csi.storage.gke.io - - pd.csi.storage.gke.io - - cinder.csi.openstack.org - - csi.vsphere.vmware.com - - manila.csi.openstack.org - - csi.ovirt.org - - csi.kubevirt.io - - csi.sharedresource.openshift.io - - diskplugin.csi.alibabacloud.com - - vpc.block.csi.ibm.io - - powervs.csi.ibm.com - - secrets-store.csi.k8s.io - - smb.csi.k8s.io diff --git a/vendor/github.com/openshift/api/operator/v1/00_console-operator.crd.yaml b/vendor/github.com/openshift/api/operator/v1/00_console-operator.crd.yaml deleted file mode 100644 index b61baf16e1..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/00_console-operator.crd.yaml +++ /dev/null @@ -1,636 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/486 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: consoles.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: Console - listKind: ConsoleList - plural: consoles - singular: console - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Console provides a means to configure an operator to manage - the console. \n Compatibility level 1: Stable within a major release for - a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsoleSpec is the specification of the desired behavior - of the Console. - properties: - customization: - description: customization is used to optionally provide a small set - of customization options to the web console. - properties: - addPage: - description: addPage allows customizing actions on the Add page - in developer perspective. - properties: - disabledActions: - description: disabledActions is a list of actions that are - not shown to users. Each action in the list is represented - by its ID. - items: - type: string - minItems: 1 - type: array - type: object - brand: - description: brand is the default branding of the web console - which can be overridden by providing the brand field. There - is a limited set of specific brand options. This field controls - elements of the console such as the logo. Invalid value will - prevent a console rollout. - enum: - - openshift - - okd - - online - - ocp - - dedicated - - azure - - OpenShift - - OKD - - Online - - OCP - - Dedicated - - Azure - - ROSA - type: string - customLogoFile: - description: 'customLogoFile replaces the default OpenShift logo - in the masthead and about dialog. It is a reference to a ConfigMap - in the openshift-config namespace. This can be created with - a command like ''oc create configmap custom-logo --from-file=/path/to/file - -n openshift-config''. Image size must be less than 1 MB due - to constraints on the ConfigMap size. The ConfigMap key should - include a file extension so that the console serves the file - with the correct MIME type. Recommended logo specifications: - Dimensions: Max height of 68px and max width of 200px SVG format - preferred' - properties: - key: - description: Key allows pointing to a specific key/value inside - of the configmap. This is useful for logical file references. - type: string - name: - type: string - type: object - customProductName: - description: customProductName is the name that will be displayed - in page titles, logo alt text, and the about dialog instead - of the normal OpenShift product name. - type: string - developerCatalog: - description: developerCatalog allows to configure the shown developer - catalog categories (filters) and types (sub-catalogs). - properties: - categories: - description: categories which are shown in the developer catalog. - items: - description: DeveloperConsoleCatalogCategory for the developer - console catalog. - properties: - id: - description: ID is an identifier used in the URL to - enable deep linking in console. ID is required and - must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. - maxLength: 32 - minLength: 1 - pattern: ^[A-Za-z0-9-_]+$ - type: string - label: - description: label defines a category display label. - It is required and must have 1-64 characters. - maxLength: 64 - minLength: 1 - type: string - subcategories: - description: subcategories defines a list of child categories. - items: - description: DeveloperConsoleCatalogCategoryMeta are - the key identifiers of a developer catalog category. - properties: - id: - description: ID is an identifier used in the URL - to enable deep linking in console. ID is required - and must have 1-32 URL safe (A-Z, a-z, 0-9, - - and _) characters. - maxLength: 32 - minLength: 1 - pattern: ^[A-Za-z0-9-_]+$ - type: string - label: - description: label defines a category display - label. It is required and must have 1-64 characters. - maxLength: 64 - minLength: 1 - type: string - tags: - description: tags is a list of strings that will - match the category. A selected category show - all items which has at least one overlapping - tag between category and item. - items: - type: string - type: array - required: - - id - - label - type: object - type: array - tags: - description: tags is a list of strings that will match - the category. A selected category show all items which - has at least one overlapping tag between category - and item. - items: - type: string - type: array - required: - - id - - label - type: object - type: array - types: - description: types allows enabling or disabling of sub-catalog - types that user can see in the Developer catalog. When omitted, - all the sub-catalog types will be shown. - properties: - disabled: - description: 'disabled is a list of developer catalog - types (sub-catalogs IDs) that are not shown to users. - Types (sub-catalogs) are added via console plugins, - the available types (sub-catalog IDs) are available - in the console on the cluster configuration page, or - when editing the YAML in the console. Example: "Devfile", - "HelmChart", "BuilderImage" If the list is empty or - all the available sub-catalog types are added, then - the complete developer catalog should be hidden.' - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - description: 'enabled is a list of developer catalog types - (sub-catalogs IDs) that will be shown to users. Types - (sub-catalogs) are added via console plugins, the available - types (sub-catalog IDs) are available in the console - on the cluster configuration page, or when editing the - YAML in the console. Example: "Devfile", "HelmChart", - "BuilderImage" If the list is non-empty, a new type - will not be shown to the user until it is added to list. - If the list is empty the complete developer catalog - will be shown.' - items: - type: string - type: array - x-kubernetes-list-type: set - state: - default: Enabled - description: state defines if a list of catalog types - should be enabled or disabled. - enum: - - Enabled - - Disabled - type: string - required: - - state - type: object - x-kubernetes-validations: - - message: enabled is forbidden when state is not Enabled - rule: 'self.state == ''Enabled'' ? true : !has(self.enabled)' - - message: disabled is forbidden when state is not Disabled - rule: 'self.state == ''Disabled'' ? true : !has(self.disabled)' - type: object - documentationBaseURL: - description: documentationBaseURL links to external documentation - are shown in various sections of the web console. Providing - documentationBaseURL will override the default documentation - URL. Invalid value will prevent a console rollout. - pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))\/$ - type: string - perspectives: - description: perspectives allows enabling/disabling of perspective(s) - that user can see in the Perspective switcher dropdown. - items: - description: Perspective defines a perspective that cluster - admins want to show/hide in the perspective switcher dropdown - properties: - id: - description: 'id defines the id of the perspective. Example: - "dev", "admin". The available perspective ids can be found - in the code snippet section next to the yaml editor. Incorrect - or unknown ids will be ignored.' - type: string - pinnedResources: - description: pinnedResources defines the list of default - pinned resources that users will see on the perspective - navigation if they have not customized these pinned resources - themselves. The list of available Kubernetes resources - could be read via `kubectl api-resources`. The console - will also provide a configuration UI and a YAML snippet - that will list the available resources that can be pinned - to the navigation. Incorrect or unknown resources will - be ignored. - items: - description: PinnedResourceReference includes the group, - version and type of resource - properties: - group: - description: 'group is the API Group of the Resource. - Enter empty string for the core group. This value - should consist of only lowercase alphanumeric characters, - hyphens and periods. Example: "", "apps", "build.openshift.io", - etc.' - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - resource: - description: 'resource is the type that is being referenced. - It is normally the plural form of the resource kind - in lowercase. This value should consist of only - lowercase alphanumeric characters and hyphens. Example: - "deployments", "deploymentconfigs", "pods", etc.' - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - version: - description: 'version is the API Version of the Resource. - This value should consist of only lowercase alphanumeric - characters. Example: "v1", "v1beta1", etc.' - pattern: ^[a-z0-9]+$ - type: string - required: - - group - - resource - - version - type: object - maxItems: 100 - type: array - visibility: - description: visibility defines the state of perspective - along with access review checks if needed for that perspective. - properties: - accessReview: - description: accessReview defines required and missing - access review checks. - minProperties: 1 - properties: - missing: - description: missing defines a list of permission - checks. The perspective will only be shown when - at least one check fails. When omitted, the access - review is skipped and the perspective will not - be shown unless it is required to do so based - on the configuration of the required access review - list. - items: - description: ResourceAttributes includes the authorization - attributes available for resource requests to - the Authorizer interface - properties: - group: - description: Group is the API Group of the - Resource. "*" means all. - type: string - name: - description: Name is the name of the resource - being requested for a "get" or deleted for - a "delete". "" (empty) means all. - type: string - namespace: - description: Namespace is the namespace of - the action being requested. Currently, - there is no distinction between no namespace - and all namespaces "" (empty) is defaulted - for LocalSubjectAccessReviews "" (empty) - is empty for cluster-scoped resources "" - (empty) means "all" for namespace scoped - resources from a SubjectAccessReview or - SelfSubjectAccessReview - type: string - resource: - description: Resource is one of the existing - resource types. "*" means all. - type: string - subresource: - description: Subresource is one of the existing - resource types. "" means none. - type: string - verb: - description: 'Verb is a kubernetes resource - API verb, like: get, list, watch, create, - update, delete, proxy. "*" means all.' - type: string - version: - description: Version is the API Version of - the Resource. "*" means all. - type: string - type: object - type: array - required: - description: required defines a list of permission - checks. The perspective will only be shown when - all checks are successful. When omitted, the access - review is skipped and the perspective will not - be shown unless it is required to do so based - on the configuration of the missing access review - list. - items: - description: ResourceAttributes includes the authorization - attributes available for resource requests to - the Authorizer interface - properties: - group: - description: Group is the API Group of the - Resource. "*" means all. - type: string - name: - description: Name is the name of the resource - being requested for a "get" or deleted for - a "delete". "" (empty) means all. - type: string - namespace: - description: Namespace is the namespace of - the action being requested. Currently, - there is no distinction between no namespace - and all namespaces "" (empty) is defaulted - for LocalSubjectAccessReviews "" (empty) - is empty for cluster-scoped resources "" - (empty) means "all" for namespace scoped - resources from a SubjectAccessReview or - SelfSubjectAccessReview - type: string - resource: - description: Resource is one of the existing - resource types. "*" means all. - type: string - subresource: - description: Subresource is one of the existing - resource types. "" means none. - type: string - verb: - description: 'Verb is a kubernetes resource - API verb, like: get, list, watch, create, - update, delete, proxy. "*" means all.' - type: string - version: - description: Version is the API Version of - the Resource. "*" means all. - type: string - type: object - type: array - type: object - state: - description: state defines the perspective is enabled - or disabled or access review check is required. - enum: - - Enabled - - Disabled - - AccessReview - type: string - required: - - state - type: object - x-kubernetes-validations: - - message: accessReview configuration is required when state - is AccessReview, and forbidden otherwise - rule: 'self.state == ''AccessReview'' ? has(self.accessReview) - : !has(self.accessReview)' - required: - - id - - visibility - type: object - x-kubernetes-validations: - - message: pinnedResources is allowed only for dev and forbidden - for other perspectives - rule: 'has(self.id) && self.id != ''dev''? !has(self.pinnedResources) - : true' - type: array - x-kubernetes-list-map-keys: - - id - x-kubernetes-list-type: map - projectAccess: - description: projectAccess allows customizing the available list - of ClusterRoles in the Developer perspective Project access - page which can be used by a project admin to specify roles to - other users and restrict access within the project. If set, - the list will replace the default ClusterRole options. - properties: - availableClusterRoles: - description: availableClusterRoles is the list of ClusterRole - names that are assignable to users through the project access - tab. - items: - type: string - type: array - type: object - quickStarts: - description: quickStarts allows customization of available ConsoleQuickStart - resources in console. - properties: - disabled: - description: disabled is a list of ConsoleQuickStart resource - names that are not shown to users. - items: - type: string - type: array - type: object - type: object - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - plugins: - description: plugins defines a list of enabled console plugin names. - items: - type: string - type: array - providers: - description: providers contains configuration for using specific service - providers. - properties: - statuspage: - description: statuspage contains ID for statuspage.io page that - provides status info about. - properties: - pageID: - description: pageID is the unique ID assigned by Statuspage - for your page. This must be a public page. - type: string - type: object - type: object - route: - description: route contains hostname and secret reference that contains - the serving certificate. If a custom route is specified, a new route - will be created with the provided hostname, under which console - will be available. In case of custom hostname uses the default routing - suffix of the cluster, the Secret specification for a serving certificate - will not be needed. In case of custom hostname points to an arbitrary - domain, manual DNS configurations steps are necessary. The default - console route will be maintained to reserve the default hostname - for console if the custom route is removed. If not specified, default - route will be used. DEPRECATED - properties: - hostname: - description: hostname is the desired custom domain under which - console will be available. - type: string - secret: - description: 'secret points to secret in the openshift-config - namespace that contains custom certificate and key and needs - to be created manually by the cluster admin. Referenced Secret - is required to contain following key value pairs: - "tls.crt" - - to specifies custom certificate - "tls.key" - to specifies - private key of the custom certificate If the custom hostname - uses the default routing suffix of the cluster, the Secret specification - for a serving certificate will not be needed.' - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - type: object - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: ConsoleStatus defines the observed status of the Console. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/custom.network.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/custom.network.testsuite.yaml deleted file mode 100644 index ab12cfdd4e..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/custom.network.testsuite.yaml +++ /dev/null @@ -1,100 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] Network" -crd: 0000_70_cluster-network-operator_01-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - mode: Live - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - migration: - mode: Live - - name: Should be able to create mtu migration without setting the migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - mtu: - network: - from: 1450 - to: 1400 - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - migration: - mtu: - network: - from: 1450 - to: 1400 - - name: Should be able to create networkType migration in in offline migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - networkType: OVNKubernetes - mode: Offline - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - migration: - networkType: OVNKubernetes - mode: Offline - - name: Should throw an error when mtu and networkType migration is created in offline migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - networkType: OVNKubernetes - mtu: - network: - from: 1450 - to: 1400 - mode: Offline - expectedError: "networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" - - name: Should be able to create mtu and networkType migration in live migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - networkType: OVNKubernetes - mtu: - network: - from: 1450 - to: 1400 - mode: Live - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - migration: - networkType: OVNKubernetes - mtu: - network: - from: 1450 - to: 1400 - mode: Live diff --git a/vendor/github.com/openshift/api/operator/v1/stable.authentication.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.authentication.testsuite.yaml deleted file mode 100644 index 8ec1f66501..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.authentication.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Authentication" -crd: 0000_50_cluster-authentication-operator_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Authentication - initial: | - apiVersion: operator.openshift.io/v1 - kind: Authentication - spec: {} # No spec is required for a Authentication - expected: | - apiVersion: operator.openshift.io/v1 - kind: Authentication - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.cloudcredential.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.cloudcredential.testsuite.yaml deleted file mode 100644 index fa3c34bff6..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.cloudcredential.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] CloudCredential" -crd: 0000_40_cloud-credential-operator_00_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal CloudCredential - initial: | - apiVersion: operator.openshift.io/v1 - kind: CloudCredential - spec: {} # No spec is required for a CloudCredential - expected: | - apiVersion: operator.openshift.io/v1 - kind: CloudCredential - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.clustercsidriver.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.clustercsidriver.testsuite.yaml deleted file mode 100644 index 7a159da860..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.clustercsidriver.testsuite.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ClusterCSIDriver" -crd: 0000_90_cluster_csi_driver_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ClusterCSIDriver - initial: | - apiVersion: operator.openshift.io/v1 - kind: ClusterCSIDriver - metadata: - name: csi.sharedresource.openshift.io - spec: {} # No spec is required for a ClusterCSIDriver - expected: | - apiVersion: operator.openshift.io/v1 - kind: ClusterCSIDriver - metadata: - name: csi.sharedresource.openshift.io - spec: - logLevel: Normal - operatorLogLevel: Normal - - name: IBM Cloud CSIDriverType must have a defined IBM Cloud spec - initial: | - apiVersion: operator.openshift.io/v1 - kind: ClusterCSIDriver - metadata: - name: csi.sharedresource.openshift.io - spec: - driverConfig: - driverType: IBMCloud - expectedError: "Invalid value: \"object\": ibmcloud must be set if driverType is 'IBMCloud', but remain unset otherwise" - - name: IBM Cloud spec must have an EncryptionKeyCRN defined - initial: | - apiVersion: operator.openshift.io/v1 - kind: ClusterCSIDriver - metadata: - name: csi.sharedresource.openshift.io - spec: - driverConfig: - driverType: IBMCloud - ibmcloud: {} - expectedError: "spec.driverConfig.ibmcloud.encryptionKeyCRN: Required value, : Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation" diff --git a/vendor/github.com/openshift/api/operator/v1/stable.config.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.config.testsuite.yaml deleted file mode 100644 index e3708dd00d..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.config.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Config" -crd: 0000_10_config-operator_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Config - initial: | - apiVersion: operator.openshift.io/v1 - kind: Config - spec: {} # No spec is required for a Config - expected: | - apiVersion: operator.openshift.io/v1 - kind: Config - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml deleted file mode 100644 index 065d490e45..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml +++ /dev/null @@ -1,157 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Console" -crd: 00_console-operator.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Console - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: {} # No spec is required for a Console - expected: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - logLevel: Normal - operatorLogLevel: Normal - - name: Should be able to customize perspectives - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: dev - visibility: - state: Enabled - - id: admin - visibility: - state: Disabled - expected: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - logLevel: Normal - operatorLogLevel: Normal - customization: - perspectives: - - id: dev - visibility: - state: Enabled - - id: admin - visibility: - state: Disabled - - name: Should throw an error for incorrect value of state in perspectives - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: dev - visibility: - state: Enables - expectedError: "spec.customization.perspectives[0].visibility.state: Unsupported value: \"Enables\": supported values: \"Enabled\", \"Disabled\", \"AccessReview\"" - - name: Should be able to add pinned resources to a perspective - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: dev - visibility: - state: Enabled - pinnedResources: - - group: "" - resource: configmaps - version: v1 - expected: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - logLevel: Normal - operatorLogLevel: Normal - customization: - perspectives: - - id: dev - visibility: - state: Enabled - pinnedResources: - - group: "" - resource: configmaps - version: v1 - - name: Should not be able to add pinned resources to "admin" perspective - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: admin - visibility: - state: Enabled - pinnedResources: - - group: "" - resource: configmaps - version: v1 - expectedError: "pinnedResources is allowed only for dev and forbidden for other perspectives" - - name: Should throw an error if "group" is missing from the pinnedResources - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: dev - visibility: - state: Enabled - pinnedResources: - - resource: configmaps - version: v1 - expectedError: "spec.customization.perspectives[0].pinnedResources[0].group: Required value" - - name: Should throw an error if the value of "version" in the pinnedResources doesnot match the required regex - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: dev - visibility: - state: Enabled - pinnedResources: - - group: "" - resource: configmaps - version: v' - expectedError: "spec.customization.perspectives[0].pinnedResources[0].version in body should match '^[a-z0-9]+$'" - - name: Should throw an error if the value of "group" in the pinnedResources doesnot match the required regex - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: dev - visibility: - state: Enabled - pinnedResources: - - group: .apps. - resource: deployments - version: v1 - expectedError: "spec.customization.perspectives[0].pinnedResources[0].group in body should match '^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'" - - name: Should throw an error if the value of "resource" in the pinnedResources doesnot match the required regex - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: dev - visibility: - state: Enabled - pinnedResources: - - group: apps - resource: Deployment - version: v1 - expectedError: "spec.customization.perspectives[0].pinnedResources[0].resource in body should match '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'" diff --git a/vendor/github.com/openshift/api/operator/v1/stable.csisnapshotcontroller.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.csisnapshotcontroller.testsuite.yaml deleted file mode 100644 index f87e08121e..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.csisnapshotcontroller.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] CSISnapshotController" -crd: 0000_80_csi_snapshot_controller_operator_01_crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal CSISnapshotController - initial: | - apiVersion: operator.openshift.io/v1 - kind: CSISnapshotController - spec: {} # No spec is required for a CSISnapshotController - expected: | - apiVersion: operator.openshift.io/v1 - kind: CSISnapshotController - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.dns.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.dns.testsuite.yaml deleted file mode 100644 index 1f2def70cf..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.dns.testsuite.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] DNS" -crd: 0000_70_dns-operator_00.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal DNS - initial: | - apiVersion: operator.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS - expected: | - apiVersion: operator.openshift.io/v1 - kind: DNS - spec: - logLevel: Normal - operatorLogLevel: Normal - upstreamResolvers: - policy: Sequential - upstreams: - - port: 53 - type: SystemResolvConf diff --git a/vendor/github.com/openshift/api/operator/v1/stable.etcd.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.etcd.testsuite.yaml deleted file mode 100644 index 8652538360..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.etcd.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Etcd" -crd: 0000_12_etcd-operator_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Etcd - initial: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: {} # No spec is required for a Etcd - expected: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml deleted file mode 100644 index 903d8e60c5..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml +++ /dev/null @@ -1,478 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] IngressController" -crd: 0000_50_ingress-operator_00-ingresscontroller.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal IngressController - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - spec: {} # No spec is required for a IngressController - expected: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - spec: - httpEmptyRequestsPolicy: Respond - - name: Should be able to create an IngressController with valid Actions - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: X-Cache-Info - action: - type: Set - set: - value: "not cacheable; meta data too large" - - name: X-XSS-Protection - action: - type: Delete - - name: X-Source - action: - type: Set - set: - value: "%[res.hdr(X-Value),lower]" - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,base64]" - - name: Content-Language - action: - type: Delete - - name: X-Target - action: - type: Set - set: - value: "%[req.hdr(host),lower]" - - name: X-Conditional - action: - type: Set - set: - value: "%[req.hdr(Host)] if foo" - - name: X-Condition - action: - type: Set - set: - value: "%[req.hdr(Host)]\ if\ foo" - expected: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - spec: - httpEmptyRequestsPolicy: Respond - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: X-Cache-Info - action: - type: Set - set: - value: "not cacheable; meta data too large" - - name: X-XSS-Protection - action: - type: Delete - - name: X-Source - action: - type: Set - set: - value: "%[res.hdr(X-Value),lower]" - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,base64]" - - name: Content-Language - action: - type: Delete - - name: X-Target - action: - type: Set - set: - value: "%[req.hdr(host),lower]" - - name: X-Conditional - action: - type: Set - set: - value: "%[req.hdr(Host)] if foo" - - name: X-Condition - action: - type: Set - set: - value: "%[req.hdr(Host)]\ if\ foo" - - name: Should not allow to set/delete HSTS header. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-hsts - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: Strict-Transport-Security - action: - type: Delete - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - expectedError: "strict-transport-security header may not be modified via header actions" - - name: Should not allow to set/delete Proxy header. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-hsts - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - request: - - name: Proxy - action: - type: Set - set: - value: example.xyz - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - expectedError: "proxy header may not be modified via header actions" - - name: Should not allow to set/delete Host header. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-hsts - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - request: - - name: Host - action: - type: Set - set: - value: example.xyz - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - expectedError: "host header may not be modified via header actions" - - name: Should not allow to set/delete cookie header. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-hsts - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - request: - - name: Cookie - action: - type: Set - set: - value: "PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1" - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - expectedError: "cookie header may not be modified via header actions" - - name: Should not allow to set/delete set-cookie header. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-hsts - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: Set-Cookie - action: - type: Set - set: - value: "sessionId=e8bb43229de9; Domain=foo.example.com" - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - expectedError: "set-cookie header may not be modified via header actions" - - name: Should not allow to set/delete dynamic headers with unclosed braces. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-unclosed-braces - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - - name: expires - action: - type: Set - set: - value: "%[req.hdr(host),lower" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set dynamic response header values with not allowed sample fetchers. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: X-Target - action: - type: Set - set: - value: "%[req.hdrs(host),lower]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow empty value in response. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: - expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' - - name: Should not allow empty value in request. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - request: - - name: X-Frame-Options - action: - type: Set - set: - value: - expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.request[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' - - name: Should not allow to set dynamic response header values with not allowed converters. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: X-Source - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,bogus]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set dynamic request header values containing sample fetcher res.hdr. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - request: - - name: X-Target - action: - type: Set - set: - value: "%[res.hdr(X-Value),lower]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set dynamic response headers value containing sample fetcher req.hdr. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Source - action: - type: Set - set: - value: "%[req.hdr(host),lower]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set dynamic request header values with not allowed converters. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - request: - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,hello]" - - name: Content-Language - action: - type: Delete - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set dynamic request header values with not allowed sample fetchers. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - request: - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der1234,base64]" - - name: Content-Language - action: - type: Delete - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should be required to specify the set field when the discriminant type is Set. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - expectedError: "set is required when type is Set, and forbidden otherwise" - - name: Should be able to add set field only when discriminant type is Set. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - set: - value: DENY - expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.type: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' diff --git a/vendor/github.com/openshift/api/operator/v1/stable.insightsoperator.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.insightsoperator.testsuite.yaml deleted file mode 100644 index f17d7ae26c..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.insightsoperator.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] InsightsOperator" -crd: 0000_50_insights-operator_00-insightsoperator.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal InsightsOperator - initial: | - apiVersion: operator.openshift.io/v1 - kind: InsightsOperator - spec: {} # No spec is required for a InsightsOperator - expected: | - apiVersion: operator.openshift.io/v1 - kind: InsightsOperator - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.kubeapiserver.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.kubeapiserver.testsuite.yaml deleted file mode 100644 index 0428bde074..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.kubeapiserver.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] KubeAPIServer" -crd: 0000_20_kube-apiserver-operator_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal KubeAPIServer - initial: | - apiVersion: operator.openshift.io/v1 - kind: KubeAPIServer - spec: {} # No spec is required for a KubeAPIServer - expected: | - apiVersion: operator.openshift.io/v1 - kind: KubeAPIServer - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.kubecontrollermanager.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.kubecontrollermanager.testsuite.yaml deleted file mode 100644 index 44286f6591..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.kubecontrollermanager.testsuite.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] KubeControllerManager" -crd: 0000_25_kube-controller-manager-operator_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal KubeControllerManager - initial: | - apiVersion: operator.openshift.io/v1 - kind: KubeControllerManager - spec: {} # No spec is required for a KubeControllerManager - expected: | - apiVersion: operator.openshift.io/v1 - kind: KubeControllerManager - spec: - logLevel: Normal - operatorLogLevel: Normal - useMoreSecureServiceCA: false diff --git a/vendor/github.com/openshift/api/operator/v1/stable.kubescheduler.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.kubescheduler.testsuite.yaml deleted file mode 100644 index 0096050396..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.kubescheduler.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] KubeScheduler" -crd: 0000_25_kube-scheduler-operator_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal KubeScheduler - initial: | - apiVersion: operator.openshift.io/v1 - kind: KubeScheduler - spec: {} # No spec is required for a KubeScheduler - expected: | - apiVersion: operator.openshift.io/v1 - kind: KubeScheduler - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.kubestorageversionmigrator.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.kubestorageversionmigrator.testsuite.yaml deleted file mode 100644 index a0b194406c..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.kubestorageversionmigrator.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] KubeStorageVersionMigrator" -crd: 0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal KubeStorageVersionMigrator - initial: | - apiVersion: operator.openshift.io/v1 - kind: KubeStorageVersionMigrator - spec: {} # No spec is required for a KubeStorageVersionMigrator - expected: | - apiVersion: operator.openshift.io/v1 - kind: KubeStorageVersionMigrator - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.machineconfiguration.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.machineconfiguration.testsuite.yaml deleted file mode 100644 index 6992a8eaa9..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.machineconfiguration.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] MachineConfiguration" -crd: 0000_80_machine-config-operator_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal MachineConfiguration - initial: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: {} # No spec is required for a MachineConfiguration - expected: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml deleted file mode 100644 index 7590f57142..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml +++ /dev/null @@ -1,409 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Network" -crd: 0000_70_cluster-network-operator_01-Default.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Network - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: {} # No spec is required for a Network - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: Should be able to pass a valid IPV4 CIDR to IPV4 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv4: - internalMasqueradeSubnet: "169.254.168.0/29" - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - routingViaHost: false - ipv4: - internalMasqueradeSubnet: "169.254.168.0/29" - ipsecConfig: - mode: Disabled - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: Should not be able to pass CIDR with a subnet larger than /29 to IPV4 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv4: - internalMasqueradeSubnet: 10.10.10.10/32 - expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /29 inclusive" - - name: Should not be able to pass CIDR with a subnet smaller than /0 to IPV4 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv4: - internalMasqueradeSubnet: 10.10.10.10/-1 - expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /29 inclusive" - - name: Should not be able to add an IP address with the incorrect number of octets to IPV4 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv4: - internalMasqueradeSubnet: 10.10.10/24 - expectedError: "Invalid value: \"string\": a valid IPv4 address must contain 4 octets" - - name: Should not be able to add an IP address with leading zeros in an octet to IPV4 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv4: - internalMasqueradeSubnet: 10.10.010.10/24 - expectedError: "Invalid value: \"string\": IP address octets must not contain leading zeros, and must be less or equal to 255" - - name: Should not be able to add an IP address with with zero for the first octet to internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv4: - internalMasqueradeSubnet: 0.10.10.10/24 - expectedError: "Invalid value: \"string\": first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255" - - name: Should not be able to add an IP address with an octet greater than 255 to IPV4 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv4: - internalMasqueradeSubnet: 10.10.10.256/24 - expectedError: "Invalid value: \"string\": IP address octets must not contain leading zeros, and must be less or equal to 255" - - name: Should be able to pass a valid IPV6 CIDR to IPV6 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" - routingViaHost: false - ipsecConfig: - mode: Disabled - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: Should be able to pass a valid shorthand IPV6 CIDR to IPV6 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20" - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - routingViaHost: false - ipv6: - internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20" - ipsecConfig: - mode: Disabled - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: Should not be able to pass invalid IPV6 CIDR to IPV6 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "foo" - expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /125 inclusive" - - name: Should not be able to add an IP address with the more than 8 octets to IPV6 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:6789:abcd/125 - expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" - - name: Should not be able to add a dual IP address to IPV6 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:1.2.3.4/125 - expectedError: "Invalid value: \"string\": IPv6 dual addresses are not permitted, value should not contain `.` characters" - - name: Should be able to pass a double elided IPV6 CIDR to IPV6 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd::ef01::2345:6789/20" - expectedError: "Invalid value: \"string\": IPv6 addresses must contain at most one '::' and may only be shortened once" - - name: "Should not be able to pass a complete IPV6 CIDR with a :: expander to v6InternalMasqueradeSubnet" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd:ef01:2345:6789::abcd:ef01:2345:6789/125" - expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" - - name: Should not be able to pass a IPV6 CIDR without enough segments to v6InternalMasqueradeSubnet" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345/125" - expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" - - name: "Should not be able to pass an elided IPV6 CIDR with only a single empty segment to IPV6 internalMasqueradeSubnet" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345::/125" - expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" - - name: "Should not be able to pass an invalid IPV6 CIDR with a segment that contains invalid values" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "xbcd:ef01:2345:6789::2345:6789/20" - expectedError: "Invalid value: \"string\": each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 1" - - name: "Should not be able to pass an invalid IPV6 CIDR with a segment that is 5 characters long" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd:eff01:2345:6789::2345:6789/20" - expectedError: "Invalid value: \"string\": each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 2" - - name: Should be able to create migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - mode: Live - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - migration: - mode: Live - - name: "IPsec - Empty ipsecConfig is allowed in initial state" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: {} - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: {} - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: "IPsec - Populated ipsecConfig is allowed" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: - mode: Full - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: - mode: Full - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: "IPsec - Start without setting ipsecConfig" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: {} - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: "IPsec - empty string is not allowed" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: - mode: "" - expectedError: "Unsupported value: \"\": supported values: \"Disabled\", \"External\", \"Full\"" - onUpdate: - - name: "IPsec - Removing ipsecConfig.mode is not allowed" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: - mode: Full - updated: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: {} - expectedError: "ipsecConfig.mode is required" - - name: "IPsec - Disabling IPsec" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: - mode: Full - updated: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: - mode: Disabled - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: - mode: Disabled - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: "IPsec - Empty ipsecConfig when changing other parameters" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: {} - updated: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: {} - mtu: 5888 - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: {} - mtu: 5888 - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.openshiftapiserver.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.openshiftapiserver.testsuite.yaml deleted file mode 100644 index 385c2940ba..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.openshiftapiserver.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] OpenShiftAPIServer" -crd: 0000_30_openshift-apiserver-operator_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal OpenShiftAPIServer - initial: | - apiVersion: operator.openshift.io/v1 - kind: OpenShiftAPIServer - spec: {} # No spec is required for a OpenShiftAPIServer - expected: | - apiVersion: operator.openshift.io/v1 - kind: OpenShiftAPIServer - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml deleted file mode 100644 index 05c1cf66fd..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] OpenShiftControllerManager" -crd: 0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal OpenShiftControllerManager - initial: | - apiVersion: operator.openshift.io/v1 - kind: OpenShiftControllerManager - spec: {} # No spec is required for a OpenShiftControllerManager - expected: | - apiVersion: operator.openshift.io/v1 - kind: OpenShiftControllerManager - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.serviceca.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.serviceca.testsuite.yaml deleted file mode 100644 index 0463461426..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.serviceca.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ServiceCA" -crd: 0000_50_service-ca-operator_02_crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ServiceCA - initial: | - apiVersion: operator.openshift.io/v1 - kind: ServiceCA - spec: {} # No spec is required for a ServiceCA - expected: | - apiVersion: operator.openshift.io/v1 - kind: ServiceCA - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.storage.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.storage.testsuite.yaml deleted file mode 100644 index 98afa6ea72..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.storage.testsuite.yaml +++ /dev/null @@ -1,113 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Storage" -crd: 0000_50_cluster_storage_operator_01_crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Storage - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: {} # No spec is required for a Storage - expected: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - logLevel: Normal - operatorLogLevel: Normal - onCreate: - - name: Should allow creating Storage with vsphere migration enabled - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: CSIWithMigrationDriver - expected: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: CSIWithMigrationDriver - logLevel: Normal - operatorLogLevel: Normal - onCreate: - - name: Should not allow creating Storage with vsphere migration disabled - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: LegacyDeprecatedInTreeDriver - expectedError: "VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver" - onUpdate: - - name: Should allow enabling CSI migration for vSphere - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: {} # No spec is required - updated: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: CSIWithMigrationDriver - expected: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: CSIWithMigrationDriver - logLevel: Normal - operatorLogLevel: Normal - - name: Should not allow disabling CSI migration for vSphere - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: {} # No spec is required - updated: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: LegacyDeprecatedInTreeDriver - expectedError: "VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver" - - name: Should not allow changing CSIWithMigrationDriver to LegacyDeprecatedInTreeDriver - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: CSIWithMigrationDriver - updated: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: LegacyDeprecatedInTreeDriver - expectedError: "VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver" - - name: Should allow changing CSIWithMigrationDriver to empty string - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: CSIWithMigrationDriver - updated: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: "" - expected: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: "" - logLevel: Normal - operatorLogLevel: Normal - - name: Should allow unsetting VSphereStorageDriver once it is set - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: CSIWithMigrationDriver - updated: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: {} - expected: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml deleted file mode 100644 index 27108a3af1..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreview] Etcd" -crd: 0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create with Standard hardware speed - initial: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Standard - expected: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - logLevel: Normal - operatorLogLevel: Normal - controlPlaneHardwareSpeed: Standard - - name: Should be able to create with Slower hardware speed - initial: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Slower - expected: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - logLevel: Normal - operatorLogLevel: Normal - controlPlaneHardwareSpeed: Slower - onUpdate: - - name: Should be able to create with Standard, then set to Slower - initial: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Standard - updated: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Slower - expected: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - logLevel: Normal - operatorLogLevel: Normal - controlPlaneHardwareSpeed: Slower - - name: Should not be allowed to try to set invalid hardware speed - initial: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Standard - updated: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: foo - expectedError: Unsupported value diff --git a/vendor/github.com/openshift/api/operator/v1/techpreview.network.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/techpreview.network.testsuite.yaml deleted file mode 100644 index 6eacb42df4..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/techpreview.network.testsuite.yaml +++ /dev/null @@ -1,100 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] Network" -crd: 0000_70_cluster-network-operator_01-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - mode: Live - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - migration: - mode: Live - - name: Should be able to create mtu migration without setting the migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - mtu: - network: - from: 1450 - to: 1400 - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - migration: - mtu: - network: - from: 1450 - to: 1400 - - name: Should be able to create networkType migration in in offline migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - networkType: OVNKubernetes - mode: Offline - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - migration: - networkType: OVNKubernetes - mode: Offline - - name: Should throw an error when mtu and networkType migration is created in offline migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - networkType: OVNKubernetes - mtu: - network: - from: 1450 - to: 1400 - mode: Offline - expectedError: "networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" - - name: Should be able to create mtu and networkType migration in live migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - networkType: OVNKubernetes - mtu: - network: - from: 1450 - to: 1400 - mode: Live - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - migration: - networkType: OVNKubernetes - mtu: - network: - from: 1450 - to: 1400 - mode: Live diff --git a/vendor/github.com/openshift/api/operator/v1/types.go b/vendor/github.com/openshift/api/operator/v1/types.go index 40037e1fe9..19bc5a359b 100644 --- a/vendor/github.com/openshift/api/operator/v1/types.go +++ b/vendor/github.com/openshift/api/operator/v1/types.go @@ -115,6 +115,8 @@ type OperatorStatus struct { ObservedGeneration int64 `json:"observedGeneration,omitempty"` // conditions is a list of conditions and their status + // +listType=map + // +listMapKey=type // +optional Conditions []OperatorCondition `json:"conditions,omitempty"` @@ -126,6 +128,7 @@ type OperatorStatus struct { ReadyReplicas int32 `json:"readyReplicas"` // generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. + // +listType=atomic // +optional Generations []GenerationStatus `json:"generations,omitempty"` } @@ -162,6 +165,7 @@ var ( // OperatorCondition is just the standard condition fields. type OperatorCondition struct { + // +kubebuilder:validation:Required Type string `json:"type"` Status ConditionStatus `json:"status"` LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` @@ -208,6 +212,8 @@ type StaticPodOperatorStatus struct { LatestAvailableRevisionReason string `json:"latestAvailableRevisionReason,omitempty"` // nodeStatuses track the deployment values and errors across individual nodes + // +listType=map + // +listMapKey=nodeName // +optional NodeStatuses []NodeStatus `json:"nodeStatuses,omitempty"` } @@ -215,6 +221,7 @@ type StaticPodOperatorStatus struct { // NodeStatus provides information about the current state of a particular node managed by this operator. type NodeStatus struct { // nodeName is the name of the node + // +kubebuilder:validation:Required NodeName string `json:"nodeName"` // currentRevision is the generation of the most recently successful deployment @@ -233,5 +240,6 @@ type NodeStatus struct { // lastFallbackCount is how often a fallback to a previous revision happened. LastFallbackCount int `json:"lastFallbackCount,omitempty"` // lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision. + // +listType=atomic LastFailedRevisionErrors []string `json:"lastFailedRevisionErrors,omitempty"` } diff --git a/vendor/github.com/openshift/api/operator/v1/types_authentication.go b/vendor/github.com/openshift/api/operator/v1/types_authentication.go index b2cf95816b..58d8748d97 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/operator/v1/types_authentication.go @@ -7,6 +7,12 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=authentications,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=authentication,operatorOrdering=01 +// +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true // Authentication provides information to configure an operator to manage authentication. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go b/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go index 7f16e18a6c..9666b27922 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go +++ b/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go @@ -7,6 +7,12 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=cloudcredentials,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/692 +// +openshift:capability=CloudCredential +// +openshift:file-pattern=cvoRunLevel=0000_40,operatorName=cloud-credential,operatorOrdering=00 // CloudCredential provides a means to configure an operator to manage CredentialsRequests. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_config.go b/vendor/github.com/openshift/api/operator/v1/types_config.go index 39b011717b..e7c6d59dbb 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_config.go +++ b/vendor/github.com/openshift/api/operator/v1/types_config.go @@ -7,6 +7,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=configs,scope=Cluster,categories=coreoperators +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/612 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components // on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters diff --git a/vendor/github.com/openshift/api/operator/v1/types_console.go b/vendor/github.com/openshift/api/operator/v1/types_console.go index 15d653ae4a..474253d5d7 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_console.go +++ b/vendor/github.com/openshift/api/operator/v1/types_console.go @@ -9,6 +9,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=consoles,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/486 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=console,operatorOrdering=01 // Console provides a means to configure an operator to manage the console. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index 00a36015e3..0156d6df32 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -16,6 +16,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clustercsidrivers,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/701 +// +openshift:file-pattern=cvoRunLevel=0000_90,operatorName=csi-driver,operatorOrdering=01 // ClusterCSIDriver object allows management and configuration of a CSI driver operator // installed by default in OpenShift. Name of the object must be name of the CSI driver @@ -160,7 +165,7 @@ type AWSCSIDriverConfigSpec struct { // kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, // rather than the default KMS key used by AWS. // The value may be either the ARN or Alias ARN of a KMS key. - // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$` + // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$` // +optional KMSKeyARN string `json:"kmsKeyARN,omitempty"` } @@ -284,7 +289,6 @@ type ClusterCSIDriverStatus struct { } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // ClusterCSIDriverList contains a list of ClusterCSIDriver // diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_snapshot.go b/vendor/github.com/openshift/api/operator/v1/types_csi_snapshot.go index f552711b02..f96384819c 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_snapshot.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_snapshot.go @@ -7,6 +7,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=csisnapshotcontrollers,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/562 +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=csi-snapshot-controller,operatorOrdering=01 // CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name. // @@ -40,7 +45,6 @@ type CSISnapshotControllerStatus struct { } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // CSISnapshotControllerList contains a list of CSISnapshotControllers. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_dns.go b/vendor/github.com/openshift/api/operator/v1/types_dns.go index 55e98d1f82..3d7cbb6c00 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_dns.go +++ b/vendor/github.com/openshift/api/operator/v1/types_dns.go @@ -12,6 +12,9 @@ import ( // +kubebuilder:object:root=true // +kubebuilder:resource:path=dnses,scope=Cluster // +kubebuilder:subresource:status +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_70,operatorName=dns,operatorOrdering=00 // DNS manages the CoreDNS component to provide a name resolution service // for pods and services in the cluster. @@ -291,7 +294,6 @@ type ForwardPlugin struct { // +optional TransportConfig DNSTransportConfig `json:"transportConfig,omitempty"` - // protocolStrategy specifies the protocol to use for upstream DNS // requests. // Valid values for protocolStrategy are "TCP" and omitted. @@ -373,10 +375,10 @@ type UpstreamResolvers struct { // Upstream can either be of type SystemResolvConf, or of type Network. // -// * For an Upstream of type SystemResolvConf, no further fields are necessary: -// The upstream will be configured to use /etc/resolv.conf. -// * For an Upstream of type Network, a NetworkResolver field needs to be defined -// with an IP address or IP:port if the upstream listens on a port other than 53. +// - For an Upstream of type SystemResolvConf, no further fields are necessary: +// The upstream will be configured to use /etc/resolv.conf. +// - For an Upstream of type Network, a NetworkResolver field needs to be defined +// with an IP address or IP:port if the upstream listens on a port other than 53. type Upstream struct { // Type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. @@ -512,7 +514,6 @@ type DNSStatus struct { } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // DNSList contains a list of DNS // diff --git a/vendor/github.com/openshift/api/operator/v1/types_etcd.go b/vendor/github.com/openshift/api/operator/v1/types_etcd.go index f763556b87..a2ba126897 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_etcd.go +++ b/vendor/github.com/openshift/api/operator/v1/types_etcd.go @@ -7,6 +7,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=etcds,scope=Cluster,categories=coreoperators +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/752 +// +openshift:file-pattern=cvoRunLevel=0000_12,operatorName=etcd,operatorOrdering=01 // Etcd provides information to configure an operator to manage etcd. // @@ -35,7 +40,7 @@ type EtcdSpec struct { // "" means no opinion and the platform is left to choose a reasonable default // which is subject to change without notice. // +kubebuilder:validation:Optional - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +openshift:enable:FeatureGate=HardwareSpeed // +optional HardwareSpeed ControlPlaneHardwareSpeed `json:"controlPlaneHardwareSpeed"` } diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 3d9f512a93..77f5ff7a10 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -14,6 +14,10 @@ import ( // +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:subresource:scale:specpath=.spec.replicas,statuspath=.status.availableReplicas,selectorpath=.status.selector +// +kubebuilder:resource:path=ingresscontrollers,scope=Namespaced +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/616 +// +openshift:capability=Ingress +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=ingress,operatorOrdering=00 // IngressController describes a managed ingress controller for the cluster. The // controller can service OpenShift Route and Kubernetes Ingress resources. @@ -1864,7 +1868,6 @@ type IngressControllerStatus struct { } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // IngressControllerList contains a list of IngressControllers. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_insights.go b/vendor/github.com/openshift/api/operator/v1/types_insights.go index b193c38536..56e2b51c14 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_insights.go +++ b/vendor/github.com/openshift/api/operator/v1/types_insights.go @@ -7,6 +7,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=insightsoperators,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1237 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=insights,operatorOrdering=00 // // InsightsOperator holds cluster-wide information about the Insights Operator. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go b/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go index d43c8d0884..5c9d43a2a2 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go @@ -7,6 +7,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=kubeapiservers,scope=Cluster,categories=coreoperators +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_20,operatorName=kube-apiserver,operatorOrdering=01 // KubeAPIServer provides information to configure an operator to manage kube-apiserver. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_kubecontrollermanager.go b/vendor/github.com/openshift/api/operator/v1/types_kubecontrollermanager.go index 4a41d3fbb3..93ab209a0d 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_kubecontrollermanager.go +++ b/vendor/github.com/openshift/api/operator/v1/types_kubecontrollermanager.go @@ -7,6 +7,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=kubecontrollermanagers,scope=Cluster,categories=coreoperators +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_25,operatorName=kube-controller-manager,operatorOrdering=01 // KubeControllerManager provides information to configure an operator to manage kube-controller-manager. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_kubestorageversionmigrator.go b/vendor/github.com/openshift/api/operator/v1/types_kubestorageversionmigrator.go index c556eee77e..470dc5097d 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_kubestorageversionmigrator.go +++ b/vendor/github.com/openshift/api/operator/v1/types_kubestorageversionmigrator.go @@ -7,6 +7,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=kubestorageversionmigrators,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/503 +// +openshift:file-pattern=cvoRunLevel=0000_40,operatorName=kube-storage-version-migrator,operatorOrdering=00 // KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go index 8651e89a72..5afc154dcd 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go +++ b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go @@ -7,6 +7,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=machineconfigurations,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1453 +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01 // MachineConfiguration provides information to configure an operator to manage Machine Configuration. // @@ -32,12 +37,34 @@ type MachineConfigurationSpec struct { StaticPodOperatorSpec `json:",inline"` // TODO(jkyros): This is where we put our knobs and dials + + // managedBootImages allows configuration for the management of boot images for machine + // resources within the cluster. This configuration allows users to select resources that should + // be updated to the latest boot images during cluster upgrades, ensuring that new machines + // always boot with the current cluster version's boot image. When omitted, no boot images + // will be updated. + // +openshift:enable:FeatureGate=ManagedBootImages + // +optional + ManagedBootImages ManagedBootImages `json:"managedBootImages"` + + // nodeDisruptionPolicy allows an admin to set granular node disruption actions for + // MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow + // for less downtime when doing small configuration updates to the cluster. This configuration + // has no effect on cluster upgrades which will still incur node disruption where required. + // +openshift:enable:FeatureGate=NodeDisruptionPolicy + // +optional + NodeDisruptionPolicy NodeDisruptionPolicyConfig `json:"nodeDisruptionPolicy"` } type MachineConfigurationStatus struct { + // TODO tombstone this field StaticPodOperatorStatus `json:",inline"` - // TODO(jkyros): This is where we can put additional bespoke status fields + // nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, + // and will be used by the Machine Config Daemon during future node updates. + // +openshift:enable:FeatureGate=NodeDisruptionPolicy + // +optional + NodeDisruptionPolicyStatus NodeDisruptionPolicyStatus `json:"nodeDisruptionPolicyStatus"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -56,3 +83,383 @@ type MachineConfigurationList struct { // Items contains the items Items []MachineConfiguration `json:"items"` } + +type ManagedBootImages struct { + // machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator + // will watch for changes to this list. Only one entry is permitted per type of machine management resource. + // +optional + // +listType=map + // +listMapKey=resource + // +listMapKey=apiGroup + MachineManagers []MachineManager `json:"machineManagers"` +} + +// MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information +// such as the resource type and the API Group of the resource. It also provides granular control via the selection field. +type MachineManager struct { + // resource is the machine management resource's type. + // The only current valid value is machinesets. + // machinesets means that the machine manager will only register resources of the kind MachineSet. + // +kubebuilder:validation:Required + Resource MachineManagerMachineSetsResourceType `json:"resource"` + + // apiGroup is name of the APIGroup that the machine management resource belongs to. + // The only current valid value is machine.openshift.io. + // machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group. + // +kubebuilder:validation:Required + APIGroup MachineManagerMachineSetsAPIGroupType `json:"apiGroup"` + + // selection allows granular control of the machine management resources that will be registered for boot image updates. + // +kubebuilder:validation:Required + Selection MachineManagerSelector `json:"selection"` +} + +// +kubebuilder:validation:XValidation:rule="has(self.mode) && self.mode == 'Partial' ? has(self.partial) : !has(self.partial)",message="Partial is required when type is partial, and forbidden otherwise" +// +union +type MachineManagerSelector struct { + // mode determines how machine managers will be selected for updates. + // Valid values are All and Partial. + // All means that every resource matched by the machine manager will be updated. + // Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. + // +unionDiscriminator + // +kubebuilder:validation:Required + Mode MachineManagerSelectorMode `json:"mode"` + + // partial provides label selector(s) that can be used to match machine management resources. + // Only permitted when mode is set to "Partial". + // +optional + Partial *PartialSelector `json:"partial,omitempty"` +} + +// PartialSelector provides label selector(s) that can be used to match machine management resources. +type PartialSelector struct { + // machineResourceSelector is a label selector that can be used to select machine resources like MachineSets. + // +kubebuilder:validation:Required + MachineResourceSelector *metav1.LabelSelector `json:"machineResourceSelector,omitempty"` +} + +// MachineManagerSelectorMode is a string enum used in the MachineManagerSelector union discriminator. +// +kubebuilder:validation:Enum:="All";"Partial" +type MachineManagerSelectorMode string + +const ( + // All represents a configuration mode that registers all resources specified by the parent MachineManager for boot image updates. + All MachineManagerSelectorMode = "All" + + // Partial represents a configuration mode that will register resources specified by the parent MachineManager only + // if they match with the label selector. + Partial MachineManagerSelectorMode = "Partial" +) + +// MachineManagerManagedResourceType is a string enum used in the MachineManager type to describe the resource +// type to be registered. +// +kubebuilder:validation:Enum:="machinesets" +type MachineManagerMachineSetsResourceType string + +const ( + // MachineSets represent the MachineSet resource type, which manage a group of machines and belong to the Openshift machine API group. + MachineSets MachineManagerMachineSetsResourceType = "machinesets" +) + +// MachineManagerManagedAPIGroupType is a string enum used in in the MachineManager type to describe the APIGroup +// of the resource type being registered. +// +kubebuilder:validation:Enum:="machine.openshift.io" +type MachineManagerMachineSetsAPIGroupType string + +const ( + // MachineAPI represent the traditional MAPI Group that a machineset may belong to. + // This feature only supports MAPI machinesets at this time. + MachineAPI MachineManagerMachineSetsAPIGroupType = "machine.openshift.io" +) + +type NodeDisruptionPolicyStatus struct { + // clusterPolicies is a merge of cluster default and user provided node disruption policies. + // +optional + ClusterPolicies NodeDisruptionPolicyClusterStatus `json:"clusterPolicies"` +} + +// NodeDisruptionPolicyConfig is the overall spec definition for files/units/sshkeys +type NodeDisruptionPolicyConfig struct { + // files is a list of MachineConfig file definitions and actions to take to changes on those paths + // This list supports a maximum of 50 entries. + // +optional + // +listType=map + // +listMapKey=path + // +kubebuilder:validation:MaxItems=50 + Files []NodeDisruptionPolicySpecFile `json:"files"` + // units is a list MachineConfig unit definitions and actions to take on changes to those services + // This list supports a maximum of 50 entries. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=50 + Units []NodeDisruptionPolicySpecUnit `json:"units"` + // sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this + // will apply to all sshkey changes in the cluster + // +optional + SSHKey NodeDisruptionPolicySpecSSHKey `json:"sshkey"` +} + +// NodeDisruptionPolicyClusterStatus is the type for the status object, rendered by the controller as a +// merge of cluster defaults and user provided policies +type NodeDisruptionPolicyClusterStatus struct { + // files is a list of MachineConfig file definitions and actions to take to changes on those paths + // +optional + // +listType=map + // +listMapKey=path + // +kubebuilder:validation:MaxItems=100 + Files []NodeDisruptionPolicyStatusFile `json:"files,omitempty"` + // units is a list MachineConfig unit definitions and actions to take on changes to those services + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=100 + Units []NodeDisruptionPolicyStatusUnit `json:"units,omitempty"` + // sshkey is the overall sshkey MachineConfig definition + // +optional + SSHKey NodeDisruptionPolicyStatusSSHKey `json:"sshkey,omitempty"` +} + +// NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object +type NodeDisruptionPolicySpecFile struct { + // path is the location of a file being managed through a MachineConfig. + // The Actions in the policy will apply to changes to the file at this path. + // +kubebuilder:validation:Required + Path string `json:"path"` + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicySpecAction `json:"actions"` +} + +// NodeDisruptionPolicyStatusFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object +type NodeDisruptionPolicyStatusFile struct { + // path is the location of a file being managed through a MachineConfig. + // The Actions in the policy will apply to changes to the file at this path. + // +kubebuilder:validation:Required + Path string `json:"path"` + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicyStatusAction `json:"actions"` +} + +// NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object +type NodeDisruptionPolicySpecUnit struct { + // name represents the service name of a systemd service managed through a MachineConfig + // Actions specified will be applied for changes to the named service. + // Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + // ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + // ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + // +kubebuilder:validation:Required + Name NodeDisruptionPolicyServiceName `json:"name"` + + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicySpecAction `json:"actions"` +} + +// NodeDisruptionPolicyStatusUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object +type NodeDisruptionPolicyStatusUnit struct { + // name represents the service name of a systemd service managed through a MachineConfig + // Actions specified will be applied for changes to the named service. + // Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + // ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + // ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + // +kubebuilder:validation:Required + Name NodeDisruptionPolicyServiceName `json:"name"` + + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicyStatusAction `json:"actions"` +} + +// NodeDisruptionPolicySpecSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyConfig object +type NodeDisruptionPolicySpecSSHKey struct { + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicySpecAction `json:"actions"` +} + +// NodeDisruptionPolicyStatusSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyClusterStatus object +type NodeDisruptionPolicyStatusSSHKey struct { + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicyStatusAction `json:"actions"` +} + +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)",message="reload is required when type is Reload, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)",message="restart is required when type is Restart, and forbidden otherwise" +// +union +type NodeDisruptionPolicySpecAction struct { + // type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + // Valid value are Reboot, Drain, Reload, Restart, DaemonReload, None and Special + // reload/restart requires a corresponding service target specified in the reload/restart field. + // Other values require no further configuration + // +unionDiscriminator + // +kubebuilder:validation:Required + Type NodeDisruptionPolicySpecActionType `json:"type"` + // reload specifies the service to reload, only valid if type is reload + // +optional + Reload *ReloadService `json:"reload,omitempty"` + // restart specifies the service to restart, only valid if type is restart + // +optional + Restart *RestartService `json:"restart,omitempty"` +} + +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)",message="reload is required when type is Reload, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)",message="restart is required when type is Restart, and forbidden otherwise" +// +union +type NodeDisruptionPolicyStatusAction struct { + // type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + // Valid value are Reboot, Drain, Reload, Restart, DaemonReload, None and Special + // reload/restart requires a corresponding service target specified in the reload/restart field. + // Other values require no further configuration + // +unionDiscriminator + // +kubebuilder:validation:Required + Type NodeDisruptionPolicyStatusActionType `json:"type"` + // reload specifies the service to reload, only valid if type is reload + // +optional + Reload *ReloadService `json:"reload,omitempty"` + // restart specifies the service to restart, only valid if type is restart + // +optional + Restart *RestartService `json:"restart,omitempty"` +} + +// ReloadService allows the user to specify the services to be reloaded +type ReloadService struct { + // serviceName is the full name (e.g. crio.service) of the service to be reloaded + // Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + // ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + // ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + // +kubebuilder:validation:Required + ServiceName NodeDisruptionPolicyServiceName `json:"serviceName"` +} + +// RestartService allows the user to specify the services to be restarted +type RestartService struct { + // serviceName is the full name (e.g. crio.service) of the service to be restarted + // Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + // ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + // ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + // +kubebuilder:validation:Required + ServiceName NodeDisruptionPolicyServiceName `json:"serviceName"` +} + +// NodeDisruptionPolicySpecActionType is a string enum used in a NodeDisruptionPolicySpecAction object. They describe an action to be performed. +// +kubebuilder:validation:Enum:="Reboot";"Drain";"Reload";"Restart";"DaemonReload";"None" +type NodeDisruptionPolicySpecActionType string + +// +kubebuilder:validation:XValidation:rule=`self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')`, message="Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\"." +// +kubebuilder:validation:XValidation:rule=`self.matches('^[a-zA-Z0-9:._\\\\-]+\\..')`, message="Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"" +// +kubebuilder:validation:MaxLength=255 +type NodeDisruptionPolicyServiceName string + +const ( + // Reboot represents an action that will cause nodes to be rebooted. This is the default action by the MCO + // if a reboot policy is not found for a change/update being performed by the MCO. + RebootSpecAction NodeDisruptionPolicySpecActionType = "Reboot" + + // Drain represents an action that will cause nodes to be drained of their workloads. + DrainSpecAction NodeDisruptionPolicySpecActionType = "Drain" + + // Reload represents an action that will cause nodes to reload the service described by the Target field. + ReloadSpecAction NodeDisruptionPolicySpecActionType = "Reload" + + // Restart represents an action that will cause nodes to restart the service described by the Target field. + RestartSpecAction NodeDisruptionPolicySpecActionType = "Restart" + + // DaemonReload represents an action that TBD + DaemonReloadSpecAction NodeDisruptionPolicySpecActionType = "DaemonReload" + + // None represents an action that no handling is required by the MCO. + NoneSpecAction NodeDisruptionPolicySpecActionType = "None" +) + +// NodeDisruptionPolicyStatusActionType is a string enum used in a NodeDisruptionPolicyStatusAction object. They describe an action to be performed. +// The key difference of this object from NodeDisruptionPolicySpecActionType is that there is a additional SpecialStatusAction value in this enum. This will only be +// used by the MCO's controller to indicate some internal actions. They are not part of the NodeDisruptionPolicyConfig object and cannot be set by the user. +// +kubebuilder:validation:Enum:="Reboot";"Drain";"Reload";"Restart";"DaemonReload";"None";"Special" +type NodeDisruptionPolicyStatusActionType string + +const ( + // Reboot represents an action that will cause nodes to be rebooted. This is the default action by the MCO + // if a reboot policy is not found for a change/update being performed by the MCO. + RebootStatusAction NodeDisruptionPolicyStatusActionType = "Reboot" + + // Drain represents an action that will cause nodes to be drained of their workloads. + DrainStatusAction NodeDisruptionPolicyStatusActionType = "Drain" + + // Reload represents an action that will cause nodes to reload the service described by the Target field. + ReloadStatusAction NodeDisruptionPolicyStatusActionType = "Reload" + + // Restart represents an action that will cause nodes to restart the service described by the Target field. + RestartStatusAction NodeDisruptionPolicyStatusActionType = "Restart" + + // DaemonReload represents an action that TBD + DaemonReloadStatusAction NodeDisruptionPolicyStatusActionType = "DaemonReload" + + // None represents an action that no handling is required by the MCO. + NoneStatusAction NodeDisruptionPolicyStatusActionType = "None" + + // Special represents an action that is internal to the MCO, and is not allowed in user defined NodeDisruption policies. + SpecialStatusAction NodeDisruptionPolicyStatusActionType = "Special" +) diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index 190605b852..970be707e7 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -7,6 +7,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=networks,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_70,operatorName=network,operatorOrdering=01 +// +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true // Network describes the cluster's desired network configuration. It is // consumed by the cluster-network-operator. @@ -48,6 +53,7 @@ type NetworkList struct { } // NetworkSpec is the top-level network configuration object. +// +kubebuilder:validation:XValidation:rule="!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Restricted' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Global'",message="invalid value for IPForwarding, valid values are 'Restricted' or 'Global'" type NetworkSpec struct { OperatorSpec `json:",inline"` @@ -129,7 +135,7 @@ const ( ) // NetworkMigration represents the cluster network configuration. -// +openshift:validation:FeatureSetAwareXValidation:featureSet=CustomNoUpgrade;TechPreviewNoUpgrade,rule="!has(self.mtu) || !has(self.networkType) || self.networkType == '' || has(self.mode) && self.mode == 'Live'",message="networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NetworkLiveMigration,rule="!has(self.mtu) || !has(self.networkType) || self.networkType == '' || has(self.mode) && self.mode == 'Live'",message="networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" type NetworkMigration struct { // networkType is the target type of network migration. Set this to the // target network type to allow changing the default network. If unset, the @@ -418,6 +424,88 @@ type OVNKubernetesConfig struct { // egressIPConfig holds the configuration for EgressIP options. // +optional EgressIPConfig EgressIPConfig `json:"egressIPConfig,omitempty"` + // ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + // this means no opinions and the default configuration is used. Check individual + // fields within ipv4 for details of default values. + // +optional + IPv4 *IPv4OVNKubernetesConfig `json:"ipv4,omitempty"` + // ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + // this means no opinions and the default configuration is used. Check individual + // fields within ipv4 for details of default values. + // +optional + IPv6 *IPv6OVNKubernetesConfig `json:"ipv6,omitempty"` +} + +type IPv4OVNKubernetesConfig struct { + // internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + // by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + // architecture that connects the cluster routers on each node together to enable + // east west traffic. The subnet chosen should not overlap with other networks + // specified for OVN-Kubernetes as well as other networks used on the host. + // The value cannot be changed after installation. + // When ommitted, this means no opinion and the platform is left to choose a reasonable + // default which is subject to change over time. + // The current default subnet is 100.88.0.0/16 + // The subnet must be large enough to accomadate one IP per node in your cluster + // The value must be in proper IPV4 CIDR format + // +kubebuilder:validation:MaxLength=18 + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4",message="Subnet must be in valid IPV4 CIDR format" + // +kubebuilder:validation:XValidation:rule="[self.findAll('[0-9]+')[0]].all(x, x != '0' && int(x) <= 255 && !x.startsWith('0'))",message="first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255" + // +kubebuilder:validation:XValidation:rule="[int(self.split('/')[1])].all(x, x <= 30 && x >= 0)",message="subnet must be in the range /0 to /30 inclusive" + // +optional + InternalTransitSwitchSubnet string `json:"internalTransitSwitchSubnet,omitempty"` + // internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + // default one is being already used by something else. It must not overlap with + // any other subnet being used by OpenShift or by the node network. The size of the + // subnet must be larger than the number of nodes. The value cannot be changed + // after installation. + // The current default value is 100.64.0.0/16 + // The subnet must be large enough to accomadate one IP per node in your cluster + // The value must be in proper IPV4 CIDR format + // +kubebuilder:validation:MaxLength=18 + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4",message="Subnet must be in valid IPV4 CIDR format" + // +kubebuilder:validation:XValidation:rule="[self.findAll('[0-9]+')[0]].all(x, x != '0' && int(x) <= 255 && !x.startsWith('0'))",message="first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255" + // +kubebuilder:validation:XValidation:rule="[int(self.split('/')[1])].all(x, x <= 30 && x >= 0)",message="subnet must be in the range /0 to /30 inclusive" + // +optional + InternalJoinSubnet string `json:"internalJoinSubnet,omitempty"` +} + +type IPv6OVNKubernetesConfig struct { + // internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + // by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + // architecture that connects the cluster routers on each node together to enable + // east west traffic. The subnet chosen should not overlap with other networks + // specified for OVN-Kubernetes as well as other networks used on the host. + // The value cannot be changed after installation. + // When ommitted, this means no opinion and the platform is left to choose a reasonable + // default which is subject to change over time. + // The subnet must be large enough to accomadate one IP per node in your cluster + // The current default subnet is fd97::/64 + // The value must be in proper IPV6 CIDR format + // Note that IPV6 dual addresses are not permitted + // +kubebuilder:validation:MaxLength=48 + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 6",message="Subnet must be in valid IPV6 CIDR format" + // +kubebuilder:validation:XValidation:rule="self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, x <= 125 && x >= 0)",message="subnet must be in the range /0 to /125 inclusive" + // +kubebuilder:validation:XValidation:rule="self.contains('::') ? self.split('/')[0].split(':').size() <= 8 : self.split('/')[0].split(':').size() == 8",message="a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + // +kubebuilder:validation:XValidation:rule="!self.contains('.')",message="IPv6 dual addresses are not permitted, value should not contain `.` characters" + // +optional + InternalTransitSwitchSubnet string `json:"internalTransitSwitchSubnet,omitempty"` + // internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + // default one is being already used by something else. It must not overlap with + // any other subnet being used by OpenShift or by the node network. The size of the + // subnet must be larger than the number of nodes. The value cannot be changed + // after installation. + // The subnet must be large enough to accomadate one IP per node in your cluster + // The current default value is fd98::/48 + // The value must be in proper IPV6 CIDR format + // Note that IPV6 dual addresses are not permitted + // +kubebuilder:validation:MaxLength=48 + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 6",message="Subnet must be in valid IPV6 CIDR format" + // +kubebuilder:validation:XValidation:rule="self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, x <= 125 && x >= 0)",message="subnet must be in the range /0 to /125 inclusive" + // +kubebuilder:validation:XValidation:rule="self.contains('::') ? self.split('/')[0].split(':').size() <= 8 : self.split('/')[0].split(':').size() == 8",message="a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" + // +kubebuilder:validation:XValidation:rule="!self.contains('.')",message="IPv6 dual addresses are not permitted, value should not contain `.` characters" + // +optional + InternalJoinSubnet string `json:"internalJoinSubnet,omitempty"` } type HybridOverlayConfig struct { @@ -437,7 +525,7 @@ type IPsecConfig struct { // When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. // This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. // When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. - // Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + // Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), // this is left to the user to configure. // +kubebuilder:validation:Enum=Disabled;External;Full // +optional diff --git a/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go b/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go index 8006055746..3ae83e6948 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go @@ -7,6 +7,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=openshiftapiservers,scope=Cluster,categories=coreoperators +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_30,operatorName=openshift-apiserver,operatorOrdering=01 // OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_openshiftcontrollermanager.go b/vendor/github.com/openshift/api/operator/v1/types_openshiftcontrollermanager.go index fc7cc1086b..8e8929a903 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_openshiftcontrollermanager.go +++ b/vendor/github.com/openshift/api/operator/v1/types_openshiftcontrollermanager.go @@ -7,6 +7,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=openshiftcontrollermanagers,scope=Cluster,categories=coreoperators +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=openshift-controller-manager,operatorOrdering=02 // OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_scheduler.go b/vendor/github.com/openshift/api/operator/v1/types_scheduler.go index 346dc8a8c9..448c458c19 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_scheduler.go +++ b/vendor/github.com/openshift/api/operator/v1/types_scheduler.go @@ -7,6 +7,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=kubeschedulers,scope=Cluster,categories=coreoperators +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_25,operatorName=kube-scheduler,operatorOrdering=01 // KubeScheduler provides information to configure an operator to manage scheduler. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_serviceca.go b/vendor/github.com/openshift/api/operator/v1/types_serviceca.go index e7967b41e6..e4d8d1d7ad 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_serviceca.go +++ b/vendor/github.com/openshift/api/operator/v1/types_serviceca.go @@ -7,6 +7,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=servicecas,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=service-ca,operatorOrdering=02 // ServiceCA provides information to configure an operator to manage the service cert controllers // diff --git a/vendor/github.com/openshift/api/operator/v1/types_storage.go b/vendor/github.com/openshift/api/operator/v1/types_storage.go index 96a4b5d885..aa48b0c84f 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_storage.go +++ b/vendor/github.com/openshift/api/operator/v1/types_storage.go @@ -7,6 +7,11 @@ import ( // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=storages,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/670 +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=storage,operatorOrdering=01 // Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name. // @@ -59,7 +64,6 @@ type StorageStatus struct { } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +kubebuilder:object:root=true // StorageList contains a list of Storages. // diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index 7823bb40cc..d590bcc9a1 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -1798,6 +1798,22 @@ func (in *IPv4GatewayConfig) DeepCopy() *IPv4GatewayConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPv4OVNKubernetesConfig) DeepCopyInto(out *IPv4OVNKubernetesConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv4OVNKubernetesConfig. +func (in *IPv4OVNKubernetesConfig) DeepCopy() *IPv4OVNKubernetesConfig { + if in == nil { + return nil + } + out := new(IPv4OVNKubernetesConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IPv6GatewayConfig) DeepCopyInto(out *IPv6GatewayConfig) { *out = *in @@ -1814,6 +1830,22 @@ func (in *IPv6GatewayConfig) DeepCopy() *IPv6GatewayConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPv6OVNKubernetesConfig) DeepCopyInto(out *IPv6OVNKubernetesConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv6OVNKubernetesConfig. +func (in *IPv6OVNKubernetesConfig) DeepCopy() *IPv6OVNKubernetesConfig { + if in == nil { + return nil + } + out := new(IPv6OVNKubernetesConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressController) DeepCopyInto(out *IngressController) { *out = *in @@ -2935,6 +2967,8 @@ func (in *MachineConfigurationList) DeepCopyObject() runtime.Object { func (in *MachineConfigurationSpec) DeepCopyInto(out *MachineConfigurationSpec) { *out = *in in.StaticPodOperatorSpec.DeepCopyInto(&out.StaticPodOperatorSpec) + in.ManagedBootImages.DeepCopyInto(&out.ManagedBootImages) + in.NodeDisruptionPolicy.DeepCopyInto(&out.NodeDisruptionPolicy) return } @@ -2952,6 +2986,7 @@ func (in *MachineConfigurationSpec) DeepCopy() *MachineConfigurationSpec { func (in *MachineConfigurationStatus) DeepCopyInto(out *MachineConfigurationStatus) { *out = *in in.StaticPodOperatorStatus.DeepCopyInto(&out.StaticPodOperatorStatus) + in.NodeDisruptionPolicyStatus.DeepCopyInto(&out.NodeDisruptionPolicyStatus) return } @@ -2965,6 +3000,67 @@ func (in *MachineConfigurationStatus) DeepCopy() *MachineConfigurationStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineManager) DeepCopyInto(out *MachineManager) { + *out = *in + in.Selection.DeepCopyInto(&out.Selection) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineManager. +func (in *MachineManager) DeepCopy() *MachineManager { + if in == nil { + return nil + } + out := new(MachineManager) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineManagerSelector) DeepCopyInto(out *MachineManagerSelector) { + *out = *in + if in.Partial != nil { + in, out := &in.Partial, &out.Partial + *out = new(PartialSelector) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineManagerSelector. +func (in *MachineManagerSelector) DeepCopy() *MachineManagerSelector { + if in == nil { + return nil + } + out := new(MachineManagerSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ManagedBootImages) DeepCopyInto(out *ManagedBootImages) { + *out = *in + if in.MachineManagers != nil { + in, out := &in.MachineManagers, &out.MachineManagers + *out = make([]MachineManager, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedBootImages. +func (in *ManagedBootImages) DeepCopy() *ManagedBootImages { + if in == nil { + return nil + } + out := new(ManagedBootImages) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MyOperatorResource) DeepCopyInto(out *MyOperatorResource) { *out = *in @@ -3209,6 +3305,275 @@ func (in *NetworkStatus) DeepCopy() *NetworkStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyClusterStatus) DeepCopyInto(out *NodeDisruptionPolicyClusterStatus) { + *out = *in + if in.Files != nil { + in, out := &in.Files, &out.Files + *out = make([]NodeDisruptionPolicyStatusFile, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Units != nil { + in, out := &in.Units, &out.Units + *out = make([]NodeDisruptionPolicyStatusUnit, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.SSHKey.DeepCopyInto(&out.SSHKey) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyClusterStatus. +func (in *NodeDisruptionPolicyClusterStatus) DeepCopy() *NodeDisruptionPolicyClusterStatus { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyClusterStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyConfig) DeepCopyInto(out *NodeDisruptionPolicyConfig) { + *out = *in + if in.Files != nil { + in, out := &in.Files, &out.Files + *out = make([]NodeDisruptionPolicySpecFile, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Units != nil { + in, out := &in.Units, &out.Units + *out = make([]NodeDisruptionPolicySpecUnit, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.SSHKey.DeepCopyInto(&out.SSHKey) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyConfig. +func (in *NodeDisruptionPolicyConfig) DeepCopy() *NodeDisruptionPolicyConfig { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicySpecAction) DeepCopyInto(out *NodeDisruptionPolicySpecAction) { + *out = *in + if in.Reload != nil { + in, out := &in.Reload, &out.Reload + *out = new(ReloadService) + **out = **in + } + if in.Restart != nil { + in, out := &in.Restart, &out.Restart + *out = new(RestartService) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicySpecAction. +func (in *NodeDisruptionPolicySpecAction) DeepCopy() *NodeDisruptionPolicySpecAction { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicySpecAction) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicySpecFile) DeepCopyInto(out *NodeDisruptionPolicySpecFile) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicySpecAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicySpecFile. +func (in *NodeDisruptionPolicySpecFile) DeepCopy() *NodeDisruptionPolicySpecFile { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicySpecFile) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicySpecSSHKey) DeepCopyInto(out *NodeDisruptionPolicySpecSSHKey) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicySpecAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicySpecSSHKey. +func (in *NodeDisruptionPolicySpecSSHKey) DeepCopy() *NodeDisruptionPolicySpecSSHKey { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicySpecSSHKey) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicySpecUnit) DeepCopyInto(out *NodeDisruptionPolicySpecUnit) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicySpecAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicySpecUnit. +func (in *NodeDisruptionPolicySpecUnit) DeepCopy() *NodeDisruptionPolicySpecUnit { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicySpecUnit) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatus) DeepCopyInto(out *NodeDisruptionPolicyStatus) { + *out = *in + in.ClusterPolicies.DeepCopyInto(&out.ClusterPolicies) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatus. +func (in *NodeDisruptionPolicyStatus) DeepCopy() *NodeDisruptionPolicyStatus { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatusAction) DeepCopyInto(out *NodeDisruptionPolicyStatusAction) { + *out = *in + if in.Reload != nil { + in, out := &in.Reload, &out.Reload + *out = new(ReloadService) + **out = **in + } + if in.Restart != nil { + in, out := &in.Restart, &out.Restart + *out = new(RestartService) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatusAction. +func (in *NodeDisruptionPolicyStatusAction) DeepCopy() *NodeDisruptionPolicyStatusAction { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatusAction) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatusFile) DeepCopyInto(out *NodeDisruptionPolicyStatusFile) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicyStatusAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatusFile. +func (in *NodeDisruptionPolicyStatusFile) DeepCopy() *NodeDisruptionPolicyStatusFile { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatusFile) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatusSSHKey) DeepCopyInto(out *NodeDisruptionPolicyStatusSSHKey) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicyStatusAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatusSSHKey. +func (in *NodeDisruptionPolicyStatusSSHKey) DeepCopy() *NodeDisruptionPolicyStatusSSHKey { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatusSSHKey) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatusUnit) DeepCopyInto(out *NodeDisruptionPolicyStatusUnit) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicyStatusAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatusUnit. +func (in *NodeDisruptionPolicyStatusUnit) DeepCopy() *NodeDisruptionPolicyStatusUnit { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatusUnit) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodePlacement) DeepCopyInto(out *NodePlacement) { *out = *in @@ -3328,6 +3693,16 @@ func (in *OVNKubernetesConfig) DeepCopyInto(out *OVNKubernetesConfig) { **out = **in } in.EgressIPConfig.DeepCopyInto(&out.EgressIPConfig) + if in.IPv4 != nil { + in, out := &in.IPv4, &out.IPv4 + *out = new(IPv4OVNKubernetesConfig) + **out = **in + } + if in.IPv6 != nil { + in, out := &in.IPv6, &out.IPv6 + *out = new(IPv6OVNKubernetesConfig) + **out = **in + } return } @@ -3630,6 +4005,27 @@ func (in *OperatorStatus) DeepCopy() *OperatorStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PartialSelector) DeepCopyInto(out *PartialSelector) { + *out = *in + if in.MachineResourceSelector != nil { + in, out := &in.MachineResourceSelector, &out.MachineResourceSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PartialSelector. +func (in *PartialSelector) DeepCopy() *PartialSelector { + if in == nil { + return nil + } + out := new(PartialSelector) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Perspective) DeepCopyInto(out *Perspective) { *out = *in @@ -3864,6 +4260,22 @@ func (in *QuickStarts) DeepCopy() *QuickStarts { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReloadService) DeepCopyInto(out *ReloadService) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReloadService. +func (in *ReloadService) DeepCopy() *ReloadService { + if in == nil { + return nil + } + out := new(ReloadService) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResourceAttributesAccessReview) DeepCopyInto(out *ResourceAttributesAccessReview) { *out = *in @@ -3890,6 +4302,22 @@ func (in *ResourceAttributesAccessReview) DeepCopy() *ResourceAttributesAccessRe return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RestartService) DeepCopyInto(out *RestartService) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestartService. +func (in *RestartService) DeepCopy() *RestartService { + if in == nil { + return nil + } + out := new(RestartService) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RouteAdmissionPolicy) DeepCopyInto(out *RouteAdmissionPolicy) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..82fb98c86c --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,426 @@ +authentications.operator.openshift.io: + Annotations: + include.release.openshift.io/self-managed-high-availability: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: authentications.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: authentication + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_50" + GroupName: operator.openshift.io + HasStatus: true + KindName: Authentication + Labels: {} + PluralName: authentications + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +csisnapshotcontrollers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/562 + CRDName: csisnapshotcontrollers.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: csi-snapshot-controller + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" + GroupName: operator.openshift.io + HasStatus: true + KindName: CSISnapshotController + Labels: {} + PluralName: csisnapshotcontrollers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +cloudcredentials.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/692 + CRDName: cloudcredentials.operator.openshift.io + Capability: CloudCredential + Category: "" + FeatureGates: [] + FilenameOperatorName: cloud-credential + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_40" + GroupName: operator.openshift.io + HasStatus: true + KindName: CloudCredential + Labels: {} + PluralName: cloudcredentials + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +clustercsidrivers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/701 + CRDName: clustercsidrivers.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: csi-driver + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_90" + GroupName: operator.openshift.io + HasStatus: true + KindName: ClusterCSIDriver + Labels: {} + PluralName: clustercsidrivers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +configs.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/612 + CRDName: configs.operator.openshift.io + Capability: "" + Category: coreoperators + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: operator.openshift.io + HasStatus: true + KindName: Config + Labels: {} + PluralName: configs + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +consoles.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/486 + CRDName: consoles.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: console + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_50" + GroupName: operator.openshift.io + HasStatus: true + KindName: Console + Labels: {} + PluralName: consoles + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +dnses.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: dnses.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: dns + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_70" + GroupName: operator.openshift.io + HasStatus: true + KindName: DNS + Labels: {} + PluralName: dnses + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +etcds.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/752 + CRDName: etcds.operator.openshift.io + Capability: "" + Category: coreoperators + FeatureGates: + - HardwareSpeed + FilenameOperatorName: etcd + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_12" + GroupName: operator.openshift.io + HasStatus: true + KindName: Etcd + Labels: {} + PluralName: etcds + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +ingresscontrollers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/616 + CRDName: ingresscontrollers.operator.openshift.io + Capability: Ingress + Category: "" + FeatureGates: [] + FilenameOperatorName: ingress + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_50" + GroupName: operator.openshift.io + HasStatus: true + KindName: IngressController + Labels: {} + PluralName: ingresscontrollers + PrinterColumns: [] + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +insightsoperators.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1237 + CRDName: insightsoperators.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: insights + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_50" + GroupName: operator.openshift.io + HasStatus: true + KindName: InsightsOperator + Labels: {} + PluralName: insightsoperators + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +kubeapiservers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: kubeapiservers.operator.openshift.io + Capability: "" + Category: coreoperators + FeatureGates: [] + FilenameOperatorName: kube-apiserver + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_20" + GroupName: operator.openshift.io + HasStatus: true + KindName: KubeAPIServer + Labels: {} + PluralName: kubeapiservers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +kubecontrollermanagers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: kubecontrollermanagers.operator.openshift.io + Capability: "" + Category: coreoperators + FeatureGates: [] + FilenameOperatorName: kube-controller-manager + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_25" + GroupName: operator.openshift.io + HasStatus: true + KindName: KubeControllerManager + Labels: {} + PluralName: kubecontrollermanagers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +kubeschedulers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: kubeschedulers.operator.openshift.io + Capability: "" + Category: coreoperators + FeatureGates: [] + FilenameOperatorName: kube-scheduler + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_25" + GroupName: operator.openshift.io + HasStatus: true + KindName: KubeScheduler + Labels: {} + PluralName: kubeschedulers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +kubestorageversionmigrators.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/503 + CRDName: kubestorageversionmigrators.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: kube-storage-version-migrator + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_40" + GroupName: operator.openshift.io + HasStatus: true + KindName: KubeStorageVersionMigrator + Labels: {} + PluralName: kubestorageversionmigrators + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +machineconfigurations.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1453 + CRDName: machineconfigurations.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: + - ManagedBootImages + - NodeDisruptionPolicy + FilenameOperatorName: machine-config + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" + GroupName: operator.openshift.io + HasStatus: true + KindName: MachineConfiguration + Labels: {} + PluralName: machineconfigurations + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +networks.operator.openshift.io: + Annotations: + include.release.openshift.io/self-managed-high-availability: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: networks.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: + - NetworkLiveMigration + FilenameOperatorName: network + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_70" + GroupName: operator.openshift.io + HasStatus: false + KindName: Network + Labels: {} + PluralName: networks + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +openshiftapiservers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: openshiftapiservers.operator.openshift.io + Capability: "" + Category: coreoperators + FeatureGates: [] + FilenameOperatorName: openshift-apiserver + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_30" + GroupName: operator.openshift.io + HasStatus: true + KindName: OpenShiftAPIServer + Labels: {} + PluralName: openshiftapiservers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +openshiftcontrollermanagers.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: openshiftcontrollermanagers.operator.openshift.io + Capability: "" + Category: coreoperators + FeatureGates: [] + FilenameOperatorName: openshift-controller-manager + FilenameOperatorOrdering: "02" + FilenameRunLevel: "0000_50" + GroupName: operator.openshift.io + HasStatus: true + KindName: OpenShiftControllerManager + Labels: {} + PluralName: openshiftcontrollermanagers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +servicecas.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/475 + CRDName: servicecas.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: service-ca + FilenameOperatorOrdering: "02" + FilenameRunLevel: "0000_50" + GroupName: operator.openshift.io + HasStatus: true + KindName: ServiceCA + Labels: {} + PluralName: servicecas + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +storages.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/670 + CRDName: storages.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: storage + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_50" + GroupName: operator.openshift.io + HasStatus: true + KindName: Storage + Labels: {} + PluralName: storages + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 48133af8df..1eab19ab2f 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -655,7 +655,7 @@ func (Server) SwaggerDoc() map[string]string { } var map_Upstream = map[string]string{ - "": "Upstream can either be of type SystemResolvConf, or of type Network.\n\n* For an Upstream of type SystemResolvConf, no further fields are necessary:\n The upstream will be configured to use /etc/resolv.conf.\n* For an Upstream of type Network, a NetworkResolver field needs to be defined\n with an IP address or IP:port if the upstream listens on a port other than 53.", + "": "Upstream can either be of type SystemResolvConf, or of type Network.\n\n - For an Upstream of type SystemResolvConf, no further fields are necessary:\n The upstream will be configured to use /etc/resolv.conf.\n - For an Upstream of type Network, a NetworkResolver field needs to be defined\n with an IP address or IP:port if the upstream listens on a port other than 53.", "type": "Type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. Type accepts 2 possible values: SystemResolvConf or Network.\n\n* When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined:\n /etc/resolv.conf will be used\n* When Network is used, the Upstream structure must contain at least an Address", "address": "Address must be defined when Type is set to Network. It will be ignored otherwise. It must be a valid ipv4 or ipv6 address.", "port": "Port may be defined when Type is set to Network. It will be ignored otherwise. Port must be between 65535", @@ -1274,6 +1274,186 @@ func (MachineConfigurationList) SwaggerDoc() map[string]string { return map_MachineConfigurationList } +var map_MachineConfigurationSpec = map[string]string{ + "managedBootImages": "managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, no boot images will be updated.", + "nodeDisruptionPolicy": "nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.", +} + +func (MachineConfigurationSpec) SwaggerDoc() map[string]string { + return map_MachineConfigurationSpec +} + +var map_MachineConfigurationStatus = map[string]string{ + "nodeDisruptionPolicyStatus": "nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, and will be used by the Machine Config Daemon during future node updates.", +} + +func (MachineConfigurationStatus) SwaggerDoc() map[string]string { + return map_MachineConfigurationStatus +} + +var map_MachineManager = map[string]string{ + "": "MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information such as the resource type and the API Group of the resource. It also provides granular control via the selection field.", + "resource": "resource is the machine management resource's type. The only current valid value is machinesets. machinesets means that the machine manager will only register resources of the kind MachineSet.", + "apiGroup": "apiGroup is name of the APIGroup that the machine management resource belongs to. The only current valid value is machine.openshift.io. machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group.", + "selection": "selection allows granular control of the machine management resources that will be registered for boot image updates.", +} + +func (MachineManager) SwaggerDoc() map[string]string { + return map_MachineManager +} + +var map_MachineManagerSelector = map[string]string{ + "mode": "mode determines how machine managers will be selected for updates. Valid values are All and Partial. All means that every resource matched by the machine manager will be updated. Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated.", + "partial": "partial provides label selector(s) that can be used to match machine management resources. Only permitted when mode is set to \"Partial\".", +} + +func (MachineManagerSelector) SwaggerDoc() map[string]string { + return map_MachineManagerSelector +} + +var map_ManagedBootImages = map[string]string{ + "machineManagers": "machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator will watch for changes to this list. Only one entry is permitted per type of machine management resource.", +} + +func (ManagedBootImages) SwaggerDoc() map[string]string { + return map_ManagedBootImages +} + +var map_NodeDisruptionPolicyClusterStatus = map[string]string{ + "": "NodeDisruptionPolicyClusterStatus is the type for the status object, rendered by the controller as a merge of cluster defaults and user provided policies", + "files": "files is a list of MachineConfig file definitions and actions to take to changes on those paths", + "units": "units is a list MachineConfig unit definitions and actions to take on changes to those services", + "sshkey": "sshkey is the overall sshkey MachineConfig definition", +} + +func (NodeDisruptionPolicyClusterStatus) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyClusterStatus +} + +var map_NodeDisruptionPolicyConfig = map[string]string{ + "": "NodeDisruptionPolicyConfig is the overall spec definition for files/units/sshkeys", + "files": "files is a list of MachineConfig file definitions and actions to take to changes on those paths This list supports a maximum of 50 entries.", + "units": "units is a list MachineConfig unit definitions and actions to take on changes to those services This list supports a maximum of 50 entries.", + "sshkey": "sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this will apply to all sshkey changes in the cluster", +} + +func (NodeDisruptionPolicyConfig) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyConfig +} + +var map_NodeDisruptionPolicySpecAction = map[string]string{ + "type": "type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed Valid value are Reboot, Drain, Reload, Restart, DaemonReload, None and Special reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration", + "reload": "reload specifies the service to reload, only valid if type is reload", + "restart": "restart specifies the service to restart, only valid if type is restart", +} + +func (NodeDisruptionPolicySpecAction) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicySpecAction +} + +var map_NodeDisruptionPolicySpecFile = map[string]string{ + "": "NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", + "path": "path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicySpecFile) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicySpecFile +} + +var map_NodeDisruptionPolicySpecSSHKey = map[string]string{ + "": "NodeDisruptionPolicySpecSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyConfig object", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicySpecSSHKey) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicySpecSSHKey +} + +var map_NodeDisruptionPolicySpecUnit = map[string]string{ + "": "NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", + "name": "name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicySpecUnit) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicySpecUnit +} + +var map_NodeDisruptionPolicyStatus = map[string]string{ + "clusterPolicies": "clusterPolicies is a merge of cluster default and user provided node disruption policies.", +} + +func (NodeDisruptionPolicyStatus) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatus +} + +var map_NodeDisruptionPolicyStatusAction = map[string]string{ + "type": "type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed Valid value are Reboot, Drain, Reload, Restart, DaemonReload, None and Special reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration", + "reload": "reload specifies the service to reload, only valid if type is reload", + "restart": "restart specifies the service to restart, only valid if type is restart", +} + +func (NodeDisruptionPolicyStatusAction) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatusAction +} + +var map_NodeDisruptionPolicyStatusFile = map[string]string{ + "": "NodeDisruptionPolicyStatusFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", + "path": "path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicyStatusFile) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatusFile +} + +var map_NodeDisruptionPolicyStatusSSHKey = map[string]string{ + "": "NodeDisruptionPolicyStatusSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyClusterStatus object", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicyStatusSSHKey) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatusSSHKey +} + +var map_NodeDisruptionPolicyStatusUnit = map[string]string{ + "": "NodeDisruptionPolicyStatusUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", + "name": "name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicyStatusUnit) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatusUnit +} + +var map_PartialSelector = map[string]string{ + "": "PartialSelector provides label selector(s) that can be used to match machine management resources.", + "machineResourceSelector": "machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.", +} + +func (PartialSelector) SwaggerDoc() map[string]string { + return map_PartialSelector +} + +var map_ReloadService = map[string]string{ + "": "ReloadService allows the user to specify the services to be reloaded", + "serviceName": "serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", +} + +func (ReloadService) SwaggerDoc() map[string]string { + return map_ReloadService +} + +var map_RestartService = map[string]string{ + "": "RestartService allows the user to specify the services to be restarted", + "serviceName": "serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", +} + +func (RestartService) SwaggerDoc() map[string]string { + return map_RestartService +} + var map_AdditionalNetworkDefinition = map[string]string{ "": "AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one \"Config\" that matches the type.", "type": "type is the type of network The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan", @@ -1391,6 +1571,15 @@ func (IPv4GatewayConfig) SwaggerDoc() map[string]string { return map_IPv4GatewayConfig } +var map_IPv4OVNKubernetesConfig = map[string]string{ + "internalTransitSwitchSubnet": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value cannot be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 100.88.0.0/16 The subnet must be large enough to accomadate one IP per node in your cluster The value must be in proper IPV4 CIDR format", + "internalJoinSubnet": "internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The current default value is 100.64.0.0/16 The subnet must be large enough to accomadate one IP per node in your cluster The value must be in proper IPV4 CIDR format", +} + +func (IPv4OVNKubernetesConfig) SwaggerDoc() map[string]string { + return map_IPv4OVNKubernetesConfig +} + var map_IPv6GatewayConfig = map[string]string{ "": "IPV6GatewayConfig holds the configuration paramaters for IPV6 connections in the GatewayConfig for OVN-Kubernetes", "internalMasqueradeSubnet": "internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/125 Note that IPV6 dual addresses are not permitted", @@ -1400,6 +1589,15 @@ func (IPv6GatewayConfig) SwaggerDoc() map[string]string { return map_IPv6GatewayConfig } +var map_IPv6OVNKubernetesConfig = map[string]string{ + "internalTransitSwitchSubnet": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value cannot be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The subnet must be large enough to accomadate one IP per node in your cluster The current default subnet is fd97::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", + "internalJoinSubnet": "internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The subnet must be large enough to accomadate one IP per node in your cluster The current default value is fd98::/48 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", +} + +func (IPv6OVNKubernetesConfig) SwaggerDoc() map[string]string { + return map_IPv6OVNKubernetesConfig +} + var map_MTUMigration = map[string]string{ "": "MTUMigration MTU contains infomation about MTU migration.", "network": "network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine's uplink MTU by the minimum appropriate offset.", @@ -1496,6 +1694,8 @@ var map_OVNKubernetesConfig = map[string]string{ "v4InternalSubnet": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is 100.64.0.0/16", "v6InternalSubnet": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is fd98::/48", "egressIPConfig": "egressIPConfig holds the configuration for EgressIP options.", + "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", + "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", } func (OVNKubernetesConfig) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index a9e1edaeb9..0000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,158 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1482 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: etcdbackups.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: EtcdBackup - listKind: EtcdBackupList - plural: etcdbackups - singular: etcdbackup - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "# EtcdBackup provides configuration options and status for a - one-time backup attempt of the etcd cluster \n Compatibility level 4: No - compatibility is provided, the API can change at any point for any reason. - These capabilities should not be used by applications needing long term - support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - pvcName: - description: PVCName specifies the name of the PersistentVolumeClaim - (PVC) which binds a PersistentVolume where the etcd backup file - would be saved The PVC itself must always be created in the "openshift-etcd" - namespace If the PVC is left unspecified "" then the platform will - choose a reasonable default location to save the backup. In the - future this would be backups saved across the control-plane master - nodes. - type: string - x-kubernetes-validations: - - message: pvcName is immutable once set - rule: self == oldSelf - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - backupJob: - description: backupJob is the reference to the Job that executes the - backup. Optional - properties: - name: - description: name is the name of the Job. Required - type: string - namespace: - description: namespace is the namespace of the Job. this is always - expected to be "openshift-etcd" since the user provided PVC - is also required to be in "openshift-etcd" Required - pattern: ^openshift-etcd$ - type: string - required: - - name - - namespace - type: object - conditions: - description: conditions provide details on the status of the etcd - backup job. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml deleted file mode 100644 index 6d1e24ac9b..0000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: imagecontentsourcepolicies.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: ImageContentSourcePolicy - listKind: ImageContentSourcePolicyList - plural: imagecontentsourcepolicies - singular: imagecontentsourcepolicy - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "ImageContentSourcePolicy holds cluster-wide information about - how to handle registry mirror rules. When multiple policies are defined, - the outcome of the behavior is defined on each field. \n Compatibility level - 4: No compatibility is provided, the API can change at any point for any - reason. These capabilities should not be used by applications needing long - term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - repositoryDigestMirrors: - description: "repositoryDigestMirrors allows images referenced by - image digests in pods to be pulled from alternative mirrored repository - locations. The image pull specification provided to the pod will - be compared to the source locations described in RepositoryDigestMirrors - and the image may be pulled down from any of the mirrors in the - list instead of the specified repository allowing administrators - to choose a potentially faster mirror. Only image pull specifications - that have an image digest will have this behavior applied to them - - tags will continue to be pulled from the specified repository - in the pull spec. \n Each “source” repository is treated independently; - configurations for different “source” repositories don’t interact. - \n When multiple policies are defined for the same “source” repository, - the sets of defined mirrors will be merged together, preserving - the relative order of the mirrors, if possible. For example, if - policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, - the mirrors will be used in the order `a, b, c, d, e`. If the orders - of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration - is not rejected but the resulting order is unspecified." - items: - description: 'RepositoryDigestMirrors holds cluster-wide information - about how to handle mirros in the registries config. Note: the - mirrors only work when pulling the images that are referenced - by their digests.' - properties: - mirrors: - description: mirrors is one or more repositories that may also - contain the same images. The order of mirrors in this list - is treated as the user's desired priority, while source is - by default considered lower priority than all mirrors. Other - cluster configuration, including (but not limited to) other - repositoryDigestMirrors objects, may impact the exact order - mirrors are contacted in, or some mirrors may be contacted - in parallel, so this should be considered a preference rather - than a guarantee of ordering. - items: - type: string - type: array - source: - description: source is the repository that users refer to, e.g. - in image pull specifications. - type: string - required: - - source - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml deleted file mode 100644 index c984c4d73f..0000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,173 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1504 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: olms.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: OLM - listKind: OLMList - plural: olms - singular: olm - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "OLM provides information to configure an operator to manage - the OLM controllers \n Compatibility level 4: No compatibility is provided, - the API can change at any point for any reason. These capabilities should - not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - metadata - - spec - type: object - x-kubernetes-validations: - - message: olm is a singleton, .metadata.name must be 'cluster' - rule: self.metadata.name == 'cluster' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index 5cff370844..0000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,173 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1504 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: olms.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: OLM - listKind: OLMList - plural: olms - singular: olm - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "OLM provides information to configure an operator to manage - the OLM controllers \n Compatibility level 4: No compatibility is provided, - the API can change at any point for any reason. These capabilities should - not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - metadata - - spec - type: object - x-kubernetes-validations: - - message: olm is a singleton, .metadata.name must be 'cluster' - rule: self.metadata.name == 'cluster' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/custom.olm.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/custom.olm.testsuite.yaml deleted file mode 100644 index 233e73d18a..0000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/custom.olm.testsuite.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Custom] OLM" -crd: 0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal OLM - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: OLM - metadata: - name: cluster - spec: {} # No spec is required for an OLM - expected: | - apiVersion: operator.openshift.io/v1alpha1 - kind: OLM - metadata: - name: cluster - spec: - logLevel: Normal - operatorLogLevel: Normal - - name: Should reject an OLM with an invalid name - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: OLM - metadata: - name: foo - spec: {} # No spec is required for an OLM - expectedError: "Invalid value: \"object\": olm is a singleton, .metadata.name must be 'cluster'" diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/stable.imagecontentsourcepolicy.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/stable.imagecontentsourcepolicy.testsuite.yaml deleted file mode 100644 index 24267570a3..0000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/stable.imagecontentsourcepolicy.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ImageContentSourcePolicy" -crd: 0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImageContentSourcePolicy - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: ImageContentSourcePolicy - spec: {} # No spec is required for a ImageContentSourcePolicy - expected: | - apiVersion: operator.openshift.io/v1alpha1 - kind: ImageContentSourcePolicy - spec: {} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.etcdbackup.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.etcdbackup.testsuite.yaml deleted file mode 100644 index 10d8551892..0000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.etcdbackup.testsuite.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreview] EtcdBackup" -crd: 0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create an EtcdBackup with a valid spec - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: EtcdBackup - spec: - pvcName: etcdbackup-pvc - expected: | - apiVersion: operator.openshift.io/v1alpha1 - kind: EtcdBackup - spec: - pvcName: etcdbackup-pvc - - name: Should be able to create an EtcdBackup without the pvcName specified - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: EtcdBackup - spec: {} - expected: | - apiVersion: operator.openshift.io/v1alpha1 - kind: EtcdBackup - spec: {} - onUpdate: - - name: pvcName is immutable once set - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: EtcdBackup - spec: - pvcName: etcdbackup-pvc - updated: | - apiVersion: operator.openshift.io/v1alpha1 - kind: EtcdBackup - spec: - pvcName: updated-etcdbackup-pvc - expectedError: "spec.pvcName: Invalid value: \"string\": pvcName is immutable once set" diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.olm.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.olm.testsuite.yaml deleted file mode 100644 index 99c85fe01c..0000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.olm.testsuite.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Tech Preview] OLM" -crd: 0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal OLM - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: OLM - metadata: - name: cluster - spec: {} # No spec is required for an OLM - expected: | - apiVersion: operator.openshift.io/v1alpha1 - kind: OLM - metadata: - name: cluster - spec: - logLevel: Normal - operatorLogLevel: Normal - - name: Should reject an OLM with an invalid name - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: OLM - metadata: - name: foo - spec: {} # No spec is required for an OLM - expectedError: "Invalid value: \"object\": olm is a singleton, .metadata.name must be 'cluster'" diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go index b1d73306c5..2654f57008 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go @@ -6,13 +6,18 @@ import ( // +genclient // +genclient:nonNamespaced -// +kubebuilder:resource:scope=Cluster // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // // # EtcdBackup provides configuration options and status for a one-time backup attempt of the etcd cluster // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. // +openshift:compatibility-gen:level=4 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=etcdbackups,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1482 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=etcd,operatorOrdering=01 +// +openshift:enable:FeatureGate=AutomatedEtcdBackup type EtcdBackup struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go index 1a101cad6a..6e14720dd3 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go @@ -10,6 +10,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // When multiple policies are defined, the outcome of the behavior is defined on each field. // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=imagecontentsourcepolicies,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +openshift:compatibility-gen:level=4 type ImageContentSourcePolicy struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_olm.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_olm.go index 8f20690ae6..f29385b9fa 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/types_olm.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_olm.go @@ -14,6 +14,12 @@ import ( // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. // +openshift:compatibility-gen:level=4 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=olms,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1504 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=operator-lifecycle-manager,operatorOrdering=01 +// +openshift:enable:FeatureGate=NewOLM // +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="olm is a singleton, .metadata.name must be 'cluster'" type OLM struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..2b6cbef275 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,67 @@ +etcdbackups.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1482 + CRDName: etcdbackups.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: + - AutomatedEtcdBackup + FilenameOperatorName: etcd + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: operator.openshift.io + HasStatus: true + KindName: EtcdBackup + Labels: {} + PluralName: etcdbackups + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - AutomatedEtcdBackup + Version: v1alpha1 + +imagecontentsourcepolicies.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: imagecontentsourcepolicies.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: operator.openshift.io + HasStatus: true + KindName: ImageContentSourcePolicy + Labels: {} + PluralName: imagecontentsourcepolicies + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1alpha1 + +olms.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1504 + CRDName: olms.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: + - NewOLM + FilenameOperatorName: operator-lifecycle-manager + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: operator.openshift.io + HasStatus: true + KindName: OLM + Labels: {} + PluralName: olms + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - NewOLM + Version: v1alpha1 + diff --git a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml deleted file mode 100644 index 6528f1a11d..0000000000 --- a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml +++ /dev/null @@ -1,262 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/639 - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: podnetworkconnectivitychecks.controlplane.operator.openshift.io -spec: - group: controlplane.operator.openshift.io - names: - kind: PodNetworkConnectivityCheck - listKind: PodNetworkConnectivityCheckList - plural: podnetworkconnectivitychecks - singular: podnetworkconnectivitycheck - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "PodNetworkConnectivityCheck \n Compatibility level 4: No compatibility - is provided, the API can change at any point for any reason. These capabilities - should not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the source and target of the connectivity check - properties: - sourcePod: - description: SourcePod names the pod from which the condition will - be checked - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - targetEndpoint: - description: EndpointAddress to check. A TCP address of the form host:port. - Note that if host is a DNS name, then the check would fail if the - DNS name cannot be resolved. Specify an IP address for host to bypass - DNS name lookup. - pattern: ^\S+:\d*$ - type: string - tlsClientCert: - description: TLSClientCert, if specified, references a kubernetes.io/tls - type secret with 'tls.crt' and 'tls.key' entries containing an optional - TLS client certificate and key to be used when checking endpoints - that require a client certificate in order to gracefully preform - the scan without causing excessive logging in the endpoint process. - The secret must exist in the same namespace as this resource. - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - required: - - sourcePod - - targetEndpoint - type: object - status: - description: Status contains the observed status of the connectivity check - properties: - conditions: - description: Conditions summarize the status of the check - items: - description: PodNetworkConnectivityCheckCondition represents the - overall status of the pod network connectivity. - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. - format: date-time - nullable: true - type: string - message: - description: Message indicating details about last transition - in a human readable format. - type: string - reason: - description: Reason for the condition's last status transition - in a machine readable format. - type: string - status: - description: Status of the condition - type: string - type: - description: Type of the condition - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - failures: - description: Failures contains logs of unsuccessful check actions - items: - description: LogEntry records events - properties: - latency: - description: Latency records how long the action mentioned in - the entry took. - nullable: true - type: string - message: - description: Message explaining status in a human readable format. - type: string - reason: - description: Reason for status in a machine readable format. - type: string - success: - description: Success indicates if the log entry indicates a - success or failure. - type: boolean - time: - description: Start time of check action. - format: date-time - nullable: true - type: string - required: - - success - - time - type: object - type: array - outages: - description: Outages contains logs of time periods of outages - items: - description: OutageEntry records time period of an outage - properties: - end: - description: End of outage detected - format: date-time - nullable: true - type: string - endLogs: - description: EndLogs contains log entries related to the end - of this outage. Should contain the success entry that resolved - the outage and possibly a few of the failure log entries that - preceded it. - items: - description: LogEntry records events - properties: - latency: - description: Latency records how long the action mentioned - in the entry took. - nullable: true - type: string - message: - description: Message explaining status in a human readable - format. - type: string - reason: - description: Reason for status in a machine readable format. - type: string - success: - description: Success indicates if the log entry indicates - a success or failure. - type: boolean - time: - description: Start time of check action. - format: date-time - nullable: true - type: string - required: - - success - - time - type: object - type: array - message: - description: Message summarizes outage details in a human readable - format. - type: string - start: - description: Start of outage detected - format: date-time - nullable: true - type: string - startLogs: - description: StartLogs contains log entries related to the start - of this outage. Should contain the original failure, any entries - where the failure mode changed. - items: - description: LogEntry records events - properties: - latency: - description: Latency records how long the action mentioned - in the entry took. - nullable: true - type: string - message: - description: Message explaining status in a human readable - format. - type: string - reason: - description: Reason for status in a machine readable format. - type: string - success: - description: Success indicates if the log entry indicates - a success or failure. - type: boolean - time: - description: Start time of check action. - format: date-time - nullable: true - type: string - required: - - success - - time - type: object - type: array - required: - - start - type: object - type: array - successes: - description: Successes contains logs successful check actions - items: - description: LogEntry records events - properties: - latency: - description: Latency records how long the action mentioned in - the entry took. - nullable: true - type: string - message: - description: Message explaining status in a human readable format. - type: string - reason: - description: Reason for status in a machine readable format. - type: string - success: - description: Success indicates if the log entry indicates a - success or failure. - type: boolean - time: - description: Start time of check action. - format: date-time - nullable: true - type: string - required: - - success - - time - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/stable.podnetworkconnectivitycheck.testsuite.yaml b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/stable.podnetworkconnectivitycheck.testsuite.yaml deleted file mode 100644 index 2db10295c9..0000000000 --- a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/stable.podnetworkconnectivitycheck.testsuite.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] PodNetworkConnectivityCheck" -crd: 0000_10-pod-network-connectivity-check.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal PodNetworkConnectivityCheck - initial: | - apiVersion: controlplane.operator.openshift.io/v1alpha1 - kind: PodNetworkConnectivityCheck - spec: - sourcePod: foo - targetEndpoint: foo:0 - expected: | - apiVersion: controlplane.operator.openshift.io/v1alpha1 - kind: PodNetworkConnectivityCheck - spec: - sourcePod: foo - targetEndpoint: foo:0 diff --git a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/types_conditioncheck.go b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/types_conditioncheck.go index daaa8a33f0..f4b48e8545 100644 --- a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/types_conditioncheck.go +++ b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/types_conditioncheck.go @@ -12,7 +12,12 @@ import ( // PodNetworkConnectivityCheck // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=podnetworkconnectivitychecks,scope=Namespaced // +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/639 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=network,operatorOrdering=01 +// +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true // +openshift:compatibility-gen:level=4 type PodNetworkConnectivityCheck struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..2032118c9c --- /dev/null +++ b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,22 @@ +podnetworkconnectivitychecks.controlplane.operator.openshift.io: + Annotations: + include.release.openshift.io/self-managed-high-availability: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/639 + CRDName: podnetworkconnectivitychecks.controlplane.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: network + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: controlplane.operator.openshift.io + HasStatus: true + KindName: PodNetworkConnectivityCheck + Labels: {} + PluralName: podnetworkconnectivitychecks + PrinterColumns: [] + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: [] + Version: v1alpha1 + diff --git a/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml b/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml deleted file mode 100644 index 11f3e28abb..0000000000 --- a/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml +++ /dev/null @@ -1,252 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: clusterresourcequotas.quota.openshift.io -spec: - group: quota.openshift.io - names: - kind: ClusterResourceQuota - listKind: ClusterResourceQuotaList - plural: clusterresourcequotas - singular: clusterresourcequota - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ClusterResourceQuota mirrors ResourceQuota at a cluster scope. - \ This object is easily convertible to synthetic ResourceQuota object to - allow quota evaluation re-use. \n Compatibility level 1: Stable within a - major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the desired quota - properties: - quota: - description: Quota defines the desired quota - properties: - hard: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'hard is the set of desired hard limits for each - named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' - type: object - scopeSelector: - description: scopeSelector is also a collection of filters like - scopes that must match each object tracked by a quota but expressed - using ScopeSelectorOperator in combination with possible values. - For a resource to match, both scopes AND scopeSelector (if specified - in spec), must be matched. - properties: - matchExpressions: - description: A list of scope selector requirements by scope - of the resources. - items: - description: A scoped-resource selector requirement is a - selector that contains values, a scope name, and an operator - that relates the scope name and values. - properties: - operator: - description: Represents a scope's relationship to a - set of values. Valid operators are In, NotIn, Exists, - DoesNotExist. - type: string - scopeName: - description: The name of the scope that the selector - applies to. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - operator - - scopeName - type: object - type: array - type: object - x-kubernetes-map-type: atomic - scopes: - description: A collection of filters that must match each object - tracked by a quota. If not specified, the quota matches all - objects. - items: - description: A ResourceQuotaScope defines a filter that must - match each object tracked by a quota - type: string - type: array - type: object - selector: - description: Selector is the selector used to match projects. It should - only select active projects on the scale of dozens (though it can - select many more less active projects). These projects will contend - on object creation through this resource. - properties: - annotations: - additionalProperties: - type: string - description: AnnotationSelector is used to select projects by - annotation. - nullable: true - type: object - labels: - description: LabelSelector is used to select projects by label. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - type: object - required: - - quota - - selector - type: object - status: - description: Status defines the actual enforced quota and its current - usage - properties: - namespaces: - description: Namespaces slices the usage by project. This division - allows for quick resolution of deletion reconciliation inside of - a single project without requiring a recalculation across all projects. This - can be used to pull the deltas for a given project. - items: - description: ResourceQuotaStatusByNamespace gives status for a particular - project - properties: - namespace: - description: Namespace the project this status applies to - type: string - status: - description: Status indicates how many resources have been consumed - by this project - properties: - hard: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Hard is the set of enforced hard limits for - each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' - type: object - used: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Used is the current observed total usage of - the resource in the namespace. - type: object - type: object - required: - - namespace - - status - type: object - nullable: true - type: array - total: - description: Total defines the actual enforced quota and its current - usage across all projects - properties: - hard: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Hard is the set of enforced hard limits for each - named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' - type: object - used: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Used is the current observed total usage of the resource - in the namespace. - type: object - type: object - required: - - total - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/quota/v1/generated.proto b/vendor/github.com/openshift/api/quota/v1/generated.proto index 70983e82d0..a72b97c884 100644 --- a/vendor/github.com/openshift/api/quota/v1/generated.proto +++ b/vendor/github.com/openshift/api/quota/v1/generated.proto @@ -47,6 +47,11 @@ message AppliedClusterResourceQuotaList { // synthetic ResourceQuota object to allow quota evaluation re-use. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clusterresourcequotas,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 // +openshift:compatibility-gen:level=1 message ClusterResourceQuota { // metadata is the standard object's metadata. diff --git a/vendor/github.com/openshift/api/quota/v1/stable.clusterresourcequota.testsuite.yaml b/vendor/github.com/openshift/api/quota/v1/stable.clusterresourcequota.testsuite.yaml deleted file mode 100644 index cfcba0aed4..0000000000 --- a/vendor/github.com/openshift/api/quota/v1/stable.clusterresourcequota.testsuite.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ClusterResourceQuota" -crd: 0000_03_quota-openshift_01_clusterresourcequota.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ClusterResourceQuota - initial: | - apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - spec: - selector: {} - quota: {} - expected: | - apiVersion: quota.openshift.io/v1 - kind: ClusterResourceQuota - spec: - selector: {} - quota: {} diff --git a/vendor/github.com/openshift/api/quota/v1/types.go b/vendor/github.com/openshift/api/quota/v1/types.go index 9742331f75..de918711be 100644 --- a/vendor/github.com/openshift/api/quota/v1/types.go +++ b/vendor/github.com/openshift/api/quota/v1/types.go @@ -13,6 +13,11 @@ import ( // synthetic ResourceQuota object to allow quota evaluation re-use. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clusterresourcequotas,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 // +openshift:compatibility-gen:level=1 type ClusterResourceQuota struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..50caedde1c --- /dev/null +++ b/vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,21 @@ +clusterresourcequotas.quota.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: clusterresourcequotas.quota.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_03" + GroupName: quota.openshift.io + HasStatus: true + KindName: ClusterResourceQuota + Labels: {} + PluralName: clusterresourcequotas + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/route/.codegen.yaml b/vendor/github.com/openshift/api/route/.codegen.yaml index d2791f7b5e..65cf5d814b 100644 --- a/vendor/github.com/openshift/api/route/.codegen.yaml +++ b/vendor/github.com/openshift/api/route/.codegen.yaml @@ -1,8 +1,3 @@ schemapatch: - requiredFeatureSets: - - '' - - 'Default' - - 'TechPreviewNoUpgrade' - - 'CustomNoUpgrade' swaggerdocs: commentPolicy: Warn diff --git a/vendor/github.com/openshift/api/route/v1/custom.route.testsuite.yaml b/vendor/github.com/openshift/api/route/v1/custom.route.testsuite.yaml deleted file mode 100644 index 4a8042fc1b..0000000000 --- a/vendor/github.com/openshift/api/route/v1/custom.route.testsuite.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: '[CustomNoUpgrade] Route' -crd: route-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Route - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - weight: 100 - wildcardPolicy: None - - name: 'cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Allow - expectedError: 'cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow' - - name: 'spec.tls.termination: passthrough is compatible with spec.tls.insecureEdgeTerminationPolicy: Redirect' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - weight: 100 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - wildcardPolicy: None - - name: 'spec.tls.termination: passthrough is compatible with spec.tls.insecureEdgeTerminationPolicy: None' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: None - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - weight: 100 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: None - wildcardPolicy: None - - name: 'cannot have both spec.tls.certificate and spec.tls.externalCertificate' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - tls: - termination: edge - key: |- - -----BEGIN RSA PRIVATE KEY----- - -----END RSA PRIVATE KEY----- - certificate: |- - -----BEGIN CERTIFICATE----- - -----END CERTIFICATE----- - externalCertificate: - name: "my-local-secret" - expectedError: 'Invalid value: "object": cannot have both spec.tls.certificate and spec.tls.externalCertificate' diff --git a/vendor/github.com/openshift/api/route/v1/generated.proto b/vendor/github.com/openshift/api/route/v1/generated.proto index 66b35420e9..1797fe7702 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.proto +++ b/vendor/github.com/openshift/api/route/v1/generated.proto @@ -404,7 +404,7 @@ message RouterShard { // TLSConfig defines config used to secure a route and provide termination // // +kubebuilder:validation:XValidation:rule="has(self.termination) && has(self.insecureEdgeTerminationPolicy) ? !((self.termination=='passthrough') && (self.insecureEdgeTerminationPolicy=='Allow')) : true", message="cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow" -// +openshift:validation:FeatureSetAwareXValidation:featureSet=TechPreviewNoUpgrade;CustomNoUpgrade,rule="!(has(self.certificate) && has(self.externalCertificate))", message="cannot have both spec.tls.certificate and spec.tls.externalCertificate" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalRouteCertificate,rule="!(has(self.certificate) && has(self.externalCertificate))", message="cannot have both spec.tls.certificate and spec.tls.externalCertificate" message TLSConfig { // termination indicates termination type. // @@ -449,7 +449,7 @@ message TLSConfig { // be present in the same namespace as that of the Route. // Forbidden when `certificate` is set. // - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +openshift:enable:FeatureGate=ExternalRouteCertificate // +optional optional LocalObjectReference externalCertificate = 7; } diff --git a/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml deleted file mode 100644 index d46b079106..0000000000 --- a/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,618 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1228 - release.openshift.io/feature-set: CustomNoUpgrade - name: routes.route.openshift.io -spec: - group: route.openshift.io - names: - kind: Route - plural: routes - singular: route - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.ingress[0].host - name: Host - type: string - - jsonPath: .status.ingress[0].conditions[?(@.type=="Admitted")].status - name: Admitted - type: string - - jsonPath: .spec.to.name - name: Service - type: string - - jsonPath: .spec.tls.type - name: TLS - type: string - name: v1 - schema: - openAPIV3Schema: - description: "A route allows developers to expose services through an HTTP(S) - aware load balancing and proxy layer via a public DNS entry. The route may - further specify TLS options and a certificate, or specify a public CNAME - that the router should also accept for HTTP and HTTPS traffic. An administrator - typically configures their router to be visible outside the cluster firewall, - and may also add additional security, caching, or traffic controls on the - service content. Routers usually talk directly to the service endpoints. - \n Once a route is created, the `host` field may not be changed. Generally, - routers use the oldest route with a given host when resolving conflicts. - \n Routers are subject to additional customization and may support additional - controls via the annotations field. \n Because administrators may configure - multiple routers, the route status field is used to return information to - clients about the names and states of the route under each router. If a - client chooses a duplicate name, for instance, the route status conditions - are used to indicate the route cannot be chosen. \n To enable HTTP/2 ALPN - on a route it requires a custom (non-wildcard) certificate. This prevents - connection coalescing by clients, notably web browsers. We do not support - HTTP/2 ALPN on routes that use the default certificate because of the risk - of connection re-use/coalescing. Routes that do not have their own custom - certificate will not be HTTP/2 ALPN-enabled on either the frontend or the - backend. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the desired state of the route - properties: - alternateBackends: - description: alternateBackends allows up to 3 additional backends - to be assigned to the route. Only the Service kind is allowed, and - it will be defaulted to Service. Use the weight field in RouteTargetReference - object to specify relative preference. - items: - description: RouteTargetReference specifies the target that resolve - into endpoints. Only the 'Service' kind is allowed. Use 'weight' - field to emphasize one over others. - properties: - kind: - default: Service - description: The kind of target that the route is referring - to. Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default - 100, that specifies the target's relative weight against other - target reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - maxItems: 3 - type: array - host: - description: host is an alias/DNS that points to the service. Optional. - If not specified a route name will typically be automatically chosen. - Must follow DNS952 subdomain conventions. - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - httpHeaders: - description: httpHeaders defines policy for HTTP headers. - properties: - actions: - description: 'actions specifies options for modifying headers - and their values. Note that this option only applies to cleartext - HTTP connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). Headers cannot be modified for TLS - passthrough connections. Setting the HSTS (`Strict-Transport-Security`) - header is not supported via actions. `Strict-Transport-Security` - may only be configured using the "haproxy.router.openshift.io/hsts_header" - route annotation, and only in accordance with the policy specified - in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request - headers, the actions specified in spec.httpHeaders.actions on - the Route will be executed after the actions specified in the - IngressController''s spec.httpHeaders.actions field. In case - of HTTP response headers, the actions specified in spec.httpHeaders.actions - on the IngressController will be executed after the actions - specified in the Route''s spec.httpHeaders.actions field. The - headers set via this API will not appear in access logs. Any - actions defined here are applied after any actions related to - the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, - spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. - The following header names are reserved and may not be modified - via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. - Note that the total size of all net added headers *after* interpolating - dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. Please refer to the documentation - for that API field for more details.' - properties: - request: - description: 'request is a list of HTTP request headers to - modify. Currently, actions may define to either `Set` or - `Delete` headers values. Actions defined here will modify - the request headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Currently, - actions may define to either `Set` or `Delete` headers values. - Route actions will be executed after IngressController actions - for request headers. Actions are applied in sequence as - defined in this list. A maximum of 20 request header actions - may be configured. You can use this field to specify HTTP - request headers that should be set or deleted when forwarding - connections from the client to your application. Sample - fetchers allowed are "req.hdr" and "ssl_c_der". Converters - allowed are "lower" and "base64". Example header values: - "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". - Any request header configuration applied directly via a - Route resource using this API will override header configuration - for a header of the same name applied via spec.httpHeaders.actions - on the IngressController or route annotation. Note: This - field cannot be used if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are req.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - response: - description: 'response is a list of HTTP response headers - to modify. Currently, actions may define to either `Set` - or `Delete` headers values. Actions defined here will modify - the response headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Route actions - will be executed before IngressController actions for response - headers. Actions are applied in sequence as defined in this - list. A maximum of 20 response header actions may be configured. - You can use this field to specify HTTP response headers - that should be set or deleted when forwarding responses - from your application to the client. Sample fetchers allowed - are "res.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[res.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used - if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are res.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - type: object - type: object - path: - description: path that the router watches for, to route traffic for - to the service. Optional - pattern: ^/ - type: string - port: - description: If specified, the port to be used by the router. Most - routers will use all endpoints exposed by the service by default - - set this value to instruct routers which port to use. - properties: - targetPort: - anyOf: - - type: integer - - type: string - description: The target port on pods selected by the service this - route points to. If this is a string, it will be looked up as - a named port in the target endpoints port list. Required - x-kubernetes-int-or-string: true - required: - - targetPort - type: object - subdomain: - description: "subdomain is a DNS subdomain that is requested within - the ingress controller's domain (as a subdomain). If host is set - this field is ignored. An ingress controller may choose to ignore - this suggested name, in which case the controller will report the - assigned name in the status.ingress array or refuse to admit the - route. If this value is set and the server does not support this - field host will be populated automatically. Otherwise host is left - empty. The field may have multiple parts separated by a dot, but - not all ingress controllers may honor the request. This field may - not be changed after creation except by a user with the update routes/custom-host - permission. \n Example: subdomain `frontend` automatically receives - the router subdomain `apps.mycluster.com` to have a full hostname - `frontend.apps.mycluster.com`." - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - tls: - description: The tls field provides the ability to configure certificates - and termination for the route. - properties: - caCertificate: - description: caCertificate provides the cert authority certificate - contents - type: string - certificate: - description: certificate provides certificate contents. This should - be a single serving certificate, not a certificate chain. Do - not include a CA certificate. - type: string - destinationCACertificate: - description: destinationCACertificate provides the contents of - the ca certificate of the final destination. When using reencrypt - termination this file should be provided in order to have routers - use it for health checks on the secure connection. If this field - is not specified, the router may provide its own destination - CA and perform hostname validation using the short service name - (service.namespace.svc), which allows infrastructure generated - certificates to automatically verify. - type: string - externalCertificate: - description: externalCertificate provides certificate contents - as a secret reference. This should be a single serving certificate, - not a certificate chain. Do not include a CA certificate. The - secret referenced should be present in the same namespace as - that of the Route. Forbidden when `certificate` is set. - properties: - name: - description: 'name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: object - x-kubernetes-map-type: atomic - insecureEdgeTerminationPolicy: - description: "insecureEdgeTerminationPolicy indicates the desired - behavior for insecure connections to a route. While each router - may make its own decisions on which ports to expose, this is - normally port 80. \n * Allow - traffic is sent to the server - on the insecure port (edge/reencrypt terminations only) (default). - * None - no traffic is allowed on the insecure port. * Redirect - - clients are redirected to the secure port." - enum: - - Allow - - None - - Redirect - - "" - type: string - key: - description: key provides key file contents - type: string - termination: - description: "termination indicates termination type. \n * edge - - TLS termination is done by the router and http is used to - communicate with the backend (default) * passthrough - Traffic - is sent straight to the destination without the router providing - TLS termination * reencrypt - TLS termination is done by the - router and https is used to communicate with the backend \n - Note: passthrough termination is incompatible with httpHeader - actions" - enum: - - edge - - reencrypt - - passthrough - type: string - required: - - termination - type: object - x-kubernetes-validations: - - message: cannot have both spec.tls.certificate and spec.tls.externalCertificate - rule: '!(has(self.certificate) && has(self.externalCertificate))' - - message: 'cannot have both spec.tls.termination: passthrough and - spec.tls.insecureEdgeTerminationPolicy: Allow' - rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) - ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) - : true' - to: - description: to is an object the route should use as the primary backend. - Only the Service kind is allowed, and it will be defaulted to Service. - If the weight field (0-256 default 100) is set to zero, no traffic - will be sent to this backend. - properties: - kind: - default: Service - description: The kind of target that the route is referring to. - Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default 100, - that specifies the target's relative weight against other target - reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - wildcardPolicy: - default: None - description: Wildcard policy if any for the route. Currently only - 'Subdomain' or 'None' is allowed. - enum: - - None - - Subdomain - - "" - type: string - required: - - to - type: object - x-kubernetes-validations: - - message: header actions are not permitted when tls termination is passthrough. - rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || - !has(self.httpHeaders)' - status: - description: status is the current state of the route - properties: - ingress: - description: ingress describes the places where the route may be exposed. - The list of ingress points may contain duplicate Host or RouterName - values. Routes are considered live once they are `Ready` - items: - description: RouteIngress holds information about the places where - a route is exposed. - properties: - conditions: - description: Conditions is the state of the route, may be empty. - items: - description: RouteIngressCondition contains details for the - current condition of this route on a particular router. - properties: - lastTransitionTime: - description: RFC 3339 date and time when this condition - last transitioned - format: date-time - type: string - message: - description: Human readable message indicating details - about last transition. - type: string - reason: - description: (brief) reason for the condition's last transition, - and is usually a machine and human readable constant - type: string - status: - description: Status is the status of the condition. Can - be True, False, Unknown. - type: string - type: - description: Type is the type of the condition. Currently - only Admitted or UnservableInFutureVersions. - type: string - required: - - status - - type - type: object - type: array - host: - description: Host is the host string under which the route is - exposed; this value is required - type: string - routerCanonicalHostname: - description: CanonicalHostname is the external host name for - the router that can be used as a CNAME for the host requested - for this route. This value is optional and may not be set - in all cases. - type: string - routerName: - description: Name is a name chosen by the router to identify - itself; this value is required - type: string - wildcardPolicy: - description: Wildcard policy is the wildcard policy that was - allowed where this route is exposed. - type: string - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index 48ff2c5e84..0000000000 --- a/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,618 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1228 - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: routes.route.openshift.io -spec: - group: route.openshift.io - names: - kind: Route - plural: routes - singular: route - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.ingress[0].host - name: Host - type: string - - jsonPath: .status.ingress[0].conditions[?(@.type=="Admitted")].status - name: Admitted - type: string - - jsonPath: .spec.to.name - name: Service - type: string - - jsonPath: .spec.tls.type - name: TLS - type: string - name: v1 - schema: - openAPIV3Schema: - description: "A route allows developers to expose services through an HTTP(S) - aware load balancing and proxy layer via a public DNS entry. The route may - further specify TLS options and a certificate, or specify a public CNAME - that the router should also accept for HTTP and HTTPS traffic. An administrator - typically configures their router to be visible outside the cluster firewall, - and may also add additional security, caching, or traffic controls on the - service content. Routers usually talk directly to the service endpoints. - \n Once a route is created, the `host` field may not be changed. Generally, - routers use the oldest route with a given host when resolving conflicts. - \n Routers are subject to additional customization and may support additional - controls via the annotations field. \n Because administrators may configure - multiple routers, the route status field is used to return information to - clients about the names and states of the route under each router. If a - client chooses a duplicate name, for instance, the route status conditions - are used to indicate the route cannot be chosen. \n To enable HTTP/2 ALPN - on a route it requires a custom (non-wildcard) certificate. This prevents - connection coalescing by clients, notably web browsers. We do not support - HTTP/2 ALPN on routes that use the default certificate because of the risk - of connection re-use/coalescing. Routes that do not have their own custom - certificate will not be HTTP/2 ALPN-enabled on either the frontend or the - backend. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the desired state of the route - properties: - alternateBackends: - description: alternateBackends allows up to 3 additional backends - to be assigned to the route. Only the Service kind is allowed, and - it will be defaulted to Service. Use the weight field in RouteTargetReference - object to specify relative preference. - items: - description: RouteTargetReference specifies the target that resolve - into endpoints. Only the 'Service' kind is allowed. Use 'weight' - field to emphasize one over others. - properties: - kind: - default: Service - description: The kind of target that the route is referring - to. Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default - 100, that specifies the target's relative weight against other - target reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - maxItems: 3 - type: array - host: - description: host is an alias/DNS that points to the service. Optional. - If not specified a route name will typically be automatically chosen. - Must follow DNS952 subdomain conventions. - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - httpHeaders: - description: httpHeaders defines policy for HTTP headers. - properties: - actions: - description: 'actions specifies options for modifying headers - and their values. Note that this option only applies to cleartext - HTTP connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). Headers cannot be modified for TLS - passthrough connections. Setting the HSTS (`Strict-Transport-Security`) - header is not supported via actions. `Strict-Transport-Security` - may only be configured using the "haproxy.router.openshift.io/hsts_header" - route annotation, and only in accordance with the policy specified - in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request - headers, the actions specified in spec.httpHeaders.actions on - the Route will be executed after the actions specified in the - IngressController''s spec.httpHeaders.actions field. In case - of HTTP response headers, the actions specified in spec.httpHeaders.actions - on the IngressController will be executed after the actions - specified in the Route''s spec.httpHeaders.actions field. The - headers set via this API will not appear in access logs. Any - actions defined here are applied after any actions related to - the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, - spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. - The following header names are reserved and may not be modified - via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. - Note that the total size of all net added headers *after* interpolating - dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. Please refer to the documentation - for that API field for more details.' - properties: - request: - description: 'request is a list of HTTP request headers to - modify. Currently, actions may define to either `Set` or - `Delete` headers values. Actions defined here will modify - the request headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Currently, - actions may define to either `Set` or `Delete` headers values. - Route actions will be executed after IngressController actions - for request headers. Actions are applied in sequence as - defined in this list. A maximum of 20 request header actions - may be configured. You can use this field to specify HTTP - request headers that should be set or deleted when forwarding - connections from the client to your application. Sample - fetchers allowed are "req.hdr" and "ssl_c_der". Converters - allowed are "lower" and "base64". Example header values: - "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". - Any request header configuration applied directly via a - Route resource using this API will override header configuration - for a header of the same name applied via spec.httpHeaders.actions - on the IngressController or route annotation. Note: This - field cannot be used if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are req.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - response: - description: 'response is a list of HTTP response headers - to modify. Currently, actions may define to either `Set` - or `Delete` headers values. Actions defined here will modify - the response headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Route actions - will be executed before IngressController actions for response - headers. Actions are applied in sequence as defined in this - list. A maximum of 20 response header actions may be configured. - You can use this field to specify HTTP response headers - that should be set or deleted when forwarding responses - from your application to the client. Sample fetchers allowed - are "res.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[res.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used - if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are res.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - type: object - type: object - path: - description: path that the router watches for, to route traffic for - to the service. Optional - pattern: ^/ - type: string - port: - description: If specified, the port to be used by the router. Most - routers will use all endpoints exposed by the service by default - - set this value to instruct routers which port to use. - properties: - targetPort: - anyOf: - - type: integer - - type: string - description: The target port on pods selected by the service this - route points to. If this is a string, it will be looked up as - a named port in the target endpoints port list. Required - x-kubernetes-int-or-string: true - required: - - targetPort - type: object - subdomain: - description: "subdomain is a DNS subdomain that is requested within - the ingress controller's domain (as a subdomain). If host is set - this field is ignored. An ingress controller may choose to ignore - this suggested name, in which case the controller will report the - assigned name in the status.ingress array or refuse to admit the - route. If this value is set and the server does not support this - field host will be populated automatically. Otherwise host is left - empty. The field may have multiple parts separated by a dot, but - not all ingress controllers may honor the request. This field may - not be changed after creation except by a user with the update routes/custom-host - permission. \n Example: subdomain `frontend` automatically receives - the router subdomain `apps.mycluster.com` to have a full hostname - `frontend.apps.mycluster.com`." - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - tls: - description: The tls field provides the ability to configure certificates - and termination for the route. - properties: - caCertificate: - description: caCertificate provides the cert authority certificate - contents - type: string - certificate: - description: certificate provides certificate contents. This should - be a single serving certificate, not a certificate chain. Do - not include a CA certificate. - type: string - destinationCACertificate: - description: destinationCACertificate provides the contents of - the ca certificate of the final destination. When using reencrypt - termination this file should be provided in order to have routers - use it for health checks on the secure connection. If this field - is not specified, the router may provide its own destination - CA and perform hostname validation using the short service name - (service.namespace.svc), which allows infrastructure generated - certificates to automatically verify. - type: string - externalCertificate: - description: externalCertificate provides certificate contents - as a secret reference. This should be a single serving certificate, - not a certificate chain. Do not include a CA certificate. The - secret referenced should be present in the same namespace as - that of the Route. Forbidden when `certificate` is set. - properties: - name: - description: 'name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: object - x-kubernetes-map-type: atomic - insecureEdgeTerminationPolicy: - description: "insecureEdgeTerminationPolicy indicates the desired - behavior for insecure connections to a route. While each router - may make its own decisions on which ports to expose, this is - normally port 80. \n * Allow - traffic is sent to the server - on the insecure port (edge/reencrypt terminations only) (default). - * None - no traffic is allowed on the insecure port. * Redirect - - clients are redirected to the secure port." - enum: - - Allow - - None - - Redirect - - "" - type: string - key: - description: key provides key file contents - type: string - termination: - description: "termination indicates termination type. \n * edge - - TLS termination is done by the router and http is used to - communicate with the backend (default) * passthrough - Traffic - is sent straight to the destination without the router providing - TLS termination * reencrypt - TLS termination is done by the - router and https is used to communicate with the backend \n - Note: passthrough termination is incompatible with httpHeader - actions" - enum: - - edge - - reencrypt - - passthrough - type: string - required: - - termination - type: object - x-kubernetes-validations: - - message: cannot have both spec.tls.certificate and spec.tls.externalCertificate - rule: '!(has(self.certificate) && has(self.externalCertificate))' - - message: 'cannot have both spec.tls.termination: passthrough and - spec.tls.insecureEdgeTerminationPolicy: Allow' - rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) - ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) - : true' - to: - description: to is an object the route should use as the primary backend. - Only the Service kind is allowed, and it will be defaulted to Service. - If the weight field (0-256 default 100) is set to zero, no traffic - will be sent to this backend. - properties: - kind: - default: Service - description: The kind of target that the route is referring to. - Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default 100, - that specifies the target's relative weight against other target - reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - wildcardPolicy: - default: None - description: Wildcard policy if any for the route. Currently only - 'Subdomain' or 'None' is allowed. - enum: - - None - - Subdomain - - "" - type: string - required: - - to - type: object - x-kubernetes-validations: - - message: header actions are not permitted when tls termination is passthrough. - rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || - !has(self.httpHeaders)' - status: - description: status is the current state of the route - properties: - ingress: - description: ingress describes the places where the route may be exposed. - The list of ingress points may contain duplicate Host or RouterName - values. Routes are considered live once they are `Ready` - items: - description: RouteIngress holds information about the places where - a route is exposed. - properties: - conditions: - description: Conditions is the state of the route, may be empty. - items: - description: RouteIngressCondition contains details for the - current condition of this route on a particular router. - properties: - lastTransitionTime: - description: RFC 3339 date and time when this condition - last transitioned - format: date-time - type: string - message: - description: Human readable message indicating details - about last transition. - type: string - reason: - description: (brief) reason for the condition's last transition, - and is usually a machine and human readable constant - type: string - status: - description: Status is the status of the condition. Can - be True, False, Unknown. - type: string - type: - description: Type is the type of the condition. Currently - only Admitted or UnservableInFutureVersions. - type: string - required: - - status - - type - type: object - type: array - host: - description: Host is the host string under which the route is - exposed; this value is required - type: string - routerCanonicalHostname: - description: CanonicalHostname is the external host name for - the router that can be used as a CNAME for the host requested - for this route. This value is optional and may not be set - in all cases. - type: string - routerName: - description: Name is a name chosen by the router to identify - itself; this value is required - type: string - wildcardPolicy: - description: Wildcard policy is the wildcard policy that was - allowed where this route is exposed. - type: string - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/route/v1/route.crd.yaml b/vendor/github.com/openshift/api/route/v1/route.crd.yaml deleted file mode 100644 index 0ec81826ed..0000000000 --- a/vendor/github.com/openshift/api/route/v1/route.crd.yaml +++ /dev/null @@ -1,655 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1228 - name: routes.route.openshift.io -spec: - group: route.openshift.io - names: - kind: Route - plural: routes - singular: route - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.ingress[0].host - name: Host - type: string - - jsonPath: .status.ingress[0].conditions[?(@.type=="Admitted")].status - name: Admitted - type: string - - jsonPath: .spec.to.name - name: Service - type: string - - jsonPath: .spec.tls.type - name: TLS - type: string - name: v1 - schema: - openAPIV3Schema: - description: "A route allows developers to expose services through an HTTP(S) - aware load balancing and proxy layer via a public DNS entry. The route may - further specify TLS options and a certificate, or specify a public CNAME - that the router should also accept for HTTP and HTTPS traffic. An administrator - typically configures their router to be visible outside the cluster firewall, - and may also add additional security, caching, or traffic controls on the - service content. Routers usually talk directly to the service endpoints. - \n Once a route is created, the `host` field may not be changed. Generally, - routers use the oldest route with a given host when resolving conflicts. - \n Routers are subject to additional customization and may support additional - controls via the annotations field. \n Because administrators may configure - multiple routers, the route status field is used to return information to - clients about the names and states of the route under each router. If a - client chooses a duplicate name, for instance, the route status conditions - are used to indicate the route cannot be chosen. \n To enable HTTP/2 ALPN - on a route it requires a custom (non-wildcard) certificate. This prevents - connection coalescing by clients, notably web browsers. We do not support - HTTP/2 ALPN on routes that use the default certificate because of the risk - of connection re-use/coalescing. Routes that do not have their own custom - certificate will not be HTTP/2 ALPN-enabled on either the frontend or the - backend. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - allOf: - - anyOf: - - properties: - path: - maxLength: 0 - - properties: - tls: - enum: - - null - - not: - properties: - tls: - properties: - termination: - enum: - - passthrough - - anyOf: - - not: - properties: - host: - maxLength: 0 - - not: - properties: - wildcardPolicy: - enum: - - Subdomain - description: spec is the desired state of the route - properties: - alternateBackends: - description: alternateBackends allows up to 3 additional backends - to be assigned to the route. Only the Service kind is allowed, and - it will be defaulted to Service. Use the weight field in RouteTargetReference - object to specify relative preference. - items: - description: RouteTargetReference specifies the target that resolve - into endpoints. Only the 'Service' kind is allowed. Use 'weight' - field to emphasize one over others. - properties: - kind: - default: Service - description: The kind of target that the route is referring - to. Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default - 100, that specifies the target's relative weight against other - target reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - maxItems: 3 - type: array - host: - description: host is an alias/DNS that points to the service. Optional. - If not specified a route name will typically be automatically chosen. - Must follow DNS952 subdomain conventions. - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - httpHeaders: - description: httpHeaders defines policy for HTTP headers. - properties: - actions: - description: 'actions specifies options for modifying headers - and their values. Note that this option only applies to cleartext - HTTP connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). Headers cannot be modified for TLS - passthrough connections. Setting the HSTS (`Strict-Transport-Security`) - header is not supported via actions. `Strict-Transport-Security` - may only be configured using the "haproxy.router.openshift.io/hsts_header" - route annotation, and only in accordance with the policy specified - in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request - headers, the actions specified in spec.httpHeaders.actions on - the Route will be executed after the actions specified in the - IngressController''s spec.httpHeaders.actions field. In case - of HTTP response headers, the actions specified in spec.httpHeaders.actions - on the IngressController will be executed after the actions - specified in the Route''s spec.httpHeaders.actions field. The - headers set via this API will not appear in access logs. Any - actions defined here are applied after any actions related to - the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, - spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. - The following header names are reserved and may not be modified - via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. - Note that the total size of all net added headers *after* interpolating - dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. Please refer to the documentation - for that API field for more details.' - properties: - request: - description: 'request is a list of HTTP request headers to - modify. Currently, actions may define to either `Set` or - `Delete` headers values. Actions defined here will modify - the request headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Currently, - actions may define to either `Set` or `Delete` headers values. - Route actions will be executed after IngressController actions - for request headers. Actions are applied in sequence as - defined in this list. A maximum of 20 request header actions - may be configured. You can use this field to specify HTTP - request headers that should be set or deleted when forwarding - connections from the client to your application. Sample - fetchers allowed are "req.hdr" and "ssl_c_der". Converters - allowed are "lower" and "base64". Example header values: - "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". - Any request header configuration applied directly via a - Route resource using this API will override header configuration - for a header of the same name applied via spec.httpHeaders.actions - on the IngressController or route annotation. Note: This - field cannot be used if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are req.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - response: - description: 'response is a list of HTTP response headers - to modify. Currently, actions may define to either `Set` - or `Delete` headers values. Actions defined here will modify - the response headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Route actions - will be executed before IngressController actions for response - headers. Actions are applied in sequence as defined in this - list. A maximum of 20 response header actions may be configured. - You can use this field to specify HTTP response headers - that should be set or deleted when forwarding responses - from your application to the client. Sample fetchers allowed - are "res.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[res.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used - if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are res.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - type: object - type: object - path: - description: path that the router watches for, to route traffic for - to the service. Optional - pattern: ^/ - type: string - port: - description: If specified, the port to be used by the router. Most - routers will use all endpoints exposed by the service by default - - set this value to instruct routers which port to use. - properties: - targetPort: - allOf: - - not: - enum: - - 0 - - not: - enum: - - "" - x-kubernetes-int-or-string: true - required: - - targetPort - type: object - subdomain: - description: "subdomain is a DNS subdomain that is requested within - the ingress controller's domain (as a subdomain). If host is set - this field is ignored. An ingress controller may choose to ignore - this suggested name, in which case the controller will report the - assigned name in the status.ingress array or refuse to admit the - route. If this value is set and the server does not support this - field host will be populated automatically. Otherwise host is left - empty. The field may have multiple parts separated by a dot, but - not all ingress controllers may honor the request. This field may - not be changed after creation except by a user with the update routes/custom-host - permission. \n Example: subdomain `frontend` automatically receives - the router subdomain `apps.mycluster.com` to have a full hostname - `frontend.apps.mycluster.com`." - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - tls: - allOf: - - anyOf: - - properties: - caCertificate: - maxLength: 0 - certificate: - maxLength: 0 - destinationCACertificate: - maxLength: 0 - key: - maxLength: 0 - - not: - properties: - termination: - enum: - - passthrough - - anyOf: - - properties: - destinationCACertificate: - maxLength: 0 - - not: - properties: - termination: - enum: - - edge - description: The tls field provides the ability to configure certificates - and termination for the route. - properties: - caCertificate: - description: caCertificate provides the cert authority certificate - contents - type: string - certificate: - description: certificate provides certificate contents. This should - be a single serving certificate, not a certificate chain. Do - not include a CA certificate. - type: string - destinationCACertificate: - description: destinationCACertificate provides the contents of - the ca certificate of the final destination. When using reencrypt - termination this file should be provided in order to have routers - use it for health checks on the secure connection. If this field - is not specified, the router may provide its own destination - CA and perform hostname validation using the short service name - (service.namespace.svc), which allows infrastructure generated - certificates to automatically verify. - type: string - insecureEdgeTerminationPolicy: - description: "insecureEdgeTerminationPolicy indicates the desired - behavior for insecure connections to a route. While each router - may make its own decisions on which ports to expose, this is - normally port 80. \n * Allow - traffic is sent to the server - on the insecure port (edge/reencrypt terminations only) (default). - * None - no traffic is allowed on the insecure port. * Redirect - - clients are redirected to the secure port." - enum: - - Allow - - None - - Redirect - - "" - type: string - key: - description: key provides key file contents - type: string - termination: - description: "termination indicates termination type. \n * edge - - TLS termination is done by the router and http is used to - communicate with the backend (default) * passthrough - Traffic - is sent straight to the destination without the router providing - TLS termination * reencrypt - TLS termination is done by the - router and https is used to communicate with the backend \n - Note: passthrough termination is incompatible with httpHeader - actions" - enum: - - edge - - reencrypt - - passthrough - type: string - required: - - termination - type: object - x-kubernetes-validations: - - message: 'cannot have both spec.tls.termination: passthrough and - spec.tls.insecureEdgeTerminationPolicy: Allow' - rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) - ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) - : true' - to: - description: to is an object the route should use as the primary backend. - Only the Service kind is allowed, and it will be defaulted to Service. - If the weight field (0-256 default 100) is set to zero, no traffic - will be sent to this backend. - properties: - kind: - default: Service - description: The kind of target that the route is referring to. - Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default 100, - that specifies the target's relative weight against other target - reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - wildcardPolicy: - default: None - description: Wildcard policy if any for the route. Currently only - 'Subdomain' or 'None' is allowed. - enum: - - None - - Subdomain - - "" - type: string - required: - - to - type: object - x-kubernetes-validations: - - message: header actions are not permitted when tls termination is passthrough. - rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || - !has(self.httpHeaders)' - status: - description: status is the current state of the route - properties: - ingress: - description: ingress describes the places where the route may be exposed. - The list of ingress points may contain duplicate Host or RouterName - values. Routes are considered live once they are `Ready` - items: - description: RouteIngress holds information about the places where - a route is exposed. - properties: - conditions: - description: Conditions is the state of the route, may be empty. - items: - description: RouteIngressCondition contains details for the - current condition of this route on a particular router. - properties: - lastTransitionTime: - description: RFC 3339 date and time when this condition - last transitioned - format: date-time - type: string - message: - description: Human readable message indicating details - about last transition. - type: string - reason: - description: (brief) reason for the condition's last transition, - and is usually a machine and human readable constant - type: string - status: - description: Status is the status of the condition. Can - be True, False, Unknown. - type: string - type: - description: Type is the type of the condition. Currently - only Admitted or UnservableInFutureVersions. - type: string - required: - - status - - type - type: object - type: array - host: - description: Host is the host string under which the route is - exposed; this value is required - type: string - routerCanonicalHostname: - description: CanonicalHostname is the external host name for - the router that can be used as a CNAME for the host requested - for this route. This value is optional and may not be set - in all cases. - type: string - routerName: - description: Name is a name chosen by the router to identify - itself; this value is required - type: string - wildcardPolicy: - description: Wildcard policy is the wildcard policy that was - allowed where this route is exposed. - type: string - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/route/v1/route.crd.yaml-patch b/vendor/github.com/openshift/api/route/v1/route.crd.yaml-patch deleted file mode 100644 index 7f09302f3f..0000000000 --- a/vendor/github.com/openshift/api/route/v1/route.crd.yaml-patch +++ /dev/null @@ -1,67 +0,0 @@ -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/allOf - value: - # spec.path must be empty when using passthrough TLS. - - anyOf: - - properties: - path: - maxLength: 0 - - properties: - tls: - enum: [null] - - not: - properties: - tls: - properties: - termination: - enum: ["passthrough"] - # spec.host must be nonempty for a wildcard route. - - anyOf: - - not: - properties: - host: - maxLength: 0 - - not: - properties: - wildcardPolicy: - enum: ["Subdomain"] -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/port/properties/targetPort - value: - # spec.port.targetPort cannot be the integer 0 or the empty string. (Note - # that negative integer values are allowed, as is the string "0".) - allOf: - - not: - enum: [0] - - not: - enum: [""] - x-kubernetes-int-or-string: true -- op: add - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/tls/allOf - value: - # spec.tls.certificate, spec.tls.key, spec.tls.caCertificate, and - # spec.tls.destinationCACertificate must omitted when using passthrough TLS. - - anyOf: - - properties: - certificate: - maxLength: 0 - key: - maxLength: 0 - caCertificate: - maxLength: 0 - destinationCACertificate: - maxLength: 0 - - not: - properties: - termination: - enum: ["passthrough"] - # spec.tls.destinationCACertificate must be omitted when using edge-terminated - # TLS. - - anyOf: - - properties: - destinationCACertificate: - maxLength: 0 - - not: - properties: - termination: - enum: ["edge"] diff --git a/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml b/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml deleted file mode 100644 index d1e4766735..0000000000 --- a/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml +++ /dev/null @@ -1,675 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Route" -crd: route.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Route - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - weight: 100 - wildcardPolicy: None - - name: "cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow" - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Allow - expectedError: "cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow" - - name: "spec.tls.termination: passthrough is compatible with spec.tls.insecureEdgeTerminationPolicy: Redirect" - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - weight: 100 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - wildcardPolicy: None - - name: "spec.tls.termination: passthrough is compatible with spec.tls.insecureEdgeTerminationPolicy: None" - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: None - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - weight: 100 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: None - wildcardPolicy: None - - name: Should be able to create a Route with valid actions - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-actions - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: X-Cache-Info - action: - type: Set - set: - value: "not cacheable; meta data too large" - - name: X-XSS-Protection - action: - type: Delete - - name: X-Source - action: - type: Set - set: - value: "%[res.hdr(X-Value),lower]" - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,base64]" - - name: Content-Language - action: - type: Delete - - name: X-Target - action: - type: Set - set: - value: "%[req.hdr(host),lower]" - - name: X-Conditional - action: - type: Set - set: - value: "%[req.hdr(Host)] if foo" - - name: X-Condition - action: - type: Set - set: - value: "%[req.hdr(Host)]\ if\ foo" - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-actions - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - weight: 100 - wildcardPolicy: None - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: X-Cache-Info - action: - type: Set - set: - value: "not cacheable; meta data too large" - - name: X-XSS-Protection - action: - type: Delete - - name: X-Source - action: - type: Set - set: - value: "%[res.hdr(X-Value),lower]" - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,base64]" - - name: Content-Language - action: - type: Delete - - name: X-Target - action: - type: Set - set: - value: "%[req.hdr(host),lower]" - - name: X-Conditional - action: - type: Set - set: - value: "%[req.hdr(Host)] if foo" - - name: X-Condition - action: - type: Set - set: - value: "%[req.hdr(Host)]\ if\ foo" - - name: "Should not allow response header actions if tls termination is set to passthrough" - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-passthrough - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: passthrough - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: X-XSS-Protection - action: - type: Delete - expectedError: "header actions are not permitted when tls termination is passthrough." - - name: "Should not allow request header actions if tls termination is set to passthrough" - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-passthrough - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: passthrough - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,base64]" - - name: Content-Language - action: - type: Delete - - name: X-Target - action: - type: Set - set: - value: "%[req.hdr(host),lower]" - expectedError: "header actions are not permitted when tls termination is passthrough." - - name: Should not allow to set/delete HSTS header. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-hsts - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: Strict-Transport-Security - action: - type: Delete - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - expectedError: "strict-transport-security header may not be modified via header actions" - - name: Should not allow to set proxy request header. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: hello-openshift-edge-proxy - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: Proxy - action: - type: Set - set: - value: example.xyz - expectedError: "proxy header may not be modified via header actions" - - name: Should not allow to set cookie header. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: hello-openshift-edge-proxy - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: Cookie - action: - type: Set - set: - value: "PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1" - expectedError: "cookie header may not be modified via header actions" - - name: Should not allow to set set-cookie header. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: hello-openshift-edge-proxy - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: Set-Cookie - action: - type: Set - set: - value: "sessionId=e8bb43229de9; Domain=foo.example.com" - expectedError: "set-cookie header may not be modified via header actions" - - name: Should not allow to set/delete dynamic headers with unclosed braces. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-unclosed-braces - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - - name: expires - action: - type: Set - set: - value: "%[req.hdr(host),lower" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set dynamic response header values with not allowed sample fetchers. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Target - action: - type: Set - set: - value: "%{+Q}[ssl_c_der1,base64]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set/delete dynamic response header values with not allowed converters. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Target - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,bogus]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set/delete dynamic response header values containing req.hdr fetcher. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Target - action: - type: Set - set: - value: "%[req.hdr(host),lower]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set/delete dynamic response header values containing req.hdr fetcher. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: X-Source - action: - type: Set - set: - value: "%[res.hdr(X-Value),lower]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set/delete dynamic request header values with not allowed converters. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,bogus]" - - name: Content-Language - action: - type: Delete - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set dynamic request header values with not allowed sample fetchers. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der1122,base64]" - - name: Content-Language - action: - type: Delete - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow empty value in request - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: - expectedError: 'Route.route.openshift.io "hello-openshift-edge-not-allowed-values" is invalid: [spec.httpHeaders.actions.request[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' - - name: Should not allow empty value in response - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: - expectedError: 'Route.route.openshift.io "hello-openshift-edge-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' - - name: Should be required to specify the set field when the discriminant type is Set. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-actions - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - expectedError: "set is required when type is Set, and forbidden otherwise" - - name: Should be required to specify the set field when the discriminant type is Set. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-actions - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - set: - value: DENY - expectedError: 'Route.route.openshift.io "hello-openshift-actions" is invalid: [spec.httpHeaders.actions.response[0].action.type: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' diff --git a/vendor/github.com/openshift/api/route/v1/techpreview.route.testsuite.yaml b/vendor/github.com/openshift/api/route/v1/techpreview.route.testsuite.yaml deleted file mode 100644 index 0f0cdd11b4..0000000000 --- a/vendor/github.com/openshift/api/route/v1/techpreview.route.testsuite.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: '[TechPreview] Route' -crd: route-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Route - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - weight: 100 - wildcardPolicy: None - - name: 'cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Allow - expectedError: 'cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow' - - name: 'spec.tls.termination: passthrough is compatible with spec.tls.insecureEdgeTerminationPolicy: Redirect' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - weight: 100 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - wildcardPolicy: None - - name: 'spec.tls.termination: passthrough is compatible with spec.tls.insecureEdgeTerminationPolicy: None' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: None - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - weight: 100 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: None - wildcardPolicy: None - - name: 'cannot have both spec.tls.certificate and spec.tls.externalCertificate' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - tls: - termination: edge - key: |- - -----BEGIN RSA PRIVATE KEY----- - -----END RSA PRIVATE KEY----- - certificate: |- - -----BEGIN CERTIFICATE----- - -----END CERTIFICATE----- - externalCertificate: - name: "my-local-secret" - expectedError: 'Invalid value: "object": cannot have both spec.tls.certificate and spec.tls.externalCertificate' diff --git a/vendor/github.com/openshift/api/route/v1/types.go b/vendor/github.com/openshift/api/route/v1/types.go index b5a567d6a5..cd5e5eced4 100644 --- a/vendor/github.com/openshift/api/route/v1/types.go +++ b/vendor/github.com/openshift/api/route/v1/types.go @@ -10,6 +10,12 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:object:root=true // +kubebuilder:subresource:status +// +kubebuilder:resource:path=routes,scope=Namespaced +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1228 +// +kubebuilder:printcolumn:name=Host,JSONPath=.status.ingress[0].host,type=string +// +kubebuilder:printcolumn:name=Admitted,JSONPath=.status.ingress[0].conditions[?(@.type=="Admitted")].status,type=string +// +kubebuilder:printcolumn:name=Service,JSONPath=.spec.to.name,type=string +// +kubebuilder:printcolumn:name=TLS,JSONPath=.spec.tls.type,type=string // A route allows developers to expose services through an HTTP(S) aware load balancing and proxy // layer via a public DNS entry. The route may further specify TLS options and a certificate, or @@ -409,7 +415,7 @@ type RouterShard struct { // TLSConfig defines config used to secure a route and provide termination // // +kubebuilder:validation:XValidation:rule="has(self.termination) && has(self.insecureEdgeTerminationPolicy) ? !((self.termination=='passthrough') && (self.insecureEdgeTerminationPolicy=='Allow')) : true", message="cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow" -// +openshift:validation:FeatureSetAwareXValidation:featureSet=TechPreviewNoUpgrade;CustomNoUpgrade,rule="!(has(self.certificate) && has(self.externalCertificate))", message="cannot have both spec.tls.certificate and spec.tls.externalCertificate" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalRouteCertificate,rule="!(has(self.certificate) && has(self.externalCertificate))", message="cannot have both spec.tls.certificate and spec.tls.externalCertificate" type TLSConfig struct { // termination indicates termination type. // @@ -454,7 +460,7 @@ type TLSConfig struct { // be present in the same namespace as that of the Route. // Forbidden when `certificate` is set. // - // +openshift:enable:FeatureSets=CustomNoUpgrade;TechPreviewNoUpgrade + // +openshift:enable:FeatureGate=ExternalRouteCertificate // +optional ExternalCertificate *LocalObjectReference `json:"externalCertificate,omitempty" protobuf:"bytes,7,opt,name=externalCertificate"` } diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..aced0855f4 --- /dev/null +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,34 @@ +routes.route.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1228 + CRDName: routes.route.openshift.io + Capability: "" + Category: "" + FeatureGates: + - ExternalRouteCertificate + FilenameOperatorName: "" + FilenameOperatorOrdering: "" + FilenameRunLevel: "" + GroupName: route.openshift.io + HasStatus: true + KindName: Route + Labels: {} + PluralName: routes + PrinterColumns: + - jsonPath: .status.ingress[0].host + name: Host + type: string + - jsonPath: .status.ingress[0].conditions[?(@.type=="Admitted")].status + name: Admitted + type: string + - jsonPath: .spec.to.name + name: Service + type: string + - jsonPath: .spec.tls.type + name: TLS + type: string + Scope: Namespaced + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/samples/v1/00_samplesconfig.crd.yaml b/vendor/github.com/openshift/api/samples/v1/00_samplesconfig.crd.yaml deleted file mode 100644 index 5781be72bf..0000000000 --- a/vendor/github.com/openshift/api/samples/v1/00_samplesconfig.crd.yaml +++ /dev/null @@ -1,180 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/513 - description: Extension for configuring openshif samples operator. - displayName: ConfigsSamples - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: configs.samples.operator.openshift.io -spec: - group: samples.operator.openshift.io - names: - kind: Config - listKind: ConfigList - plural: configs - singular: config - preserveUnknownFields: false - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Config contains the configuration and detailed condition status - for the Samples Operator. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfigSpec contains the desired configuration and state for - the Samples Operator, controlling various behavior around the imagestreams - and templates it creates/updates in the openshift namespace. - properties: - architectures: - description: architectures determine which hardware architecture(s) - to install, where x86_64, ppc64le, and s390x are the only supported - choices currently. - items: - type: string - type: array - managementState: - description: managementState is top level on/off type of switch for - all operators. When "Managed", this operator processes config and - manipulates the samples accordingly. When "Unmanaged", this operator - ignores any updates to the resources it watches. When "Removed", - it reacts that same wasy as it does if the Config object is deleted, - meaning any ImageStreams or Templates it manages (i.e. it honors - the skipped lists) and the registry secret are deleted, along with - the ConfigMap in the operator's namespace that represents the last - config used to manipulate the samples, - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - samplesRegistry: - description: samplesRegistry allows for the specification of which - registry is accessed by the ImageStreams for their image content. Defaults - on the content in https://github.com/openshift/library that are - pulled into this github repository, but based on our pulling only - ocp content it typically defaults to registry.redhat.io. - type: string - skippedImagestreams: - description: skippedImagestreams specifies names of image streams - that should NOT be created/updated. Admins can use this to allow - them to delete content they don’t want. They will still have to - manually delete the content but the operator will not recreate(or - update) anything listed here. - items: - type: string - type: array - skippedTemplates: - description: skippedTemplates specifies names of templates that should - NOT be created/updated. Admins can use this to allow them to delete - content they don’t want. They will still have to manually delete - the content but the operator will not recreate(or update) anything - listed here. - items: - type: string - type: array - type: object - status: - description: ConfigStatus contains the actual configuration in effect, - as well as various details that describe the state of the Samples Operator. - properties: - architectures: - description: architectures determine which hardware architecture(s) - to install, where x86_64 and ppc64le are the supported choices. - items: - type: string - type: array - conditions: - description: conditions represents the available maintenance status - of the sample imagestreams and templates. - items: - description: ConfigCondition captures various conditions of the - Config as entries are processed. - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. - format: date-time - type: string - lastUpdateTime: - description: lastUpdateTime is the last time this condition - was updated. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. - type: string - reason: - description: reason is what caused the condition's last transition. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type of condition. - type: string - required: - - status - - type - type: object - type: array - managementState: - description: managementState reflects the current operational status - of the on/off switch for the operator. This operator compares the - ManagementState as part of determining that we are turning the operator - back on (i.e. "Managed") when it was previously "Unmanaged". - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - samplesRegistry: - description: samplesRegistry allows for the specification of which - registry is accessed by the ImageStreams for their image content. Defaults - on the content in https://github.com/openshift/library that are - pulled into this github repository, but based on our pulling only - ocp content it typically defaults to registry.redhat.io. - type: string - skippedImagestreams: - description: skippedImagestreams specifies names of image streams - that should NOT be created/updated. Admins can use this to allow - them to delete content they don’t want. They will still have to - manually delete the content but the operator will not recreate(or - update) anything listed here. - items: - type: string - type: array - skippedTemplates: - description: skippedTemplates specifies names of templates that should - NOT be created/updated. Admins can use this to allow them to delete - content they don’t want. They will still have to manually delete - the content but the operator will not recreate(or update) anything - listed here. - items: - type: string - type: array - version: - description: version is the value of the operator's payload based - version indicator when it was last successfully processed - type: string - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/samples/v1/generated.pb.go b/vendor/github.com/openshift/api/samples/v1/generated.pb.go index d2f1c44032..2459626ce1 100644 --- a/vendor/github.com/openshift/api/samples/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/samples/v1/generated.pb.go @@ -183,58 +183,60 @@ func init() { } var fileDescriptor_67d62912ac03ce1e = []byte{ - // 804 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x56, 0xcd, 0x6e, 0xe4, 0x44, - 0x10, 0x1e, 0x67, 0x7e, 0x92, 0xed, 0xdd, 0x64, 0x42, 0x07, 0xb1, 0x56, 0x0e, 0xf6, 0x6a, 0x22, - 0xa1, 0x00, 0xa2, 0x4d, 0x96, 0x88, 0xe5, 0xc8, 0x7a, 0x4f, 0x91, 0x12, 0x2d, 0x74, 0x06, 0x24, - 0x10, 0x07, 0x3a, 0x9e, 0x8a, 0xa7, 0x77, 0x62, 0xbb, 0xe5, 0xee, 0x19, 0x69, 0x6e, 0x3c, 0xc2, - 0x1e, 0x79, 0x03, 0x5e, 0x82, 0x07, 0xc8, 0x8d, 0x3d, 0xee, 0xc9, 0x22, 0xe6, 0x2d, 0x72, 0x42, - 0xdd, 0xb6, 0xe7, 0x7f, 0xc5, 0x8c, 0x16, 0x89, 0xdb, 0x74, 0x55, 0x7d, 0x5f, 0x55, 0xf7, 0xf7, - 0x4d, 0xc9, 0xe8, 0xcb, 0x90, 0xab, 0xfe, 0xf0, 0x8a, 0x04, 0x49, 0xe4, 0x25, 0x02, 0x62, 0xd9, - 0xe7, 0xd7, 0xca, 0x63, 0x82, 0x7b, 0x92, 0x45, 0xe2, 0x06, 0xa4, 0x37, 0x3a, 0xf1, 0x42, 0x88, - 0x21, 0x65, 0x0a, 0x7a, 0x44, 0xa4, 0x89, 0x4a, 0xf0, 0xd1, 0x14, 0x44, 0x26, 0x20, 0xc2, 0x04, - 0x27, 0x25, 0x88, 0x8c, 0x4e, 0x0e, 0x3f, 0x9f, 0x61, 0x0e, 0x93, 0x30, 0xf1, 0x0c, 0xf6, 0x6a, - 0x78, 0x6d, 0x4e, 0xe6, 0x60, 0x7e, 0x15, 0x9c, 0x87, 0x9d, 0xc1, 0xd7, 0x92, 0xf0, 0xc4, 0xb4, - 0x0e, 0x92, 0x14, 0x56, 0xf4, 0x3d, 0x3c, 0x9d, 0xd6, 0x44, 0x2c, 0xe8, 0xf3, 0x18, 0xd2, 0xb1, - 0x27, 0x06, 0xa1, 0x0e, 0x48, 0x2f, 0x02, 0xc5, 0x56, 0xa1, 0xbc, 0x77, 0xa1, 0xd2, 0x61, 0xac, - 0x78, 0x04, 0x4b, 0x80, 0xaf, 0xfe, 0x0d, 0x20, 0x83, 0x3e, 0x44, 0x6c, 0x11, 0xd7, 0xf9, 0x6d, - 0x0b, 0xb5, 0x5e, 0x24, 0xf1, 0x35, 0x0f, 0xf1, 0x2f, 0x68, 0x47, 0x8f, 0xd3, 0x63, 0x8a, 0xd9, - 0xd6, 0x13, 0xeb, 0xf8, 0xe1, 0xd3, 0x2f, 0x48, 0xc1, 0x4a, 0x66, 0x59, 0x89, 0x18, 0x84, 0x3a, - 0x20, 0x89, 0xae, 0x26, 0xa3, 0x13, 0xf2, 0xf2, 0xea, 0x15, 0x04, 0xea, 0x02, 0x14, 0xf3, 0xf1, - 0x6d, 0xe6, 0xd6, 0xf2, 0xcc, 0x45, 0xd3, 0x18, 0x9d, 0xb0, 0xe2, 0xef, 0x50, 0x43, 0x0a, 0x08, - 0xec, 0x2d, 0xc3, 0xee, 0x91, 0x35, 0x24, 0x21, 0xc5, 0x70, 0x97, 0x02, 0x02, 0xff, 0x51, 0x49, - 0xde, 0xd0, 0x27, 0x6a, 0xa8, 0xf0, 0x8f, 0xa8, 0x25, 0x15, 0x53, 0x43, 0x69, 0xd7, 0x0d, 0xe9, - 0xc9, 0x26, 0xa4, 0x06, 0xe8, 0xef, 0x95, 0xb4, 0xad, 0xe2, 0x4c, 0x4b, 0xc2, 0xce, 0x9f, 0x75, - 0xd4, 0x2e, 0x0a, 0x5f, 0x24, 0x71, 0x8f, 0x2b, 0x9e, 0xc4, 0xf8, 0x19, 0x6a, 0xa8, 0xb1, 0x00, - 0xf3, 0x3e, 0x0f, 0xfc, 0xa3, 0x6a, 0xa0, 0xee, 0x58, 0xc0, 0x7d, 0xe6, 0x1e, 0x2c, 0x94, 0xeb, - 0x30, 0x35, 0x00, 0x7c, 0x3e, 0x99, 0x73, 0xcb, 0x40, 0x4f, 0xe7, 0x9b, 0xde, 0x67, 0xee, 0x0a, - 0x33, 0x91, 0x09, 0xd3, 0xfc, 0x68, 0xf8, 0x15, 0xda, 0xbb, 0x61, 0x52, 0x7d, 0x2f, 0x7a, 0x4c, - 0x41, 0x97, 0x47, 0x50, 0xde, 0xfe, 0xd3, 0xf5, 0x04, 0xd3, 0x08, 0xff, 0xa3, 0x72, 0x82, 0xbd, - 0xf3, 0x39, 0x26, 0xba, 0xc0, 0x8c, 0x47, 0x08, 0xeb, 0x48, 0x37, 0x65, 0xb1, 0x2c, 0x6e, 0xa5, - 0xfb, 0x35, 0x36, 0xee, 0x77, 0x58, 0xf6, 0xc3, 0xe7, 0x4b, 0x6c, 0x74, 0x45, 0x07, 0xfc, 0x31, - 0x6a, 0xa5, 0xc0, 0x64, 0x12, 0xdb, 0x4d, 0xf3, 0x62, 0x13, 0x99, 0xa8, 0x89, 0xd2, 0x32, 0x8b, - 0x3f, 0x41, 0xdb, 0x11, 0x48, 0xc9, 0x42, 0xb0, 0x5b, 0xa6, 0xb0, 0x5d, 0x16, 0x6e, 0x5f, 0x14, - 0x61, 0x5a, 0xe5, 0x3b, 0x7f, 0x58, 0x08, 0x15, 0x12, 0x9d, 0x73, 0xa9, 0xf0, 0xcf, 0x4b, 0x86, - 0x27, 0xeb, 0xdd, 0x47, 0xa3, 0x8d, 0xdd, 0xf7, 0xcb, 0x56, 0x3b, 0x55, 0x64, 0xc6, 0xec, 0xdf, - 0xa2, 0x26, 0x57, 0x10, 0x69, 0xc1, 0xeb, 0xc7, 0x0f, 0x9f, 0x7e, 0xb6, 0x81, 0x31, 0xfd, 0xdd, - 0x92, 0xb7, 0x79, 0xa6, 0x19, 0x68, 0x41, 0xd4, 0x79, 0x5d, 0xaf, 0xc6, 0xd7, 0x7f, 0x00, 0x3c, - 0x46, 0xed, 0x88, 0xc5, 0x2c, 0x84, 0x08, 0x62, 0xa5, 0x0d, 0x52, 0xd9, 0xf2, 0x65, 0x89, 0x6e, - 0x5f, 0xcc, 0xa7, 0xef, 0x33, 0xf7, 0xf4, 0x9d, 0xab, 0x33, 0x11, 0x7a, 0x2f, 0x24, 0xa9, 0xb6, - 0xdd, 0x02, 0x8e, 0x2e, 0xf6, 0xc1, 0xcf, 0x51, 0xbb, 0x1c, 0x9a, 0x42, 0xc8, 0xa5, 0x4a, 0xc7, - 0xa5, 0xad, 0x1f, 0x57, 0xad, 0x2f, 0xe7, 0xd3, 0x74, 0xb1, 0x1e, 0x3f, 0x43, 0xbb, 0x2c, 0x0d, - 0xfa, 0x5c, 0x41, 0xa0, 0x86, 0x29, 0x48, 0xbb, 0xf1, 0xa4, 0x7e, 0xfc, 0xc0, 0xff, 0x20, 0xcf, - 0xdc, 0xdd, 0xe7, 0xb3, 0x09, 0x3a, 0x5f, 0x87, 0xcf, 0xd0, 0x81, 0x1c, 0x70, 0x21, 0xa0, 0x77, - 0x16, 0xb1, 0x10, 0xa4, 0x4a, 0x81, 0x45, 0xd2, 0x6e, 0x1a, 0xf8, 0xe3, 0x3c, 0x73, 0x0f, 0x2e, - 0x97, 0xd3, 0x74, 0x15, 0x06, 0x7f, 0x83, 0xf6, 0xcb, 0x70, 0x17, 0x22, 0x71, 0xc3, 0x14, 0x48, - 0xbb, 0x65, 0x78, 0x3e, 0xcc, 0x33, 0x77, 0xff, 0x72, 0x21, 0x47, 0x97, 0xaa, 0x3b, 0xbf, 0x37, - 0xd0, 0xa3, 0xd9, 0x65, 0xf2, 0x7f, 0x8a, 0xd2, 0x47, 0x28, 0xa8, 0xf6, 0x45, 0xe5, 0xba, 0xd3, - 0x0d, 0x5c, 0x37, 0x59, 0x36, 0xd3, 0x2d, 0x3e, 0x09, 0x49, 0x3a, 0xc3, 0xbd, 0x4a, 0xfe, 0xfa, - 0xfb, 0xca, 0xdf, 0x7c, 0x3f, 0xf9, 0x5b, 0xff, 0x91, 0xfc, 0xdb, 0x9b, 0xc8, 0xaf, 0x77, 0xcf, - 0x08, 0x52, 0xc9, 0x93, 0xd8, 0xde, 0x99, 0xdf, 0x3d, 0x3f, 0x14, 0x61, 0x5a, 0xe5, 0xfd, 0xb3, - 0xdb, 0x3b, 0xa7, 0xf6, 0xe6, 0xce, 0xa9, 0xbd, 0xbd, 0x73, 0x6a, 0xbf, 0xe6, 0x8e, 0x75, 0x9b, - 0x3b, 0xd6, 0x9b, 0xdc, 0xb1, 0xde, 0xe6, 0x8e, 0xf5, 0x57, 0xee, 0x58, 0xaf, 0xff, 0x76, 0x6a, - 0x3f, 0x1d, 0xad, 0xf1, 0x69, 0xf3, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xa9, 0xd3, 0x0c, 0x8c, - 0x00, 0x09, 0x00, 0x00, + // 843 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x96, 0xcd, 0x6e, 0x23, 0x45, + 0x10, 0xc7, 0xed, 0xf8, 0x2b, 0xdb, 0xbb, 0x89, 0x93, 0x0e, 0x62, 0x47, 0x39, 0xcc, 0xac, 0x1c, + 0x69, 0x95, 0x05, 0xd1, 0x43, 0x96, 0x88, 0xe5, 0xc8, 0x3a, 0x17, 0x22, 0x25, 0x2c, 0x74, 0x0c, + 0x12, 0x88, 0x03, 0x9d, 0x71, 0x65, 0xdc, 0x9b, 0xcc, 0x87, 0xa6, 0xdb, 0x96, 0x7c, 0xe3, 0x11, + 0x38, 0xf2, 0x06, 0xbc, 0x04, 0x0f, 0x90, 0x1b, 0x7b, 0xdc, 0xd3, 0x88, 0x0c, 0x12, 0x0f, 0x91, + 0x13, 0xea, 0x9e, 0x9e, 0x89, 0xbf, 0x56, 0xd8, 0x0a, 0xd2, 0xde, 0xdc, 0x55, 0xf5, 0xff, 0x55, + 0xcd, 0xf4, 0xdf, 0x65, 0xa3, 0xcf, 0x7c, 0x2e, 0x07, 0xc3, 0x73, 0xe2, 0x45, 0x81, 0x1b, 0xc5, + 0x10, 0x8a, 0x01, 0xbf, 0x90, 0x2e, 0x8b, 0xb9, 0x2b, 0x58, 0x10, 0x5f, 0x81, 0x70, 0x47, 0x07, + 0xae, 0x0f, 0x21, 0x24, 0x4c, 0x42, 0x9f, 0xc4, 0x49, 0x24, 0x23, 0xbc, 0x77, 0x27, 0x22, 0xa5, + 0x88, 0xb0, 0x98, 0x13, 0x23, 0x22, 0xa3, 0x83, 0xdd, 0x4f, 0x26, 0xc8, 0x7e, 0xe4, 0x47, 0xae, + 0xd6, 0x9e, 0x0f, 0x2f, 0xf4, 0x49, 0x1f, 0xf4, 0xa7, 0x9c, 0xb9, 0xdb, 0xb9, 0xfc, 0x42, 0x10, + 0x1e, 0xe9, 0xd6, 0x5e, 0x94, 0xc0, 0x82, 0xbe, 0xbb, 0x87, 0x77, 0x35, 0x01, 0xf3, 0x06, 0x3c, + 0x84, 0x64, 0xec, 0xc6, 0x97, 0xbe, 0x0a, 0x08, 0x37, 0x00, 0xc9, 0x16, 0xa9, 0xdc, 0x77, 0xa9, + 0x92, 0x61, 0x28, 0x79, 0x00, 0x73, 0x82, 0xcf, 0xff, 0x4b, 0x20, 0xbc, 0x01, 0x04, 0x6c, 0x56, + 0xd7, 0xf9, 0x6d, 0x0d, 0x35, 0x8f, 0xa2, 0xf0, 0x82, 0xfb, 0xf8, 0x67, 0xb4, 0xae, 0xc6, 0xe9, + 0x33, 0xc9, 0xac, 0xea, 0x93, 0xea, 0xfe, 0xc3, 0xe7, 0x9f, 0x92, 0x9c, 0x4a, 0x26, 0xa9, 0x24, + 0xbe, 0xf4, 0x55, 0x40, 0x10, 0x55, 0x4d, 0x46, 0x07, 0xe4, 0xd5, 0xf9, 0x6b, 0xf0, 0xe4, 0x29, + 0x48, 0xd6, 0xc5, 0xd7, 0xa9, 0x53, 0xc9, 0x52, 0x07, 0xdd, 0xc5, 0x68, 0x49, 0xc5, 0xdf, 0xa2, + 0xba, 0x88, 0xc1, 0xb3, 0xd6, 0x34, 0xdd, 0x25, 0x4b, 0x5c, 0x09, 0xc9, 0x87, 0x3b, 0x8b, 0xc1, + 0xeb, 0x3e, 0x32, 0xf0, 0xba, 0x3a, 0x51, 0x8d, 0xc2, 0x3f, 0xa0, 0xa6, 0x90, 0x4c, 0x0e, 0x85, + 0x55, 0xd3, 0xd0, 0x83, 0x55, 0xa0, 0x5a, 0xd8, 0xdd, 0x34, 0xd8, 0x66, 0x7e, 0xa6, 0x06, 0xd8, + 0xf9, 0xb3, 0x86, 0xda, 0x79, 0xe1, 0x51, 0x14, 0xf6, 0xb9, 0xe4, 0x51, 0x88, 0x5f, 0xa0, 0xba, + 0x1c, 0xc7, 0xa0, 0xdf, 0xcf, 0x83, 0xee, 0x5e, 0x31, 0x50, 0x6f, 0x1c, 0xc3, 0x6d, 0xea, 0xec, + 0xcc, 0x94, 0xab, 0x30, 0xd5, 0x02, 0x7c, 0x52, 0xce, 0xb9, 0xa6, 0xa5, 0x87, 0xd3, 0x4d, 0x6f, + 0x53, 0x67, 0x81, 0x99, 0x48, 0x49, 0x9a, 0x1e, 0x0d, 0xbf, 0x46, 0x9b, 0x57, 0x4c, 0xc8, 0xef, + 0xe2, 0x3e, 0x93, 0xd0, 0xe3, 0x01, 0x98, 0xa7, 0xff, 0x68, 0xb9, 0x0b, 0x53, 0x8a, 0xee, 0x87, + 0x66, 0x82, 0xcd, 0x93, 0x29, 0x12, 0x9d, 0x21, 0xe3, 0x11, 0xc2, 0x2a, 0xd2, 0x4b, 0x58, 0x28, + 0xf2, 0xa7, 0x52, 0xfd, 0xea, 0x2b, 0xf7, 0xdb, 0x35, 0xfd, 0xf0, 0xc9, 0x1c, 0x8d, 0x2e, 0xe8, + 0x80, 0x9f, 0xa2, 0x66, 0x02, 0x4c, 0x44, 0xa1, 0xd5, 0xd0, 0x6f, 0xac, 0xbc, 0x26, 0xaa, 0xa3, + 0xd4, 0x64, 0xf1, 0x33, 0xd4, 0x0a, 0x40, 0x08, 0xe6, 0x83, 0xd5, 0xd4, 0x85, 0x6d, 0x53, 0xd8, + 0x3a, 0xcd, 0xc3, 0xb4, 0xc8, 0x77, 0xfe, 0xa8, 0x22, 0x94, 0x5f, 0xd1, 0x09, 0x17, 0x12, 0xff, + 0x34, 0x67, 0x78, 0xb2, 0xdc, 0xf3, 0x28, 0xb5, 0xb6, 0xfb, 0x96, 0x69, 0xb5, 0x5e, 0x44, 0x26, + 0xcc, 0xfe, 0x0d, 0x6a, 0x70, 0x09, 0x81, 0xba, 0xf0, 0xda, 0xfe, 0xc3, 0xe7, 0x1f, 0xaf, 0x60, + 0xcc, 0xee, 0x86, 0xe1, 0x36, 0x8e, 0x15, 0x81, 0xe6, 0xa0, 0xce, 0x3f, 0xb5, 0x62, 0x7c, 0xf5, + 0x05, 0xc0, 0x63, 0xd4, 0x0e, 0x58, 0xc8, 0x7c, 0x08, 0x20, 0x94, 0xca, 0x20, 0x85, 0x2d, 0x5f, + 0x19, 0x75, 0xfb, 0x74, 0x3a, 0x7d, 0x9b, 0x3a, 0x87, 0xef, 0x5c, 0x9d, 0x51, 0xac, 0xf6, 0x42, + 0x94, 0x28, 0xdb, 0xcd, 0xe8, 0xe8, 0x6c, 0x1f, 0xfc, 0x12, 0xb5, 0xcd, 0xd0, 0x14, 0x7c, 0x2e, + 0x64, 0x32, 0x36, 0xb6, 0x7e, 0x5c, 0xb4, 0x3e, 0x9b, 0x4e, 0xd3, 0xd9, 0x7a, 0xfc, 0x02, 0x6d, + 0xb0, 0xc4, 0x1b, 0x70, 0x09, 0x9e, 0x1c, 0x26, 0x20, 0xac, 0xfa, 0x93, 0xda, 0xfe, 0x83, 0xee, + 0x76, 0x96, 0x3a, 0x1b, 0x2f, 0x27, 0x13, 0x74, 0xba, 0x0e, 0x1f, 0xa3, 0x1d, 0x71, 0xc9, 0xe3, + 0x18, 0xfa, 0xc7, 0x01, 0xf3, 0x41, 0xc8, 0x04, 0x58, 0x20, 0xac, 0x86, 0x96, 0x3f, 0xce, 0x52, + 0x67, 0xe7, 0x6c, 0x3e, 0x4d, 0x17, 0x69, 0xf0, 0x97, 0x68, 0xcb, 0x84, 0x7b, 0x10, 0xc4, 0x57, + 0x4c, 0x82, 0xb0, 0x9a, 0x9a, 0xf3, 0x41, 0x96, 0x3a, 0x5b, 0x67, 0x33, 0x39, 0x3a, 0x57, 0x8d, + 0x7b, 0x68, 0xdb, 0xc4, 0x06, 0x70, 0x15, 0x1c, 0x0d, 0x58, 0x22, 0x85, 0xd5, 0xd2, 0x88, 0xa7, + 0x59, 0xea, 0x6c, 0x1b, 0xc4, 0x57, 0x65, 0xf2, 0x36, 0x75, 0x36, 0xca, 0xd3, 0xd7, 0x2c, 0x00, + 0x3a, 0x0f, 0xe8, 0xfc, 0x5e, 0x47, 0x8f, 0x26, 0x57, 0xd4, 0xfb, 0xbc, 0xea, 0x01, 0x42, 0x5e, + 0xb1, 0x85, 0x0a, 0x2f, 0x1f, 0xae, 0xe0, 0xe5, 0x72, 0x85, 0xdd, 0xfd, 0x36, 0x94, 0x21, 0x41, + 0x27, 0xd8, 0x8b, 0x4c, 0x55, 0xbb, 0xaf, 0xa9, 0x1a, 0xf7, 0x33, 0x55, 0xf3, 0x7f, 0x32, 0x55, + 0x6b, 0x25, 0x53, 0x3d, 0x43, 0xad, 0x11, 0x24, 0x82, 0x47, 0xa1, 0xb5, 0x3e, 0xbd, 0xd1, 0xbe, + 0xcf, 0xc3, 0xb4, 0xc8, 0x77, 0x8f, 0xaf, 0x6f, 0xec, 0xca, 0x9b, 0x1b, 0xbb, 0xf2, 0xf6, 0xc6, + 0xae, 0xfc, 0x92, 0xd9, 0xd5, 0xeb, 0xcc, 0xae, 0xbe, 0xc9, 0xec, 0xea, 0xdb, 0xcc, 0xae, 0xfe, + 0x95, 0xd9, 0xd5, 0x5f, 0xff, 0xb6, 0x2b, 0x3f, 0xee, 0x2d, 0xf1, 0x87, 0xe9, 0xdf, 0x00, 0x00, + 0x00, 0xff, 0xff, 0x92, 0x4a, 0x67, 0x37, 0x56, 0x09, 0x00, 0x00, } func (m *Config) Marshal() (dAtA []byte, err error) { @@ -420,6 +422,15 @@ func (m *ConfigSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.SkippedHelmCharts) > 0 { + for iNdEx := len(m.SkippedHelmCharts) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.SkippedHelmCharts[iNdEx]) + copy(dAtA[i:], m.SkippedHelmCharts[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.SkippedHelmCharts[iNdEx]))) + i-- + dAtA[i] = 0x3a + } + } if len(m.SkippedTemplates) > 0 { for iNdEx := len(m.SkippedTemplates) - 1; iNdEx >= 0; iNdEx-- { i -= len(m.SkippedTemplates[iNdEx]) @@ -631,6 +642,12 @@ func (m *ConfigSpec) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } + if len(m.SkippedHelmCharts) > 0 { + for _, s := range m.SkippedHelmCharts { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } return n } @@ -732,6 +749,7 @@ func (this *ConfigSpec) String() string { `Architectures:` + fmt.Sprintf("%v", this.Architectures) + `,`, `SkippedImagestreams:` + fmt.Sprintf("%v", this.SkippedImagestreams) + `,`, `SkippedTemplates:` + fmt.Sprintf("%v", this.SkippedTemplates) + `,`, + `SkippedHelmCharts:` + fmt.Sprintf("%v", this.SkippedHelmCharts) + `,`, `}`, }, "") return s @@ -1464,6 +1482,38 @@ func (m *ConfigSpec) Unmarshal(dAtA []byte) error { } m.SkippedTemplates = append(m.SkippedTemplates, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SkippedHelmCharts", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SkippedHelmCharts = append(m.SkippedHelmCharts, HelmChartName(dAtA[iNdEx:postIndex])) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/vendor/github.com/openshift/api/samples/v1/generated.proto b/vendor/github.com/openshift/api/samples/v1/generated.proto index 9892cc8a4c..28bbf75126 100644 --- a/vendor/github.com/openshift/api/samples/v1/generated.proto +++ b/vendor/github.com/openshift/api/samples/v1/generated.proto @@ -17,6 +17,14 @@ option go_package = "github.com/openshift/api/samples/v1"; // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:path=configs,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/513 +// +openshift:file-pattern=operatorOrdering=00 +// +kubebuilder:metadata:annotations="description=Extension for configuring openshift samples operator." +// +kubebuilder:metadata:annotations="displayName=ConfigsSamples" message Config { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -98,6 +106,24 @@ message ConfigSpec { // content but the operator will not recreate(or update) anything // listed here. repeated string skippedTemplates = 6; + + // skippedHelmCharts specifies names of helm charts that should NOT be + // managed. Admins can use this to allow them to delete content + // they don’t want. They will still have to MANUALLY DELETE the + // content but the operator will not recreate(or update) anything + // listed here. Few examples of the name of helmcharts which can be skipped are + // 'redhat-redhat-perl-imagestreams','redhat-redhat-nodejs-imagestreams','redhat-nginx-imagestreams', + // 'redhat-redhat-ruby-imagestreams','redhat-redhat-python-imagestreams','redhat-redhat-php-imagestreams', + // 'redhat-httpd-imagestreams','redhat-redhat-dotnet-imagestreams'. Rest of the names can be obtained from + // openshift console --> helmcharts -->installed helmcharts. This will display the list of all the + // 12 helmcharts(of imagestreams)being installed by Samples Operator. The skippedHelmCharts must be a + // valid Kubernetes resource name. May contain only lowercase alphanumeric characters, hyphens and periods, + // and each period separated segment must begin and end with an alphanumeric character. It must be non-empty + // and at most 253 characters in length + // +listType=set + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:rule="self.all(x, x.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'))",message="skippedHelmCharts must be a valid Kubernetes resource name. May contain only lowercase alphanumeric characters, hyphens and periods, and each period separated segment must begin and end with an alphanumeric character" + repeated string skippedhelmCharts = 7; } // ConfigStatus contains the actual configuration in effect, as well as various details diff --git a/vendor/github.com/openshift/api/samples/v1/stable.config.testsuite.yaml b/vendor/github.com/openshift/api/samples/v1/stable.config.testsuite.yaml deleted file mode 100644 index dbb8e14a48..0000000000 --- a/vendor/github.com/openshift/api/samples/v1/stable.config.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Config" -crd: 00_samplesconfig.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Config - initial: | - apiVersion: samples.operator.openshift.io/v1 - kind: Config - spec: {} # No spec is required for a Config - expected: | - apiVersion: samples.operator.openshift.io/v1 - kind: Config - spec: {} diff --git a/vendor/github.com/openshift/api/samples/v1/types_config.go b/vendor/github.com/openshift/api/samples/v1/types_config.go index ea8c7b513a..c4bf380439 100644 --- a/vendor/github.com/openshift/api/samples/v1/types_config.go +++ b/vendor/github.com/openshift/api/samples/v1/types_config.go @@ -14,6 +14,14 @@ import ( // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:path=configs,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/513 +// +openshift:file-pattern=operatorOrdering=00 +// +kubebuilder:metadata:annotations="description=Extension for configuring openshift samples operator." +// +kubebuilder:metadata:annotations="displayName=ConfigsSamples" type Config struct { metav1.TypeMeta `json:",inline"` @@ -64,8 +72,31 @@ type ConfigSpec struct { // content but the operator will not recreate(or update) anything // listed here. SkippedTemplates []string `json:"skippedTemplates,omitempty" protobuf:"bytes,6,opt,name=skippedTemplates"` + + // skippedHelmCharts specifies names of helm charts that should NOT be + // managed. Admins can use this to allow them to delete content + // they don’t want. They will still have to MANUALLY DELETE the + // content but the operator will not recreate(or update) anything + // listed here. Few examples of the name of helmcharts which can be skipped are + // 'redhat-redhat-perl-imagestreams','redhat-redhat-nodejs-imagestreams','redhat-nginx-imagestreams', + // 'redhat-redhat-ruby-imagestreams','redhat-redhat-python-imagestreams','redhat-redhat-php-imagestreams', + // 'redhat-httpd-imagestreams','redhat-redhat-dotnet-imagestreams'. Rest of the names can be obtained from + // openshift console --> helmcharts -->installed helmcharts. This will display the list of all the + // 12 helmcharts(of imagestreams)being installed by Samples Operator. The skippedHelmCharts must be a + // valid Kubernetes resource name. May contain only lowercase alphanumeric characters, hyphens and periods, + // and each period separated segment must begin and end with an alphanumeric character. It must be non-empty + // and at most 253 characters in length + // +listType=set + // +kubebuilder:validation:MaxItems=16 + // +kubebuilder:validation:XValidation:rule="self.all(x, x.matches('^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'))",message="skippedHelmCharts must be a valid Kubernetes resource name. May contain only lowercase alphanumeric characters, hyphens and periods, and each period separated segment must begin and end with an alphanumeric character" + SkippedHelmCharts []HelmChartName `json:"skippedHelmCharts,omitempty" protobuf:"bytes,7,opt,name=skippedhelmCharts"` } +// HelmChartName is a string alias that is used to represent the name of a helm chart. +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +type HelmChartName string + // ConfigStatus contains the actual configuration in effect, as well as various details // that describe the state of the Samples Operator. type ConfigStatus struct { diff --git a/vendor/github.com/openshift/api/samples/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/samples/v1/zz_generated.deepcopy.go index 82b42d522f..30979c0486 100644 --- a/vendor/github.com/openshift/api/samples/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/samples/v1/zz_generated.deepcopy.go @@ -106,6 +106,11 @@ func (in *ConfigSpec) DeepCopyInto(out *ConfigSpec) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.SkippedHelmCharts != nil { + in, out := &in.SkippedHelmCharts, &out.SkippedHelmCharts + *out = make([]HelmChartName, len(*in)) + copy(*out, *in) + } return } diff --git a/vendor/github.com/openshift/api/samples/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/samples/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..87bf27b519 --- /dev/null +++ b/vendor/github.com/openshift/api/samples/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,23 @@ +configs.samples.operator.openshift.io: + Annotations: + description: Extension for configuring openshift samples operator. + displayName: ConfigsSamples + ApprovedPRNumber: https://github.com/openshift/api/pull/513 + CRDName: configs.samples.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "00" + FilenameRunLevel: "" + GroupName: samples.operator.openshift.io + HasStatus: true + KindName: Config + Labels: {} + PluralName: configs + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/samples/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/samples/v1/zz_generated.swagger_doc_generated.go index 3d3317f7dc..b82e704d87 100644 --- a/vendor/github.com/openshift/api/samples/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/samples/v1/zz_generated.swagger_doc_generated.go @@ -50,6 +50,7 @@ var map_ConfigSpec = map[string]string{ "architectures": "architectures determine which hardware architecture(s) to install, where x86_64, ppc64le, and s390x are the only supported choices currently.", "skippedImagestreams": "skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", "skippedTemplates": "skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "skippedHelmCharts": "skippedHelmCharts specifies names of helm charts that should NOT be managed. Admins can use this to allow them to delete content they don’t want. They will still have to MANUALLY DELETE the content but the operator will not recreate(or update) anything listed here. Few examples of the name of helmcharts which can be skipped are 'redhat-redhat-perl-imagestreams','redhat-redhat-nodejs-imagestreams','redhat-nginx-imagestreams', 'redhat-redhat-ruby-imagestreams','redhat-redhat-python-imagestreams','redhat-redhat-php-imagestreams', 'redhat-httpd-imagestreams','redhat-redhat-dotnet-imagestreams'. Rest of the names can be obtained from openshift console --> helmcharts -->installed helmcharts. This will display the list of all the 12 helmcharts(of imagestreams)being installed by Samples Operator. The skippedHelmCharts must be a valid Kubernetes resource name. May contain only lowercase alphanumeric characters, hyphens and periods, and each period separated segment must begin and end with an alphanumeric character. It must be non-empty and at most 253 characters in length", } func (ConfigSpec) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml b/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml deleted file mode 100644 index a533efbc15..0000000000 --- a/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml +++ /dev/null @@ -1,365 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: securitycontextconstraints.security.openshift.io -spec: - group: security.openshift.io - names: - kind: SecurityContextConstraints - listKind: SecurityContextConstraintsList - plural: securitycontextconstraints - singular: securitycontextconstraints - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Determines if a container can request to be run as privileged - jsonPath: .allowPrivilegedContainer - name: Priv - type: string - - description: A list of capabilities that can be requested to add to the container - jsonPath: .allowedCapabilities - name: Caps - type: string - - description: Strategy that will dictate what labels will be set in the SecurityContext - jsonPath: .seLinuxContext.type - name: SELinux - type: string - - description: Strategy that will dictate what RunAsUser is used in the SecurityContext - jsonPath: .runAsUser.type - name: RunAsUser - type: string - - description: Strategy that will dictate what fs group is used by the SecurityContext - jsonPath: .fsGroup.type - name: FSGroup - type: string - - description: Strategy that will dictate what supplemental groups are used by - the SecurityContext - jsonPath: .supplementalGroups.type - name: SupGroup - type: string - - description: Sort order of SCCs - jsonPath: .priority - name: Priority - type: string - - description: Force containers to run with a read only root file system - jsonPath: .readOnlyRootFilesystem - name: ReadOnlyRootFS - type: string - - description: White list of allowed volume plugins - jsonPath: .volumes - name: Volumes - type: string - name: v1 - schema: - openAPIV3Schema: - description: "SecurityContextConstraints governs the ability to make requests - that affect the SecurityContext that will be applied to a container. For - historical reasons SCC was exposed under the core Kubernetes API group. - That exposure is deprecated and will be removed in a future release - users - should instead use the security.openshift.io group to manage SecurityContextConstraints. - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." - properties: - allowHostDirVolumePlugin: - description: AllowHostDirVolumePlugin determines if the policy allow containers - to use the HostDir volume plugin - type: boolean - allowHostIPC: - description: AllowHostIPC determines if the policy allows host ipc in - the containers. - type: boolean - allowHostNetwork: - description: AllowHostNetwork determines if the policy allows the use - of HostNetwork in the pod spec. - type: boolean - allowHostPID: - description: AllowHostPID determines if the policy allows host pid in - the containers. - type: boolean - allowHostPorts: - description: AllowHostPorts determines if the policy allows host ports - in the containers. - type: boolean - allowPrivilegeEscalation: - description: AllowPrivilegeEscalation determines if a pod can request - to allow privilege escalation. If unspecified, defaults to true. - nullable: true - type: boolean - allowPrivilegedContainer: - description: AllowPrivilegedContainer determines if a container can request - to be run as privileged. - type: boolean - allowedCapabilities: - description: AllowedCapabilities is a list of capabilities that can be - requested to add to the container. Capabilities in this field maybe - added at the pod author's discretion. You must not list a capability - in both AllowedCapabilities and RequiredDropCapabilities. To allow all - capabilities you may use '*'. - items: - description: Capability represent POSIX capabilities type - type: string - nullable: true - type: array - allowedFlexVolumes: - description: AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty - or nil indicates that all Flexvolumes may be used. This parameter is - effective only when the usage of the Flexvolumes is allowed in the "Volumes" - field. - items: - description: AllowedFlexVolume represents a single Flexvolume that is - allowed to be used. - properties: - driver: - description: Driver is the name of the Flexvolume driver. - type: string - required: - - driver - type: object - nullable: true - type: array - allowedUnsafeSysctls: - description: "AllowedUnsafeSysctls is a list of explicitly allowed unsafe - sysctls, defaults to none. Each entry is either a plain sysctl name - or ends in \"*\" in which case it is considered as a prefix of allowed - sysctls. Single * means all unsafe sysctls are allowed. Kubelet has - to whitelist all allowed unsafe sysctls explicitly to avoid rejection. - \n Examples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. - \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc." - items: - type: string - nullable: true - type: array - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - defaultAddCapabilities: - description: DefaultAddCapabilities is the default set of capabilities - that will be added to the container unless the pod spec specifically - drops the capability. You may not list a capabiility in both DefaultAddCapabilities - and RequiredDropCapabilities. - items: - description: Capability represent POSIX capabilities type - type: string - nullable: true - type: array - defaultAllowPrivilegeEscalation: - description: DefaultAllowPrivilegeEscalation controls the default setting - for whether a process can gain more privileges than its parent process. - nullable: true - type: boolean - forbiddenSysctls: - description: "ForbiddenSysctls is a list of explicitly forbidden sysctls, - defaults to none. Each entry is either a plain sysctl name or ends in - \"*\" in which case it is considered as a prefix of forbidden sysctls. - Single * means all sysctls are forbidden. \n Examples: e.g. \"foo/*\" - forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", - \"foo.baz\", etc." - items: - type: string - nullable: true - type: array - fsGroup: - description: FSGroup is the strategy that will dictate what fs group is - used by the SecurityContext. - nullable: true - properties: - ranges: - description: Ranges are the allowed ranges of fs groups. If you would - like to force a single fs group then supply a single range with - the same start and end. - items: - description: 'IDRange provides a min/max of an allowed range of - IDs. TODO: this could be reused for UIDs.' - properties: - max: - description: Max is the end of the range, inclusive. - format: int64 - type: integer - min: - description: Min is the start of the range, inclusive. - format: int64 - type: integer - type: object - type: array - type: - description: Type is the strategy that will dictate what FSGroup is - used in the SecurityContext. - type: string - type: object - groups: - description: The groups that have permission to use this security context - constraints - items: - type: string - nullable: true - type: array - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - priority: - description: Priority influences the sort order of SCCs when evaluating - which SCCs to try first for a given pod request based on access in the - Users and Groups fields. The higher the int, the higher priority. An - unset value is considered a 0 priority. If scores for multiple SCCs - are equal they will be sorted from most restrictive to least restrictive. - If both priorities and restrictions are equal the SCCs will be sorted - by name. - format: int32 - nullable: true - type: integer - readOnlyRootFilesystem: - description: ReadOnlyRootFilesystem when set to true will force containers - to run with a read only root file system. If the container specifically - requests to run with a non-read only root file system the SCC should - deny the pod. If set to false the container may run with a read only - root file system if it wishes but it will not be forced to. - type: boolean - requiredDropCapabilities: - description: RequiredDropCapabilities are the capabilities that will be - dropped from the container. These are required to be dropped and cannot - be added. - items: - description: Capability represent POSIX capabilities type - type: string - nullable: true - type: array - runAsUser: - description: RunAsUser is the strategy that will dictate what RunAsUser - is used in the SecurityContext. - nullable: true - properties: - type: - description: Type is the strategy that will dictate what RunAsUser - is used in the SecurityContext. - type: string - uid: - description: UID is the user id that containers must run as. Required - for the MustRunAs strategy if not using namespace/service account - allocated uids. - format: int64 - type: integer - uidRangeMax: - description: UIDRangeMax defines the max value for a strategy that - allocates by range. - format: int64 - type: integer - uidRangeMin: - description: UIDRangeMin defines the min value for a strategy that - allocates by range. - format: int64 - type: integer - type: object - seLinuxContext: - description: SELinuxContext is the strategy that will dictate what labels - will be set in the SecurityContext. - nullable: true - properties: - seLinuxOptions: - description: seLinuxOptions required to run as; required for MustRunAs - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - type: object - type: - description: Type is the strategy that will dictate what SELinux context - is used in the SecurityContext. - type: string - type: object - seccompProfiles: - description: "SeccompProfiles lists the allowed profiles that may be set - for the pod or container's seccomp annotations. An unset (nil) or empty - value means that no profiles may be specifid by the pod or container.\tThe - wildcard '*' may be used to allow all profiles. When used to generate - a value for a pod the first non-wildcard profile will be used as the - default." - items: - type: string - nullable: true - type: array - supplementalGroups: - description: SupplementalGroups is the strategy that will dictate what - supplemental groups are used by the SecurityContext. - nullable: true - properties: - ranges: - description: Ranges are the allowed ranges of supplemental groups. If - you would like to force a single supplemental group then supply - a single range with the same start and end. - items: - description: 'IDRange provides a min/max of an allowed range of - IDs. TODO: this could be reused for UIDs.' - properties: - max: - description: Max is the end of the range, inclusive. - format: int64 - type: integer - min: - description: Min is the start of the range, inclusive. - format: int64 - type: integer - type: object - type: array - type: - description: Type is the strategy that will dictate what supplemental - groups is used in the SecurityContext. - type: string - type: object - users: - description: The users who have permissions to use this security context - constraints - items: - type: string - nullable: true - type: array - volumes: - description: Volumes is a white list of allowed volume plugins. FSType - corresponds directly with the field names of a VolumeSource (azureFile, - configMap, emptyDir). To allow all volumes you may use "*". To allow - no volumes, set to ["none"]. - items: - description: FS Type gives strong typing to different file systems that - are used by volumes. - type: string - nullable: true - type: array - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/security/v1/generated.proto b/vendor/github.com/openshift/api/security/v1/generated.proto index d842079a01..c6d60915d3 100644 --- a/vendor/github.com/openshift/api/security/v1/generated.proto +++ b/vendor/github.com/openshift/api/security/v1/generated.proto @@ -195,15 +195,19 @@ message SELinuxContextStrategyOptions { // SecurityContextConstraints. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -// +kubebuilder:printcolumn:name="Priv",type=string,JSONPath=`.allowPrivilegedContainer`,description="Determines if a container can request to be run as privileged" -// +kubebuilder:printcolumn:name="Caps",type=string,JSONPath=`.allowedCapabilities`,description="A list of capabilities that can be requested to add to the container" -// +kubebuilder:printcolumn:name="SELinux",type=string,JSONPath=`.seLinuxContext.type`,description="Strategy that will dictate what labels will be set in the SecurityContext" -// +kubebuilder:printcolumn:name="RunAsUser",type=string,JSONPath=`.runAsUser.type`,description="Strategy that will dictate what RunAsUser is used in the SecurityContext" -// +kubebuilder:printcolumn:name="FSGroup",type=string,JSONPath=`.fsGroup.type`,description="Strategy that will dictate what fs group is used by the SecurityContext" -// +kubebuilder:printcolumn:name="SupGroup",type=string,JSONPath=`.supplementalGroups.type`,description="Strategy that will dictate what supplemental groups are used by the SecurityContext" -// +kubebuilder:printcolumn:name="Priority",type=string,JSONPath=`.priority`,description="Sort order of SCCs" -// +kubebuilder:printcolumn:name="ReadOnlyRootFS",type=string,JSONPath=`.readOnlyRootFilesystem`,description="Force containers to run with a read only root file system" -// +kubebuilder:printcolumn:name="Volumes",type=string,JSONPath=`.volumes`,description="White list of allowed volume plugins" +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=securitycontextconstraints,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:printcolumn:name="Priv",type=string,JSONPath=.allowPrivilegedContainer,description="Determines if a container can request to be run as privileged" +// +kubebuilder:printcolumn:name="Caps",type=string,JSONPath=.allowedCapabilities,description="A list of capabilities that can be requested to add to the container" +// +kubebuilder:printcolumn:name="SELinux",type=string,JSONPath=.seLinuxContext.type,description="Strategy that will dictate what labels will be set in the SecurityContext" +// +kubebuilder:printcolumn:name="RunAsUser",type=string,JSONPath=.runAsUser.type,description="Strategy that will dictate what RunAsUser is used in the SecurityContext" +// +kubebuilder:printcolumn:name="FSGroup",type=string,JSONPath=.fsGroup.type,description="Strategy that will dictate what fs group is used by the SecurityContext" +// +kubebuilder:printcolumn:name="SupGroup",type=string,JSONPath=.supplementalGroups.type,description="Strategy that will dictate what supplemental groups are used by the SecurityContext" +// +kubebuilder:printcolumn:name="Priority",type=string,JSONPath=.priority,description="Sort order of SCCs" +// +kubebuilder:printcolumn:name="ReadOnlyRootFS",type=string,JSONPath=.readOnlyRootFilesystem,description="Force containers to run with a read only root file system" +// +kubebuilder:printcolumn:name="Volumes",type=string,JSONPath=.volumes,description="White list of allowed volume plugins" // +kubebuilder:singular=securitycontextconstraint // +openshift:compatibility-gen:level=1 message SecurityContextConstraints { diff --git a/vendor/github.com/openshift/api/security/v1/stable.securitycontextconstraints.testsuite.yaml b/vendor/github.com/openshift/api/security/v1/stable.securitycontextconstraints.testsuite.yaml deleted file mode 100644 index d663b94c26..0000000000 --- a/vendor/github.com/openshift/api/security/v1/stable.securitycontextconstraints.testsuite.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] SecurityContextConstraints" -crd: 0000_03_security-openshift_01_scc.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal SecurityContextConstraints - initial: | - apiVersion: security.openshift.io/v1 - kind: SecurityContextConstraints - allowHostDirVolumePlugin: false - allowHostIPC: false - allowHostNetwork: false - allowHostPID: false - allowHostPorts: false - allowPrivilegedContainer: false - allowedCapabilities: [] - defaultAddCapabilities: [] - priority: 0 - readOnlyRootFilesystem: false - requiredDropCapabilities: [] - volumes: [] - expected: | - apiVersion: security.openshift.io/v1 - kind: SecurityContextConstraints - allowHostDirVolumePlugin: false - allowHostIPC: false - allowHostNetwork: false - allowHostPID: false - allowHostPorts: false - allowPrivilegedContainer: false - allowedCapabilities: [] - defaultAddCapabilities: [] - priority: 0 - readOnlyRootFilesystem: false - requiredDropCapabilities: [] - volumes: [] diff --git a/vendor/github.com/openshift/api/security/v1/types.go b/vendor/github.com/openshift/api/security/v1/types.go index 3e208210c4..b57da30581 100644 --- a/vendor/github.com/openshift/api/security/v1/types.go +++ b/vendor/github.com/openshift/api/security/v1/types.go @@ -22,15 +22,19 @@ var AllowAllCapabilities corev1.Capability = "*" // SecurityContextConstraints. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -// +kubebuilder:printcolumn:name="Priv",type=string,JSONPath=`.allowPrivilegedContainer`,description="Determines if a container can request to be run as privileged" -// +kubebuilder:printcolumn:name="Caps",type=string,JSONPath=`.allowedCapabilities`,description="A list of capabilities that can be requested to add to the container" -// +kubebuilder:printcolumn:name="SELinux",type=string,JSONPath=`.seLinuxContext.type`,description="Strategy that will dictate what labels will be set in the SecurityContext" -// +kubebuilder:printcolumn:name="RunAsUser",type=string,JSONPath=`.runAsUser.type`,description="Strategy that will dictate what RunAsUser is used in the SecurityContext" -// +kubebuilder:printcolumn:name="FSGroup",type=string,JSONPath=`.fsGroup.type`,description="Strategy that will dictate what fs group is used by the SecurityContext" -// +kubebuilder:printcolumn:name="SupGroup",type=string,JSONPath=`.supplementalGroups.type`,description="Strategy that will dictate what supplemental groups are used by the SecurityContext" -// +kubebuilder:printcolumn:name="Priority",type=string,JSONPath=`.priority`,description="Sort order of SCCs" -// +kubebuilder:printcolumn:name="ReadOnlyRootFS",type=string,JSONPath=`.readOnlyRootFilesystem`,description="Force containers to run with a read only root file system" -// +kubebuilder:printcolumn:name="Volumes",type=string,JSONPath=`.volumes`,description="White list of allowed volume plugins" +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=securitycontextconstraints,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:printcolumn:name="Priv",type=string,JSONPath=.allowPrivilegedContainer,description="Determines if a container can request to be run as privileged" +// +kubebuilder:printcolumn:name="Caps",type=string,JSONPath=.allowedCapabilities,description="A list of capabilities that can be requested to add to the container" +// +kubebuilder:printcolumn:name="SELinux",type=string,JSONPath=.seLinuxContext.type,description="Strategy that will dictate what labels will be set in the SecurityContext" +// +kubebuilder:printcolumn:name="RunAsUser",type=string,JSONPath=.runAsUser.type,description="Strategy that will dictate what RunAsUser is used in the SecurityContext" +// +kubebuilder:printcolumn:name="FSGroup",type=string,JSONPath=.fsGroup.type,description="Strategy that will dictate what fs group is used by the SecurityContext" +// +kubebuilder:printcolumn:name="SupGroup",type=string,JSONPath=.supplementalGroups.type,description="Strategy that will dictate what supplemental groups are used by the SecurityContext" +// +kubebuilder:printcolumn:name="Priority",type=string,JSONPath=.priority,description="Sort order of SCCs" +// +kubebuilder:printcolumn:name="ReadOnlyRootFS",type=string,JSONPath=.readOnlyRootFilesystem,description="Force containers to run with a read only root file system" +// +kubebuilder:printcolumn:name="Volumes",type=string,JSONPath=.volumes,description="White list of allowed volume plugins" // +kubebuilder:singular=securitycontextconstraint // +openshift:compatibility-gen:level=1 type SecurityContextConstraints struct { diff --git a/vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..ea3967ab28 --- /dev/null +++ b/vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,58 @@ +securitycontextconstraints.security.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: securitycontextconstraints.security.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_03" + GroupName: security.openshift.io + HasStatus: false + KindName: SecurityContextConstraints + Labels: {} + PluralName: securitycontextconstraints + PrinterColumns: + - description: Determines if a container can request to be run as privileged + jsonPath: .allowPrivilegedContainer + name: Priv + type: string + - description: A list of capabilities that can be requested to add to the container + jsonPath: .allowedCapabilities + name: Caps + type: string + - description: Strategy that will dictate what labels will be set in the SecurityContext + jsonPath: .seLinuxContext.type + name: SELinux + type: string + - description: Strategy that will dictate what RunAsUser is used in the SecurityContext + jsonPath: .runAsUser.type + name: RunAsUser + type: string + - description: Strategy that will dictate what fs group is used by the SecurityContext + jsonPath: .fsGroup.type + name: FSGroup + type: string + - description: Strategy that will dictate what supplemental groups are used by the + SecurityContext + jsonPath: .supplementalGroups.type + name: SupGroup + type: string + - description: Sort order of SCCs + jsonPath: .priority + name: Priority + type: string + - description: Force containers to run with a read only root file system + jsonPath: .readOnlyRootFilesystem + name: ReadOnlyRootFS + type: string + - description: White list of allowed volume plugins + jsonPath: .volumes + name: Volumes + type: string + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/securityinternal/v1/0000_03_securityinternal-openshift_02_rangeallocation.crd.yaml b/vendor/github.com/openshift/api/securityinternal/v1/0000_03_securityinternal-openshift_02_rangeallocation.crd.yaml deleted file mode 100644 index 2a4fff5751..0000000000 --- a/vendor/github.com/openshift/api/securityinternal/v1/0000_03_securityinternal-openshift_02_rangeallocation.crd.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/751 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: rangeallocations.security.internal.openshift.io -spec: - group: security.internal.openshift.io - names: - kind: RangeAllocation - listKind: RangeAllocationList - plural: rangeallocations - singular: rangeallocation - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "RangeAllocation is used so we can easily expose a RangeAllocation - typed for security group This is an internal API, not intended for external - consumption. \n Compatibility level 1: Stable within a major release for - a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - data: - description: data is a byte array representing the serialized state of - a range allocation. It is a bitmap with each bit set to one to represent - a range is taken. - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - range: - description: range is a string representing a unique label for a range - of uids, "1000000000-2000000000/10000". - type: string - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/securityinternal/v1/0000_03_securityinternal-openshift_02_rangeallocation.crd.yaml-patch b/vendor/github.com/openshift/api/securityinternal/v1/0000_03_securityinternal-openshift_02_rangeallocation.crd.yaml-patch deleted file mode 100644 index 3b69986a44..0000000000 --- a/vendor/github.com/openshift/api/securityinternal/v1/0000_03_securityinternal-openshift_02_rangeallocation.crd.yaml-patch +++ /dev/null @@ -1,2 +0,0 @@ -- op: remove - path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/data/format diff --git a/vendor/github.com/openshift/api/securityinternal/v1/stable.rangeallocation.testsuite.yaml b/vendor/github.com/openshift/api/securityinternal/v1/stable.rangeallocation.testsuite.yaml deleted file mode 100644 index e7fc540a28..0000000000 --- a/vendor/github.com/openshift/api/securityinternal/v1/stable.rangeallocation.testsuite.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] RangeAllocation" -crd: 0000_03_securityinternal-openshift_02_rangeallocation.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal RangeAllocation - initial: | - apiVersion: security.internal.openshift.io/v1 - kind: RangeAllocation - # No fields are required for a RangeAllocation - expected: | - apiVersion: security.internal.openshift.io/v1 - kind: RangeAllocation diff --git a/vendor/github.com/openshift/api/securityinternal/v1/types.go b/vendor/github.com/openshift/api/securityinternal/v1/types.go index 7a3c21c992..523fc27862 100644 --- a/vendor/github.com/openshift/api/securityinternal/v1/types.go +++ b/vendor/github.com/openshift/api/securityinternal/v1/types.go @@ -12,6 +12,10 @@ import ( // This is an internal API, not intended for external consumption. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=rangeallocations,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/751 +// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=02 // +openshift:compatibility-gen:level=1 type RangeAllocation struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/securityinternal/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/securityinternal/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..b364eeff3f --- /dev/null +++ b/vendor/github.com/openshift/api/securityinternal/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,21 @@ +rangeallocations.security.internal.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/751 + CRDName: rangeallocations.security.internal.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "02" + FilenameRunLevel: "0000_03" + GroupName: security.internal.openshift.io + HasStatus: false + KindName: RangeAllocation + Labels: {} + PluralName: rangeallocations + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/vendor/github.com/openshift/api/sharedresource/v1alpha1/0000_10_sharedconfigmap.crd.yaml b/vendor/github.com/openshift/api/sharedresource/v1alpha1/0000_10_sharedconfigmap.crd.yaml deleted file mode 100644 index 5a4cab65b8..0000000000 --- a/vendor/github.com/openshift/api/sharedresource/v1alpha1/0000_10_sharedconfigmap.crd.yaml +++ /dev/null @@ -1,155 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/979 - description: Extension for sharing ConfigMaps across Namespaces - displayName: SharedConfigMap - name: sharedconfigmaps.sharedresource.openshift.io -spec: - group: sharedresource.openshift.io - names: - kind: SharedConfigMap - listKind: SharedConfigMapList - plural: sharedconfigmaps - singular: sharedconfigmap - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "SharedConfigMap allows a ConfigMap to be shared across namespaces. - Pods can mount the shared ConfigMap by adding a CSI volume to the pod specification - using the \"csi.sharedresource.openshift.io\" CSI driver and a reference - to the SharedConfigMap in the volume attributes: \n spec: volumes: - name: - shared-configmap csi: driver: csi.sharedresource.openshift.io volumeAttributes: - sharedConfigMap: my-share \n For the mount to be successful, the pod's service - account must be granted permission to 'use' the named SharedConfigMap object - within its namespace with an appropriate Role and RoleBinding. For compactness, - here are example `oc` invocations for creating such Role and RoleBinding - objects. \n `oc create role shared-resource-my-share --verb=use --resource=sharedconfigmaps.sharedresource.openshift.io - --resource-name=my-share` `oc create rolebinding shared-resource-my-share - --role=shared-resource-my-share --serviceaccount=my-namespace:default` \n - Shared resource objects, in this case ConfigMaps, have default permissions - of list, get, and watch for system authenticated users. \n Compatibility - level 4: No compatibility is provided, the API can change at any point for - any reason. These capabilities should not be used by applications needing - long term support. These capabilities should not be used by applications - needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired shared configmap - properties: - configMapRef: - description: configMapRef is a reference to the ConfigMap to share - properties: - name: - description: name represents the name of the ConfigMap that is - being referenced. - type: string - namespace: - description: namespace represents the namespace where the referenced - ConfigMap is located. - type: string - required: - - name - - namespace - type: object - description: - description: description is a user readable explanation of what the - backing resource provides. - type: string - required: - - configMapRef - type: object - status: - description: status is the observed status of the shared configmap - properties: - conditions: - description: conditions represents any observations made on this particular - shared resource by the underlying CSI driver or Share controller. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/sharedresource/v1alpha1/0000_10_sharedsecret.crd.yaml b/vendor/github.com/openshift/api/sharedresource/v1alpha1/0000_10_sharedsecret.crd.yaml deleted file mode 100644 index da46fb0fcf..0000000000 --- a/vendor/github.com/openshift/api/sharedresource/v1alpha1/0000_10_sharedsecret.crd.yaml +++ /dev/null @@ -1,155 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/979 - description: Extension for sharing Secrets across Namespaces - displayName: SharedSecret - name: sharedsecrets.sharedresource.openshift.io -spec: - group: sharedresource.openshift.io - names: - kind: SharedSecret - listKind: SharedSecretList - plural: sharedsecrets - singular: sharedsecret - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "SharedSecret allows a Secret to be shared across namespaces. - Pods can mount the shared Secret by adding a CSI volume to the pod specification - using the \"csi.sharedresource.openshift.io\" CSI driver and a reference - to the SharedSecret in the volume attributes: \n spec: volumes: - name: - shared-secret csi: driver: csi.sharedresource.openshift.io volumeAttributes: - sharedSecret: my-share \n For the mount to be successful, the pod's service - account must be granted permission to 'use' the named SharedSecret object - within its namespace with an appropriate Role and RoleBinding. For compactness, - here are example `oc` invocations for creating such Role and RoleBinding - objects. \n `oc create role shared-resource-my-share --verb=use --resource=sharedsecrets.sharedresource.openshift.io - --resource-name=my-share` `oc create rolebinding shared-resource-my-share - --role=shared-resource-my-share --serviceaccount=my-namespace:default` \n - Shared resource objects, in this case Secrets, have default permissions - of list, get, and watch for system authenticated users. \n Compatibility - level 4: No compatibility is provided, the API can change at any point for - any reason. These capabilities should not be used by applications needing - long term support. These capabilities should not be used by applications - needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired shared secret - properties: - description: - description: description is a user readable explanation of what the - backing resource provides. - type: string - secretRef: - description: secretRef is a reference to the Secret to share - properties: - name: - description: name represents the name of the Secret that is being - referenced. - type: string - namespace: - description: namespace represents the namespace where the referenced - Secret is located. - type: string - required: - - name - - namespace - type: object - required: - - secretRef - type: object - status: - description: status is the observed status of the shared secret - properties: - conditions: - description: conditions represents any observations made on this particular - shared resource by the underlying CSI driver or Share controller. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/sharedresource/v1alpha1/stable.sharedconfigmap.testsuite.yaml b/vendor/github.com/openshift/api/sharedresource/v1alpha1/stable.sharedconfigmap.testsuite.yaml deleted file mode 100644 index dc26d6aca3..0000000000 --- a/vendor/github.com/openshift/api/sharedresource/v1alpha1/stable.sharedconfigmap.testsuite.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] SharedConfigMap" -crd: 0000_10_sharedconfigmap.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal SharedConfigMap - initial: | - apiVersion: sharedresource.openshift.io/v1alpha1 - kind: SharedConfigMap - spec: - configMapRef: - name: foo - namespace: foo - expected: | - apiVersion: sharedresource.openshift.io/v1alpha1 - kind: SharedConfigMap - spec: - configMapRef: - name: foo - namespace: foo diff --git a/vendor/github.com/openshift/api/sharedresource/v1alpha1/stable.sharedsecret.testsuite.yaml b/vendor/github.com/openshift/api/sharedresource/v1alpha1/stable.sharedsecret.testsuite.yaml deleted file mode 100644 index 14da75b1f2..0000000000 --- a/vendor/github.com/openshift/api/sharedresource/v1alpha1/stable.sharedsecret.testsuite.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] SharedSecret" -crd: 0000_10_sharedsecret.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal SharedSecret - initial: | - apiVersion: sharedresource.openshift.io/v1alpha1 - kind: SharedSecret - spec: - secretRef: - name: foo - namespace: foo - expected: | - apiVersion: sharedresource.openshift.io/v1alpha1 - kind: SharedSecret - spec: - secretRef: - name: foo - namespace: foo diff --git a/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_configmap.go b/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_configmap.go index 8ffd0b412b..1eea47d02d 100644 --- a/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_configmap.go +++ b/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_configmap.go @@ -29,9 +29,14 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. // These capabilities should not be used by applications needing long term support. +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=sharedconfigmaps,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/979 +// +kubebuilder:metadata:annotations="description=Extension for sharing ConfigMaps across Namespaces" +// +kubebuilder:metadata:annotations="displayName=SharedConfigMap" // +k8s:openapi-gen=true // +openshift:compatibility-gen:level=4 -// +kubebuilder:subresource:status type SharedConfigMap struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_secret.go b/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_secret.go index 6a6fb2246e..654106bce6 100644 --- a/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_secret.go +++ b/vendor/github.com/openshift/api/sharedresource/v1alpha1/types_shared_secret.go @@ -30,8 +30,12 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. // These capabilities should not be used by applications needing long term support. // +openshift:compatibility-gen:level=4 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=sharedsecrets,scope=Cluster // +kubebuilder:subresource:status -// +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/979 +// +kubebuilder:metadata:annotations="description=Extension for sharing Secrets across Namespaces" +// +kubebuilder:metadata:annotations="displayName=SharedSecret" type SharedSecret struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/sharedresource/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/sharedresource/v1alpha1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..874f1831e8 --- /dev/null +++ b/vendor/github.com/openshift/api/sharedresource/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,46 @@ +sharedconfigmaps.sharedresource.openshift.io: + Annotations: + description: Extension for sharing ConfigMaps across Namespaces + displayName: SharedConfigMap + ApprovedPRNumber: https://github.com/openshift/api/pull/979 + CRDName: sharedconfigmaps.sharedresource.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "" + FilenameRunLevel: "" + GroupName: sharedresource.openshift.io + HasStatus: true + KindName: SharedConfigMap + Labels: {} + PluralName: sharedconfigmaps + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1alpha1 + +sharedsecrets.sharedresource.openshift.io: + Annotations: + description: Extension for sharing Secrets across Namespaces + displayName: SharedSecret + ApprovedPRNumber: https://github.com/openshift/api/pull/979 + CRDName: sharedsecrets.sharedresource.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: "" + FilenameOperatorOrdering: "" + FilenameRunLevel: "" + GroupName: sharedresource.openshift.io + HasStatus: true + KindName: SharedSecret + Labels: {} + PluralName: sharedsecrets + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1alpha1 + diff --git a/vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/localresourceaccessreview.go b/vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/localresourceaccessreview.go deleted file mode 100644 index 55ea748a0d..0000000000 --- a/vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/localresourceaccessreview.go +++ /dev/null @@ -1,149 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1 - -import ( - apiauthorizationv1 "github.com/openshift/api/authorization/v1" - internal "github.com/openshift/client-go/authorization/applyconfigurations/internal" - runtime "k8s.io/apimachinery/pkg/runtime" - managedfields "k8s.io/apimachinery/pkg/util/managedfields" - v1 "k8s.io/client-go/applyconfigurations/meta/v1" -) - -// LocalResourceAccessReviewApplyConfiguration represents an declarative configuration of the LocalResourceAccessReview type for use -// with apply. -type LocalResourceAccessReviewApplyConfiguration struct { - v1.TypeMetaApplyConfiguration `json:",inline"` - ActionApplyConfiguration `json:",inline"` -} - -// LocalResourceAccessReview constructs an declarative configuration of the LocalResourceAccessReview type for use with -// apply. -func LocalResourceAccessReview(name string) *LocalResourceAccessReviewApplyConfiguration { - b := &LocalResourceAccessReviewApplyConfiguration{} - b.WithKind("LocalResourceAccessReview") - b.WithAPIVersion("authorization.openshift.io/v1") - return b -} - -// ExtractLocalResourceAccessReview extracts the applied configuration owned by fieldManager from -// localResourceAccessReview. If no managedFields are found in localResourceAccessReview for fieldManager, a -// LocalResourceAccessReviewApplyConfiguration is returned with only the Name, Namespace (if applicable), -// APIVersion and Kind populated. It is possible that no managed fields were found for because other -// field managers have taken ownership of all the fields previously owned by fieldManager, or because -// the fieldManager never owned fields any fields. -// localResourceAccessReview must be a unmodified LocalResourceAccessReview API object that was retrieved from the Kubernetes API. -// ExtractLocalResourceAccessReview provides a way to perform a extract/modify-in-place/apply workflow. -// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously -// applied if another fieldManager has updated or force applied any of the previously applied fields. -// Experimental! -func ExtractLocalResourceAccessReview(localResourceAccessReview *apiauthorizationv1.LocalResourceAccessReview, fieldManager string) (*LocalResourceAccessReviewApplyConfiguration, error) { - return extractLocalResourceAccessReview(localResourceAccessReview, fieldManager, "") -} - -// ExtractLocalResourceAccessReviewStatus is the same as ExtractLocalResourceAccessReview except -// that it extracts the status subresource applied configuration. -// Experimental! -func ExtractLocalResourceAccessReviewStatus(localResourceAccessReview *apiauthorizationv1.LocalResourceAccessReview, fieldManager string) (*LocalResourceAccessReviewApplyConfiguration, error) { - return extractLocalResourceAccessReview(localResourceAccessReview, fieldManager, "status") -} - -func extractLocalResourceAccessReview(localResourceAccessReview *apiauthorizationv1.LocalResourceAccessReview, fieldManager string, subresource string) (*LocalResourceAccessReviewApplyConfiguration, error) { - b := &LocalResourceAccessReviewApplyConfiguration{} - err := managedfields.ExtractInto(localResourceAccessReview, internal.Parser().Type("com.github.openshift.api.authorization.v1.LocalResourceAccessReview"), fieldManager, b, subresource) - if err != nil { - return nil, err - } - - b.WithKind("LocalResourceAccessReview") - b.WithAPIVersion("authorization.openshift.io/v1") - return b, nil -} - -// WithKind sets the Kind field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Kind field is set to the value of the last call. -func (b *LocalResourceAccessReviewApplyConfiguration) WithKind(value string) *LocalResourceAccessReviewApplyConfiguration { - b.Kind = &value - return b -} - -// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the APIVersion field is set to the value of the last call. -func (b *LocalResourceAccessReviewApplyConfiguration) WithAPIVersion(value string) *LocalResourceAccessReviewApplyConfiguration { - b.APIVersion = &value - return b -} - -// WithNamespace sets the Namespace field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Namespace field is set to the value of the last call. -func (b *LocalResourceAccessReviewApplyConfiguration) WithNamespace(value string) *LocalResourceAccessReviewApplyConfiguration { - b.Namespace = &value - return b -} - -// WithVerb sets the Verb field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Verb field is set to the value of the last call. -func (b *LocalResourceAccessReviewApplyConfiguration) WithVerb(value string) *LocalResourceAccessReviewApplyConfiguration { - b.Verb = &value - return b -} - -// WithGroup sets the Group field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Group field is set to the value of the last call. -func (b *LocalResourceAccessReviewApplyConfiguration) WithGroup(value string) *LocalResourceAccessReviewApplyConfiguration { - b.Group = &value - return b -} - -// WithVersion sets the Version field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Version field is set to the value of the last call. -func (b *LocalResourceAccessReviewApplyConfiguration) WithVersion(value string) *LocalResourceAccessReviewApplyConfiguration { - b.Version = &value - return b -} - -// WithResource sets the Resource field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Resource field is set to the value of the last call. -func (b *LocalResourceAccessReviewApplyConfiguration) WithResource(value string) *LocalResourceAccessReviewApplyConfiguration { - b.Resource = &value - return b -} - -// WithResourceName sets the ResourceName field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the ResourceName field is set to the value of the last call. -func (b *LocalResourceAccessReviewApplyConfiguration) WithResourceName(value string) *LocalResourceAccessReviewApplyConfiguration { - b.ResourceName = &value - return b -} - -// WithPath sets the Path field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Path field is set to the value of the last call. -func (b *LocalResourceAccessReviewApplyConfiguration) WithPath(value string) *LocalResourceAccessReviewApplyConfiguration { - b.Path = &value - return b -} - -// WithIsNonResourceURL sets the IsNonResourceURL field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the IsNonResourceURL field is set to the value of the last call. -func (b *LocalResourceAccessReviewApplyConfiguration) WithIsNonResourceURL(value bool) *LocalResourceAccessReviewApplyConfiguration { - b.IsNonResourceURL = &value - return b -} - -// WithContent sets the Content field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Content field is set to the value of the last call. -func (b *LocalResourceAccessReviewApplyConfiguration) WithContent(value runtime.RawExtension) *LocalResourceAccessReviewApplyConfiguration { - b.Content = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/localsubjectaccessreview.go b/vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/localsubjectaccessreview.go deleted file mode 100644 index f97efd274d..0000000000 --- a/vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/localsubjectaccessreview.go +++ /dev/null @@ -1,178 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1 - -import ( - apiauthorizationv1 "github.com/openshift/api/authorization/v1" - internal "github.com/openshift/client-go/authorization/applyconfigurations/internal" - runtime "k8s.io/apimachinery/pkg/runtime" - managedfields "k8s.io/apimachinery/pkg/util/managedfields" - v1 "k8s.io/client-go/applyconfigurations/meta/v1" -) - -// LocalSubjectAccessReviewApplyConfiguration represents an declarative configuration of the LocalSubjectAccessReview type for use -// with apply. -type LocalSubjectAccessReviewApplyConfiguration struct { - v1.TypeMetaApplyConfiguration `json:",inline"` - ActionApplyConfiguration `json:",inline"` - User *string `json:"user,omitempty"` - GroupsSlice []string `json:"groups,omitempty"` - Scopes *apiauthorizationv1.OptionalScopes `json:"scopes,omitempty"` -} - -// LocalSubjectAccessReview constructs an declarative configuration of the LocalSubjectAccessReview type for use with -// apply. -func LocalSubjectAccessReview(name string) *LocalSubjectAccessReviewApplyConfiguration { - b := &LocalSubjectAccessReviewApplyConfiguration{} - b.WithKind("LocalSubjectAccessReview") - b.WithAPIVersion("authorization.openshift.io/v1") - return b -} - -// ExtractLocalSubjectAccessReview extracts the applied configuration owned by fieldManager from -// localSubjectAccessReview. If no managedFields are found in localSubjectAccessReview for fieldManager, a -// LocalSubjectAccessReviewApplyConfiguration is returned with only the Name, Namespace (if applicable), -// APIVersion and Kind populated. It is possible that no managed fields were found for because other -// field managers have taken ownership of all the fields previously owned by fieldManager, or because -// the fieldManager never owned fields any fields. -// localSubjectAccessReview must be a unmodified LocalSubjectAccessReview API object that was retrieved from the Kubernetes API. -// ExtractLocalSubjectAccessReview provides a way to perform a extract/modify-in-place/apply workflow. -// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously -// applied if another fieldManager has updated or force applied any of the previously applied fields. -// Experimental! -func ExtractLocalSubjectAccessReview(localSubjectAccessReview *apiauthorizationv1.LocalSubjectAccessReview, fieldManager string) (*LocalSubjectAccessReviewApplyConfiguration, error) { - return extractLocalSubjectAccessReview(localSubjectAccessReview, fieldManager, "") -} - -// ExtractLocalSubjectAccessReviewStatus is the same as ExtractLocalSubjectAccessReview except -// that it extracts the status subresource applied configuration. -// Experimental! -func ExtractLocalSubjectAccessReviewStatus(localSubjectAccessReview *apiauthorizationv1.LocalSubjectAccessReview, fieldManager string) (*LocalSubjectAccessReviewApplyConfiguration, error) { - return extractLocalSubjectAccessReview(localSubjectAccessReview, fieldManager, "status") -} - -func extractLocalSubjectAccessReview(localSubjectAccessReview *apiauthorizationv1.LocalSubjectAccessReview, fieldManager string, subresource string) (*LocalSubjectAccessReviewApplyConfiguration, error) { - b := &LocalSubjectAccessReviewApplyConfiguration{} - err := managedfields.ExtractInto(localSubjectAccessReview, internal.Parser().Type("com.github.openshift.api.authorization.v1.LocalSubjectAccessReview"), fieldManager, b, subresource) - if err != nil { - return nil, err - } - - b.WithKind("LocalSubjectAccessReview") - b.WithAPIVersion("authorization.openshift.io/v1") - return b, nil -} - -// WithKind sets the Kind field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Kind field is set to the value of the last call. -func (b *LocalSubjectAccessReviewApplyConfiguration) WithKind(value string) *LocalSubjectAccessReviewApplyConfiguration { - b.Kind = &value - return b -} - -// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the APIVersion field is set to the value of the last call. -func (b *LocalSubjectAccessReviewApplyConfiguration) WithAPIVersion(value string) *LocalSubjectAccessReviewApplyConfiguration { - b.APIVersion = &value - return b -} - -// WithNamespace sets the Namespace field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Namespace field is set to the value of the last call. -func (b *LocalSubjectAccessReviewApplyConfiguration) WithNamespace(value string) *LocalSubjectAccessReviewApplyConfiguration { - b.Namespace = &value - return b -} - -// WithVerb sets the Verb field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Verb field is set to the value of the last call. -func (b *LocalSubjectAccessReviewApplyConfiguration) WithVerb(value string) *LocalSubjectAccessReviewApplyConfiguration { - b.Verb = &value - return b -} - -// WithGroup sets the Group field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Group field is set to the value of the last call. -func (b *LocalSubjectAccessReviewApplyConfiguration) WithGroup(value string) *LocalSubjectAccessReviewApplyConfiguration { - b.Group = &value - return b -} - -// WithVersion sets the Version field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Version field is set to the value of the last call. -func (b *LocalSubjectAccessReviewApplyConfiguration) WithVersion(value string) *LocalSubjectAccessReviewApplyConfiguration { - b.Version = &value - return b -} - -// WithResource sets the Resource field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Resource field is set to the value of the last call. -func (b *LocalSubjectAccessReviewApplyConfiguration) WithResource(value string) *LocalSubjectAccessReviewApplyConfiguration { - b.Resource = &value - return b -} - -// WithResourceName sets the ResourceName field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the ResourceName field is set to the value of the last call. -func (b *LocalSubjectAccessReviewApplyConfiguration) WithResourceName(value string) *LocalSubjectAccessReviewApplyConfiguration { - b.ResourceName = &value - return b -} - -// WithPath sets the Path field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Path field is set to the value of the last call. -func (b *LocalSubjectAccessReviewApplyConfiguration) WithPath(value string) *LocalSubjectAccessReviewApplyConfiguration { - b.Path = &value - return b -} - -// WithIsNonResourceURL sets the IsNonResourceURL field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the IsNonResourceURL field is set to the value of the last call. -func (b *LocalSubjectAccessReviewApplyConfiguration) WithIsNonResourceURL(value bool) *LocalSubjectAccessReviewApplyConfiguration { - b.IsNonResourceURL = &value - return b -} - -// WithContent sets the Content field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Content field is set to the value of the last call. -func (b *LocalSubjectAccessReviewApplyConfiguration) WithContent(value runtime.RawExtension) *LocalSubjectAccessReviewApplyConfiguration { - b.Content = &value - return b -} - -// WithUser sets the User field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the User field is set to the value of the last call. -func (b *LocalSubjectAccessReviewApplyConfiguration) WithUser(value string) *LocalSubjectAccessReviewApplyConfiguration { - b.User = &value - return b -} - -// WithGroupsSlice adds the given value to the GroupsSlice field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the GroupsSlice field. -func (b *LocalSubjectAccessReviewApplyConfiguration) WithGroupsSlice(values ...string) *LocalSubjectAccessReviewApplyConfiguration { - for i := range values { - b.GroupsSlice = append(b.GroupsSlice, values[i]) - } - return b -} - -// WithScopes sets the Scopes field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Scopes field is set to the value of the last call. -func (b *LocalSubjectAccessReviewApplyConfiguration) WithScopes(value apiauthorizationv1.OptionalScopes) *LocalSubjectAccessReviewApplyConfiguration { - b.Scopes = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/resourceaccessreview.go b/vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/resourceaccessreview.go deleted file mode 100644 index ad05e5787a..0000000000 --- a/vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/resourceaccessreview.go +++ /dev/null @@ -1,149 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1 - -import ( - apiauthorizationv1 "github.com/openshift/api/authorization/v1" - internal "github.com/openshift/client-go/authorization/applyconfigurations/internal" - runtime "k8s.io/apimachinery/pkg/runtime" - managedfields "k8s.io/apimachinery/pkg/util/managedfields" - v1 "k8s.io/client-go/applyconfigurations/meta/v1" -) - -// ResourceAccessReviewApplyConfiguration represents an declarative configuration of the ResourceAccessReview type for use -// with apply. -type ResourceAccessReviewApplyConfiguration struct { - v1.TypeMetaApplyConfiguration `json:",inline"` - ActionApplyConfiguration `json:",inline"` -} - -// ResourceAccessReview constructs an declarative configuration of the ResourceAccessReview type for use with -// apply. -func ResourceAccessReview(name string) *ResourceAccessReviewApplyConfiguration { - b := &ResourceAccessReviewApplyConfiguration{} - b.WithKind("ResourceAccessReview") - b.WithAPIVersion("authorization.openshift.io/v1") - return b -} - -// ExtractResourceAccessReview extracts the applied configuration owned by fieldManager from -// resourceAccessReview. If no managedFields are found in resourceAccessReview for fieldManager, a -// ResourceAccessReviewApplyConfiguration is returned with only the Name, Namespace (if applicable), -// APIVersion and Kind populated. It is possible that no managed fields were found for because other -// field managers have taken ownership of all the fields previously owned by fieldManager, or because -// the fieldManager never owned fields any fields. -// resourceAccessReview must be a unmodified ResourceAccessReview API object that was retrieved from the Kubernetes API. -// ExtractResourceAccessReview provides a way to perform a extract/modify-in-place/apply workflow. -// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously -// applied if another fieldManager has updated or force applied any of the previously applied fields. -// Experimental! -func ExtractResourceAccessReview(resourceAccessReview *apiauthorizationv1.ResourceAccessReview, fieldManager string) (*ResourceAccessReviewApplyConfiguration, error) { - return extractResourceAccessReview(resourceAccessReview, fieldManager, "") -} - -// ExtractResourceAccessReviewStatus is the same as ExtractResourceAccessReview except -// that it extracts the status subresource applied configuration. -// Experimental! -func ExtractResourceAccessReviewStatus(resourceAccessReview *apiauthorizationv1.ResourceAccessReview, fieldManager string) (*ResourceAccessReviewApplyConfiguration, error) { - return extractResourceAccessReview(resourceAccessReview, fieldManager, "status") -} - -func extractResourceAccessReview(resourceAccessReview *apiauthorizationv1.ResourceAccessReview, fieldManager string, subresource string) (*ResourceAccessReviewApplyConfiguration, error) { - b := &ResourceAccessReviewApplyConfiguration{} - err := managedfields.ExtractInto(resourceAccessReview, internal.Parser().Type("com.github.openshift.api.authorization.v1.ResourceAccessReview"), fieldManager, b, subresource) - if err != nil { - return nil, err - } - - b.WithKind("ResourceAccessReview") - b.WithAPIVersion("authorization.openshift.io/v1") - return b, nil -} - -// WithKind sets the Kind field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Kind field is set to the value of the last call. -func (b *ResourceAccessReviewApplyConfiguration) WithKind(value string) *ResourceAccessReviewApplyConfiguration { - b.Kind = &value - return b -} - -// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the APIVersion field is set to the value of the last call. -func (b *ResourceAccessReviewApplyConfiguration) WithAPIVersion(value string) *ResourceAccessReviewApplyConfiguration { - b.APIVersion = &value - return b -} - -// WithNamespace sets the Namespace field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Namespace field is set to the value of the last call. -func (b *ResourceAccessReviewApplyConfiguration) WithNamespace(value string) *ResourceAccessReviewApplyConfiguration { - b.Namespace = &value - return b -} - -// WithVerb sets the Verb field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Verb field is set to the value of the last call. -func (b *ResourceAccessReviewApplyConfiguration) WithVerb(value string) *ResourceAccessReviewApplyConfiguration { - b.Verb = &value - return b -} - -// WithGroup sets the Group field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Group field is set to the value of the last call. -func (b *ResourceAccessReviewApplyConfiguration) WithGroup(value string) *ResourceAccessReviewApplyConfiguration { - b.Group = &value - return b -} - -// WithVersion sets the Version field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Version field is set to the value of the last call. -func (b *ResourceAccessReviewApplyConfiguration) WithVersion(value string) *ResourceAccessReviewApplyConfiguration { - b.Version = &value - return b -} - -// WithResource sets the Resource field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Resource field is set to the value of the last call. -func (b *ResourceAccessReviewApplyConfiguration) WithResource(value string) *ResourceAccessReviewApplyConfiguration { - b.Resource = &value - return b -} - -// WithResourceName sets the ResourceName field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the ResourceName field is set to the value of the last call. -func (b *ResourceAccessReviewApplyConfiguration) WithResourceName(value string) *ResourceAccessReviewApplyConfiguration { - b.ResourceName = &value - return b -} - -// WithPath sets the Path field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Path field is set to the value of the last call. -func (b *ResourceAccessReviewApplyConfiguration) WithPath(value string) *ResourceAccessReviewApplyConfiguration { - b.Path = &value - return b -} - -// WithIsNonResourceURL sets the IsNonResourceURL field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the IsNonResourceURL field is set to the value of the last call. -func (b *ResourceAccessReviewApplyConfiguration) WithIsNonResourceURL(value bool) *ResourceAccessReviewApplyConfiguration { - b.IsNonResourceURL = &value - return b -} - -// WithContent sets the Content field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Content field is set to the value of the last call. -func (b *ResourceAccessReviewApplyConfiguration) WithContent(value runtime.RawExtension) *ResourceAccessReviewApplyConfiguration { - b.Content = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/subjectaccessreview.go b/vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/subjectaccessreview.go deleted file mode 100644 index 9c009e3ec8..0000000000 --- a/vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/subjectaccessreview.go +++ /dev/null @@ -1,178 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1 - -import ( - apiauthorizationv1 "github.com/openshift/api/authorization/v1" - internal "github.com/openshift/client-go/authorization/applyconfigurations/internal" - runtime "k8s.io/apimachinery/pkg/runtime" - managedfields "k8s.io/apimachinery/pkg/util/managedfields" - v1 "k8s.io/client-go/applyconfigurations/meta/v1" -) - -// SubjectAccessReviewApplyConfiguration represents an declarative configuration of the SubjectAccessReview type for use -// with apply. -type SubjectAccessReviewApplyConfiguration struct { - v1.TypeMetaApplyConfiguration `json:",inline"` - ActionApplyConfiguration `json:",inline"` - User *string `json:"user,omitempty"` - GroupsSlice []string `json:"groups,omitempty"` - Scopes *apiauthorizationv1.OptionalScopes `json:"scopes,omitempty"` -} - -// SubjectAccessReview constructs an declarative configuration of the SubjectAccessReview type for use with -// apply. -func SubjectAccessReview(name string) *SubjectAccessReviewApplyConfiguration { - b := &SubjectAccessReviewApplyConfiguration{} - b.WithKind("SubjectAccessReview") - b.WithAPIVersion("authorization.openshift.io/v1") - return b -} - -// ExtractSubjectAccessReview extracts the applied configuration owned by fieldManager from -// subjectAccessReview. If no managedFields are found in subjectAccessReview for fieldManager, a -// SubjectAccessReviewApplyConfiguration is returned with only the Name, Namespace (if applicable), -// APIVersion and Kind populated. It is possible that no managed fields were found for because other -// field managers have taken ownership of all the fields previously owned by fieldManager, or because -// the fieldManager never owned fields any fields. -// subjectAccessReview must be a unmodified SubjectAccessReview API object that was retrieved from the Kubernetes API. -// ExtractSubjectAccessReview provides a way to perform a extract/modify-in-place/apply workflow. -// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously -// applied if another fieldManager has updated or force applied any of the previously applied fields. -// Experimental! -func ExtractSubjectAccessReview(subjectAccessReview *apiauthorizationv1.SubjectAccessReview, fieldManager string) (*SubjectAccessReviewApplyConfiguration, error) { - return extractSubjectAccessReview(subjectAccessReview, fieldManager, "") -} - -// ExtractSubjectAccessReviewStatus is the same as ExtractSubjectAccessReview except -// that it extracts the status subresource applied configuration. -// Experimental! -func ExtractSubjectAccessReviewStatus(subjectAccessReview *apiauthorizationv1.SubjectAccessReview, fieldManager string) (*SubjectAccessReviewApplyConfiguration, error) { - return extractSubjectAccessReview(subjectAccessReview, fieldManager, "status") -} - -func extractSubjectAccessReview(subjectAccessReview *apiauthorizationv1.SubjectAccessReview, fieldManager string, subresource string) (*SubjectAccessReviewApplyConfiguration, error) { - b := &SubjectAccessReviewApplyConfiguration{} - err := managedfields.ExtractInto(subjectAccessReview, internal.Parser().Type("com.github.openshift.api.authorization.v1.SubjectAccessReview"), fieldManager, b, subresource) - if err != nil { - return nil, err - } - - b.WithKind("SubjectAccessReview") - b.WithAPIVersion("authorization.openshift.io/v1") - return b, nil -} - -// WithKind sets the Kind field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Kind field is set to the value of the last call. -func (b *SubjectAccessReviewApplyConfiguration) WithKind(value string) *SubjectAccessReviewApplyConfiguration { - b.Kind = &value - return b -} - -// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the APIVersion field is set to the value of the last call. -func (b *SubjectAccessReviewApplyConfiguration) WithAPIVersion(value string) *SubjectAccessReviewApplyConfiguration { - b.APIVersion = &value - return b -} - -// WithNamespace sets the Namespace field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Namespace field is set to the value of the last call. -func (b *SubjectAccessReviewApplyConfiguration) WithNamespace(value string) *SubjectAccessReviewApplyConfiguration { - b.Namespace = &value - return b -} - -// WithVerb sets the Verb field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Verb field is set to the value of the last call. -func (b *SubjectAccessReviewApplyConfiguration) WithVerb(value string) *SubjectAccessReviewApplyConfiguration { - b.Verb = &value - return b -} - -// WithGroup sets the Group field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Group field is set to the value of the last call. -func (b *SubjectAccessReviewApplyConfiguration) WithGroup(value string) *SubjectAccessReviewApplyConfiguration { - b.Group = &value - return b -} - -// WithVersion sets the Version field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Version field is set to the value of the last call. -func (b *SubjectAccessReviewApplyConfiguration) WithVersion(value string) *SubjectAccessReviewApplyConfiguration { - b.Version = &value - return b -} - -// WithResource sets the Resource field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Resource field is set to the value of the last call. -func (b *SubjectAccessReviewApplyConfiguration) WithResource(value string) *SubjectAccessReviewApplyConfiguration { - b.Resource = &value - return b -} - -// WithResourceName sets the ResourceName field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the ResourceName field is set to the value of the last call. -func (b *SubjectAccessReviewApplyConfiguration) WithResourceName(value string) *SubjectAccessReviewApplyConfiguration { - b.ResourceName = &value - return b -} - -// WithPath sets the Path field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Path field is set to the value of the last call. -func (b *SubjectAccessReviewApplyConfiguration) WithPath(value string) *SubjectAccessReviewApplyConfiguration { - b.Path = &value - return b -} - -// WithIsNonResourceURL sets the IsNonResourceURL field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the IsNonResourceURL field is set to the value of the last call. -func (b *SubjectAccessReviewApplyConfiguration) WithIsNonResourceURL(value bool) *SubjectAccessReviewApplyConfiguration { - b.IsNonResourceURL = &value - return b -} - -// WithContent sets the Content field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Content field is set to the value of the last call. -func (b *SubjectAccessReviewApplyConfiguration) WithContent(value runtime.RawExtension) *SubjectAccessReviewApplyConfiguration { - b.Content = &value - return b -} - -// WithUser sets the User field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the User field is set to the value of the last call. -func (b *SubjectAccessReviewApplyConfiguration) WithUser(value string) *SubjectAccessReviewApplyConfiguration { - b.User = &value - return b -} - -// WithGroupsSlice adds the given value to the GroupsSlice field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the GroupsSlice field. -func (b *SubjectAccessReviewApplyConfiguration) WithGroupsSlice(values ...string) *SubjectAccessReviewApplyConfiguration { - for i := range values { - b.GroupsSlice = append(b.GroupsSlice, values[i]) - } - return b -} - -// WithScopes sets the Scopes field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Scopes field is set to the value of the last call. -func (b *SubjectAccessReviewApplyConfiguration) WithScopes(value apiauthorizationv1.OptionalScopes) *SubjectAccessReviewApplyConfiguration { - b.Scopes = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go new file mode 100644 index 0000000000..15723fcc6b --- /dev/null +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go @@ -0,0 +1,27 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + v1 "github.com/openshift/api/config/v1" +) + +// ProfileCustomizationsApplyConfiguration represents an declarative configuration of the ProfileCustomizations type for use +// with apply. +type ProfileCustomizationsApplyConfiguration struct { + DynamicResourceAllocation *v1.DRAEnablement `json:"dynamicResourceAllocation,omitempty"` +} + +// ProfileCustomizationsApplyConfiguration constructs an declarative configuration of the ProfileCustomizations type for use with +// apply. +func ProfileCustomizations() *ProfileCustomizationsApplyConfiguration { + return &ProfileCustomizationsApplyConfiguration{} +} + +// WithDynamicResourceAllocation sets the DynamicResourceAllocation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DynamicResourceAllocation field is set to the value of the last call. +func (b *ProfileCustomizationsApplyConfiguration) WithDynamicResourceAllocation(value v1.DRAEnablement) *ProfileCustomizationsApplyConfiguration { + b.DynamicResourceAllocation = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/schedulerspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/schedulerspec.go index 5ae175385c..1df067067f 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/schedulerspec.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/schedulerspec.go @@ -9,10 +9,11 @@ import ( // SchedulerSpecApplyConfiguration represents an declarative configuration of the SchedulerSpec type for use // with apply. type SchedulerSpecApplyConfiguration struct { - Policy *ConfigMapNameReferenceApplyConfiguration `json:"policy,omitempty"` - Profile *configv1.SchedulerProfile `json:"profile,omitempty"` - DefaultNodeSelector *string `json:"defaultNodeSelector,omitempty"` - MastersSchedulable *bool `json:"mastersSchedulable,omitempty"` + Policy *ConfigMapNameReferenceApplyConfiguration `json:"policy,omitempty"` + Profile *configv1.SchedulerProfile `json:"profile,omitempty"` + ProfileCustomizations *ProfileCustomizationsApplyConfiguration `json:"profileCustomizations,omitempty"` + DefaultNodeSelector *string `json:"defaultNodeSelector,omitempty"` + MastersSchedulable *bool `json:"mastersSchedulable,omitempty"` } // SchedulerSpecApplyConfiguration constructs an declarative configuration of the SchedulerSpec type for use with @@ -37,6 +38,14 @@ func (b *SchedulerSpecApplyConfiguration) WithProfile(value configv1.SchedulerPr return b } +// WithProfileCustomizations sets the ProfileCustomizations field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ProfileCustomizations field is set to the value of the last call. +func (b *SchedulerSpecApplyConfiguration) WithProfileCustomizations(value *ProfileCustomizationsApplyConfiguration) *SchedulerSpecApplyConfiguration { + b.ProfileCustomizations = value + return b +} + // WithDefaultNodeSelector sets the DefaultNodeSelector field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the DefaultNodeSelector field is set to the value of the last call. diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/fulciocawithrekor.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/fulciocawithrekor.go index 6fe09c0eb4..681d1ce165 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/fulciocawithrekor.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/fulciocawithrekor.go @@ -5,8 +5,8 @@ package v1alpha1 // FulcioCAWithRekorApplyConfiguration represents an declarative configuration of the FulcioCAWithRekor type for use // with apply. type FulcioCAWithRekorApplyConfiguration struct { - FulcioCAData *string `json:"fulcioCAData,omitempty"` - RekorKeyData *string `json:"rekorKeyData,omitempty"` + FulcioCAData []byte `json:"fulcioCAData,omitempty"` + RekorKeyData []byte `json:"rekorKeyData,omitempty"` FulcioSubject *PolicyFulcioSubjectApplyConfiguration `json:"fulcioSubject,omitempty"` } @@ -16,19 +16,23 @@ func FulcioCAWithRekor() *FulcioCAWithRekorApplyConfiguration { return &FulcioCAWithRekorApplyConfiguration{} } -// WithFulcioCAData sets the FulcioCAData field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the FulcioCAData field is set to the value of the last call. -func (b *FulcioCAWithRekorApplyConfiguration) WithFulcioCAData(value string) *FulcioCAWithRekorApplyConfiguration { - b.FulcioCAData = &value +// WithFulcioCAData adds the given value to the FulcioCAData field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the FulcioCAData field. +func (b *FulcioCAWithRekorApplyConfiguration) WithFulcioCAData(values ...byte) *FulcioCAWithRekorApplyConfiguration { + for i := range values { + b.FulcioCAData = append(b.FulcioCAData, values[i]) + } return b } -// WithRekorKeyData sets the RekorKeyData field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the RekorKeyData field is set to the value of the last call. -func (b *FulcioCAWithRekorApplyConfiguration) WithRekorKeyData(value string) *FulcioCAWithRekorApplyConfiguration { - b.RekorKeyData = &value +// WithRekorKeyData adds the given value to the RekorKeyData field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the RekorKeyData field. +func (b *FulcioCAWithRekorApplyConfiguration) WithRekorKeyData(values ...byte) *FulcioCAWithRekorApplyConfiguration { + for i := range values { + b.RekorKeyData = append(b.RekorKeyData, values[i]) + } return b } diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/publickey.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/publickey.go index 456fe9c86e..0636a283ef 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/publickey.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/publickey.go @@ -5,8 +5,8 @@ package v1alpha1 // PublicKeyApplyConfiguration represents an declarative configuration of the PublicKey type for use // with apply. type PublicKeyApplyConfiguration struct { - KeyData *string `json:"keyData,omitempty"` - RekorKeyData *string `json:"rekorKeyData,omitempty"` + KeyData []byte `json:"keyData,omitempty"` + RekorKeyData []byte `json:"rekorKeyData,omitempty"` } // PublicKeyApplyConfiguration constructs an declarative configuration of the PublicKey type for use with @@ -15,18 +15,22 @@ func PublicKey() *PublicKeyApplyConfiguration { return &PublicKeyApplyConfiguration{} } -// WithKeyData sets the KeyData field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the KeyData field is set to the value of the last call. -func (b *PublicKeyApplyConfiguration) WithKeyData(value string) *PublicKeyApplyConfiguration { - b.KeyData = &value +// WithKeyData adds the given value to the KeyData field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the KeyData field. +func (b *PublicKeyApplyConfiguration) WithKeyData(values ...byte) *PublicKeyApplyConfiguration { + for i := range values { + b.KeyData = append(b.KeyData, values[i]) + } return b } -// WithRekorKeyData sets the RekorKeyData field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the RekorKeyData field is set to the value of the last call. -func (b *PublicKeyApplyConfiguration) WithRekorKeyData(value string) *PublicKeyApplyConfiguration { - b.RekorKeyData = &value +// WithRekorKeyData adds the given value to the RekorKeyData field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the RekorKeyData field. +func (b *PublicKeyApplyConfiguration) WithRekorKeyData(values ...byte) *PublicKeyApplyConfiguration { + for i := range values { + b.RekorKeyData = append(b.RekorKeyData, values[i]) + } return b } diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go index 328e4df340..64d6d2ae7c 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go @@ -2840,6 +2840,13 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" +- name: com.github.openshift.api.config.v1.ProfileCustomizations + map: + fields: + - name: dynamicResourceAllocation + type: + scalar: string + default: "" - name: com.github.openshift.api.config.v1.Project map: fields: @@ -3124,6 +3131,10 @@ var schemaYAML = typed.YAMLObject(`types: - name: profile type: scalar: string + - name: profileCustomizations + type: + namedType: com.github.openshift.api.config.v1.ProfileCustomizations + default: {} - name: com.github.openshift.api.config.v1.SchedulerStatus map: elementType: @@ -3619,7 +3630,6 @@ var schemaYAML = typed.YAMLObject(`types: - name: fulcioCAData type: scalar: string - default: "" - name: fulcioSubject type: namedType: com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject @@ -3627,7 +3637,6 @@ var schemaYAML = typed.YAMLObject(`types: - name: rekorKeyData type: scalar: string - default: "" - name: com.github.openshift.api.config.v1alpha1.GatherConfig map: fields: @@ -3811,7 +3820,6 @@ var schemaYAML = typed.YAMLObject(`types: - name: keyData type: scalar: string - default: "" - name: rekorKeyData type: scalar: string diff --git a/vendor/github.com/openshift/library-go/pkg/apiserver/apiserverconfig/personal_subjectaccessreview.go b/vendor/github.com/openshift/library-go/pkg/apiserver/apiserverconfig/personal_subjectaccessreview.go index d97946b9b4..4416955cf5 100644 --- a/vendor/github.com/openshift/library-go/pkg/apiserver/apiserverconfig/personal_subjectaccessreview.go +++ b/vendor/github.com/openshift/library-go/pkg/apiserver/apiserverconfig/personal_subjectaccessreview.go @@ -2,7 +2,7 @@ package apiserverconfig import ( "bytes" - "io/ioutil" + "io" "net/http" "k8s.io/apimachinery/pkg/runtime" @@ -70,11 +70,11 @@ func (a *personalSARRequestInfoResolver) NewRequestInfo(req *http.Request) (*req func isPersonalAccessReviewFromRequest(req *http.Request, requestInfo *request.RequestInfo) (bool, error) { // TODO once we're integrated with the api installer, we should have direct access to the deserialized content // for now, this only happens on subjectaccessreviews with a personal check, pay the double retrieve and decode cost - body, err := ioutil.ReadAll(req.Body) + body, err := io.ReadAll(req.Body) if err != nil { return false, err } - req.Body = ioutil.NopCloser(bytes.NewBuffer(body)) + req.Body = io.NopCloser(bytes.NewBuffer(body)) defaultGVK := schema.GroupVersionKind{Version: requestInfo.APIVersion, Group: requestInfo.APIGroup} switch requestInfo.Resource { diff --git a/vendor/github.com/openshift/library-go/pkg/certs/pem.go b/vendor/github.com/openshift/library-go/pkg/certs/pem.go index c3f7ff3065..50e8a28a53 100644 --- a/vendor/github.com/openshift/library-go/pkg/certs/pem.go +++ b/vendor/github.com/openshift/library-go/pkg/certs/pem.go @@ -3,7 +3,6 @@ package certs import ( "bytes" "encoding/pem" - "io/ioutil" "os" "path/filepath" ) @@ -16,7 +15,7 @@ const ( ) func BlockFromFile(path string, blockType string) (*pem.Block, bool, error) { - data, err := ioutil.ReadFile(path) + data, err := os.ReadFile(path) if err != nil { return nil, false, err } @@ -45,7 +44,7 @@ func BlockToFile(path string, block *pem.Block, mode os.FileMode) error { if err := os.MkdirAll(filepath.Dir(path), os.FileMode(0755)); err != nil { return err } - return ioutil.WriteFile(path, b, mode) + return os.WriteFile(path, b, mode) } func BlockToBytes(block *pem.Block) ([]byte, error) { diff --git a/vendor/github.com/openshift/library-go/pkg/config/client/client_config.go b/vendor/github.com/openshift/library-go/pkg/config/client/client_config.go index e2b90ca531..f632794604 100644 --- a/vendor/github.com/openshift/library-go/pkg/config/client/client_config.go +++ b/vendor/github.com/openshift/library-go/pkg/config/client/client_config.go @@ -1,10 +1,11 @@ package client import ( - "io/ioutil" + "net/http" + "os" + "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" - "net/http" configv1 "github.com/openshift/api/config/v1" "github.com/openshift/library-go/pkg/network" @@ -35,7 +36,7 @@ func GetKubeConfigOrInClusterConfig(kubeConfigFile string, overrides *ClientConn // GetClientConfig returns the rest.Config for a kubeconfig file func GetClientConfig(kubeConfigFile string, overrides *ClientConnectionOverrides) (*rest.Config, error) { - kubeConfigBytes, err := ioutil.ReadFile(kubeConfigFile) + kubeConfigBytes, err := os.ReadFile(kubeConfigFile) if err != nil { return nil, err } diff --git a/vendor/github.com/openshift/library-go/pkg/config/helpers/client.go b/vendor/github.com/openshift/library-go/pkg/config/helpers/client.go index f28ef543f1..98d4f8f892 100644 --- a/vendor/github.com/openshift/library-go/pkg/config/helpers/client.go +++ b/vendor/github.com/openshift/library-go/pkg/config/helpers/client.go @@ -1,7 +1,7 @@ package helpers import ( - "io/ioutil" + "os" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" @@ -36,7 +36,7 @@ func GetKubeConfigOrInClusterConfig(kubeConfigFile string, overrides configv1.Cl } func GetClientConfig(kubeConfigFile string, overrides configv1.ClientConnectionOverrides) (*rest.Config, error) { - kubeConfigBytes, err := ioutil.ReadFile(kubeConfigFile) + kubeConfigBytes, err := os.ReadFile(kubeConfigFile) if err != nil { return nil, err } diff --git a/vendor/github.com/openshift/library-go/pkg/config/helpers/readresource.go b/vendor/github.com/openshift/library-go/pkg/config/helpers/readresource.go index 292f32f9d2..966cc52787 100644 --- a/vendor/github.com/openshift/library-go/pkg/config/helpers/readresource.go +++ b/vendor/github.com/openshift/library-go/pkg/config/helpers/readresource.go @@ -5,7 +5,6 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "reflect" "k8s.io/apimachinery/pkg/runtime" @@ -24,7 +23,7 @@ func ReadYAMLToInternal(reader io.Reader, schemeFns ...InstallFunc) (runtime.Obj if reader == nil || reflect.ValueOf(reader).IsNil() { return nil, nil } - data, err := ioutil.ReadAll(reader) + data, err := io.ReadAll(reader) if err != nil { return nil, err } @@ -61,7 +60,7 @@ func ReadYAML(reader io.Reader, schemeFns ...InstallFunc) (runtime.Object, error if reader == nil || reflect.ValueOf(reader).IsNil() { return nil, nil } - data, err := ioutil.ReadAll(reader) + data, err := io.ReadAll(reader) if err != nil { return nil, err } diff --git a/vendor/github.com/openshift/library-go/pkg/config/leaderelection/leaderelection.go b/vendor/github.com/openshift/library-go/pkg/config/leaderelection/leaderelection.go index b22671f744..3142315a6d 100644 --- a/vendor/github.com/openshift/library-go/pkg/config/leaderelection/leaderelection.go +++ b/vendor/github.com/openshift/library-go/pkg/config/leaderelection/leaderelection.go @@ -2,7 +2,6 @@ package leaderelection import ( "fmt" - "io/ioutil" "math" "os" "strings" @@ -132,7 +131,7 @@ func LeaderElectionDefaulting(config configv1.LeaderElection, defaultNamespace, ret.Namespace = defaultNamespace } else { // Fall back to the namespace associated with the service account token, if available - if data, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace"); err == nil { + if data, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace"); err == nil { if ns := strings.TrimSpace(string(data)); len(ns) > 0 { ret.Namespace = ns } diff --git a/vendor/github.com/openshift/library-go/pkg/config/validation/general.go b/vendor/github.com/openshift/library-go/pkg/config/validation/general.go index 3a5dcd0b7f..8319847605 100644 --- a/vendor/github.com/openshift/library-go/pkg/config/validation/general.go +++ b/vendor/github.com/openshift/library-go/pkg/config/validation/general.go @@ -126,5 +126,5 @@ func HostnameMatchSpecCandidates(hostname string) []string { // HostnameMatches returns true if the given hostname is matched by the given matchSpec func HostnameMatches(hostname string, matchSpec string) bool { - return sets.NewString(HostnameMatchSpecCandidates(hostname)...).Has(matchSpec) + return sets.New(HostnameMatchSpecCandidates(hostname)...).Has(matchSpec) } diff --git a/vendor/github.com/openshift/library-go/pkg/config/validation/serving_info.go b/vendor/github.com/openshift/library-go/pkg/config/validation/serving_info.go index 947f5c9148..e079a22765 100644 --- a/vendor/github.com/openshift/library-go/pkg/config/validation/serving_info.go +++ b/vendor/github.com/openshift/library-go/pkg/config/validation/serving_info.go @@ -73,7 +73,7 @@ func ValidateServingInfo(info configv1.ServingInfo, certificatesRequired bool, f func ValidateNamedCertificates(fldPath *field.Path, namedCertificates []configv1.NamedCertificate) ValidationResults { validationResults := ValidationResults{} - takenNames := sets.NewString() + takenNames := sets.New[string]() for i, namedCertificate := range namedCertificates { idxPath := fldPath.Index(i) diff --git a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go index fbf84acd29..051cc3bf0e 100644 --- a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go +++ b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/builder.go @@ -3,7 +3,6 @@ package controllercmd import ( "context" "fmt" - "io/ioutil" "os" "strings" "sync" @@ -413,7 +412,7 @@ func (b *ControllerBuilder) getComponentNamespace() (string, error) { if len(b.componentNamespace) > 0 { return b.componentNamespace, nil } - nsBytes, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace") + nsBytes, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace") if err != nil { return "openshift-config-managed", err } diff --git a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go index 23c67c365d..9849baae09 100644 --- a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go +++ b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/cmd.go @@ -3,7 +3,6 @@ package controllercmd import ( "context" "fmt" - "io/ioutil" "math/rand" "os" "path/filepath" @@ -150,7 +149,7 @@ func (c *ControllerCommandConfig) NewCommandWithContext(ctx context.Context) *co } files := map[string][]byte{} for _, fn := range c.basicFlags.TerminateOnFiles { - fileBytes, err := ioutil.ReadFile(fn) + fileBytes, err := os.ReadFile(fn) if err != nil { klog.Warningf("Unable to read initial content of %q: %v", fn, err) continue // intentionally ignore errors @@ -248,7 +247,7 @@ func (c *ControllerCommandConfig) AddDefaultRotationToConfig(config *operatorv1a startingFileContent[filepath.Join(certDir, "tls.crt")] = []byte{} startingFileContent[filepath.Join(certDir, "tls.key")] = []byte{} - temporaryCertDir, err := ioutil.TempDir("", "serving-cert-") + temporaryCertDir, err := os.MkdirTemp("", "serving-cert-") if err != nil { return nil, nil, err } @@ -268,7 +267,7 @@ func (c *ControllerCommandConfig) AddDefaultRotationToConfig(config *operatorv1a config.ServingInfo.CertFile = filepath.Join(temporaryCertDir, "tls.crt") config.ServingInfo.KeyFile = filepath.Join(temporaryCertDir, "tls.key") // nothing can trust this, so we don't really care about hostnames - servingCert, err := ca.MakeServerCert(sets.NewString("localhost"), 30) + servingCert, err := ca.MakeServerCert(sets.New("localhost"), 30) if err != nil { return nil, nil, err } diff --git a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/flags.go b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/flags.go index d83fe7d451..da326cb216 100644 --- a/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/flags.go +++ b/vendor/github.com/openshift/library-go/pkg/controller/controllercmd/flags.go @@ -3,7 +3,7 @@ package controllercmd import ( "encoding/json" "fmt" - "io/ioutil" + "os" "github.com/spf13/cobra" @@ -62,7 +62,7 @@ func (f *ControllerFlags) ToConfigObj() ([]byte, *unstructured.Unstructured, err return nil, nil, nil } - content, err := ioutil.ReadFile(f.ConfigFile) + content, err := os.ReadFile(f.ConfigFile) if err != nil { return nil, nil, err } @@ -105,7 +105,7 @@ func ReadYAML(data []byte, configScheme *runtime.Scheme, versions ...schema.Grou // ReadYAMLFile read a file and decodes a runtime.Object from the provided scheme func ReadYAMLFile(filename string, configScheme *runtime.Scheme, versions ...schema.GroupVersion) (runtime.Object, error) { - data, err := ioutil.ReadFile(filename) + data, err := os.ReadFile(filename) if err != nil { return nil, err } diff --git a/vendor/github.com/openshift/library-go/pkg/controller/factory/controller_context.go b/vendor/github.com/openshift/library-go/pkg/controller/factory/controller_context.go index 3c585e40af..15b8bdf706 100644 --- a/vendor/github.com/openshift/library-go/pkg/controller/factory/controller_context.go +++ b/vendor/github.com/openshift/library-go/pkg/controller/factory/controller_context.go @@ -96,7 +96,7 @@ func (c syncContext) enqueueKeys(keys ...string) { // (or its tombstone) is a namespace and it matches a name of any namespaces // that we are interested in func namespaceChecker(interestingNamespaces []string) func(obj interface{}) bool { - interestingNamespacesSet := sets.NewString(interestingNamespaces...) + interestingNamespacesSet := sets.New(interestingNamespaces...) return func(obj interface{}) bool { ns, ok := obj.(*corev1.Namespace) diff --git a/vendor/github.com/openshift/library-go/pkg/controller/factory/eventfilters.go b/vendor/github.com/openshift/library-go/pkg/controller/factory/eventfilters.go index b70da95481..62af3c2710 100644 --- a/vendor/github.com/openshift/library-go/pkg/controller/factory/eventfilters.go +++ b/vendor/github.com/openshift/library-go/pkg/controller/factory/eventfilters.go @@ -15,7 +15,7 @@ func ObjectNameToKey(obj runtime.Object) string { } func NamesFilter(names ...string) EventFilterFunc { - nameSet := sets.NewString(names...) + nameSet := sets.New(names...) return func(obj interface{}) bool { metaObj, ok := obj.(metav1.ObjectMetaAccessor) if !ok { diff --git a/vendor/github.com/openshift/library-go/pkg/controller/factory/factory.go b/vendor/github.com/openshift/library-go/pkg/controller/factory/factory.go index 8f910f672a..a431f1f1a6 100644 --- a/vendor/github.com/openshift/library-go/pkg/controller/factory/factory.go +++ b/vendor/github.com/openshift/library-go/pkg/controller/factory/factory.go @@ -8,7 +8,6 @@ import ( "github.com/robfig/cron" "k8s.io/apimachinery/pkg/runtime" errorutil "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/sets" "k8s.io/client-go/tools/cache" "github.com/openshift/library-go/pkg/operator/events" @@ -26,18 +25,17 @@ func DefaultQueueKeysFunc(_ runtime.Object) []string { // Factory is generator that generate standard Kubernetes controllers. // Factory is really generic and should be only used for simple controllers that does not require special stuff.. type Factory struct { - sync SyncFunc - syncContext SyncContext - syncDegradedClient operatorv1helpers.OperatorClient - resyncInterval time.Duration - resyncSchedules []string - informers []filteredInformers - informerQueueKeys []informersWithQueueKey - bareInformers []Informer - postStartHooks []PostStartHook - namespaceInformers []*namespaceInformer - cachesToSync []cache.InformerSynced - interestingNamespaces sets.String + sync SyncFunc + syncContext SyncContext + syncDegradedClient operatorv1helpers.OperatorClient + resyncInterval time.Duration + resyncSchedules []string + informers []filteredInformers + informerQueueKeys []informersWithQueueKey + bareInformers []Informer + postStartHooks []PostStartHook + namespaceInformers []*namespaceInformer + cachesToSync []cache.InformerSynced } // Informer represents any structure that allow to register event handlers and informs if caches are synced. diff --git a/vendor/github.com/openshift/library-go/pkg/crypto/crypto.go b/vendor/github.com/openshift/library-go/pkg/crypto/crypto.go index 62d98829b4..63184d2eb4 100644 --- a/vendor/github.com/openshift/library-go/pkg/crypto/crypto.go +++ b/vendor/github.com/openshift/library-go/pkg/crypto/crypto.go @@ -746,7 +746,7 @@ func (ca *CA) MakeAndWriteSubCA(certFile, keyFile, serialFile, name string, expi }, nil } -func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, bool, error) { +func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.Set[string], expireDays int) (*TLSCertificateConfig, bool, error) { certConfig, err := GetServerCert(certFile, keyFile, hostnames) if err != nil { certConfig, err = ca.MakeAndWriteServerCert(certFile, keyFile, hostnames, expireDays) @@ -756,14 +756,14 @@ func (ca *CA) EnsureServerCert(certFile, keyFile string, hostnames sets.String, return certConfig, false, nil } -func GetServerCert(certFile, keyFile string, hostnames sets.String) (*TLSCertificateConfig, error) { +func GetServerCert(certFile, keyFile string, hostnames sets.Set[string]) (*TLSCertificateConfig, error) { server, err := GetTLSCertificateConfig(certFile, keyFile) if err != nil { return nil, err } cert := server.Certs[0] - certNames := sets.NewString() + certNames := sets.New[string]() for _, ip := range cert.IPAddresses { certNames.Insert(ip.String()) } @@ -776,7 +776,7 @@ func GetServerCert(certFile, keyFile string, hostnames sets.String) (*TLSCertifi return nil, fmt.Errorf("Existing server certificate in %s does not match required hostnames.", certFile) } -func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.String, expireDays int) (*TLSCertificateConfig, error) { +func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.Set[string], expireDays int) (*TLSCertificateConfig, error) { klog.V(4).Infof("Generating server certificate in %s, key in %s", certFile, keyFile) server, err := ca.MakeServerCert(hostnames, expireDays) @@ -793,11 +793,11 @@ func (ca *CA) MakeAndWriteServerCert(certFile, keyFile string, hostnames sets.St // if the extension attempt failed. type CertificateExtensionFunc func(*x509.Certificate) error -func (ca *CA) MakeServerCert(hostnames sets.String, expireDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error) { +func (ca *CA) MakeServerCert(hostnames sets.Set[string], expireDays int, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error) { serverPublicKey, serverPrivateKey, publicKeyHash, _ := newKeyPairWithHash() authorityKeyId := ca.Config.Certs[0].SubjectKeyId subjectKeyId := publicKeyHash - serverTemplate := newServerCertificateTemplate(pkix.Name{CommonName: hostnames.List()[0]}, hostnames.List(), expireDays, time.Now, authorityKeyId, subjectKeyId) + serverTemplate := newServerCertificateTemplate(pkix.Name{CommonName: sets.List(hostnames)[0]}, sets.List(hostnames), expireDays, time.Now, authorityKeyId, subjectKeyId) for _, fn := range fns { if err := fn(serverTemplate); err != nil { return nil, err @@ -814,11 +814,11 @@ func (ca *CA) MakeServerCert(hostnames sets.String, expireDays int, fns ...Certi return server, nil } -func (ca *CA) MakeServerCertForDuration(hostnames sets.String, lifetime time.Duration, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error) { +func (ca *CA) MakeServerCertForDuration(hostnames sets.Set[string], lifetime time.Duration, fns ...CertificateExtensionFunc) (*TLSCertificateConfig, error) { serverPublicKey, serverPrivateKey, publicKeyHash, _ := newKeyPairWithHash() authorityKeyId := ca.Config.Certs[0].SubjectKeyId subjectKeyId := publicKeyHash - serverTemplate := newServerCertificateTemplateForDuration(pkix.Name{CommonName: hostnames.List()[0]}, hostnames.List(), lifetime, time.Now, authorityKeyId, subjectKeyId) + serverTemplate := newServerCertificateTemplateForDuration(pkix.Name{CommonName: sets.List(hostnames)[0]}, sets.List(hostnames), lifetime, time.Now, authorityKeyId, subjectKeyId) for _, fn := range fns { if err := fn(serverTemplate); err != nil { return nil, err diff --git a/vendor/github.com/openshift/library-go/pkg/image/imageutil/helpers.go b/vendor/github.com/openshift/library-go/pkg/image/imageutil/helpers.go index 24b8533f13..e74acf8637 100644 --- a/vendor/github.com/openshift/library-go/pkg/image/imageutil/helpers.go +++ b/vendor/github.com/openshift/library-go/pkg/image/imageutil/helpers.go @@ -7,7 +7,7 @@ import ( "sort" "strings" - "github.com/blang/semver" + "github.com/blang/semver/v4" "github.com/openshift/api/image/docker10" imagev1 "github.com/openshift/api/image/v1" diff --git a/vendor/github.com/openshift/library-go/pkg/monitor/health/prober.go b/vendor/github.com/openshift/library-go/pkg/monitor/health/prober.go index 57a11aa726..cf805f7135 100644 --- a/vendor/github.com/openshift/library-go/pkg/monitor/health/prober.go +++ b/vendor/github.com/openshift/library-go/pkg/monitor/health/prober.go @@ -180,29 +180,29 @@ func (sm *Prober) refreshTargetsLocked() { sm.refreshTargets = false freshTargets := sm.targetProvider.CurrentTargetsList() - freshTargetSet := sets.NewString(freshTargets...) + freshTargetSet := sets.New(freshTargets...) - currentTargetsSet := sets.NewString(sm.targetsToMonitor...) + currentTargetsSet := sets.New(sm.targetsToMonitor...) newTargetsToMonitorSet := freshTargetSet.Difference(currentTargetsSet) if newTargetsToMonitorSet.Len() > 0 { - klog.V(2).Infof("health monitor observed new targets = %v", newTargetsToMonitorSet.List()) + klog.V(2).Infof("health monitor observed new targets = %v", sets.List(newTargetsToMonitorSet)) } removedTargetsToMonitorSet := currentTargetsSet.Difference(freshTargetSet) if removedTargetsToMonitorSet.Len() > 0 { - klog.V(2).Infof("health monitor will stop checking the following targets targets = %v", removedTargetsToMonitorSet.List()) + klog.V(2).Infof("health monitor will stop checking the following targets targets = %v", sets.List(removedTargetsToMonitorSet)) for targetToRemove := range removedTargetsToMonitorSet { delete(sm.consecutiveSuccessfulProbes, targetToRemove) delete(sm.consecutiveFailedProbes, targetToRemove) } - healthyTargetsSet := sets.NewString(sm.healthyTargets...) - healthyTargetsSet.Delete(removedTargetsToMonitorSet.List()...) - sm.healthyTargets = healthyTargetsSet.List() + healthyTargetsSet := sets.New(sm.healthyTargets...) + healthyTargetsSet.Delete(removedTargetsToMonitorSet.UnsortedList()...) + sm.healthyTargets = sets.List(healthyTargetsSet) - unhealthyTargetsSet := sets.NewString(sm.unhealthyTargets...) - unhealthyTargetsSet.Delete(removedTargetsToMonitorSet.List()...) - sm.unhealthyTargets = unhealthyTargetsSet.List() + unhealthyTargetsSet := sets.New(sm.unhealthyTargets...) + unhealthyTargetsSet.Delete(removedTargetsToMonitorSet.UnsortedList()...) + sm.unhealthyTargets = sets.List(unhealthyTargetsSet) } sm.targetsToMonitor = freshTargets @@ -266,16 +266,16 @@ func (sm *Prober) updateHealthChecksFor(currentHealthCheckProbes []targetErrTupl } } - newUnhealthyTargetsSet := sets.NewString(newUnhealthyTargets...) - newHealthyTargetsSet := sets.NewString(newHealthyTargets...) + newUnhealthyTargetsSet := sets.New(newUnhealthyTargets...) + newHealthyTargetsSet := sets.New(newHealthyTargets...) notifyListeners := false // detect unhealthy targets - previouslyUnhealthyTargetsSet := sets.NewString(sm.unhealthyTargets...) + previouslyUnhealthyTargetsSet := sets.New(sm.unhealthyTargets...) currentlyUnhealthyTargetsSet := previouslyUnhealthyTargetsSet.Union(newUnhealthyTargetsSet) - currentlyUnhealthyTargetsSet.Delete(newHealthyTargetsSet.List()...) + currentlyUnhealthyTargetsSet.Delete(newHealthyTargetsSet.UnsortedList()...) if !currentlyUnhealthyTargetsSet.Equal(previouslyUnhealthyTargetsSet) { - sm.unhealthyTargets = currentlyUnhealthyTargetsSet.List() + sm.unhealthyTargets = sets.List(currentlyUnhealthyTargetsSet) klog.V(2).Infof("observed the following unhealthy targets %v", sm.unhealthyTargets) logUnhealthyTargets(sm.unhealthyTargets, currentHealthCheckProbes) @@ -289,11 +289,11 @@ func (sm *Prober) updateHealthChecksFor(currentHealthCheckProbes []targetErrTupl } // detect healthy targets - previouslyHealthyTargetsSet := sets.NewString(sm.healthyTargets...) + previouslyHealthyTargetsSet := sets.New(sm.healthyTargets...) currentlyHealthyTargetsSet := previouslyHealthyTargetsSet.Union(newHealthyTargetsSet) - currentlyHealthyTargetsSet.Delete(newUnhealthyTargetsSet.List()...) + currentlyHealthyTargetsSet.Delete(newUnhealthyTargetsSet.UnsortedList()...) if !currentlyHealthyTargetsSet.Equal(previouslyHealthyTargetsSet) { - sm.healthyTargets = currentlyHealthyTargetsSet.List() + sm.healthyTargets = sets.List(currentlyHealthyTargetsSet) klog.V(2).Infof("observed the following healthy targets %v", sm.healthyTargets) exportedHealthyTargets := make([]string, len(sm.healthyTargets)) diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/annotations.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/annotations.go index bbf929861c..5ce9fa2934 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/annotations.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/annotations.go @@ -33,7 +33,7 @@ func (a AdditionalAnnotations) EnsureTLSMetadataUpdate(meta *metav1.ObjectMeta) modified = true } if len(a.AutoRegenerateAfterOfflineExpiry) > 0 && meta.Annotations[AutoRegenerateAfterOfflineExpiryAnnotation] != a.AutoRegenerateAfterOfflineExpiry { - meta.Annotations[AutoRegenerateAfterOfflineExpiryAnnotation] = a.Description + meta.Annotations[AutoRegenerateAfterOfflineExpiryAnnotation] = a.AutoRegenerateAfterOfflineExpiry modified = true } return modified diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go index 67015d7b1b..5159f562a3 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/client_cert_rotation_controller.go @@ -122,7 +122,7 @@ func (c CertRotationController) Sync(ctx context.Context, syncCtx factory.SyncCo } func (c CertRotationController) SyncWorker(ctx context.Context) error { - signingCertKeyPair, err := c.RotatedSigningCASecret.EnsureSigningCertKeyPair(ctx) + signingCertKeyPair, _, err := c.RotatedSigningCASecret.EnsureSigningCertKeyPair(ctx) if err != nil { return err } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/metadata.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/metadata.go new file mode 100644 index 0000000000..f64bde8fe0 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/metadata.go @@ -0,0 +1,36 @@ +package certrotation + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +func ensureMetadataUpdate(secret *corev1.Secret, owner *metav1.OwnerReference, additionalAnnotations AdditionalAnnotations) bool { + needsMetadataUpdate := false + // no ownerReference set + if owner != nil { + needsMetadataUpdate = ensureOwnerReference(&secret.ObjectMeta, owner) + } + // ownership annotations not set + return additionalAnnotations.EnsureTLSMetadataUpdate(&secret.ObjectMeta) || needsMetadataUpdate +} + +func ensureSecretTLSTypeSet(secret *corev1.Secret) bool { + // Existing secret not found - no need to update metadata (will be done by needNewSigningCertKeyPair / NeedNewTargetCertKeyPair) + if len(secret.ResourceVersion) == 0 { + return false + } + + // convert outdated secret type (created by pre 4.7 installer) + if secret.Type != corev1.SecretTypeTLS { + secret.Type = corev1.SecretTypeTLS + // wipe secret contents if tls.crt and tls.key are missing + _, certExists := secret.Data[corev1.TLSCertKey] + _, keyExists := secret.Data[corev1.TLSPrivateKeyKey] + if !certExists || !keyExists { + secret.Data = map[string][]byte{} + } + return true + } + return false +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go index d143dc3056..4cf805bb7b 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go @@ -52,57 +52,72 @@ type RotatedSigningCASecret struct { Lister corev1listers.SecretLister Client corev1client.SecretsGetter EventRecorder events.Recorder + + // Deprecated: DO NOT enable, it is intended as a short term hack for a very specific use case, + // and it works in tandem with a particular carry patch applied to the openshift kube-apiserver. + // we will remove this when we migrate all of the affected secret + // objects to their intended type: https://issues.redhat.com/browse/API-1800 + UseSecretUpdateOnly bool } -func (c RotatedSigningCASecret) EnsureSigningCertKeyPair(ctx context.Context) (*crypto.CA, error) { +// EnsureSigningCertKeyPair manages the entire lifecycle of a signer cert as a secret, from creation to continued rotation. +// It always returns the currently used CA pair, a bool indicating whether it was created/updated within this function call and an error. +func (c RotatedSigningCASecret) EnsureSigningCertKeyPair(ctx context.Context) (*crypto.CA, bool, error) { originalSigningCertKeyPairSecret, err := c.Lister.Secrets(c.Namespace).Get(c.Name) if err != nil && !apierrors.IsNotFound(err) { - return nil, err + return nil, false, err } signingCertKeyPairSecret := originalSigningCertKeyPairSecret.DeepCopy() if apierrors.IsNotFound(err) { // create an empty one - signingCertKeyPairSecret = &corev1.Secret{ObjectMeta: NewTLSArtifactObjectMeta( - c.Name, - c.Namespace, - c.AdditionalAnnotations, - )} + signingCertKeyPairSecret = &corev1.Secret{ + ObjectMeta: NewTLSArtifactObjectMeta( + c.Name, + c.Namespace, + c.AdditionalAnnotations, + ), + Type: corev1.SecretTypeTLS, + } } - signingCertKeyPairSecret.Type = corev1.SecretTypeTLS - needsMetadataUpdate := false - if c.Owner != nil { - needsMetadataUpdate = ensureOwnerReference(&signingCertKeyPairSecret.ObjectMeta, c.Owner) + applyFn := resourceapply.ApplySecret + if c.UseSecretUpdateOnly { + applyFn = resourceapply.ApplySecretDoNotUse } - needsMetadataUpdate = c.AdditionalAnnotations.EnsureTLSMetadataUpdate(&signingCertKeyPairSecret.ObjectMeta) || needsMetadataUpdate - if needsMetadataUpdate && len(signingCertKeyPairSecret.ResourceVersion) > 0 { - _, _, err := resourceapply.ApplySecret(ctx, c.Client, c.EventRecorder, signingCertKeyPairSecret) + + // apply necessary metadata (possibly via delete+recreate) if secret exists + // this is done before content update to prevent unexpected rollouts + if ensureMetadataUpdate(signingCertKeyPairSecret, c.Owner, c.AdditionalAnnotations) && ensureSecretTLSTypeSet(signingCertKeyPairSecret) { + actualSigningCertKeyPairSecret, _, err := applyFn(ctx, c.Client, c.EventRecorder, signingCertKeyPairSecret) if err != nil { - return nil, err + return nil, false, err } + signingCertKeyPairSecret = actualSigningCertKeyPairSecret } + signerUpdated := false if needed, reason := needNewSigningCertKeyPair(signingCertKeyPairSecret.Annotations, c.Refresh, c.RefreshOnlyWhenExpired); needed { c.EventRecorder.Eventf("SignerUpdateRequired", "%q in %q requires a new signing cert/key pair: %v", c.Name, c.Namespace, reason) if err := setSigningCertKeyPairSecret(signingCertKeyPairSecret, c.Validity); err != nil { - return nil, err + return nil, false, err } LabelAsManagedSecret(signingCertKeyPairSecret, CertificateTypeSigner) - actualSigningCertKeyPairSecret, _, err := resourceapply.ApplySecret(ctx, c.Client, c.EventRecorder, signingCertKeyPairSecret) + actualSigningCertKeyPairSecret, _, err := applyFn(ctx, c.Client, c.EventRecorder, signingCertKeyPairSecret) if err != nil { - return nil, err + return nil, false, err } signingCertKeyPairSecret = actualSigningCertKeyPairSecret + signerUpdated = true } // at this point, the secret has the correct signer, so we should read that signer to be able to sign signingCertKeyPair, err := crypto.GetCAFromBytes(signingCertKeyPairSecret.Data["tls.crt"], signingCertKeyPairSecret.Data["tls.key"]) if err != nil { - return nil, err + return nil, signerUpdated, err } - return signingCertKeyPair, nil + return signingCertKeyPair, signerUpdated, nil } // ensureOwnerReference adds the owner to the list of owner references in meta, if necessary diff --git a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go index ad1caa6379..99bdc93bea 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/certrotation/target.go @@ -68,13 +68,19 @@ type RotatedSelfSignedCertKeySecret struct { Lister corev1listers.SecretLister Client corev1client.SecretsGetter EventRecorder events.Recorder + + // Deprecated: DO NOT eanble, it is intended as a short term hack for a very specific use case, + // and it works in tandem with a particular carry patch applied to the openshift kube-apiserver. + // we will remove this when we migrate all of the affected secret + // objects to their intended type: https://issues.redhat.com/browse/API-1800 + UseSecretUpdateOnly bool } type TargetCertCreator interface { // NewCertificate creates a new key-cert pair with the given signer. NewCertificate(signer *crypto.CA, validity time.Duration) (*crypto.TLSCertificateConfig, error) // NeedNewTargetCertKeyPair decides whether a new cert-key pair is needed. It returns a non-empty reason if it is the case. - NeedNewTargetCertKeyPair(currentSecretAnnotations map[string]string, signer *crypto.CA, caBundleCerts []*x509.Certificate, refresh time.Duration, refreshOnlyWhenExpired bool) string + NeedNewTargetCertKeyPair(currentCertSecret *corev1.Secret, signer *crypto.CA, caBundleCerts []*x509.Certificate, refresh time.Duration, refreshOnlyWhenExpired bool) string // SetAnnotations gives an option to override or set additional annotations SetAnnotations(cert *crypto.TLSCertificateConfig, annotations map[string]string) map[string]string } @@ -97,27 +103,32 @@ func (c RotatedSelfSignedCertKeySecret) EnsureTargetCertKeyPair(ctx context.Cont targetCertKeyPairSecret := originalTargetCertKeyPairSecret.DeepCopy() if apierrors.IsNotFound(err) { // create an empty one - targetCertKeyPairSecret = &corev1.Secret{ObjectMeta: NewTLSArtifactObjectMeta( - c.Name, - c.Namespace, - c.AdditionalAnnotations, - )} + targetCertKeyPairSecret = &corev1.Secret{ + ObjectMeta: NewTLSArtifactObjectMeta( + c.Name, + c.Namespace, + c.AdditionalAnnotations, + ), + Type: corev1.SecretTypeTLS, + } } - targetCertKeyPairSecret.Type = corev1.SecretTypeTLS - needsMetadataUpdate := false - if c.Owner != nil { - needsMetadataUpdate = ensureOwnerReference(&targetCertKeyPairSecret.ObjectMeta, c.Owner) + applyFn := resourceapply.ApplySecret + if c.UseSecretUpdateOnly { + applyFn = resourceapply.ApplySecretDoNotUse } - needsMetadataUpdate = c.AdditionalAnnotations.EnsureTLSMetadataUpdate(&targetCertKeyPairSecret.ObjectMeta) || needsMetadataUpdate - if needsMetadataUpdate && len(targetCertKeyPairSecret.ResourceVersion) > 0 { - _, _, err := resourceapply.ApplySecret(ctx, c.Client, c.EventRecorder, targetCertKeyPairSecret) + + // apply necessary metadata (possibly via delete+recreate) if secret exists + // this is done before content update to prevent unexpected rollouts + if ensureMetadataUpdate(targetCertKeyPairSecret, c.Owner, c.AdditionalAnnotations) && ensureSecretTLSTypeSet(targetCertKeyPairSecret) { + actualTargetCertKeyPairSecret, _, err := applyFn(ctx, c.Client, c.EventRecorder, targetCertKeyPairSecret) if err != nil { return nil, err } + targetCertKeyPairSecret = actualTargetCertKeyPairSecret } - if reason := c.CertCreator.NeedNewTargetCertKeyPair(targetCertKeyPairSecret.Annotations, signingCertKeyPair, caBundleCerts, c.Refresh, c.RefreshOnlyWhenExpired); len(reason) > 0 { + if reason := c.CertCreator.NeedNewTargetCertKeyPair(targetCertKeyPairSecret, signingCertKeyPair, caBundleCerts, c.Refresh, c.RefreshOnlyWhenExpired); len(reason) > 0 { c.EventRecorder.Eventf("TargetUpdateRequired", "%q in %q requires a new target cert/key pair: %v", c.Name, c.Namespace, reason) if err := setTargetCertKeyPairSecret(targetCertKeyPairSecret, c.Validity, signingCertKeyPair, c.CertCreator, c.AdditionalAnnotations); err != nil { return nil, err @@ -125,7 +136,7 @@ func (c RotatedSelfSignedCertKeySecret) EnsureTargetCertKeyPair(ctx context.Cont LabelAsManagedSecret(targetCertKeyPairSecret, CertificateTypeTarget) - actualTargetCertKeyPairSecret, _, err := resourceapply.ApplySecret(ctx, c.Client, c.EventRecorder, targetCertKeyPairSecret) + actualTargetCertKeyPairSecret, _, err := applyFn(ctx, c.Client, c.EventRecorder, targetCertKeyPairSecret) if err != nil { return nil, err } @@ -252,8 +263,8 @@ func (r *ClientRotation) NewCertificate(signer *crypto.CA, validity time.Duratio return signer.MakeClientCertificateForDuration(r.UserInfo, validity) } -func (r *ClientRotation) NeedNewTargetCertKeyPair(annotations map[string]string, signer *crypto.CA, caBundleCerts []*x509.Certificate, refresh time.Duration, refreshOnlyWhenExpired bool) string { - return needNewTargetCertKeyPair(annotations, signer, caBundleCerts, refresh, refreshOnlyWhenExpired) +func (r *ClientRotation) NeedNewTargetCertKeyPair(currentCertSecret *corev1.Secret, signer *crypto.CA, caBundleCerts []*x509.Certificate, refresh time.Duration, refreshOnlyWhenExpired bool) string { + return needNewTargetCertKeyPair(currentCertSecret.Annotations, signer, caBundleCerts, refresh, refreshOnlyWhenExpired) } func (r *ClientRotation) SetAnnotations(cert *crypto.TLSCertificateConfig, annotations map[string]string) map[string]string { @@ -270,36 +281,36 @@ func (r *ServingRotation) NewCertificate(signer *crypto.CA, validity time.Durati if len(r.Hostnames()) == 0 { return nil, fmt.Errorf("no hostnames set") } - return signer.MakeServerCertForDuration(sets.NewString(r.Hostnames()...), validity, r.CertificateExtensionFn...) + return signer.MakeServerCertForDuration(sets.New(r.Hostnames()...), validity, r.CertificateExtensionFn...) } func (r *ServingRotation) RecheckChannel() <-chan struct{} { return r.HostnamesChanged } -func (r *ServingRotation) NeedNewTargetCertKeyPair(annotations map[string]string, signer *crypto.CA, caBundleCerts []*x509.Certificate, refresh time.Duration, refreshOnlyWhenExpired bool) string { - reason := needNewTargetCertKeyPair(annotations, signer, caBundleCerts, refresh, refreshOnlyWhenExpired) +func (r *ServingRotation) NeedNewTargetCertKeyPair(currentCertSecret *corev1.Secret, signer *crypto.CA, caBundleCerts []*x509.Certificate, refresh time.Duration, refreshOnlyWhenExpired bool) string { + reason := needNewTargetCertKeyPair(currentCertSecret.Annotations, signer, caBundleCerts, refresh, refreshOnlyWhenExpired) if len(reason) > 0 { return reason } - return r.missingHostnames(annotations) + return r.missingHostnames(currentCertSecret.Annotations) } func (r *ServingRotation) missingHostnames(annotations map[string]string) string { - existingHostnames := sets.NewString(strings.Split(annotations[CertificateHostnames], ",")...) - requiredHostnames := sets.NewString(r.Hostnames()...) + existingHostnames := sets.New(strings.Split(annotations[CertificateHostnames], ",")...) + requiredHostnames := sets.New(r.Hostnames()...) if !existingHostnames.Equal(requiredHostnames) { existingNotRequired := existingHostnames.Difference(requiredHostnames) requiredNotExisting := requiredHostnames.Difference(existingHostnames) - return fmt.Sprintf("%q are existing and not required, %q are required and not existing", strings.Join(existingNotRequired.List(), ","), strings.Join(requiredNotExisting.List(), ",")) + return fmt.Sprintf("%q are existing and not required, %q are required and not existing", strings.Join(sets.List(existingNotRequired), ","), strings.Join(sets.List(requiredNotExisting), ",")) } return "" } func (r *ServingRotation) SetAnnotations(cert *crypto.TLSCertificateConfig, annotations map[string]string) map[string]string { - hostnames := sets.String{} + hostnames := sets.Set[string]{} for _, ip := range cert.Certs[0].IPAddresses { hostnames.Insert(ip.String()) } @@ -308,7 +319,7 @@ func (r *ServingRotation) SetAnnotations(cert *crypto.TLSCertificateConfig, anno } // List does a sort so that we have a consistent representation - annotations[CertificateHostnames] = strings.Join(hostnames.List(), ",") + annotations[CertificateHostnames] = strings.Join(sets.List(hostnames), ",") return annotations } @@ -323,8 +334,8 @@ func (r *SignerRotation) NewCertificate(signer *crypto.CA, validity time.Duratio return crypto.MakeCAConfigForDuration(signerName, validity, signer) } -func (r *SignerRotation) NeedNewTargetCertKeyPair(annotations map[string]string, signer *crypto.CA, caBundleCerts []*x509.Certificate, refresh time.Duration, refreshOnlyWhenExpired bool) string { - return needNewTargetCertKeyPair(annotations, signer, caBundleCerts, refresh, refreshOnlyWhenExpired) +func (r *SignerRotation) NeedNewTargetCertKeyPair(currentCertSecret *corev1.Secret, signer *crypto.CA, caBundleCerts []*x509.Certificate, refresh time.Duration, refreshOnlyWhenExpired bool) string { + return needNewTargetCertKeyPair(currentCertSecret.Annotations, signer, caBundleCerts, refresh, refreshOnlyWhenExpired) } func (r *SignerRotation) SetAnnotations(cert *crypto.TLSCertificateConfig, annotations map[string]string) map[string]string { diff --git a/vendor/github.com/openshift/library-go/pkg/operator/csr/csr_approver.go b/vendor/github.com/openshift/library-go/pkg/operator/csr/csr_approver.go index d9d2b3ceba..2c2f143d90 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/csr/csr_approver.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/csr/csr_approver.go @@ -175,7 +175,7 @@ func getCertApprovalCondition(status *certapiv1.CertificateSigningRequestStatus) } type ServiceAccountApprover struct { - saGroups sets.String // saGroups is the set of groups for the SA expected to have created the CSR + saGroups sets.Set[string] // saGroups is the set of groups for the SA expected to have created the CSR saName string expectedSubject string } @@ -186,7 +186,7 @@ func NewServiceAccountApprover(saNamespace, saName, expectedSubject string, addi return &ServiceAccountApprover{ saName: serviceaccount.MakeUsername(saNamespace, saName), - saGroups: sets.NewString(append(saGroups, additionalGroups...)...), + saGroups: sets.New(append(saGroups, additionalGroups...)...), expectedSubject: expectedSubject, } } @@ -200,8 +200,8 @@ func (a *ServiceAccountApprover) Approve(csrObj *certapiv1.CertificateSigningReq return CSRDenied, fmt.Sprintf("CSR %q was created by an unexpected user: %q", csrObj.Name, csrObj.Spec.Username), nil } - if csrGroups := sets.NewString(csrObj.Spec.Groups...); !csrGroups.Equal(a.saGroups) { - return CSRDenied, fmt.Sprintf("CSR %q was created by a user with unexpected groups: %v", csrObj.Name, csrGroups.List()), nil + if csrGroups := sets.New(csrObj.Spec.Groups...); !csrGroups.Equal(a.saGroups) { + return CSRDenied, fmt.Sprintf("CSR %q was created by a user with unexpected groups: %v", csrObj.Name, sets.List(csrGroups)), nil } if expectedSubject := a.expectedSubject; x509CSR.Subject.String() != expectedSubject { @@ -253,11 +253,11 @@ func (f *LabelFilter) Matches(csr *certapiv1.CertificateSigningRequest) bool { } type NamesFilter struct { - names sets.String + names sets.Set[string] } func NewNamesFilter(names ...string) *NamesFilter { - return &NamesFilter{sets.NewString(names...)} + return &NamesFilter{sets.New(names...)} } func (f *NamesFilter) Matches(csr *certapiv1.CertificateSigningRequest) bool { @@ -265,11 +265,11 @@ func (f *NamesFilter) Matches(csr *certapiv1.CertificateSigningRequest) bool { } type RequestCommonNameFilter struct { - commonNames sets.String + commonNames sets.Set[string] } func NewRequestCommonNameFilter(commonNames ...string) *RequestCommonNameFilter { - return &RequestCommonNameFilter{sets.NewString(commonNames...)} + return &RequestCommonNameFilter{sets.New(commonNames...)} } func (f *RequestCommonNameFilter) Match(csr *certapiv1.CertificateSigningRequest) bool { diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go index 6b199ac535..fb753fde4c 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/admissionregistration.go @@ -48,13 +48,13 @@ func ApplyMutatingWebhookConfigurationImproved(ctx context.Context, client admis } required := requiredOriginal.DeepCopy() - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) copyMutatingWebhookCABundle(existing, required) webhooksEquivalent := equality.Semantic.DeepEqual(existingCopy.Webhooks, required.Webhooks) - if webhooksEquivalent && !*modified { + if webhooksEquivalent && !modified { // need to store the original so that the early comparison of hashes is done based on the original, not a mutated copy cache.UpdateCachedResourceMetadata(requiredOriginal, existingCopy) return existingCopy, false, nil @@ -123,13 +123,13 @@ func ApplyValidatingWebhookConfigurationImproved(ctx context.Context, client adm } required := requiredOriginal.DeepCopy() - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) copyValidatingWebhookCABundle(existing, required) webhooksEquivalent := equality.Semantic.DeepEqual(existingCopy.Webhooks, required.Webhooks) - if webhooksEquivalent && !*modified { + if webhooksEquivalent && !modified { // need to store the original so that the early comparison of hashes is done based on the original, not a mutated copy cache.UpdateCachedResourceMetadata(requiredOriginal, existingCopy) return existingCopy, false, nil diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiextensions.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiextensions.go index ca712d5577..587c9bd556 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiextensions.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiextensions.go @@ -26,10 +26,10 @@ func ApplyCustomResourceDefinitionV1(ctx context.Context, client apiextclientv1. return nil, false, err } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureCustomResourceDefinitionV1(modified, existingCopy, *required) - if !*modified { + resourcemerge.EnsureCustomResourceDefinitionV1(&modified, existingCopy, *required) + if !modified { return existing, false, nil } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiregistration.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiregistration.go index e9174dc50b..931a6c0e1b 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiregistration.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apiregistration.go @@ -28,15 +28,15 @@ func ApplyAPIService(ctx context.Context, client apiregistrationv1client.APIServ return nil, false, err } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) serviceSame := equality.Semantic.DeepEqual(existingCopy.Spec.Service, required.Spec.Service) prioritySame := existingCopy.Spec.VersionPriority == required.Spec.VersionPriority && existingCopy.Spec.GroupPriorityMinimum == required.Spec.GroupPriorityMinimum insecureSame := existingCopy.Spec.InsecureSkipTLSVerify == required.Spec.InsecureSkipTLSVerify // there was no change to metadata, the service and priorities were right - if !*modified && serviceSame && prioritySame && insecureSame { + if !modified && serviceSame && prioritySame && insecureSame { return existingCopy, false, nil } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apps.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apps.go index d683fd7de4..0560c66abc 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apps.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/apps.go @@ -125,12 +125,12 @@ func ApplyDeploymentWithForce(ctx context.Context, client appsclientv1.Deploymen return nil, false, err } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) // there was no change to metadata, the generation was right, and we weren't asked for force the deployment - if !*modified && existingCopy.ObjectMeta.Generation == expectedGeneration && !forceRollout { + if !modified && existingCopy.ObjectMeta.Generation == expectedGeneration && !forceRollout { return existingCopy, false, nil } @@ -212,12 +212,12 @@ func ApplyDaemonSetWithForce(ctx context.Context, client appsclientv1.DaemonSets return nil, false, err } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) // there was no change to metadata, the generation was right, and we weren't asked for force the deployment - if !*modified && existingCopy.ObjectMeta.Generation == expectedGeneration && !forceRollout { + if !modified && existingCopy.ObjectMeta.Generation == expectedGeneration && !forceRollout { return existingCopy, false, nil } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go index 96afbdb391..ba20f7b1c8 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go @@ -18,6 +18,7 @@ import ( "k8s.io/apimachinery/pkg/util/sets" coreclientv1 "k8s.io/client-go/kubernetes/typed/core/v1" "k8s.io/klog/v2" + "k8s.io/utils/ptr" ) // TODO find way to create a registry of these based on struct mapping or some such that forces users to get this right @@ -84,7 +85,15 @@ func ApplyConfigMap(ctx context.Context, client coreclientv1.ConfigMapsGetter, r // ApplySecret merges objectmeta, requires data func ApplySecret(ctx context.Context, client coreclientv1.SecretsGetter, recorder events.Recorder, required *corev1.Secret) (*corev1.Secret, bool, error) { - return ApplySecretImproved(ctx, client, recorder, required, noCache) + return applySecretImproved(ctx, client, recorder, required, noCache, false) +} + +// ApplySecretDoNotUse is depreated and will be removed +// Deprecated: DO NOT USE, it is intended as a short term hack for a very specific use case, +// and it works in tandem with a particular carry patch applied to the openshift kube-apiserver. +// Use ApplySecret instead. +func ApplySecretDoNotUse(ctx context.Context, client coreclientv1.SecretsGetter, recorder events.Recorder, required *corev1.Secret) (*corev1.Secret, bool, error) { + return applySecretImproved(ctx, client, recorder, required, noCache, true) } // ApplyNamespace merges objectmeta, does not worry about anything else @@ -106,11 +115,11 @@ func ApplyNamespaceImproved(ctx context.Context, client coreclientv1.NamespacesG return existing, false, nil } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) - if !*modified { + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) + if !modified { cache.UpdateCachedResourceMetadata(required, existingCopy) return existingCopy, false, nil } @@ -153,12 +162,12 @@ func ApplyServiceImproved(ctx context.Context, client coreclientv1.ServicesGette return existing, false, nil } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() // This will catch also changes between old `required.spec` and current `required.spec`, because // the annotation from SetSpecHashAnnotation will be different. - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) selectorSame := equality.Semantic.DeepEqual(existingCopy.Spec.Selector, required.Spec.Selector) typeSame := false @@ -168,7 +177,7 @@ func ApplyServiceImproved(ctx context.Context, client coreclientv1.ServicesGette typeSame = true } - if selectorSame && typeSame && !*modified { + if selectorSame && typeSame && !modified { cache.UpdateCachedResourceMetadata(required, existingCopy) return existingCopy, false, nil } @@ -205,11 +214,11 @@ func ApplyPodImproved(ctx context.Context, client coreclientv1.PodsGetter, recor return existing, false, nil } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) - if !*modified { + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) + if !modified { cache.UpdateCachedResourceMetadata(required, existingCopy) return existingCopy, false, nil } @@ -243,11 +252,11 @@ func ApplyServiceAccountImproved(ctx context.Context, client coreclientv1.Servic return existing, false, nil } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) - if !*modified { + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) + if !modified { cache.UpdateCachedResourceMetadata(required, existingCopy) return existingCopy, false, nil } @@ -279,22 +288,31 @@ func ApplyConfigMapImproved(ctx context.Context, client coreclientv1.ConfigMapsG return existing, false, nil } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) + // injected by cluster-network-operator: https://github.com/openshift/cluster-network-operator/blob/acc819ee0f3424a341b9ad4e1e83ca0a742c230a/docs/architecture.md?L192#configmap-ca-injector caBundleInjected := required.Labels["config.openshift.io/inject-trusted-cabundle"] == "true" _, newCABundleRequired := required.Data["ca-bundle.crt"] + // injected by service-ca-operator: https://github.com/openshift/service-ca-operator/blob/f409fb9e308ace1e5f8596add187d2239b073e23/README.md#openshift-service-ca-operator + serviceCAInjected := required.Annotations["service.beta.openshift.io/inject-cabundle"] == "true" + _, newServiceCARequired := required.Data["service-ca.crt"] + var modifiedKeys []string for existingCopyKey, existingCopyValue := range existingCopy.Data { - // if we're injecting a ca-bundle and the required isn't forcing the value, then don't use the value of existing + // if we're injecting a ca-bundle or a service-ca and the required isn't forcing the value, then don't use the value of existing // to drive a diff detection. If required has set the value then we need to force the value in order to have apply // behave predictably. if caBundleInjected && !newCABundleRequired && existingCopyKey == "ca-bundle.crt" { continue } + if serviceCAInjected && !newServiceCARequired && existingCopyKey == "service-ca.crt" { + continue + } + if requiredValue, ok := required.Data[existingCopyKey]; !ok || (existingCopyValue != requiredValue) { modifiedKeys = append(modifiedKeys, "data."+existingCopyKey) } @@ -316,7 +334,7 @@ func ApplyConfigMapImproved(ctx context.Context, client coreclientv1.ConfigMapsG } dataSame := len(modifiedKeys) == 0 - if dataSame && !*modified { + if dataSame && !modified { cache.UpdateCachedResourceMetadata(required, existingCopy) return existingCopy, false, nil } @@ -347,6 +365,10 @@ func ApplyConfigMapImproved(ctx context.Context, client coreclientv1.ConfigMapsG // ApplySecret merges objectmeta, requires data func ApplySecretImproved(ctx context.Context, client coreclientv1.SecretsGetter, recorder events.Recorder, requiredInput *corev1.Secret, cache ResourceCache) (*corev1.Secret, bool, error) { + return applySecretImproved(ctx, client, recorder, requiredInput, cache, false) +} + +func applySecretImproved(ctx context.Context, client coreclientv1.SecretsGetter, recorder events.Recorder, requiredInput *corev1.Secret, cache ResourceCache, updateOnly bool) (*corev1.Secret, bool, error) { // copy the stringData to data. Error on a data content conflict inside required. This is usually a bug. existing, err := client.Secrets(requiredInput.Namespace).Get(ctx, requiredInput.Name, metav1.GetOptions{}) @@ -386,7 +408,7 @@ func ApplySecretImproved(ctx context.Context, client coreclientv1.SecretsGetter, existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(resourcemerge.BoolPtr(false), &existingCopy.ObjectMeta, required.ObjectMeta) + resourcemerge.EnsureObjectMeta(ptr.To(false), &existingCopy.ObjectMeta, required.ObjectMeta) switch required.Type { case corev1.SecretTypeServiceAccountToken: @@ -426,6 +448,12 @@ func ApplySecretImproved(ctx context.Context, client coreclientv1.SecretsGetter, * https://github.com/kubernetes/kubernetes/blob/98e65951dccfd40d3b4f31949c2ab8df5912d93e/pkg/apis/core/validation/validation.go#L5048 * We need to explicitly opt for delete+create in that case. */ + if updateOnly { + actual, err = client.Secrets(required.Namespace).Update(ctx, existingCopy, metav1.UpdateOptions{}) + reportUpdateEvent(recorder, existingCopy, err) + return actual, err == nil, err + } + if existingCopy.Type == existing.Type { actual, err = client.Secrets(required.Namespace).Update(ctx, existingCopy, metav1.UpdateOptions{}) reportUpdateEvent(recorder, existingCopy, err) @@ -457,7 +485,7 @@ func SyncConfigMap(ctx context.Context, client coreclientv1.ConfigMapsGetter, re // SyncPartialConfigMap does what SyncConfigMap does but it only synchronizes a subset of keys given by `syncedKeys`. // SyncPartialConfigMap will delete the target if `syncedKeys` are set but the source does not contain any of these keys. -func SyncPartialConfigMap(ctx context.Context, client coreclientv1.ConfigMapsGetter, recorder events.Recorder, sourceNamespace, sourceName, targetNamespace, targetName string, syncedKeys sets.String, ownerRefs []metav1.OwnerReference) (*corev1.ConfigMap, bool, error) { +func SyncPartialConfigMap(ctx context.Context, client coreclientv1.ConfigMapsGetter, recorder events.Recorder, sourceNamespace, sourceName, targetNamespace, targetName string, syncedKeys sets.Set[string], ownerRefs []metav1.OwnerReference) (*corev1.ConfigMap, bool, error) { source, err := client.ConfigMaps(sourceNamespace).Get(ctx, sourceName, metav1.GetOptions{}) switch { case apierrors.IsNotFound(err): @@ -518,7 +546,7 @@ func SyncSecret(ctx context.Context, client coreclientv1.SecretsGetter, recorder // SyncPartialSecret does what SyncSecret does but it only synchronizes a subset of keys given by `syncedKeys`. // SyncPartialSecret will delete the target if `syncedKeys` are set but the source does not contain any of these keys. -func SyncPartialSecret(ctx context.Context, client coreclientv1.SecretsGetter, recorder events.Recorder, sourceNamespace, sourceName, targetNamespace, targetName string, syncedKeys sets.String, ownerRefs []metav1.OwnerReference) (*corev1.Secret, bool, error) { +func SyncPartialSecret(ctx context.Context, client coreclientv1.SecretsGetter, recorder events.Recorder, sourceNamespace, sourceName, targetNamespace, targetName string, syncedKeys sets.Set[string], ownerRefs []metav1.OwnerReference) (*corev1.Secret, bool, error) { source, err := client.Secrets(sourceNamespace).Get(ctx, sourceName, metav1.GetOptions{}) switch { case apierrors.IsNotFound(err): diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/migration.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/migration.go index fcea13323a..7c0dcf6051 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/migration.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/migration.go @@ -28,10 +28,10 @@ func ApplyStorageVersionMigration(ctx context.Context, client migrationclientv1a return nil, false, err } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) - if !*modified && reflect.DeepEqual(existingCopy.Spec, required.Spec) { + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) + if !modified && reflect.DeepEqual(existingCopy.Spec, required.Spec) { return existingCopy, false, nil } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/policy.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/policy.go index 4cef1e63b6..6cf4793253 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/policy.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/policy.go @@ -27,12 +27,12 @@ func ApplyPodDisruptionBudget(ctx context.Context, client policyclientv1.PodDisr return nil, false, err } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) contentSame := equality.Semantic.DeepEqual(existingCopy.Spec, required.Spec) - if contentSame && !*modified { + if contentSame && !modified { return existingCopy, false, nil } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/rbac.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/rbac.go index b41cfb286a..4b45c8818e 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/rbac.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/rbac.go @@ -28,14 +28,14 @@ func ApplyClusterRole(ctx context.Context, client rbacclientv1.ClusterRolesGette return nil, false, err } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) rulesContentSame := equality.Semantic.DeepEqual(existingCopy.Rules, required.Rules) aggregationRuleContentSame := equality.Semantic.DeepEqual(existingCopy.AggregationRule, required.AggregationRule) - if aggregationRuleContentSame && rulesContentSame && !*modified { + if aggregationRuleContentSame && rulesContentSame && !modified { return existingCopy, false, nil } @@ -74,7 +74,7 @@ func ApplyClusterRoleBinding(ctx context.Context, client rbacclientv1.ClusterRol return nil, false, err } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() requiredCopy := required.DeepCopy() @@ -93,12 +93,12 @@ func ApplyClusterRoleBinding(ctx context.Context, client rbacclientv1.ClusterRol } } - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, requiredCopy.ObjectMeta) + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, requiredCopy.ObjectMeta) subjectsAreSame := equality.Semantic.DeepEqual(existingCopy.Subjects, requiredCopy.Subjects) roleRefIsSame := equality.Semantic.DeepEqual(existingCopy.RoleRef, requiredCopy.RoleRef) - if subjectsAreSame && roleRefIsSame && !*modified { + if subjectsAreSame && roleRefIsSame && !modified { return existingCopy, false, nil } @@ -128,12 +128,12 @@ func ApplyRole(ctx context.Context, client rbacclientv1.RolesGetter, recorder ev return nil, false, err } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) contentSame := equality.Semantic.DeepEqual(existingCopy.Rules, required.Rules) - if contentSame && !*modified { + if contentSame && !modified { return existingCopy, false, nil } @@ -162,7 +162,7 @@ func ApplyRoleBinding(ctx context.Context, client rbacclientv1.RoleBindingsGette return nil, false, err } - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() requiredCopy := required.DeepCopy() @@ -181,12 +181,12 @@ func ApplyRoleBinding(ctx context.Context, client rbacclientv1.RoleBindingsGette } } - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, requiredCopy.ObjectMeta) + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, requiredCopy.ObjectMeta) subjectsAreSame := equality.Semantic.DeepEqual(existingCopy.Subjects, requiredCopy.Subjects) roleRefIsSame := equality.Semantic.DeepEqual(existingCopy.RoleRef, requiredCopy.RoleRef) - if subjectsAreSame && roleRefIsSame && !*modified { + if subjectsAreSame && roleRefIsSame && !modified { return existingCopy, false, nil } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go index 8c7615fc69..1d08e4cca2 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/storage.go @@ -61,9 +61,9 @@ func ApplyStorageClass(ctx context.Context, client storageclientv1.StorageClasse } // First, let's compare ObjectMeta from both objects - modified := resourcemerge.BoolPtr(false) + modified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(modified, &existingCopy.ObjectMeta, required.ObjectMeta) + resourcemerge.EnsureObjectMeta(&modified, &existingCopy.ObjectMeta, required.ObjectMeta) // Second, let's compare the other fields. StorageClass doesn't have a spec and we don't // want to miss fields, so we have to copy required to get all fields @@ -73,7 +73,7 @@ func ApplyStorageClass(ctx context.Context, client storageclientv1.StorageClasse requiredCopy.TypeMeta = existingCopy.TypeMeta contentSame := equality.Semantic.DeepEqual(existingCopy, requiredCopy) - if contentSame && !*modified { + if contentSame && !modified { return existing, false, nil } @@ -169,14 +169,14 @@ func ApplyCSIDriver(ctx context.Context, client storageclientv1.CSIDriversGetter } } - metadataModified := resourcemerge.BoolPtr(false) + metadataModified := false existingCopy := existing.DeepCopy() - resourcemerge.EnsureObjectMeta(metadataModified, &existingCopy.ObjectMeta, required.ObjectMeta) + resourcemerge.EnsureObjectMeta(&metadataModified, &existingCopy.ObjectMeta, required.ObjectMeta) requiredSpecHash := required.Annotations[specHashAnnotation] existingSpecHash := existing.Annotations[specHashAnnotation] sameSpec := requiredSpecHash == existingSpecHash - if sameSpec && !*metadataModified { + if sameSpec && !metadataModified { return existing, false, nil } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/apiextensions.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/apiextensions.go index 754a5aabe8..3a00f557cf 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/apiextensions.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/apiextensions.go @@ -6,7 +6,7 @@ import ( apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" "k8s.io/apimachinery/pkg/api/equality" - utilpointer "k8s.io/utils/pointer" + "k8s.io/utils/ptr" ) // EnsureCustomResourceDefinitionV1Beta1 ensures that the existing matches the required. @@ -63,6 +63,6 @@ func crd_SetDefaults_CustomResourceDefinitionSpec(obj *apiextensionsv1.CustomRes func crd_SetDefaults_ServiceReference(obj *apiextensionsv1.ServiceReference) { if obj.Port == nil { - obj.Port = utilpointer.Int32Ptr(443) + obj.Port = ptr.To[int32](443) } } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/object_merger.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/object_merger.go index 4881c4b8a8..4c5dcacaa7 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/object_merger.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/object_merger.go @@ -36,10 +36,6 @@ func cleanRemovalKeys(required map[string]string) map[string]string { return required } -func stringPtr(val string) *string { - return &val -} - func SetString(modified *bool, existing *string, required string) { if required != *existing { *existing = required @@ -57,15 +53,6 @@ func SetStringIfSet(modified *bool, existing *string, required string) { } } -func setStringPtr(modified *bool, existing **string, required *string) { - if *existing == nil || (required == nil && *existing != nil) { - *modified = true - *existing = required - return - } - SetString(modified, *existing, *required) -} - func SetStringSlice(modified *bool, existing *[]string, required []string) { if !reflect.DeepEqual(required, *existing) { *existing = required @@ -83,6 +70,7 @@ func SetStringSliceIfSet(modified *bool, existing *[]string, required []string) } } +// Deprecated: Use k8s.io/utils/ptr.To instead. func BoolPtr(val bool) *bool { return &val } @@ -94,19 +82,6 @@ func SetBool(modified *bool, existing *bool, required bool) { } } -func setBoolPtr(modified *bool, existing **bool, required *bool) { - if *existing == nil || (required == nil && *existing != nil) { - *modified = true - *existing = required - return - } - SetBool(modified, *existing, *required) -} - -func int64Ptr(val int64) *int64 { - return &val -} - func SetInt32(modified *bool, existing *int32, required int32) { if required != *existing { *existing = required @@ -129,15 +104,6 @@ func SetInt64(modified *bool, existing *int64, required int64) { } } -func setInt64Ptr(modified *bool, existing **int64, required *int64) { - if *existing == nil || (required == nil && *existing != nil) { - *modified = true - *existing = required - return - } - SetInt64(modified, *existing, *required) -} - func MergeMap(modified *bool, existing *map[string]string, required map[string]string) { if *existing == nil { *existing = map[string]string{} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/admission.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/admission.go index 7c69478ea6..572b915bc6 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/admission.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceread/admission.go @@ -2,6 +2,7 @@ package resourceread import ( admissionv1 "k8s.io/api/admissionregistration/v1" + admissionv1beta1 "k8s.io/api/admissionregistration/v1beta1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -14,6 +15,7 @@ var ( func init() { utilruntime.Must(admissionv1.AddToScheme(admissionScheme)) + utilruntime.Must(admissionv1beta1.AddToScheme(admissionScheme)) } func ReadValidatingWebhookConfigurationV1OrDie(objBytes []byte) *admissionv1.ValidatingWebhookConfiguration { @@ -33,3 +35,21 @@ func ReadMutatingWebhookConfigurationV1OrDie(objBytes []byte) *admissionv1.Mutat return requiredObj.(*admissionv1.MutatingWebhookConfiguration) } + +func ReadValidatingAdmissionPolicyV1beta1OrDie(objBytes []byte) *admissionv1beta1.ValidatingAdmissionPolicy { + requiredObj, err := runtime.Decode(admissionCodecs.UniversalDecoder(admissionv1beta1.SchemeGroupVersion), objBytes) + if err != nil { + panic(err) + } + + return requiredObj.(*admissionv1beta1.ValidatingAdmissionPolicy) +} + +func ReadValidatingAdmissionPolicyBindingV1beta1OrDie(objBytes []byte) *admissionv1beta1.ValidatingAdmissionPolicyBinding { + requiredObj, err := runtime.Decode(admissionCodecs.UniversalDecoder(admissionv1beta1.SchemeGroupVersion), objBytes) + if err != nil { + panic(err) + } + + return requiredObj.(*admissionv1beta1.ValidatingAdmissionPolicyBinding) +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/informers.go b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/informers.go index ba3769252d..1dd17e7590 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/informers.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/v1helpers/informers.go @@ -16,7 +16,7 @@ import ( type KubeInformersForNamespaces interface { Start(stopCh <-chan struct{}) InformersFor(namespace string) informers.SharedInformerFactory - Namespaces() sets.String + Namespaces() sets.Set[string] ConfigMapLister() corev1listers.ConfigMapLister SecretLister() corev1listers.SecretLister @@ -48,8 +48,8 @@ func (i kubeInformersForNamespaces) Start(stopCh <-chan struct{}) { } } -func (i kubeInformersForNamespaces) Namespaces() sets.String { - return sets.StringKeySet(i) +func (i kubeInformersForNamespaces) Namespaces() sets.Set[string] { + return sets.KeySet(i) } func (i kubeInformersForNamespaces) InformersFor(namespace string) informers.SharedInformerFactory { return i[namespace] diff --git a/vendor/github.com/openshift/library-go/pkg/quota/clusterquotamapping/mapper.go b/vendor/github.com/openshift/library-go/pkg/quota/clusterquotamapping/mapper.go index e8d66c4fa2..db9572425a 100644 --- a/vendor/github.com/openshift/library-go/pkg/quota/clusterquotamapping/mapper.go +++ b/vendor/github.com/openshift/library-go/pkg/quota/clusterquotamapping/mapper.go @@ -49,8 +49,8 @@ type clusterQuotaMapper struct { // completedNamespaceToLabels indicates the latest selectionFields this controller has scanned against cluster quotas completedNamespaceToLabels map[string]SelectionFields - quotaToNamespaces map[string]sets.String - namespaceToQuota map[string]sets.String + quotaToNamespaces map[string]sets.Set[string] + namespaceToQuota map[string]sets.Set[string] listeners []MappingChangeListener } @@ -62,8 +62,8 @@ func NewClusterQuotaMapper() *clusterQuotaMapper { completedQuotaToSelector: map[string]quotav1.ClusterResourceQuotaSelector{}, completedNamespaceToLabels: map[string]SelectionFields{}, - quotaToNamespaces: map[string]sets.String{}, - namespaceToQuota: map[string]sets.String{}, + quotaToNamespaces: map[string]sets.Set[string]{}, + namespaceToQuota: map[string]sets.Set[string]{}, } } @@ -75,7 +75,7 @@ func (m *clusterQuotaMapper) GetClusterQuotasFor(namespaceName string) ([]string if !ok { return []string{}, m.completedNamespaceToLabels[namespaceName] } - return quotas.List(), m.completedNamespaceToLabels[namespaceName] + return sets.List(quotas), m.completedNamespaceToLabels[namespaceName] } func (m *clusterQuotaMapper) GetNamespacesFor(quotaName string) ([]string, quotav1.ClusterResourceQuotaSelector) { @@ -86,7 +86,7 @@ func (m *clusterQuotaMapper) GetNamespacesFor(quotaName string) ([]string, quota if !ok { return []string{}, m.completedQuotaToSelector[quotaName] } - return namespaces.List(), m.completedQuotaToSelector[quotaName] + return sets.List(namespaces), m.completedQuotaToSelector[quotaName] } func (m *clusterQuotaMapper) AddListener(listener MappingChangeListener) { @@ -231,7 +231,7 @@ func (m *clusterQuotaMapper) setMapping(quota *quotav1.ClusterResourceQuota, nam namespaces, ok := m.quotaToNamespaces[quota.Name] if !ok { - m.quotaToNamespaces[quota.Name] = sets.String{} + m.quotaToNamespaces[quota.Name] = sets.Set[string]{} } else { mutated = namespaces.Has(namespace.GetName()) namespaces.Delete(namespace.GetName()) @@ -239,7 +239,7 @@ func (m *clusterQuotaMapper) setMapping(quota *quotav1.ClusterResourceQuota, nam quotas, ok := m.namespaceToQuota[namespace.GetName()] if !ok { - m.namespaceToQuota[namespace.GetName()] = sets.String{} + m.namespaceToQuota[namespace.GetName()] = sets.Set[string]{} } else { mutated = mutated || quotas.Has(quota.Name) quotas.Delete(quota.Name) @@ -259,7 +259,7 @@ func (m *clusterQuotaMapper) setMapping(quota *quotav1.ClusterResourceQuota, nam namespaces, ok := m.quotaToNamespaces[quota.Name] if !ok { mutated = true - m.quotaToNamespaces[quota.Name] = sets.NewString(namespace.GetName()) + m.quotaToNamespaces[quota.Name] = sets.New(namespace.GetName()) } else { mutated = !namespaces.Has(namespace.GetName()) namespaces.Insert(namespace.GetName()) @@ -268,7 +268,7 @@ func (m *clusterQuotaMapper) setMapping(quota *quotav1.ClusterResourceQuota, nam quotas, ok := m.namespaceToQuota[namespace.GetName()] if !ok { mutated = true - m.namespaceToQuota[namespace.GetName()] = sets.NewString(quota.Name) + m.namespaceToQuota[namespace.GetName()] = sets.New(quota.Name) } else { mutated = mutated || !quotas.Has(quota.Name) quotas.Insert(quota.Name) diff --git a/vendor/github.com/openshift/library-go/pkg/route/OWNERS b/vendor/github.com/openshift/library-go/pkg/route/OWNERS new file mode 100644 index 0000000000..fb85fc4934 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/route/OWNERS @@ -0,0 +1,16 @@ +approvers: + - frobware + - knobunc + - Miciah + - sgreene570 + - smarterclayton + - candita +reviewers: + - danehans + - frobware + - knobunc + - Miciah + - sgreene570 + - smarterclayton + - candita +component: Routing diff --git a/vendor/github.com/openshift/library-go/pkg/route/common.go b/vendor/github.com/openshift/library-go/pkg/route/common.go new file mode 100644 index 0000000000..988f149ca6 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/route/common.go @@ -0,0 +1,60 @@ +package route + +import ( + "context" + "fmt" + + authorizationv1 "k8s.io/api/authorization/v1" + "k8s.io/apimachinery/pkg/util/validation/field" + "k8s.io/apiserver/pkg/endpoints/request" + + routev1 "github.com/openshift/api/route/v1" + "github.com/openshift/library-go/pkg/authorization/authorizationutil" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// SubjectAccessReviewCreator is an interface for performing subject access reviews +type SubjectAccessReviewCreator interface { + Create(ctx context.Context, sar *authorizationv1.SubjectAccessReview, opts metav1.CreateOptions) (*authorizationv1.SubjectAccessReview, error) +} + +// RouteValidationOptions used to tweak how/what fields are validated. These +// options are propagated by the apiserver. +type RouteValidationOptions struct { + + // AllowExternalCertificates option is set when the RouteExternalCertificate + // feature gate is enabled. + AllowExternalCertificates bool +} + +// CheckRouteCustomHostSAR checks if user has permission to create and update routes/custom-host +// sub-resource +func CheckRouteCustomHostSAR(ctx context.Context, fldPath *field.Path, sarc SubjectAccessReviewCreator) field.ErrorList { + user, ok := request.UserFrom(ctx) + if !ok { + return field.ErrorList{field.InternalError(fldPath, fmt.Errorf("unable to verify host field can be set"))} + } + + var errs field.ErrorList + if err := authorizationutil.Authorize(sarc, user, &authorizationv1.ResourceAttributes{ + Namespace: request.NamespaceValue(ctx), + Verb: "create", + Group: routev1.GroupName, + Resource: "routes", + Subresource: "custom-host", + }); err != nil { + errs = append(errs, field.Forbidden(fldPath, "user does not have create permission on custom-host")) + } + + if err := authorizationutil.Authorize(sarc, user, &authorizationv1.ResourceAttributes{ + Namespace: request.NamespaceValue(ctx), + Verb: "update", + Group: routev1.GroupName, + Resource: "routes", + Subresource: "custom-host", + }); err != nil { + errs = append(errs, field.Forbidden(fldPath, "user does not have update permission on custom-host")) + } + + return errs +} diff --git a/vendor/github.com/openshift/library-go/pkg/route/hostassignment/assignment.go b/vendor/github.com/openshift/library-go/pkg/route/hostassignment/assignment.go index bdf9e0e780..c210fa86c1 100644 --- a/vendor/github.com/openshift/library-go/pkg/route/hostassignment/assignment.go +++ b/vendor/github.com/openshift/library-go/pkg/route/hostassignment/assignment.go @@ -12,16 +12,12 @@ import ( routev1 "github.com/openshift/api/route/v1" "github.com/openshift/library-go/pkg/authorization/authorizationutil" + "github.com/openshift/library-go/pkg/route" ) // HostGeneratedAnnotationKey is the key for an annotation set to "true" if the route's host was generated const HostGeneratedAnnotationKey = "openshift.io/host.generated" -// Registry is an interface for performing subject access reviews -type SubjectAccessReviewCreator interface { - Create(ctx context.Context, sar *authorizationv1.SubjectAccessReview, opts metav1.CreateOptions) (*authorizationv1.SubjectAccessReview, error) -} - type HostnameGenerator interface { GenerateHostname(*routev1.Route) (string, error) } @@ -29,9 +25,18 @@ type HostnameGenerator interface { // AllocateHost allocates a host name ONLY if the route doesn't specify a subdomain wildcard policy and // the host name on the route is empty and an allocator is configured. // It must first allocate the shard and may return an error if shard allocation fails. -func AllocateHost(ctx context.Context, route *routev1.Route, sarc SubjectAccessReviewCreator, routeAllocator HostnameGenerator) field.ErrorList { +func AllocateHost(ctx context.Context, route *routev1.Route, sarc route.SubjectAccessReviewCreator, routeAllocator HostnameGenerator, opts route.RouteValidationOptions) field.ErrorList { hostSet := len(route.Spec.Host) > 0 - certSet := route.Spec.TLS != nil && (len(route.Spec.TLS.CACertificate) > 0 || len(route.Spec.TLS.Certificate) > 0 || len(route.Spec.TLS.DestinationCACertificate) > 0 || len(route.Spec.TLS.Key) > 0) + certSet := route.Spec.TLS != nil && + (len(route.Spec.TLS.CACertificate) > 0 || + len(route.Spec.TLS.Certificate) > 0 || + len(route.Spec.TLS.DestinationCACertificate) > 0 || + len(route.Spec.TLS.Key) > 0) + + if opts.AllowExternalCertificates && route.Spec.TLS != nil && route.Spec.TLS.ExternalCertificate != nil { + certSet = certSet || len(route.Spec.TLS.ExternalCertificate.Name) > 0 + } + if hostSet || certSet { user, ok := request.UserFrom(ctx) if !ok { @@ -86,41 +91,65 @@ func AllocateHost(ctx context.Context, route *routev1.Route, sarc SubjectAccessR return nil } -func hasCertificateInfo(tls *routev1.TLSConfig) bool { +func hasCertificateInfo(tls *routev1.TLSConfig, opts route.RouteValidationOptions) bool { if tls == nil { return false } - return len(tls.Certificate) > 0 || + hasInfo := len(tls.Certificate) > 0 || len(tls.Key) > 0 || len(tls.CACertificate) > 0 || len(tls.DestinationCACertificate) > 0 + + if opts.AllowExternalCertificates && tls.ExternalCertificate != nil { + hasInfo = hasInfo || len(tls.ExternalCertificate.Name) > 0 + } + return hasInfo } -func certificateChangeRequiresAuth(route, older *routev1.Route) bool { +// certificateChangeRequiresAuth determines whether changes to the TLS certificate configuration require authentication. +// Note: If either route uses externalCertificate, this function always returns true, as we cannot definitively verify if +// the content of the referenced secret has been modified. Even if the secret name remains the same, +// we must assume that the secret content is changed, necessitating authorization. +func certificateChangeRequiresAuth(route, older *routev1.Route, opts route.RouteValidationOptions) bool { switch { case route.Spec.TLS != nil && older.Spec.TLS != nil: a, b := route.Spec.TLS, older.Spec.TLS - if !hasCertificateInfo(a) { + if !hasCertificateInfo(a, opts) { // removing certificate info is allowed return false } - return a.CACertificate != b.CACertificate || + + certChanged := a.CACertificate != b.CACertificate || a.Certificate != b.Certificate || a.DestinationCACertificate != b.DestinationCACertificate || a.Key != b.Key + + if opts.AllowExternalCertificates { + if route.Spec.TLS.ExternalCertificate != nil || older.Spec.TLS.ExternalCertificate != nil { + certChanged = true + } + } + + return certChanged case route.Spec.TLS != nil: // using any default certificate is allowed - return hasCertificateInfo(route.Spec.TLS) + return hasCertificateInfo(route.Spec.TLS, opts) default: // all other cases we are not adding additional certificate info return false } } -func ValidateHostUpdate(ctx context.Context, route, older *routev1.Route, sarc SubjectAccessReviewCreator) field.ErrorList { +// ValidateHostUpdate checks if the user has the correct permissions based on the updates +// done to the route object. If the route's host/subdomain has been updated it checks if +// the user has "update" permission on custom-host subresource. If only the certificate +// has changed, it checks if the user has "create" permission on the custom-host subresource. +// Caveat here is that if the route uses externalCertificate, the certChanged condition will +// always be true since we cannot verify state of external secret object. +func ValidateHostUpdate(ctx context.Context, route, older *routev1.Route, sarc route.SubjectAccessReviewCreator, opts route.RouteValidationOptions) field.ErrorList { hostChanged := route.Spec.Host != older.Spec.Host subdomainChanged := route.Spec.Subdomain != older.Spec.Subdomain - certChanged := certificateChangeRequiresAuth(route, older) + certChanged := certificateChangeRequiresAuth(route, older, opts) if !hostChanged && !certChanged && !subdomainChanged { return nil } @@ -190,6 +219,14 @@ func ValidateHostUpdate(ctx context.Context, route, older *routev1.Route, sarc S errs = append(errs, apimachineryvalidation.ValidateImmutableField(route.Spec.TLS.Certificate, older.Spec.TLS.Certificate, field.NewPath("spec", "tls", "certificate"))...) errs = append(errs, apimachineryvalidation.ValidateImmutableField(route.Spec.TLS.DestinationCACertificate, older.Spec.TLS.DestinationCACertificate, field.NewPath("spec", "tls", "destinationCACertificate"))...) errs = append(errs, apimachineryvalidation.ValidateImmutableField(route.Spec.TLS.Key, older.Spec.TLS.Key, field.NewPath("spec", "tls", "key"))...) + + if opts.AllowExternalCertificates { + if route.Spec.TLS.ExternalCertificate == nil || older.Spec.TLS.ExternalCertificate == nil { + errs = append(errs, apimachineryvalidation.ValidateImmutableField(route.Spec.TLS.ExternalCertificate, older.Spec.TLS.ExternalCertificate, field.NewPath("spec", "tls", "externalCertificate"))...) + } else { + errs = append(errs, apimachineryvalidation.ValidateImmutableField(route.Spec.TLS.ExternalCertificate.Name, older.Spec.TLS.ExternalCertificate.Name, field.NewPath("spec", "tls", "externalCertificate"))...) + } + } return errs } } diff --git a/vendor/github.com/openshift/library-go/pkg/route/hostassignment/externalcertificate.go b/vendor/github.com/openshift/library-go/pkg/route/hostassignment/externalcertificate.go new file mode 100644 index 0000000000..15b0dfecc2 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/route/hostassignment/externalcertificate.go @@ -0,0 +1,35 @@ +package hostassignment + +import ( + "context" + + "k8s.io/apimachinery/pkg/util/validation/field" + + routev1 "github.com/openshift/api/route/v1" + routecommon "github.com/openshift/library-go/pkg/route" +) + +// ValidateHostExternalCertificate checks if the user has permissions to create and update +// custom-host subresource of routes. This check is required to be done prior to ValidateHostUpdate() +// since updating hosts while using externalCertificate is contingent on the user having both these +// permissions. The ValidateHostUpdate() cannot differentiate if the certificate has changed since +// now the certificates will be present as a secret object, due to this it proceeds with the assumption +// that the certificate has changed when the route has externalCertificate set. +// TODO: Consider merging this function into ValidateHostUpdate. +func ValidateHostExternalCertificate(ctx context.Context, new, older *routev1.Route, sarc routecommon.SubjectAccessReviewCreator, opts routecommon.RouteValidationOptions) field.ErrorList { + + if !opts.AllowExternalCertificates { + // Return nil since the feature gate is off. + // ValidateHostUpdate() is sufficient to validate + // permissions. + return nil + } + + newTLS := new.Spec.TLS + oldTLS := older.Spec.TLS + if (newTLS != nil && newTLS.ExternalCertificate != nil) || (oldTLS != nil && oldTLS.ExternalCertificate != nil) { + return routecommon.CheckRouteCustomHostSAR(ctx, field.NewPath("spec", "tls", "externalCertificate"), sarc) + } + + return nil +} diff --git a/vendor/github.com/openshift/library-go/pkg/route/validation/validation.go b/vendor/github.com/openshift/library-go/pkg/route/validation/validation.go index 94f39d092a..020e82983e 100644 --- a/vendor/github.com/openshift/library-go/pkg/route/validation/validation.go +++ b/vendor/github.com/openshift/library-go/pkg/route/validation/validation.go @@ -1,23 +1,26 @@ package validation import ( - "crypto/ecdsa" - "crypto/rsa" - "crypto/x509" - "encoding/pem" + "context" "fmt" "regexp" "strings" + authorizationv1 "k8s.io/api/authorization/v1" corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/apimachinery/pkg/util/sets" kvalidation "k8s.io/apimachinery/pkg/util/validation" "k8s.io/apimachinery/pkg/util/validation/field" + "k8s.io/apiserver/pkg/authentication/user" + corev1client "k8s.io/client-go/kubernetes/typed/core/v1" routev1 "github.com/openshift/api/route/v1" + "github.com/openshift/library-go/pkg/authorization/authorizationutil" + routecommon "github.com/openshift/library-go/pkg/route" ) const ( @@ -54,6 +57,8 @@ const ( // permittedResponseHeaderValueErrorMessage is the API validation // message for an invalid HTTP response header value. permittedResponseHeaderValueErrorMessage = "Either header value provided is not in correct format or the converter specified is not allowed. The dynamic header value may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2 Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." + // routerServiceAccount is used to validate RBAC permissions for externalCertificate + routerServiceAccount = "system:serviceaccount:openshift-ingress:router" ) var ( @@ -70,8 +75,8 @@ var ( permittedResponseHeaderValueRE = regexp.MustCompile(strings.Replace(permittedHeaderValueTemplate, "XYZ", "res", 1)) ) -func ValidateRoute(route *routev1.Route) field.ErrorList { - return validateRoute(route, true) +func ValidateRoute(ctx context.Context, route *routev1.Route, sarCreator routecommon.SubjectAccessReviewCreator, secretsGetter corev1client.SecretsGetter, opts routecommon.RouteValidationOptions) field.ErrorList { + return validateRoute(ctx, route, true, sarCreator, secretsGetter, opts) } // validLabels - used in the ValidateRouteUpdate function to check if "older" routes conform to DNS1123Labels or not @@ -95,7 +100,7 @@ func checkLabelSegments(host string) bool { } // validateRoute - private function to validate route -func validateRoute(route *routev1.Route, checkHostname bool) field.ErrorList { +func validateRoute(ctx context.Context, route *routev1.Route, checkHostname bool, sarc routecommon.SubjectAccessReviewCreator, secrets corev1client.SecretsGetter, opts routecommon.RouteValidationOptions) field.ErrorList { //ensure meta is set properly result := validateObjectMeta(&route.ObjectMeta, true, validateRouteName, field.NewPath("metadata")) @@ -202,18 +207,18 @@ func validateRoute(route *routev1.Route, checkHostname bool) field.ErrorList { } } - if errs := validateTLS(route, specPath.Child("tls")); len(errs) != 0 { + if errs := validateTLS(ctx, route, specPath.Child("tls"), sarc, secrets, opts); len(errs) != 0 { result = append(result, errs...) } return result } -func ValidateRouteUpdate(route *routev1.Route, older *routev1.Route) field.ErrorList { +func ValidateRouteUpdate(ctx context.Context, route *routev1.Route, older *routev1.Route, sarc routecommon.SubjectAccessReviewCreator, secrets corev1client.SecretsGetter, opts routecommon.RouteValidationOptions) field.ErrorList { allErrs := validateObjectMetaUpdate(&route.ObjectMeta, &older.ObjectMeta, field.NewPath("metadata")) allErrs = append(allErrs, apimachineryvalidation.ValidateImmutableField(route.Spec.WildcardPolicy, older.Spec.WildcardPolicy, field.NewPath("spec", "wildcardPolicy"))...) hostnameUpdated := route.Spec.Host != older.Spec.Host - allErrs = append(allErrs, validateRoute(route, hostnameUpdated && validLabels(older.Spec.Host))...) + allErrs = append(allErrs, validateRoute(ctx, route, hostnameUpdated && validLabels(older.Spec.Host), sarc, secrets, opts)...) return allErrs } @@ -228,85 +233,9 @@ func ValidateRouteStatusUpdate(route *routev1.Route, older *routev1.Route) field return allErrs } -type blockVerifierFunc func(block *pem.Block) (*pem.Block, error) - -func publicKeyBlockVerifier(block *pem.Block) (*pem.Block, error) { - key, err := x509.ParsePKIXPublicKey(block.Bytes) - if err != nil { - return nil, err - } - block = &pem.Block{ - Type: "PUBLIC KEY", - } - if block.Bytes, err = x509.MarshalPKIXPublicKey(key); err != nil { - return nil, err - } - return block, nil -} - -func certificateBlockVerifier(block *pem.Block) (*pem.Block, error) { - cert, err := x509.ParseCertificate(block.Bytes) - if err != nil { - return nil, err - } - block = &pem.Block{ - Type: "CERTIFICATE", - Bytes: cert.Raw, - } - return block, nil -} - -func privateKeyBlockVerifier(block *pem.Block) (*pem.Block, error) { - key, err := x509.ParsePKCS8PrivateKey(block.Bytes) - if err != nil { - key, err = x509.ParsePKCS1PrivateKey(block.Bytes) - if err != nil { - key, err = x509.ParseECPrivateKey(block.Bytes) - if err != nil { - return nil, fmt.Errorf("block %s is not valid", block.Type) - } - } - } - switch t := key.(type) { - case *rsa.PrivateKey: - block = &pem.Block{ - Type: "RSA PRIVATE KEY", - Bytes: x509.MarshalPKCS1PrivateKey(t), - } - case *ecdsa.PrivateKey: - block = &pem.Block{ - Type: "ECDSA PRIVATE KEY", - } - if block.Bytes, err = x509.MarshalECPrivateKey(t); err != nil { - return nil, err - } - default: - return nil, fmt.Errorf("block private key %T is not valid", key) - } - return block, nil -} - -func ignoreBlockVerifier(block *pem.Block) (*pem.Block, error) { - return nil, nil -} - -var knownBlockDecoders = map[string]blockVerifierFunc{ - "RSA PRIVATE KEY": privateKeyBlockVerifier, - "ECDSA PRIVATE KEY": privateKeyBlockVerifier, - "PRIVATE KEY": privateKeyBlockVerifier, - "PUBLIC KEY": publicKeyBlockVerifier, - // Potential "in the wild" PEM encoded blocks that can be normalized - "RSA PUBLIC KEY": publicKeyBlockVerifier, - "DSA PUBLIC KEY": publicKeyBlockVerifier, - "ECDSA PUBLIC KEY": publicKeyBlockVerifier, - "CERTIFICATE": certificateBlockVerifier, - // Blocks that should be dropped - "EC PARAMETERS": ignoreBlockVerifier, -} - // validateTLS tests fields for different types of TLS combinations are set. Called // by ValidateRoute. -func validateTLS(route *routev1.Route, fldPath *field.Path) field.ErrorList { +func validateTLS(ctx context.Context, route *routev1.Route, fldPath *field.Path, sarc routecommon.SubjectAccessReviewCreator, secrets corev1client.SecretsGetter, opts routecommon.RouteValidationOptions) field.ErrorList { result := field.ErrorList{} tls := route.Spec.TLS @@ -315,10 +244,19 @@ func validateTLS(route *routev1.Route, fldPath *field.Path) field.ErrorList { return nil } + // in all cases certificate and externalCertificate must not be specified at the same time switch tls.Termination { // reencrypt may specify destination ca cert - // cert, key, cacert may not be specified because the route may be a wildcard + // externalCert, cert, key, cacert may not be specified because the route may be a wildcard case routev1.TLSTerminationReencrypt: + if opts.AllowExternalCertificates && tls.ExternalCertificate != nil { + if len(tls.Certificate) > 0 && len(tls.ExternalCertificate.Name) > 0 { + result = append(result, field.Invalid(fldPath.Child("externalCertificate"), tls.ExternalCertificate.Name, "cannot specify both tls.certificate and tls.externalCertificate")) + } else if len(tls.ExternalCertificate.Name) > 0 { + errs := validateTLSExternalCertificate(ctx, route, fldPath.Child("externalCertificate"), sarc, secrets) + result = append(result, errs...) + } + } //passthrough term should not specify any cert case routev1.TLSTerminationPassthrough: if len(tls.Certificate) > 0 { @@ -329,6 +267,12 @@ func validateTLS(route *routev1.Route, fldPath *field.Path) field.ErrorList { result = append(result, field.Invalid(fldPath.Child("key"), "redacted key data", "passthrough termination does not support certificates")) } + if opts.AllowExternalCertificates && tls.ExternalCertificate != nil { + if len(tls.ExternalCertificate.Name) > 0 { + result = append(result, field.Invalid(fldPath.Child("externalCertificate"), tls.ExternalCertificate.Name, "passthrough termination does not support certificates")) + } + } + if len(tls.CACertificate) > 0 { result = append(result, field.Invalid(fldPath.Child("caCertificate"), "redacted ca certificate data", "passthrough termination does not support certificates")) } @@ -342,6 +286,16 @@ func validateTLS(route *routev1.Route, fldPath *field.Path) field.ErrorList { if len(tls.DestinationCACertificate) > 0 { result = append(result, field.Invalid(fldPath.Child("destinationCACertificate"), "redacted destination ca certificate data", "edge termination does not support destination certificates")) } + + if opts.AllowExternalCertificates && tls.ExternalCertificate != nil { + if len(tls.Certificate) > 0 && len(tls.ExternalCertificate.Name) > 0 { + result = append(result, field.Invalid(fldPath.Child("externalCertificate"), tls.ExternalCertificate.Name, "cannot specify both tls.certificate and tls.externalCertificate")) + } else if len(tls.ExternalCertificate.Name) > 0 { + errs := validateTLSExternalCertificate(ctx, route, fldPath.Child("externalCertificate"), sarc, secrets) + result = append(result, errs...) + } + } + default: validValues := []string{string(routev1.TLSTerminationEdge), string(routev1.TLSTerminationPassthrough), string(routev1.TLSTerminationReencrypt)} result = append(result, field.NotSupported(fldPath.Child("termination"), tls.Termination, validValues)) @@ -354,6 +308,63 @@ func validateTLS(route *routev1.Route, fldPath *field.Path) field.ErrorList { return result } +// validateTLSExternalCertificate tests different pre-conditions required for +// using externalCertificate. Called by validateTLS. +func validateTLSExternalCertificate(ctx context.Context, route *routev1.Route, fldPath *field.Path, sarc routecommon.SubjectAccessReviewCreator, secretsGetter corev1client.SecretsGetter) field.ErrorList { + tls := route.Spec.TLS + + // user must have create and update permission on the custom-host sub-resource. + errs := routecommon.CheckRouteCustomHostSAR(ctx, fldPath, sarc) + + // The router serviceaccount must have permission to get/list/watch the referenced secret. + // The role and rolebinding to provide this access must be provided by the user. + if err := authorizationutil.Authorize(sarc, &user.DefaultInfo{Name: routerServiceAccount}, + &authorizationv1.ResourceAttributes{ + Namespace: route.Namespace, + Verb: "get", + Resource: "secrets", + Name: tls.ExternalCertificate.Name, + }); err != nil { + errs = append(errs, field.Forbidden(fldPath, "router serviceaccount does not have permission to get this secret")) + } + + if err := authorizationutil.Authorize(sarc, &user.DefaultInfo{Name: routerServiceAccount}, + &authorizationv1.ResourceAttributes{ + Namespace: route.Namespace, + Verb: "watch", + Resource: "secrets", + Name: tls.ExternalCertificate.Name, + }); err != nil { + errs = append(errs, field.Forbidden(fldPath, "router serviceaccount does not have permission to watch this secret")) + } + + if err := authorizationutil.Authorize(sarc, &user.DefaultInfo{Name: routerServiceAccount}, + &authorizationv1.ResourceAttributes{ + Namespace: route.Namespace, + Verb: "list", + Resource: "secrets", + Name: tls.ExternalCertificate.Name, + }); err != nil { + errs = append(errs, field.Forbidden(fldPath, "router serviceaccount does not have permission to list this secret")) + } + + // The secret should be in the same namespace as that of the route. + secret, err := secretsGetter.Secrets(route.Namespace).Get(ctx, tls.ExternalCertificate.Name, metav1.GetOptions{}) + if err != nil { + if apierrors.IsNotFound(err) { + return append(errs, field.NotFound(fldPath, err)) + } + return append(errs, field.InternalError(fldPath, err)) + } + + // The secret should be of type kubernetes.io/tls + if secret.Type != corev1.SecretTypeTLS { + errs = append(errs, field.Invalid(fldPath, tls.ExternalCertificate.Name, fmt.Sprintf("secret of type %q required", corev1.SecretTypeTLS))) + } + + return errs +} + // validateInsecureEdgeTerminationPolicy tests fields for different types of // insecure options. Called by validateTLS. func validateInsecureEdgeTerminationPolicy(tls *routev1.TLSConfig, fldPath *field.Path) *field.Error { @@ -390,7 +401,7 @@ func validateInsecureEdgeTerminationPolicy(tls *routev1.TLSConfig, fldPath *fiel var ( allowedWildcardPolicies = []string{string(routev1.WildcardPolicyNone), string(routev1.WildcardPolicySubdomain)} - allowedWildcardPoliciesSet = sets.NewString(allowedWildcardPolicies...) + allowedWildcardPoliciesSet = sets.New(allowedWildcardPolicies...) ) // validateWildcardPolicy tests that the wildcard policy is either empty or one of the supported types. @@ -413,7 +424,7 @@ func validateWildcardPolicy(host string, policy routev1.WildcardPolicyType, fldP var ( notAllowedHTTPHeaders = []string{"strict-transport-security", "proxy", "cookie", "set-cookie"} - notAllowedHTTPHeaderSet = sets.NewString(notAllowedHTTPHeaders...) + notAllowedHTTPHeaderSet = sets.New(notAllowedHTTPHeaders...) notAllowedHTTPHeadersMessage = fmt.Sprintf("the following headers may not be modified using this API: %v", strings.Join(notAllowedHTTPHeaders, ", ")) ) @@ -498,7 +509,7 @@ func validateObjectMetaUpdate(newMeta, oldMeta *metav1.ObjectMeta, fldPath *fiel return allErrs } -var standardFinalizers = sets.NewString( +var standardFinalizers = sets.New( string(corev1.FinalizerKubernetes), metav1.FinalizerOrphanDependents, metav1.FinalizerDeleteDependents, diff --git a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s index d2ca5deeb9..b3c1699bff 100644 --- a/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s +++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s @@ -19,15 +19,14 @@ #define POLY1305_MUL(h0, h1, h2, r0, r1, t0, t1, t2, t3, t4, t5) \ MULLD r0, h0, t0; \ - MULLD r0, h1, t4; \ MULHDU r0, h0, t1; \ + MULLD r0, h1, t4; \ MULHDU r0, h1, t5; \ ADDC t4, t1, t1; \ MULLD r0, h2, t2; \ - ADDZE t5; \ MULHDU r1, h0, t4; \ MULLD r1, h0, h0; \ - ADD t5, t2, t2; \ + ADDE t5, t2, t2; \ ADDC h0, t1, t1; \ MULLD h2, r1, t3; \ ADDZE t4, h0; \ @@ -37,13 +36,11 @@ ADDE t5, t3, t3; \ ADDC h0, t2, t2; \ MOVD $-4, t4; \ - MOVD t0, h0; \ - MOVD t1, h1; \ ADDZE t3; \ - ANDCC $3, t2, h2; \ - AND t2, t4, t0; \ + RLDICL $0, t2, $62, h2; \ + AND t2, t4, h0; \ ADDC t0, h0, h0; \ - ADDE t3, h1, h1; \ + ADDE t3, t1, h1; \ SLD $62, t3, t4; \ SRD $2, t2; \ ADDZE h2; \ @@ -75,6 +72,7 @@ TEXT ·update(SB), $0-32 loop: POLY1305_ADD(R4, R8, R9, R10, R20, R21, R22) + PCALIGN $16 multiply: POLY1305_MUL(R8, R9, R10, R11, R12, R16, R17, R18, R14, R20, R21) ADD $-16, R5 diff --git a/vendor/golang.org/x/net/html/token.go b/vendor/golang.org/x/net/html/token.go index de67f938a1..3c57880d69 100644 --- a/vendor/golang.org/x/net/html/token.go +++ b/vendor/golang.org/x/net/html/token.go @@ -910,9 +910,6 @@ func (z *Tokenizer) readTagAttrKey() { return } switch c { - case ' ', '\n', '\r', '\t', '\f', '/': - z.pendingAttr[0].end = z.raw.end - 1 - return case '=': if z.pendingAttr[0].start+1 == z.raw.end { // WHATWG 13.2.5.32, if we see an equals sign before the attribute name @@ -920,7 +917,9 @@ func (z *Tokenizer) readTagAttrKey() { continue } fallthrough - case '>': + case ' ', '\n', '\r', '\t', '\f', '/', '>': + // WHATWG 13.2.5.33 Attribute name state + // We need to reconsume the char in the after attribute name state to support the / character z.raw.end-- z.pendingAttr[0].end = z.raw.end return @@ -939,6 +938,11 @@ func (z *Tokenizer) readTagAttrVal() { if z.err != nil { return } + if c == '/' { + // WHATWG 13.2.5.34 After attribute name state + // U+002F SOLIDUS (/) - Switch to the self-closing start tag state. + return + } if c != '=' { z.raw.end-- return diff --git a/vendor/golang.org/x/net/http2/frame.go b/vendor/golang.org/x/net/http2/frame.go index c1f6b90dc3..43557ab7e9 100644 --- a/vendor/golang.org/x/net/http2/frame.go +++ b/vendor/golang.org/x/net/http2/frame.go @@ -1510,13 +1510,12 @@ func (mh *MetaHeadersFrame) checkPseudos() error { } func (fr *Framer) maxHeaderStringLen() int { - v := fr.maxHeaderListSize() - if uint32(int(v)) == v { - return int(v) + v := int(fr.maxHeaderListSize()) + if v < 0 { + // If maxHeaderListSize overflows an int, use no limit (0). + return 0 } - // They had a crazy big number for MaxHeaderBytes anyway, - // so give them unlimited header lengths: - return 0 + return v } // readMetaFrame returns 0 or more CONTINUATION frames from fr and @@ -1565,6 +1564,7 @@ func (fr *Framer) readMetaFrame(hf *HeadersFrame) (*MetaHeadersFrame, error) { if size > remainSize { hdec.SetEmitEnabled(false) mh.Truncated = true + remainSize = 0 return } remainSize -= size @@ -1577,6 +1577,36 @@ func (fr *Framer) readMetaFrame(hf *HeadersFrame) (*MetaHeadersFrame, error) { var hc headersOrContinuation = hf for { frag := hc.HeaderBlockFragment() + + // Avoid parsing large amounts of headers that we will then discard. + // If the sender exceeds the max header list size by too much, + // skip parsing the fragment and close the connection. + // + // "Too much" is either any CONTINUATION frame after we've already + // exceeded the max header list size (in which case remainSize is 0), + // or a frame whose encoded size is more than twice the remaining + // header list bytes we're willing to accept. + if int64(len(frag)) > int64(2*remainSize) { + if VerboseLogs { + log.Printf("http2: header list too large") + } + // It would be nice to send a RST_STREAM before sending the GOAWAY, + // but the structure of the server's frame writer makes this difficult. + return nil, ConnectionError(ErrCodeProtocol) + } + + // Also close the connection after any CONTINUATION frame following an + // invalid header, since we stop tracking the size of the headers after + // an invalid one. + if invalid != nil { + if VerboseLogs { + log.Printf("http2: invalid header: %v", invalid) + } + // It would be nice to send a RST_STREAM before sending the GOAWAY, + // but the structure of the server's frame writer makes this difficult. + return nil, ConnectionError(ErrCodeProtocol) + } + if _, err := hdec.Write(frag); err != nil { return nil, ConnectionError(ErrCodeCompression) } diff --git a/vendor/golang.org/x/net/http2/pipe.go b/vendor/golang.org/x/net/http2/pipe.go index 684d984fd9..3b9f06b962 100644 --- a/vendor/golang.org/x/net/http2/pipe.go +++ b/vendor/golang.org/x/net/http2/pipe.go @@ -77,7 +77,10 @@ func (p *pipe) Read(d []byte) (n int, err error) { } } -var errClosedPipeWrite = errors.New("write on closed buffer") +var ( + errClosedPipeWrite = errors.New("write on closed buffer") + errUninitializedPipeWrite = errors.New("write on uninitialized buffer") +) // Write copies bytes from p into the buffer and wakes a reader. // It is an error to write more data than the buffer can hold. @@ -91,6 +94,12 @@ func (p *pipe) Write(d []byte) (n int, err error) { if p.err != nil || p.breakErr != nil { return 0, errClosedPipeWrite } + // pipe.setBuffer is never invoked, leaving the buffer uninitialized. + // We shouldn't try to write to an uninitialized pipe, + // but returning an error is better than panicking. + if p.b == nil { + return 0, errUninitializedPipeWrite + } return p.b.Write(d) } diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go index ae94c6408d..ce2e8b40ee 100644 --- a/vendor/golang.org/x/net/http2/server.go +++ b/vendor/golang.org/x/net/http2/server.go @@ -124,6 +124,7 @@ type Server struct { // IdleTimeout specifies how long until idle clients should be // closed with a GOAWAY frame. PING frames are not considered // activity for the purposes of IdleTimeout. + // If zero or negative, there is no timeout. IdleTimeout time.Duration // MaxUploadBufferPerConnection is the size of the initial flow @@ -434,7 +435,7 @@ func (s *Server) ServeConn(c net.Conn, opts *ServeConnOpts) { // passes the connection off to us with the deadline already set. // Write deadlines are set per stream in serverConn.newStream. // Disarm the net.Conn write deadline here. - if sc.hs.WriteTimeout != 0 { + if sc.hs.WriteTimeout > 0 { sc.conn.SetWriteDeadline(time.Time{}) } @@ -924,7 +925,7 @@ func (sc *serverConn) serve() { sc.setConnState(http.StateActive) sc.setConnState(http.StateIdle) - if sc.srv.IdleTimeout != 0 { + if sc.srv.IdleTimeout > 0 { sc.idleTimer = time.AfterFunc(sc.srv.IdleTimeout, sc.onIdleTimer) defer sc.idleTimer.Stop() } @@ -1637,7 +1638,7 @@ func (sc *serverConn) closeStream(st *stream, err error) { delete(sc.streams, st.id) if len(sc.streams) == 0 { sc.setConnState(http.StateIdle) - if sc.srv.IdleTimeout != 0 { + if sc.srv.IdleTimeout > 0 { sc.idleTimer.Reset(sc.srv.IdleTimeout) } if h1ServerKeepAlivesDisabled(sc.hs) { @@ -2017,7 +2018,7 @@ func (sc *serverConn) processHeaders(f *MetaHeadersFrame) error { // similar to how the http1 server works. Here it's // technically more like the http1 Server's ReadHeaderTimeout // (in Go 1.8), though. That's a more sane option anyway. - if sc.hs.ReadTimeout != 0 { + if sc.hs.ReadTimeout > 0 { sc.conn.SetReadDeadline(time.Time{}) st.readDeadline = time.AfterFunc(sc.hs.ReadTimeout, st.onReadTimeout) } @@ -2038,7 +2039,7 @@ func (sc *serverConn) upgradeRequest(req *http.Request) { // Disable any read deadline set by the net/http package // prior to the upgrade. - if sc.hs.ReadTimeout != 0 { + if sc.hs.ReadTimeout > 0 { sc.conn.SetReadDeadline(time.Time{}) } @@ -2116,7 +2117,7 @@ func (sc *serverConn) newStream(id, pusherID uint32, state streamState) *stream st.flow.conn = &sc.flow // link to conn-level counter st.flow.add(sc.initialStreamSendWindowSize) st.inflow.init(sc.srv.initialStreamRecvWindowSize()) - if sc.hs.WriteTimeout != 0 { + if sc.hs.WriteTimeout > 0 { st.writeDeadline = time.AfterFunc(sc.hs.WriteTimeout, st.onWriteTimeout) } diff --git a/vendor/golang.org/x/net/http2/testsync.go b/vendor/golang.org/x/net/http2/testsync.go new file mode 100644 index 0000000000..61075bd16d --- /dev/null +++ b/vendor/golang.org/x/net/http2/testsync.go @@ -0,0 +1,331 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. +package http2 + +import ( + "context" + "sync" + "time" +) + +// testSyncHooks coordinates goroutines in tests. +// +// For example, a call to ClientConn.RoundTrip involves several goroutines, including: +// - the goroutine running RoundTrip; +// - the clientStream.doRequest goroutine, which writes the request; and +// - the clientStream.readLoop goroutine, which reads the response. +// +// Using testSyncHooks, a test can start a RoundTrip and identify when all these goroutines +// are blocked waiting for some condition such as reading the Request.Body or waiting for +// flow control to become available. +// +// The testSyncHooks also manage timers and synthetic time in tests. +// This permits us to, for example, start a request and cause it to time out waiting for +// response headers without resorting to time.Sleep calls. +type testSyncHooks struct { + // active/inactive act as a mutex and condition variable. + // + // - neither chan contains a value: testSyncHooks is locked. + // - active contains a value: unlocked, and at least one goroutine is not blocked + // - inactive contains a value: unlocked, and all goroutines are blocked + active chan struct{} + inactive chan struct{} + + // goroutine counts + total int // total goroutines + condwait map[*sync.Cond]int // blocked in sync.Cond.Wait + blocked []*testBlockedGoroutine // otherwise blocked + + // fake time + now time.Time + timers []*fakeTimer + + // Transport testing: Report various events. + newclientconn func(*ClientConn) + newstream func(*clientStream) +} + +// testBlockedGoroutine is a blocked goroutine. +type testBlockedGoroutine struct { + f func() bool // blocked until f returns true + ch chan struct{} // closed when unblocked +} + +func newTestSyncHooks() *testSyncHooks { + h := &testSyncHooks{ + active: make(chan struct{}, 1), + inactive: make(chan struct{}, 1), + condwait: map[*sync.Cond]int{}, + } + h.inactive <- struct{}{} + h.now = time.Date(2000, 1, 1, 0, 0, 0, 0, time.UTC) + return h +} + +// lock acquires the testSyncHooks mutex. +func (h *testSyncHooks) lock() { + select { + case <-h.active: + case <-h.inactive: + } +} + +// waitInactive waits for all goroutines to become inactive. +func (h *testSyncHooks) waitInactive() { + for { + <-h.inactive + if !h.unlock() { + break + } + } +} + +// unlock releases the testSyncHooks mutex. +// It reports whether any goroutines are active. +func (h *testSyncHooks) unlock() (active bool) { + // Look for a blocked goroutine which can be unblocked. + blocked := h.blocked[:0] + unblocked := false + for _, b := range h.blocked { + if !unblocked && b.f() { + unblocked = true + close(b.ch) + } else { + blocked = append(blocked, b) + } + } + h.blocked = blocked + + // Count goroutines blocked on condition variables. + condwait := 0 + for _, count := range h.condwait { + condwait += count + } + + if h.total > condwait+len(blocked) { + h.active <- struct{}{} + return true + } else { + h.inactive <- struct{}{} + return false + } +} + +// goRun starts a new goroutine. +func (h *testSyncHooks) goRun(f func()) { + h.lock() + h.total++ + h.unlock() + go func() { + defer func() { + h.lock() + h.total-- + h.unlock() + }() + f() + }() +} + +// blockUntil indicates that a goroutine is blocked waiting for some condition to become true. +// It waits until f returns true before proceeding. +// +// Example usage: +// +// h.blockUntil(func() bool { +// // Is the context done yet? +// select { +// case <-ctx.Done(): +// default: +// return false +// } +// return true +// }) +// // Wait for the context to become done. +// <-ctx.Done() +// +// The function f passed to blockUntil must be non-blocking and idempotent. +func (h *testSyncHooks) blockUntil(f func() bool) { + if f() { + return + } + ch := make(chan struct{}) + h.lock() + h.blocked = append(h.blocked, &testBlockedGoroutine{ + f: f, + ch: ch, + }) + h.unlock() + <-ch +} + +// broadcast is sync.Cond.Broadcast. +func (h *testSyncHooks) condBroadcast(cond *sync.Cond) { + h.lock() + delete(h.condwait, cond) + h.unlock() + cond.Broadcast() +} + +// broadcast is sync.Cond.Wait. +func (h *testSyncHooks) condWait(cond *sync.Cond) { + h.lock() + h.condwait[cond]++ + h.unlock() +} + +// newTimer creates a new fake timer. +func (h *testSyncHooks) newTimer(d time.Duration) timer { + h.lock() + defer h.unlock() + t := &fakeTimer{ + hooks: h, + when: h.now.Add(d), + c: make(chan time.Time), + } + h.timers = append(h.timers, t) + return t +} + +// afterFunc creates a new fake AfterFunc timer. +func (h *testSyncHooks) afterFunc(d time.Duration, f func()) timer { + h.lock() + defer h.unlock() + t := &fakeTimer{ + hooks: h, + when: h.now.Add(d), + f: f, + } + h.timers = append(h.timers, t) + return t +} + +func (h *testSyncHooks) contextWithTimeout(ctx context.Context, d time.Duration) (context.Context, context.CancelFunc) { + ctx, cancel := context.WithCancel(ctx) + t := h.afterFunc(d, cancel) + return ctx, func() { + t.Stop() + cancel() + } +} + +func (h *testSyncHooks) timeUntilEvent() time.Duration { + h.lock() + defer h.unlock() + var next time.Time + for _, t := range h.timers { + if next.IsZero() || t.when.Before(next) { + next = t.when + } + } + if d := next.Sub(h.now); d > 0 { + return d + } + return 0 +} + +// advance advances time and causes synthetic timers to fire. +func (h *testSyncHooks) advance(d time.Duration) { + h.lock() + defer h.unlock() + h.now = h.now.Add(d) + timers := h.timers[:0] + for _, t := range h.timers { + t := t // remove after go.mod depends on go1.22 + t.mu.Lock() + switch { + case t.when.After(h.now): + timers = append(timers, t) + case t.when.IsZero(): + // stopped timer + default: + t.when = time.Time{} + if t.c != nil { + close(t.c) + } + if t.f != nil { + h.total++ + go func() { + defer func() { + h.lock() + h.total-- + h.unlock() + }() + t.f() + }() + } + } + t.mu.Unlock() + } + h.timers = timers +} + +// A timer wraps a time.Timer, or a synthetic equivalent in tests. +// Unlike time.Timer, timer is single-use: The timer channel is closed when the timer expires. +type timer interface { + C() <-chan time.Time + Stop() bool + Reset(d time.Duration) bool +} + +// timeTimer implements timer using real time. +type timeTimer struct { + t *time.Timer + c chan time.Time +} + +// newTimeTimer creates a new timer using real time. +func newTimeTimer(d time.Duration) timer { + ch := make(chan time.Time) + t := time.AfterFunc(d, func() { + close(ch) + }) + return &timeTimer{t, ch} +} + +// newTimeAfterFunc creates an AfterFunc timer using real time. +func newTimeAfterFunc(d time.Duration, f func()) timer { + return &timeTimer{ + t: time.AfterFunc(d, f), + } +} + +func (t timeTimer) C() <-chan time.Time { return t.c } +func (t timeTimer) Stop() bool { return t.t.Stop() } +func (t timeTimer) Reset(d time.Duration) bool { return t.t.Reset(d) } + +// fakeTimer implements timer using fake time. +type fakeTimer struct { + hooks *testSyncHooks + + mu sync.Mutex + when time.Time // when the timer will fire + c chan time.Time // closed when the timer fires; mutually exclusive with f + f func() // called when the timer fires; mutually exclusive with c +} + +func (t *fakeTimer) C() <-chan time.Time { return t.c } + +func (t *fakeTimer) Stop() bool { + t.mu.Lock() + defer t.mu.Unlock() + stopped := t.when.IsZero() + t.when = time.Time{} + return stopped +} + +func (t *fakeTimer) Reset(d time.Duration) bool { + if t.c != nil || t.f == nil { + panic("fakeTimer only supports Reset on AfterFunc timers") + } + t.mu.Lock() + defer t.mu.Unlock() + t.hooks.lock() + defer t.hooks.unlock() + active := !t.when.IsZero() + t.when = t.hooks.now.Add(d) + if !active { + t.hooks.timers = append(t.hooks.timers, t) + } + return active +} diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index df578b86c6..ce375c8c75 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -147,6 +147,12 @@ type Transport struct { // waiting for their turn. StrictMaxConcurrentStreams bool + // IdleConnTimeout is the maximum amount of time an idle + // (keep-alive) connection will remain idle before closing + // itself. + // Zero means no limit. + IdleConnTimeout time.Duration + // ReadIdleTimeout is the timeout after which a health check using ping // frame will be carried out if no frame is received on the connection. // Note that a ping response will is considered a received frame, so if @@ -178,6 +184,8 @@ type Transport struct { connPoolOnce sync.Once connPoolOrDef ClientConnPool // non-nil version of ConnPool + + syncHooks *testSyncHooks } func (t *Transport) maxHeaderListSize() uint32 { @@ -302,7 +310,7 @@ type ClientConn struct { readerErr error // set before readerDone is closed idleTimeout time.Duration // or 0 for never - idleTimer *time.Timer + idleTimer timer mu sync.Mutex // guards following cond *sync.Cond // hold mu; broadcast on flow/closed changes @@ -344,6 +352,60 @@ type ClientConn struct { werr error // first write error that has occurred hbuf bytes.Buffer // HPACK encoder writes into this henc *hpack.Encoder + + syncHooks *testSyncHooks // can be nil +} + +// Hook points used for testing. +// Outside of tests, cc.syncHooks is nil and these all have minimal implementations. +// Inside tests, see the testSyncHooks function docs. + +// goRun starts a new goroutine. +func (cc *ClientConn) goRun(f func()) { + if cc.syncHooks != nil { + cc.syncHooks.goRun(f) + return + } + go f() +} + +// condBroadcast is cc.cond.Broadcast. +func (cc *ClientConn) condBroadcast() { + if cc.syncHooks != nil { + cc.syncHooks.condBroadcast(cc.cond) + } + cc.cond.Broadcast() +} + +// condWait is cc.cond.Wait. +func (cc *ClientConn) condWait() { + if cc.syncHooks != nil { + cc.syncHooks.condWait(cc.cond) + } + cc.cond.Wait() +} + +// newTimer creates a new time.Timer, or a synthetic timer in tests. +func (cc *ClientConn) newTimer(d time.Duration) timer { + if cc.syncHooks != nil { + return cc.syncHooks.newTimer(d) + } + return newTimeTimer(d) +} + +// afterFunc creates a new time.AfterFunc timer, or a synthetic timer in tests. +func (cc *ClientConn) afterFunc(d time.Duration, f func()) timer { + if cc.syncHooks != nil { + return cc.syncHooks.afterFunc(d, f) + } + return newTimeAfterFunc(d, f) +} + +func (cc *ClientConn) contextWithTimeout(ctx context.Context, d time.Duration) (context.Context, context.CancelFunc) { + if cc.syncHooks != nil { + return cc.syncHooks.contextWithTimeout(ctx, d) + } + return context.WithTimeout(ctx, d) } // clientStream is the state for a single HTTP/2 stream. One of these @@ -425,7 +487,7 @@ func (cs *clientStream) abortStreamLocked(err error) { // TODO(dneil): Clean up tests where cs.cc.cond is nil. if cs.cc.cond != nil { // Wake up writeRequestBody if it is waiting on flow control. - cs.cc.cond.Broadcast() + cs.cc.condBroadcast() } } @@ -435,7 +497,7 @@ func (cs *clientStream) abortRequestBodyWrite() { defer cc.mu.Unlock() if cs.reqBody != nil && cs.reqBodyClosed == nil { cs.closeReqBodyLocked() - cc.cond.Broadcast() + cc.condBroadcast() } } @@ -445,10 +507,10 @@ func (cs *clientStream) closeReqBodyLocked() { } cs.reqBodyClosed = make(chan struct{}) reqBodyClosed := cs.reqBodyClosed - go func() { + cs.cc.goRun(func() { cs.reqBody.Close() close(reqBodyClosed) - }() + }) } type stickyErrWriter struct { @@ -537,15 +599,6 @@ func authorityAddr(scheme string, authority string) (addr string) { return net.JoinHostPort(host, port) } -var retryBackoffHook func(time.Duration) *time.Timer - -func backoffNewTimer(d time.Duration) *time.Timer { - if retryBackoffHook != nil { - return retryBackoffHook(d) - } - return time.NewTimer(d) -} - // RoundTripOpt is like RoundTrip, but takes options. func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Response, error) { if !(req.URL.Scheme == "https" || (req.URL.Scheme == "http" && t.AllowHTTP)) { @@ -573,13 +626,27 @@ func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Res backoff := float64(uint(1) << (uint(retry) - 1)) backoff += backoff * (0.1 * mathrand.Float64()) d := time.Second * time.Duration(backoff) - timer := backoffNewTimer(d) + var tm timer + if t.syncHooks != nil { + tm = t.syncHooks.newTimer(d) + t.syncHooks.blockUntil(func() bool { + select { + case <-tm.C(): + case <-req.Context().Done(): + default: + return false + } + return true + }) + } else { + tm = newTimeTimer(d) + } select { - case <-timer.C: + case <-tm.C(): t.vlogf("RoundTrip retrying after failure: %v", roundTripErr) continue case <-req.Context().Done(): - timer.Stop() + tm.Stop() err = req.Context().Err() } } @@ -658,6 +725,9 @@ func canRetryError(err error) bool { } func (t *Transport) dialClientConn(ctx context.Context, addr string, singleUse bool) (*ClientConn, error) { + if t.syncHooks != nil { + return t.newClientConn(nil, singleUse, t.syncHooks) + } host, _, err := net.SplitHostPort(addr) if err != nil { return nil, err @@ -666,7 +736,7 @@ func (t *Transport) dialClientConn(ctx context.Context, addr string, singleUse b if err != nil { return nil, err } - return t.newClientConn(tconn, singleUse) + return t.newClientConn(tconn, singleUse, nil) } func (t *Transport) newTLSConfig(host string) *tls.Config { @@ -732,10 +802,10 @@ func (t *Transport) maxEncoderHeaderTableSize() uint32 { } func (t *Transport) NewClientConn(c net.Conn) (*ClientConn, error) { - return t.newClientConn(c, t.disableKeepAlives()) + return t.newClientConn(c, t.disableKeepAlives(), nil) } -func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, error) { +func (t *Transport) newClientConn(c net.Conn, singleUse bool, hooks *testSyncHooks) (*ClientConn, error) { cc := &ClientConn{ t: t, tconn: c, @@ -750,10 +820,15 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro wantSettingsAck: true, pings: make(map[[8]byte]chan struct{}), reqHeaderMu: make(chan struct{}, 1), + syncHooks: hooks, + } + if hooks != nil { + hooks.newclientconn(cc) + c = cc.tconn } if d := t.idleConnTimeout(); d != 0 { cc.idleTimeout = d - cc.idleTimer = time.AfterFunc(d, cc.onIdleTimeout) + cc.idleTimer = cc.afterFunc(d, cc.onIdleTimeout) } if VerboseLogs { t.vlogf("http2: Transport creating client conn %p to %v", cc, c.RemoteAddr()) @@ -818,7 +893,7 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro return nil, cc.werr } - go cc.readLoop() + cc.goRun(cc.readLoop) return cc, nil } @@ -826,7 +901,7 @@ func (cc *ClientConn) healthCheck() { pingTimeout := cc.t.pingTimeout() // We don't need to periodically ping in the health check, because the readLoop of ClientConn will // trigger the healthCheck again if there is no frame received. - ctx, cancel := context.WithTimeout(context.Background(), pingTimeout) + ctx, cancel := cc.contextWithTimeout(context.Background(), pingTimeout) defer cancel() cc.vlogf("http2: Transport sending health check") err := cc.Ping(ctx) @@ -1056,7 +1131,7 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error { // Wait for all in-flight streams to complete or connection to close done := make(chan struct{}) cancelled := false // guarded by cc.mu - go func() { + cc.goRun(func() { cc.mu.Lock() defer cc.mu.Unlock() for { @@ -1068,9 +1143,9 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error { if cancelled { break } - cc.cond.Wait() + cc.condWait() } - }() + }) shutdownEnterWaitStateHook() select { case <-done: @@ -1080,7 +1155,7 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error { cc.mu.Lock() // Free the goroutine above cancelled = true - cc.cond.Broadcast() + cc.condBroadcast() cc.mu.Unlock() return ctx.Err() } @@ -1118,7 +1193,7 @@ func (cc *ClientConn) closeForError(err error) { for _, cs := range cc.streams { cs.abortStreamLocked(err) } - cc.cond.Broadcast() + cc.condBroadcast() cc.mu.Unlock() cc.closeConn() } @@ -1215,6 +1290,10 @@ func (cc *ClientConn) decrStreamReservationsLocked() { } func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) { + return cc.roundTrip(req, nil) +} + +func (cc *ClientConn) roundTrip(req *http.Request, streamf func(*clientStream)) (*http.Response, error) { ctx := req.Context() cs := &clientStream{ cc: cc, @@ -1229,9 +1308,23 @@ func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) { respHeaderRecv: make(chan struct{}), donec: make(chan struct{}), } - go cs.doRequest(req) + cc.goRun(func() { + cs.doRequest(req) + }) waitDone := func() error { + if cc.syncHooks != nil { + cc.syncHooks.blockUntil(func() bool { + select { + case <-cs.donec: + case <-ctx.Done(): + case <-cs.reqCancel: + default: + return false + } + return true + }) + } select { case <-cs.donec: return nil @@ -1292,7 +1385,24 @@ func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) { return err } + if streamf != nil { + streamf(cs) + } + for { + if cc.syncHooks != nil { + cc.syncHooks.blockUntil(func() bool { + select { + case <-cs.respHeaderRecv: + case <-cs.abort: + case <-ctx.Done(): + case <-cs.reqCancel: + default: + return false + } + return true + }) + } select { case <-cs.respHeaderRecv: return handleResponseHeaders() @@ -1348,6 +1458,21 @@ func (cs *clientStream) writeRequest(req *http.Request) (err error) { if cc.reqHeaderMu == nil { panic("RoundTrip on uninitialized ClientConn") // for tests } + var newStreamHook func(*clientStream) + if cc.syncHooks != nil { + newStreamHook = cc.syncHooks.newstream + cc.syncHooks.blockUntil(func() bool { + select { + case cc.reqHeaderMu <- struct{}{}: + <-cc.reqHeaderMu + case <-cs.reqCancel: + case <-ctx.Done(): + default: + return false + } + return true + }) + } select { case cc.reqHeaderMu <- struct{}{}: case <-cs.reqCancel: @@ -1372,6 +1497,10 @@ func (cs *clientStream) writeRequest(req *http.Request) (err error) { } cc.mu.Unlock() + if newStreamHook != nil { + newStreamHook(cs) + } + // TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere? if !cc.t.disableCompression() && req.Header.Get("Accept-Encoding") == "" && @@ -1452,15 +1581,30 @@ func (cs *clientStream) writeRequest(req *http.Request) (err error) { var respHeaderTimer <-chan time.Time var respHeaderRecv chan struct{} if d := cc.responseHeaderTimeout(); d != 0 { - timer := time.NewTimer(d) + timer := cc.newTimer(d) defer timer.Stop() - respHeaderTimer = timer.C + respHeaderTimer = timer.C() respHeaderRecv = cs.respHeaderRecv } // Wait until the peer half-closes its end of the stream, // or until the request is aborted (via context, error, or otherwise), // whichever comes first. for { + if cc.syncHooks != nil { + cc.syncHooks.blockUntil(func() bool { + select { + case <-cs.peerClosed: + case <-respHeaderTimer: + case <-respHeaderRecv: + case <-cs.abort: + case <-ctx.Done(): + case <-cs.reqCancel: + default: + return false + } + return true + }) + } select { case <-cs.peerClosed: return nil @@ -1609,7 +1753,7 @@ func (cc *ClientConn) awaitOpenSlotForStreamLocked(cs *clientStream) error { return nil } cc.pendingRequests++ - cc.cond.Wait() + cc.condWait() cc.pendingRequests-- select { case <-cs.abort: @@ -1871,8 +2015,24 @@ func (cs *clientStream) awaitFlowControl(maxBytes int) (taken int32, err error) cs.flow.take(take) return take, nil } - cc.cond.Wait() + cc.condWait() + } +} + +func validateHeaders(hdrs http.Header) string { + for k, vv := range hdrs { + if !httpguts.ValidHeaderFieldName(k) { + return fmt.Sprintf("name %q", k) + } + for _, v := range vv { + if !httpguts.ValidHeaderFieldValue(v) { + // Don't include the value in the error, + // because it may be sensitive. + return fmt.Sprintf("value for header %q", k) + } + } } + return "" } var errNilRequestURL = errors.New("http2: Request.URI is nil") @@ -1912,19 +2072,14 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail } } - // Check for any invalid headers and return an error before we + // Check for any invalid headers+trailers and return an error before we // potentially pollute our hpack state. (We want to be able to // continue to reuse the hpack encoder for future requests) - for k, vv := range req.Header { - if !httpguts.ValidHeaderFieldName(k) { - return nil, fmt.Errorf("invalid HTTP header name %q", k) - } - for _, v := range vv { - if !httpguts.ValidHeaderFieldValue(v) { - // Don't include the value in the error, because it may be sensitive. - return nil, fmt.Errorf("invalid HTTP header value for header %q", k) - } - } + if err := validateHeaders(req.Header); err != "" { + return nil, fmt.Errorf("invalid HTTP header %s", err) + } + if err := validateHeaders(req.Trailer); err != "" { + return nil, fmt.Errorf("invalid HTTP trailer %s", err) } enumerateHeaders := func(f func(name, value string)) { @@ -2143,7 +2298,7 @@ func (cc *ClientConn) forgetStreamID(id uint32) { } // Wake up writeRequestBody via clientStream.awaitFlowControl and // wake up RoundTrip if there is a pending request. - cc.cond.Broadcast() + cc.condBroadcast() closeOnIdle := cc.singleUse || cc.doNotReuse || cc.t.disableKeepAlives() || cc.goAway != nil if closeOnIdle && cc.streamsReserved == 0 && len(cc.streams) == 0 { @@ -2231,7 +2386,7 @@ func (rl *clientConnReadLoop) cleanup() { cs.abortStreamLocked(err) } } - cc.cond.Broadcast() + cc.condBroadcast() cc.mu.Unlock() } @@ -2266,10 +2421,9 @@ func (rl *clientConnReadLoop) run() error { cc := rl.cc gotSettings := false readIdleTimeout := cc.t.ReadIdleTimeout - var t *time.Timer + var t timer if readIdleTimeout != 0 { - t = time.AfterFunc(readIdleTimeout, cc.healthCheck) - defer t.Stop() + t = cc.afterFunc(readIdleTimeout, cc.healthCheck) } for { f, err := cc.fr.ReadFrame() @@ -2684,7 +2838,7 @@ func (rl *clientConnReadLoop) processData(f *DataFrame) error { }) return nil } - if !cs.firstByte { + if !cs.pastHeaders { cc.logf("protocol error: received DATA before a HEADERS frame") rl.endStreamError(cs, StreamError{ StreamID: f.StreamID, @@ -2867,7 +3021,7 @@ func (rl *clientConnReadLoop) processSettingsNoWrite(f *SettingsFrame) error { for _, cs := range cc.streams { cs.flow.add(delta) } - cc.cond.Broadcast() + cc.condBroadcast() cc.initialWindowSize = s.Val case SettingHeaderTableSize: @@ -2911,9 +3065,18 @@ func (rl *clientConnReadLoop) processWindowUpdate(f *WindowUpdateFrame) error { fl = &cs.flow } if !fl.add(int32(f.Increment)) { + // For stream, the sender sends RST_STREAM with an error code of FLOW_CONTROL_ERROR + if cs != nil { + rl.endStreamError(cs, StreamError{ + StreamID: f.StreamID, + Code: ErrCodeFlowControl, + }) + return nil + } + return ConnectionError(ErrCodeFlowControl) } - cc.cond.Broadcast() + cc.condBroadcast() return nil } @@ -2955,24 +3118,38 @@ func (cc *ClientConn) Ping(ctx context.Context) error { } cc.mu.Unlock() } - errc := make(chan error, 1) - go func() { + var pingError error + errc := make(chan struct{}) + cc.goRun(func() { cc.wmu.Lock() defer cc.wmu.Unlock() - if err := cc.fr.WritePing(false, p); err != nil { - errc <- err + if pingError = cc.fr.WritePing(false, p); pingError != nil { + close(errc) return } - if err := cc.bw.Flush(); err != nil { - errc <- err + if pingError = cc.bw.Flush(); pingError != nil { + close(errc) return } - }() + }) + if cc.syncHooks != nil { + cc.syncHooks.blockUntil(func() bool { + select { + case <-c: + case <-errc: + case <-ctx.Done(): + case <-cc.readerDone: + default: + return false + } + return true + }) + } select { case <-c: return nil - case err := <-errc: - return err + case <-errc: + return pingError case <-ctx.Done(): return ctx.Err() case <-cc.readerDone: @@ -3141,9 +3318,17 @@ func (rt noDialH2RoundTripper) RoundTrip(req *http.Request) (*http.Response, err } func (t *Transport) idleConnTimeout() time.Duration { + // to keep things backwards compatible, we use non-zero values of + // IdleConnTimeout, followed by using the IdleConnTimeout on the underlying + // http1 transport, followed by 0 + if t.IdleConnTimeout != 0 { + return t.IdleConnTimeout + } + if t.t1 != nil { return t.t1.IdleConnTimeout } + return 0 } diff --git a/vendor/golang.org/x/net/websocket/client.go b/vendor/golang.org/x/net/websocket/client.go index 69a4ac7eef..1e64157f3e 100644 --- a/vendor/golang.org/x/net/websocket/client.go +++ b/vendor/golang.org/x/net/websocket/client.go @@ -6,10 +6,12 @@ package websocket import ( "bufio" + "context" "io" "net" "net/http" "net/url" + "time" ) // DialError is an error that occurs while dialling a websocket server. @@ -79,28 +81,59 @@ func parseAuthority(location *url.URL) string { // DialConfig opens a new client connection to a WebSocket with a config. func DialConfig(config *Config) (ws *Conn, err error) { - var client net.Conn + return config.DialContext(context.Background()) +} + +// DialContext opens a new client connection to a WebSocket, with context support for timeouts/cancellation. +func (config *Config) DialContext(ctx context.Context) (*Conn, error) { if config.Location == nil { return nil, &DialError{config, ErrBadWebSocketLocation} } if config.Origin == nil { return nil, &DialError{config, ErrBadWebSocketOrigin} } + dialer := config.Dialer if dialer == nil { dialer = &net.Dialer{} } - client, err = dialWithDialer(dialer, config) - if err != nil { - goto Error - } - ws, err = NewClient(config, client) + + client, err := dialWithDialer(ctx, dialer, config) if err != nil { - client.Close() - goto Error + return nil, &DialError{config, err} } - return -Error: - return nil, &DialError{config, err} + // Cleanup the connection if we fail to create the websocket successfully + success := false + defer func() { + if !success { + _ = client.Close() + } + }() + + var ws *Conn + var wsErr error + doneConnecting := make(chan struct{}) + go func() { + defer close(doneConnecting) + ws, err = NewClient(config, client) + if err != nil { + wsErr = &DialError{config, err} + } + }() + + // The websocket.NewClient() function can block indefinitely, make sure that we + // respect the deadlines specified by the context. + select { + case <-ctx.Done(): + // Force the pending operations to fail, terminating the pending connection attempt + _ = client.SetDeadline(time.Now()) + <-doneConnecting // Wait for the goroutine that tries to establish the connection to finish + return nil, &DialError{config, ctx.Err()} + case <-doneConnecting: + if wsErr == nil { + success = true // Disarm the deferred connection cleanup + } + return ws, wsErr + } } diff --git a/vendor/golang.org/x/net/websocket/dial.go b/vendor/golang.org/x/net/websocket/dial.go index 2dab943a48..8a2d83c473 100644 --- a/vendor/golang.org/x/net/websocket/dial.go +++ b/vendor/golang.org/x/net/websocket/dial.go @@ -5,18 +5,23 @@ package websocket import ( + "context" "crypto/tls" "net" ) -func dialWithDialer(dialer *net.Dialer, config *Config) (conn net.Conn, err error) { +func dialWithDialer(ctx context.Context, dialer *net.Dialer, config *Config) (conn net.Conn, err error) { switch config.Location.Scheme { case "ws": - conn, err = dialer.Dial("tcp", parseAuthority(config.Location)) + conn, err = dialer.DialContext(ctx, "tcp", parseAuthority(config.Location)) case "wss": - conn, err = tls.DialWithDialer(dialer, "tcp", parseAuthority(config.Location), config.TlsConfig) + tlsDialer := &tls.Dialer{ + NetDialer: dialer, + Config: config.TlsConfig, + } + conn, err = tlsDialer.DialContext(ctx, "tcp", parseAuthority(config.Location)) default: err = ErrBadScheme } diff --git a/vendor/golang.org/x/sys/unix/aliases.go b/vendor/golang.org/x/sys/unix/aliases.go index e7d3df4bd3..b0e4198575 100644 --- a/vendor/golang.org/x/sys/unix/aliases.go +++ b/vendor/golang.org/x/sys/unix/aliases.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9 +//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos package unix diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index c6492020ec..fdcaa974d2 100644 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -584,7 +584,7 @@ ccflags="$@" $2 ~ /^KEY_(SPEC|REQKEY_DEFL)_/ || $2 ~ /^KEYCTL_/ || $2 ~ /^PERF_/ || - $2 ~ /^SECCOMP_MODE_/ || + $2 ~ /^SECCOMP_/ || $2 ~ /^SEEK_/ || $2 ~ /^SCHED_/ || $2 ~ /^SPLICE_/ || diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go index 16dc699379..2f0fa76e4f 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build darwin && go1.12 +//go:build darwin package unix diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go index 64d1bb4dba..2b57e0f73b 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go @@ -13,6 +13,7 @@ package unix import ( + "errors" "sync" "unsafe" ) @@ -169,25 +170,26 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { func Uname(uname *Utsname) error { mib := []_C_int{CTL_KERN, KERN_OSTYPE} n := unsafe.Sizeof(uname.Sysname) - if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil { + // Suppress ENOMEM errors to be compatible with the C library __xuname() implementation. + if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } mib = []_C_int{CTL_KERN, KERN_HOSTNAME} n = unsafe.Sizeof(uname.Nodename) - if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil { + if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } mib = []_C_int{CTL_KERN, KERN_OSRELEASE} n = unsafe.Sizeof(uname.Release) - if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil { + if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } mib = []_C_int{CTL_KERN, KERN_VERSION} n = unsafe.Sizeof(uname.Version) - if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil { + if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } @@ -205,7 +207,7 @@ func Uname(uname *Utsname) error { mib = []_C_int{CTL_HW, HW_MACHINE} n = unsafe.Sizeof(uname.Machine) - if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil { + if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index 0f85e29e62..5682e2628a 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1849,6 +1849,105 @@ func Dup2(oldfd, newfd int) error { //sys Fsmount(fd int, flags int, mountAttrs int) (fsfd int, err error) //sys Fsopen(fsName string, flags int) (fd int, err error) //sys Fspick(dirfd int, pathName string, flags int) (fd int, err error) + +//sys fsconfig(fd int, cmd uint, key *byte, value *byte, aux int) (err error) + +func fsconfigCommon(fd int, cmd uint, key string, value *byte, aux int) (err error) { + var keyp *byte + if keyp, err = BytePtrFromString(key); err != nil { + return + } + return fsconfig(fd, cmd, keyp, value, aux) +} + +// FsconfigSetFlag is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_FLAG. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +func FsconfigSetFlag(fd int, key string) (err error) { + return fsconfigCommon(fd, FSCONFIG_SET_FLAG, key, nil, 0) +} + +// FsconfigSetString is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_STRING. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +// value is the parameter value to set. +func FsconfigSetString(fd int, key string, value string) (err error) { + var valuep *byte + if valuep, err = BytePtrFromString(value); err != nil { + return + } + return fsconfigCommon(fd, FSCONFIG_SET_STRING, key, valuep, 0) +} + +// FsconfigSetBinary is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_BINARY. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +// value is the parameter value to set. +func FsconfigSetBinary(fd int, key string, value []byte) (err error) { + if len(value) == 0 { + return EINVAL + } + return fsconfigCommon(fd, FSCONFIG_SET_BINARY, key, &value[0], len(value)) +} + +// FsconfigSetPath is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_PATH. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +// path is a non-empty path for specified key. +// atfd is a file descriptor at which to start lookup from or AT_FDCWD. +func FsconfigSetPath(fd int, key string, path string, atfd int) (err error) { + var valuep *byte + if valuep, err = BytePtrFromString(path); err != nil { + return + } + return fsconfigCommon(fd, FSCONFIG_SET_PATH, key, valuep, atfd) +} + +// FsconfigSetPathEmpty is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_PATH_EMPTY. The same as +// FconfigSetPath but with AT_PATH_EMPTY implied. +func FsconfigSetPathEmpty(fd int, key string, path string, atfd int) (err error) { + var valuep *byte + if valuep, err = BytePtrFromString(path); err != nil { + return + } + return fsconfigCommon(fd, FSCONFIG_SET_PATH_EMPTY, key, valuep, atfd) +} + +// FsconfigSetFd is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_FD. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +// value is a file descriptor to be assigned to specified key. +func FsconfigSetFd(fd int, key string, value int) (err error) { + return fsconfigCommon(fd, FSCONFIG_SET_FD, key, nil, value) +} + +// FsconfigCreate is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_CMD_CREATE. +// +// fd is the filesystem context to act upon. +func FsconfigCreate(fd int) (err error) { + return fsconfig(fd, FSCONFIG_CMD_CREATE, nil, nil, 0) +} + +// FsconfigReconfigure is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_CMD_RECONFIGURE. +// +// fd is the filesystem context to act upon. +func FsconfigReconfigure(fd int) (err error) { + return fsconfig(fd, FSCONFIG_CMD_RECONFIGURE, nil, nil, 0) +} + //sys Getdents(fd int, buf []byte) (n int, err error) = SYS_GETDENTS64 //sysnb Getpgid(pid int) (pgid int, err error) diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index a5d3ff8df9..36bf8399f4 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -1785,6 +1785,8 @@ const ( LANDLOCK_ACCESS_FS_REMOVE_FILE = 0x20 LANDLOCK_ACCESS_FS_TRUNCATE = 0x4000 LANDLOCK_ACCESS_FS_WRITE_FILE = 0x2 + LANDLOCK_ACCESS_NET_BIND_TCP = 0x1 + LANDLOCK_ACCESS_NET_CONNECT_TCP = 0x2 LANDLOCK_CREATE_RULESET_VERSION = 0x1 LINUX_REBOOT_CMD_CAD_OFF = 0x0 LINUX_REBOOT_CMD_CAD_ON = 0x89abcdef @@ -2465,6 +2467,7 @@ const ( PR_MCE_KILL_GET = 0x22 PR_MCE_KILL_LATE = 0x0 PR_MCE_KILL_SET = 0x1 + PR_MDWE_NO_INHERIT = 0x2 PR_MDWE_REFUSE_EXEC_GAIN = 0x1 PR_MPX_DISABLE_MANAGEMENT = 0x2c PR_MPX_ENABLE_MANAGEMENT = 0x2b @@ -2669,8 +2672,9 @@ const ( RTAX_FEATURES = 0xc RTAX_FEATURE_ALLFRAG = 0x8 RTAX_FEATURE_ECN = 0x1 - RTAX_FEATURE_MASK = 0xf + RTAX_FEATURE_MASK = 0x1f RTAX_FEATURE_SACK = 0x2 + RTAX_FEATURE_TCP_USEC_TS = 0x10 RTAX_FEATURE_TIMESTAMP = 0x4 RTAX_HOPLIMIT = 0xa RTAX_INITCWND = 0xb @@ -2913,9 +2917,38 @@ const ( SCM_RIGHTS = 0x1 SCM_TIMESTAMP = 0x1d SC_LOG_FLUSH = 0x100000 + SECCOMP_ADDFD_FLAG_SEND = 0x2 + SECCOMP_ADDFD_FLAG_SETFD = 0x1 + SECCOMP_FILTER_FLAG_LOG = 0x2 + SECCOMP_FILTER_FLAG_NEW_LISTENER = 0x8 + SECCOMP_FILTER_FLAG_SPEC_ALLOW = 0x4 + SECCOMP_FILTER_FLAG_TSYNC = 0x1 + SECCOMP_FILTER_FLAG_TSYNC_ESRCH = 0x10 + SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV = 0x20 + SECCOMP_GET_ACTION_AVAIL = 0x2 + SECCOMP_GET_NOTIF_SIZES = 0x3 + SECCOMP_IOCTL_NOTIF_RECV = 0xc0502100 + SECCOMP_IOCTL_NOTIF_SEND = 0xc0182101 + SECCOMP_IOC_MAGIC = '!' SECCOMP_MODE_DISABLED = 0x0 SECCOMP_MODE_FILTER = 0x2 SECCOMP_MODE_STRICT = 0x1 + SECCOMP_RET_ACTION = 0x7fff0000 + SECCOMP_RET_ACTION_FULL = 0xffff0000 + SECCOMP_RET_ALLOW = 0x7fff0000 + SECCOMP_RET_DATA = 0xffff + SECCOMP_RET_ERRNO = 0x50000 + SECCOMP_RET_KILL = 0x0 + SECCOMP_RET_KILL_PROCESS = 0x80000000 + SECCOMP_RET_KILL_THREAD = 0x0 + SECCOMP_RET_LOG = 0x7ffc0000 + SECCOMP_RET_TRACE = 0x7ff00000 + SECCOMP_RET_TRAP = 0x30000 + SECCOMP_RET_USER_NOTIF = 0x7fc00000 + SECCOMP_SET_MODE_FILTER = 0x1 + SECCOMP_SET_MODE_STRICT = 0x0 + SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP = 0x1 + SECCOMP_USER_NOTIF_FLAG_CONTINUE = 0x1 SECRETMEM_MAGIC = 0x5345434d SECURITYFS_MAGIC = 0x73636673 SEEK_CUR = 0x1 @@ -3075,6 +3108,7 @@ const ( SOL_TIPC = 0x10f SOL_TLS = 0x11a SOL_UDP = 0x11 + SOL_VSOCK = 0x11f SOL_X25 = 0x106 SOL_XDP = 0x11b SOMAXCONN = 0x1000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 4920821cf3..42ff8c3c1b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index a0c1e41127..dca436004f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -282,6 +282,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index c63985560f..5cca668ac3 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -288,6 +288,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 47cc62e25c..d8cae6d153 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -278,6 +278,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 27ac4a09e2..28e39afdcb 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -275,6 +275,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 54694642a5..cd66e92cb4 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 3adb81d758..c1595eba78 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 2dfe98f0d1..ee9456b0da 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index f5398f84f0..8cfca81e1b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index c54f152d68..60b0deb3af 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -336,6 +336,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 76057dc72f..f90aa7281b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -340,6 +340,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index e0c3725e2b..ba9e015033 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -340,6 +340,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 18f2813ed5..07cdfd6e9f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -272,6 +272,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 11619d4ec8..2f1dd214a7 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -344,6 +344,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index 396d994da7..f40519d901 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -335,6 +335,9 @@ const ( SCM_TIMESTAMPNS = 0x21 SCM_TXTIME = 0x3f SCM_WIFI_STATUS = 0x25 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x400000 SFD_NONBLOCK = 0x4000 SF_FP = 0x38 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 1488d27128..87d8612a1d 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -906,6 +906,16 @@ func Fspick(dirfd int, pathName string, flags int) (fd int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func fsconfig(fd int, cmd uint, key *byte, value *byte, aux int) (err error) { + _, _, e1 := Syscall6(SYS_FSCONFIG, uintptr(fd), uintptr(cmd), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(value)), uintptr(aux), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Getdents(fd int, buf []byte) (n int, err error) { var _p0 unsafe.Pointer if len(buf) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go index fcf3ecbdde..0cc3ce496e 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go @@ -448,4 +448,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go index f56dc2504a..856d92d69e 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go @@ -371,4 +371,7 @@ const ( SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go index 974bf24676..8d467094cf 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go @@ -412,4 +412,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go index 39a2739e23..edc173244d 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go @@ -315,4 +315,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go index cf9c9d77e1..445eba2061 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go @@ -309,4 +309,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go index 10b7362ef4..adba01bca7 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go @@ -432,4 +432,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 4450 SYS_CACHESTAT = 4451 SYS_FCHMODAT2 = 4452 + SYS_MAP_SHADOW_STACK = 4453 + SYS_FUTEX_WAKE = 4454 + SYS_FUTEX_WAIT = 4455 + SYS_FUTEX_REQUEUE = 4456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go index cd4d8b4fd3..014c4e9c7a 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go @@ -362,4 +362,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 5450 SYS_CACHESTAT = 5451 SYS_FCHMODAT2 = 5452 + SYS_MAP_SHADOW_STACK = 5453 + SYS_FUTEX_WAKE = 5454 + SYS_FUTEX_WAIT = 5455 + SYS_FUTEX_REQUEUE = 5456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go index 2c0efca818..ccc97d74d0 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go @@ -362,4 +362,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 5450 SYS_CACHESTAT = 5451 SYS_FCHMODAT2 = 5452 + SYS_MAP_SHADOW_STACK = 5453 + SYS_FUTEX_WAKE = 5454 + SYS_FUTEX_WAIT = 5455 + SYS_FUTEX_REQUEUE = 5456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go index a72e31d391..ec2b64a95d 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go @@ -432,4 +432,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 4450 SYS_CACHESTAT = 4451 SYS_FCHMODAT2 = 4452 + SYS_MAP_SHADOW_STACK = 4453 + SYS_FUTEX_WAKE = 4454 + SYS_FUTEX_WAIT = 4455 + SYS_FUTEX_REQUEUE = 4456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go index c7d1e37471..21a839e338 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go @@ -439,4 +439,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go index f4d4838c87..c11121ec3b 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go @@ -411,4 +411,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go index b64f0e5911..909b631fcb 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go @@ -411,4 +411,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index 95711195a0..e49bed16ea 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -316,4 +316,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index f94e943bc4..66017d2d32 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -377,4 +377,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go index ba0c2bc515..47bab18dce 100644 --- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go @@ -390,4 +390,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index bbf8399ff5..eff6bcdef8 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -174,7 +174,8 @@ type FscryptPolicyV2 struct { Contents_encryption_mode uint8 Filenames_encryption_mode uint8 Flags uint8 - _ [4]uint8 + Log2_data_unit_size uint8 + _ [3]uint8 Master_key_identifier [16]uint8 } @@ -455,60 +456,63 @@ type Ucred struct { } type TCPInfo struct { - State uint8 - Ca_state uint8 - Retransmits uint8 - Probes uint8 - Backoff uint8 - Options uint8 - Rto uint32 - Ato uint32 - Snd_mss uint32 - Rcv_mss uint32 - Unacked uint32 - Sacked uint32 - Lost uint32 - Retrans uint32 - Fackets uint32 - Last_data_sent uint32 - Last_ack_sent uint32 - Last_data_recv uint32 - Last_ack_recv uint32 - Pmtu uint32 - Rcv_ssthresh uint32 - Rtt uint32 - Rttvar uint32 - Snd_ssthresh uint32 - Snd_cwnd uint32 - Advmss uint32 - Reordering uint32 - Rcv_rtt uint32 - Rcv_space uint32 - Total_retrans uint32 - Pacing_rate uint64 - Max_pacing_rate uint64 - Bytes_acked uint64 - Bytes_received uint64 - Segs_out uint32 - Segs_in uint32 - Notsent_bytes uint32 - Min_rtt uint32 - Data_segs_in uint32 - Data_segs_out uint32 - Delivery_rate uint64 - Busy_time uint64 - Rwnd_limited uint64 - Sndbuf_limited uint64 - Delivered uint32 - Delivered_ce uint32 - Bytes_sent uint64 - Bytes_retrans uint64 - Dsack_dups uint32 - Reord_seen uint32 - Rcv_ooopack uint32 - Snd_wnd uint32 - Rcv_wnd uint32 - Rehash uint32 + State uint8 + Ca_state uint8 + Retransmits uint8 + Probes uint8 + Backoff uint8 + Options uint8 + Rto uint32 + Ato uint32 + Snd_mss uint32 + Rcv_mss uint32 + Unacked uint32 + Sacked uint32 + Lost uint32 + Retrans uint32 + Fackets uint32 + Last_data_sent uint32 + Last_ack_sent uint32 + Last_data_recv uint32 + Last_ack_recv uint32 + Pmtu uint32 + Rcv_ssthresh uint32 + Rtt uint32 + Rttvar uint32 + Snd_ssthresh uint32 + Snd_cwnd uint32 + Advmss uint32 + Reordering uint32 + Rcv_rtt uint32 + Rcv_space uint32 + Total_retrans uint32 + Pacing_rate uint64 + Max_pacing_rate uint64 + Bytes_acked uint64 + Bytes_received uint64 + Segs_out uint32 + Segs_in uint32 + Notsent_bytes uint32 + Min_rtt uint32 + Data_segs_in uint32 + Data_segs_out uint32 + Delivery_rate uint64 + Busy_time uint64 + Rwnd_limited uint64 + Sndbuf_limited uint64 + Delivered uint32 + Delivered_ce uint32 + Bytes_sent uint64 + Bytes_retrans uint64 + Dsack_dups uint32 + Reord_seen uint32 + Rcv_ooopack uint32 + Snd_wnd uint32 + Rcv_wnd uint32 + Rehash uint32 + Total_rto uint16 + Total_rto_recoveries uint16 + Total_rto_time uint32 } type CanFilter struct { @@ -551,7 +555,7 @@ const ( SizeofIPv6MTUInfo = 0x20 SizeofICMPv6Filter = 0x20 SizeofUcred = 0xc - SizeofTCPInfo = 0xf0 + SizeofTCPInfo = 0xf8 SizeofCanFilter = 0x8 SizeofTCPRepairOpt = 0x8 ) @@ -832,6 +836,15 @@ const ( FSPICK_EMPTY_PATH = 0x8 FSMOUNT_CLOEXEC = 0x1 + + FSCONFIG_SET_FLAG = 0x0 + FSCONFIG_SET_STRING = 0x1 + FSCONFIG_SET_BINARY = 0x2 + FSCONFIG_SET_PATH = 0x3 + FSCONFIG_SET_PATH_EMPTY = 0x4 + FSCONFIG_SET_FD = 0x5 + FSCONFIG_CMD_CREATE = 0x6 + FSCONFIG_CMD_RECONFIGURE = 0x7 ) type OpenHow struct { @@ -1546,6 +1559,7 @@ const ( IFLA_DEVLINK_PORT = 0x3e IFLA_GSO_IPV4_MAX_SIZE = 0x3f IFLA_GRO_IPV4_MAX_SIZE = 0x40 + IFLA_DPLL_PIN = 0x41 IFLA_PROTO_DOWN_REASON_UNSPEC = 0x0 IFLA_PROTO_DOWN_REASON_MASK = 0x1 IFLA_PROTO_DOWN_REASON_VALUE = 0x2 @@ -1561,6 +1575,7 @@ const ( IFLA_INET6_ICMP6STATS = 0x6 IFLA_INET6_TOKEN = 0x7 IFLA_INET6_ADDR_GEN_MODE = 0x8 + IFLA_INET6_RA_MTU = 0x9 IFLA_BR_UNSPEC = 0x0 IFLA_BR_FORWARD_DELAY = 0x1 IFLA_BR_HELLO_TIME = 0x2 @@ -1608,6 +1623,9 @@ const ( IFLA_BR_MCAST_MLD_VERSION = 0x2c IFLA_BR_VLAN_STATS_PER_PORT = 0x2d IFLA_BR_MULTI_BOOLOPT = 0x2e + IFLA_BR_MCAST_QUERIER_STATE = 0x2f + IFLA_BR_FDB_N_LEARNED = 0x30 + IFLA_BR_FDB_MAX_LEARNED = 0x31 IFLA_BRPORT_UNSPEC = 0x0 IFLA_BRPORT_STATE = 0x1 IFLA_BRPORT_PRIORITY = 0x2 @@ -1645,6 +1663,14 @@ const ( IFLA_BRPORT_BACKUP_PORT = 0x22 IFLA_BRPORT_MRP_RING_OPEN = 0x23 IFLA_BRPORT_MRP_IN_OPEN = 0x24 + IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT = 0x25 + IFLA_BRPORT_MCAST_EHT_HOSTS_CNT = 0x26 + IFLA_BRPORT_LOCKED = 0x27 + IFLA_BRPORT_MAB = 0x28 + IFLA_BRPORT_MCAST_N_GROUPS = 0x29 + IFLA_BRPORT_MCAST_MAX_GROUPS = 0x2a + IFLA_BRPORT_NEIGH_VLAN_SUPPRESS = 0x2b + IFLA_BRPORT_BACKUP_NHID = 0x2c IFLA_INFO_UNSPEC = 0x0 IFLA_INFO_KIND = 0x1 IFLA_INFO_DATA = 0x2 @@ -1666,6 +1692,9 @@ const ( IFLA_MACVLAN_MACADDR = 0x4 IFLA_MACVLAN_MACADDR_DATA = 0x5 IFLA_MACVLAN_MACADDR_COUNT = 0x6 + IFLA_MACVLAN_BC_QUEUE_LEN = 0x7 + IFLA_MACVLAN_BC_QUEUE_LEN_USED = 0x8 + IFLA_MACVLAN_BC_CUTOFF = 0x9 IFLA_VRF_UNSPEC = 0x0 IFLA_VRF_TABLE = 0x1 IFLA_VRF_PORT_UNSPEC = 0x0 @@ -1689,9 +1718,22 @@ const ( IFLA_XFRM_UNSPEC = 0x0 IFLA_XFRM_LINK = 0x1 IFLA_XFRM_IF_ID = 0x2 + IFLA_XFRM_COLLECT_METADATA = 0x3 IFLA_IPVLAN_UNSPEC = 0x0 IFLA_IPVLAN_MODE = 0x1 IFLA_IPVLAN_FLAGS = 0x2 + NETKIT_NEXT = -0x1 + NETKIT_PASS = 0x0 + NETKIT_DROP = 0x2 + NETKIT_REDIRECT = 0x7 + NETKIT_L2 = 0x0 + NETKIT_L3 = 0x1 + IFLA_NETKIT_UNSPEC = 0x0 + IFLA_NETKIT_PEER_INFO = 0x1 + IFLA_NETKIT_PRIMARY = 0x2 + IFLA_NETKIT_POLICY = 0x3 + IFLA_NETKIT_PEER_POLICY = 0x4 + IFLA_NETKIT_MODE = 0x5 IFLA_VXLAN_UNSPEC = 0x0 IFLA_VXLAN_ID = 0x1 IFLA_VXLAN_GROUP = 0x2 @@ -1722,6 +1764,8 @@ const ( IFLA_VXLAN_GPE = 0x1b IFLA_VXLAN_TTL_INHERIT = 0x1c IFLA_VXLAN_DF = 0x1d + IFLA_VXLAN_VNIFILTER = 0x1e + IFLA_VXLAN_LOCALBYPASS = 0x1f IFLA_GENEVE_UNSPEC = 0x0 IFLA_GENEVE_ID = 0x1 IFLA_GENEVE_REMOTE = 0x2 @@ -1736,6 +1780,7 @@ const ( IFLA_GENEVE_LABEL = 0xb IFLA_GENEVE_TTL_INHERIT = 0xc IFLA_GENEVE_DF = 0xd + IFLA_GENEVE_INNER_PROTO_INHERIT = 0xe IFLA_BAREUDP_UNSPEC = 0x0 IFLA_BAREUDP_PORT = 0x1 IFLA_BAREUDP_ETHERTYPE = 0x2 @@ -1748,6 +1793,8 @@ const ( IFLA_GTP_FD1 = 0x2 IFLA_GTP_PDP_HASHSIZE = 0x3 IFLA_GTP_ROLE = 0x4 + IFLA_GTP_CREATE_SOCKETS = 0x5 + IFLA_GTP_RESTART_COUNT = 0x6 IFLA_BOND_UNSPEC = 0x0 IFLA_BOND_MODE = 0x1 IFLA_BOND_ACTIVE_SLAVE = 0x2 @@ -1777,6 +1824,9 @@ const ( IFLA_BOND_AD_ACTOR_SYSTEM = 0x1a IFLA_BOND_TLB_DYNAMIC_LB = 0x1b IFLA_BOND_PEER_NOTIF_DELAY = 0x1c + IFLA_BOND_AD_LACP_ACTIVE = 0x1d + IFLA_BOND_MISSED_MAX = 0x1e + IFLA_BOND_NS_IP6_TARGET = 0x1f IFLA_BOND_AD_INFO_UNSPEC = 0x0 IFLA_BOND_AD_INFO_AGGREGATOR = 0x1 IFLA_BOND_AD_INFO_NUM_PORTS = 0x2 @@ -1792,6 +1842,7 @@ const ( IFLA_BOND_SLAVE_AD_AGGREGATOR_ID = 0x6 IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE = 0x7 IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE = 0x8 + IFLA_BOND_SLAVE_PRIO = 0x9 IFLA_VF_INFO_UNSPEC = 0x0 IFLA_VF_INFO = 0x1 IFLA_VF_UNSPEC = 0x0 @@ -1850,8 +1901,16 @@ const ( IFLA_STATS_LINK_XSTATS_SLAVE = 0x3 IFLA_STATS_LINK_OFFLOAD_XSTATS = 0x4 IFLA_STATS_AF_SPEC = 0x5 + IFLA_STATS_GETSET_UNSPEC = 0x0 + IFLA_STATS_GET_FILTERS = 0x1 + IFLA_STATS_SET_OFFLOAD_XSTATS_L3_STATS = 0x2 IFLA_OFFLOAD_XSTATS_UNSPEC = 0x0 IFLA_OFFLOAD_XSTATS_CPU_HIT = 0x1 + IFLA_OFFLOAD_XSTATS_HW_S_INFO = 0x2 + IFLA_OFFLOAD_XSTATS_L3_STATS = 0x3 + IFLA_OFFLOAD_XSTATS_HW_S_INFO_UNSPEC = 0x0 + IFLA_OFFLOAD_XSTATS_HW_S_INFO_REQUEST = 0x1 + IFLA_OFFLOAD_XSTATS_HW_S_INFO_USED = 0x2 IFLA_XDP_UNSPEC = 0x0 IFLA_XDP_FD = 0x1 IFLA_XDP_ATTACHED = 0x2 @@ -1881,6 +1940,11 @@ const ( IFLA_RMNET_UNSPEC = 0x0 IFLA_RMNET_MUX_ID = 0x1 IFLA_RMNET_FLAGS = 0x2 + IFLA_MCTP_UNSPEC = 0x0 + IFLA_MCTP_NET = 0x1 + IFLA_DSA_UNSPEC = 0x0 + IFLA_DSA_CONDUIT = 0x1 + IFLA_DSA_MASTER = 0x1 ) const ( @@ -3399,7 +3463,7 @@ const ( DEVLINK_PORT_FN_ATTR_STATE = 0x2 DEVLINK_PORT_FN_ATTR_OPSTATE = 0x3 DEVLINK_PORT_FN_ATTR_CAPS = 0x4 - DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x4 + DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x5 ) type FsverityDigest struct { @@ -4183,7 +4247,8 @@ const ( ) type LandlockRulesetAttr struct { - Access_fs uint64 + Access_fs uint64 + Access_net uint64 } type LandlockPathBeneathAttr struct { @@ -5134,7 +5199,7 @@ const ( NL80211_FREQUENCY_ATTR_GO_CONCURRENT = 0xf NL80211_FREQUENCY_ATTR_INDOOR_ONLY = 0xe NL80211_FREQUENCY_ATTR_IR_CONCURRENT = 0xf - NL80211_FREQUENCY_ATTR_MAX = 0x1b + NL80211_FREQUENCY_ATTR_MAX = 0x1c NL80211_FREQUENCY_ATTR_MAX_TX_POWER = 0x6 NL80211_FREQUENCY_ATTR_NO_10MHZ = 0x11 NL80211_FREQUENCY_ATTR_NO_160MHZ = 0xc @@ -5547,7 +5612,7 @@ const ( NL80211_REGDOM_TYPE_CUSTOM_WORLD = 0x2 NL80211_REGDOM_TYPE_INTERSECTION = 0x3 NL80211_REGDOM_TYPE_WORLD = 0x1 - NL80211_REG_RULE_ATTR_MAX = 0x7 + NL80211_REG_RULE_ATTR_MAX = 0x8 NL80211_REKEY_DATA_AKM = 0x4 NL80211_REKEY_DATA_KCK = 0x2 NL80211_REKEY_DATA_KEK = 0x1 diff --git a/vendor/golang.org/x/sys/windows/env_windows.go b/vendor/golang.org/x/sys/windows/env_windows.go index b8ad192506..d4577a4238 100644 --- a/vendor/golang.org/x/sys/windows/env_windows.go +++ b/vendor/golang.org/x/sys/windows/env_windows.go @@ -37,14 +37,17 @@ func (token Token) Environ(inheritExisting bool) (env []string, err error) { return nil, err } defer DestroyEnvironmentBlock(block) - blockp := unsafe.Pointer(block) - for { - entry := UTF16PtrToString((*uint16)(blockp)) - if len(entry) == 0 { - break + size := unsafe.Sizeof(*block) + for *block != 0 { + // find NUL terminator + end := unsafe.Pointer(block) + for *(*uint16)(end) != 0 { + end = unsafe.Add(end, size) } - env = append(env, entry) - blockp = unsafe.Add(blockp, 2*(len(entry)+1)) + + entry := unsafe.Slice(block, (uintptr(end)-uintptr(unsafe.Pointer(block)))/size) + env = append(env, UTF16ToString(entry)) + block = (*uint16)(unsafe.Add(end, size)) } return env, nil } diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index ffb8708ccf..6395a031d4 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -125,8 +125,7 @@ func UTF16PtrToString(p *uint16) string { for ptr := unsafe.Pointer(p); *(*uint16)(ptr) != 0; n++ { ptr = unsafe.Pointer(uintptr(ptr) + unsafe.Sizeof(*p)) } - - return string(utf16.Decode(unsafe.Slice(p, n))) + return UTF16ToString(unsafe.Slice(p, n)) } func Getpagesize() int { return 4096 } diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/wsstream/conn.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/wsstream/conn.go index 7cfdd06321..8a741936a3 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/wsstream/conn.go +++ b/vendor/k8s.io/apimachinery/pkg/util/httpstream/wsstream/conn.go @@ -344,7 +344,7 @@ func (conn *Conn) handle(ws *websocket.Conn) { continue } if _, err := conn.channels[channel].DataFromSocket(data); err != nil { - klog.Errorf("Unable to write frame to %d: %v\n%s", channel, err, string(data)) + klog.Errorf("Unable to write frame (%d bytes) to %d: %v", len(data), channel, err) continue } } diff --git a/vendor/k8s.io/apiserver/pkg/features/kube_features.go b/vendor/k8s.io/apiserver/pkg/features/kube_features.go index bb944b64f0..e524e0c647 100644 --- a/vendor/k8s.io/apiserver/pkg/features/kube_features.go +++ b/vendor/k8s.io/apiserver/pkg/features/kube_features.go @@ -240,6 +240,12 @@ const ( // Enables support for watch bookmark events. WatchBookmark featuregate.Feature = "WatchBookmark" + // owner: @serathius + // beta: 1.30 + // Enables watches without resourceVersion to be served from storage. + // Used to prevent https://github.com/kubernetes/kubernetes/issues/123072 until etcd fixes the issue. + WatchFromStorageWithoutResourceVersion featuregate.Feature = "WatchFromStorageWithoutResourceVersion" + // owner: @vinaykul // kep: http://kep.k8s.io/1287 // alpha: v1.27 @@ -328,6 +334,8 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS WatchBookmark: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, + WatchFromStorageWithoutResourceVersion: {Default: false, PreRelease: featuregate.Beta}, + InPlacePodVerticalScaling: {Default: false, PreRelease: featuregate.Alpha}, WatchList: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/vendor/k8s.io/apiserver/pkg/server/healthz.go b/vendor/k8s.io/apiserver/pkg/server/healthz.go index d6d13444d7..b2ce249033 100644 --- a/vendor/k8s.io/apiserver/pkg/server/healthz.go +++ b/vendor/k8s.io/apiserver/pkg/server/healthz.go @@ -21,6 +21,7 @@ import ( "net/http" "time" + corev1 "k8s.io/api/core/v1" "k8s.io/apiserver/pkg/server/healthz" "k8s.io/utils/clock" ) @@ -106,6 +107,7 @@ func (s *GenericAPIServer) installReadyz() { healthz.InstallReadyzHandlerWithHealthyFunc(s.Handler.NonGoRestfulMux, func() { // note: InstallReadyzHandlerWithHealthyFunc guarantees that this is called only once s.lifecycleSignals.HasBeenReady.Signal() + s.Eventf(corev1.EventTypeNormal, s.lifecycleSignals.HasBeenReady.Name(), "KubeAPIServer is ready") }, s.readyzChecks...) } diff --git a/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go b/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go index 581cb3c02b..900f300cd5 100644 --- a/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go +++ b/vendor/k8s.io/apiserver/pkg/storage/cacher/cacher.go @@ -522,7 +522,7 @@ func (c *Cacher) Watch(ctx context.Context, key string, opts storage.ListOptions if !utilfeature.DefaultFeatureGate.Enabled(features.WatchList) && opts.SendInitialEvents != nil { opts.SendInitialEvents = nil } - if opts.SendInitialEvents == nil && opts.ResourceVersion == "" { + if utilfeature.DefaultFeatureGate.Enabled(features.WatchFromStorageWithoutResourceVersion) && opts.SendInitialEvents == nil && opts.ResourceVersion == "" { return c.storage.Watch(ctx, key, opts) } requestedWatchRV, err := c.versioner.ParseResourceVersion(opts.ResourceVersion) diff --git a/vendor/k8s.io/apiserver/pkg/storage/cacher/watch_cache_interval.go b/vendor/k8s.io/apiserver/pkg/storage/cacher/watch_cache_interval.go index c455357e04..2b57dd1650 100644 --- a/vendor/k8s.io/apiserver/pkg/storage/cacher/watch_cache_interval.go +++ b/vendor/k8s.io/apiserver/pkg/storage/cacher/watch_cache_interval.go @@ -18,6 +18,7 @@ package cacher import ( "fmt" + "sort" "sync" "k8s.io/apimachinery/pkg/fields" @@ -114,9 +115,24 @@ func newCacheInterval(startIndex, endIndex int, indexer indexerFunc, indexValida } } +type sortableWatchCacheEvents []*watchCacheEvent + +func (s sortableWatchCacheEvents) Len() int { + return len(s) +} + +func (s sortableWatchCacheEvents) Less(i, j int) bool { + return s[i].Key < s[j].Key +} + +func (s sortableWatchCacheEvents) Swap(i, j int) { + s[i], s[j] = s[j], s[i] +} + // newCacheIntervalFromStore is meant to handle the case of rv=0, such that the events // returned by Next() need to be events from a List() done on the underlying store of // the watch cache. +// The items returned in the interval will be sorted by Key. func newCacheIntervalFromStore(resourceVersion uint64, store cache.Indexer, getAttrsFunc attrFunc) (*watchCacheInterval, error) { buffer := &watchCacheIntervalBuffer{} allItems := store.List() @@ -140,6 +156,7 @@ func newCacheIntervalFromStore(resourceVersion uint64, store cache.Indexer, getA } buffer.endIndex++ } + sort.Sort(sortableWatchCacheEvents(buffer.buffer)) ci := &watchCacheInterval{ startIndex: 0, // Simulate that we already have all the events we're looking for. diff --git a/vendor/k8s.io/client-go/tools/remotecommand/websocket.go b/vendor/k8s.io/client-go/tools/remotecommand/websocket.go index a60986decc..49ef4717cd 100644 --- a/vendor/k8s.io/client-go/tools/remotecommand/websocket.go +++ b/vendor/k8s.io/client-go/tools/remotecommand/websocket.go @@ -187,6 +187,9 @@ type wsStreamCreator struct { // map of stream id to stream; multiple streams read/write the connection streams map[byte]*stream streamsMu sync.Mutex + // setStreamErr holds the error to return to anyone calling setStreams. + // this is populated in closeAllStreamReaders + setStreamErr error } func newWSStreamCreator(conn *gwebsocket.Conn) *wsStreamCreator { @@ -202,10 +205,14 @@ func (c *wsStreamCreator) getStream(id byte) *stream { return c.streams[id] } -func (c *wsStreamCreator) setStream(id byte, s *stream) { +func (c *wsStreamCreator) setStream(id byte, s *stream) error { c.streamsMu.Lock() defer c.streamsMu.Unlock() + if c.setStreamErr != nil { + return c.setStreamErr + } c.streams[id] = s + return nil } // CreateStream uses id from passed headers to create a stream over "c.conn" connection. @@ -228,7 +235,11 @@ func (c *wsStreamCreator) CreateStream(headers http.Header) (httpstream.Stream, connWriteLock: &c.connWriteLock, id: id, } - c.setStream(id, s) + if err := c.setStream(id, s); err != nil { + _ = s.writePipe.Close() + _ = s.readPipe.Close() + return nil, err + } return s, nil } @@ -312,7 +323,7 @@ func (c *wsStreamCreator) readDemuxLoop(bufferSize int, period time.Duration, de } // closeAllStreamReaders closes readers in all streams. -// This unblocks all stream.Read() calls. +// This unblocks all stream.Read() calls, and keeps any future streams from being created. func (c *wsStreamCreator) closeAllStreamReaders(err error) { c.streamsMu.Lock() defer c.streamsMu.Unlock() @@ -320,6 +331,12 @@ func (c *wsStreamCreator) closeAllStreamReaders(err error) { // Closing writePipe unblocks all readPipe.Read() callers and prevents any future writes. _ = s.writePipe.CloseWithError(err) } + // ensure callers to setStreams receive an error after this point + if err != nil { + c.setStreamErr = err + } else { + c.setStreamErr = fmt.Errorf("closed all streams") + } } type stream struct { diff --git a/vendor/k8s.io/kube-aggregator/pkg/controllers/openapi/aggregator/aggregator.go b/vendor/k8s.io/kube-aggregator/pkg/controllers/openapi/aggregator/aggregator.go index c35ac49094..7d4281f234 100644 --- a/vendor/k8s.io/kube-aggregator/pkg/controllers/openapi/aggregator/aggregator.go +++ b/vendor/k8s.io/kube-aggregator/pkg/controllers/openapi/aggregator/aggregator.go @@ -197,7 +197,9 @@ func (s *specAggregator) updateServiceLocked(name string) error { if err != nil { return nil, "", err } - return aggregator.FilterSpecByPathsWithoutSideEffects(result, []string{"/apis/"}), etag, nil + group := specInfo.apiService.Spec.Group + version := specInfo.apiService.Spec.Version + return aggregator.FilterSpecByPathsWithoutSideEffects(result, []string{"/apis/" + group + "/" + version + "/"}), etag, nil }, cached.Result[*spec.Swagger]{Value: result, Etag: etag, Err: err}) specInfo.spec.Store(filteredResult) return err diff --git a/vendor/k8s.io/kubernetes/cmd/kube-controller-manager/app/patch_gc.go b/vendor/k8s.io/kubernetes/cmd/kube-controller-manager/app/patch_gc.go index 4cd41a8cdf..53285c96f8 100644 --- a/vendor/k8s.io/kubernetes/cmd/kube-controller-manager/app/patch_gc.go +++ b/vendor/k8s.io/kubernetes/cmd/kube-controller-manager/app/patch_gc.go @@ -9,15 +9,13 @@ import ( func applyOpenShiftGCConfig(controllerManager *config.Config) error { // TODO make this configurable or discoverable. This is going to prevent us from running the stock GC controller // IF YOU ADD ANYTHING TO THIS LIST, MAKE SURE THAT YOU UPDATE THEIR STRATEGIES TO PREVENT GC FINALIZERS + // + // DO NOT PUT CRDs into the list. apiexstension-apiserver does not implement GarbageCollectionPolicy + // so the deletion of these will be blocked because of foregroundDeletion finalizer when foreground deletion strategy is specified. controllerManager.ComponentConfig.GarbageCollectorController.GCIgnoredResources = append(controllerManager.ComponentConfig.GarbageCollectorController.GCIgnoredResources, // explicitly disabled from GC for now - not enough value to track them - gcconfig.GroupResource{Group: "authorization.openshift.io", Resource: "rolebindingrestrictions"}, - gcconfig.GroupResource{Group: "network.openshift.io", Resource: "clusternetworks"}, - gcconfig.GroupResource{Group: "network.openshift.io", Resource: "hostsubnets"}, - gcconfig.GroupResource{Group: "network.openshift.io", Resource: "netnamespaces"}, gcconfig.GroupResource{Group: "oauth.openshift.io", Resource: "oauthclientauthorizations"}, gcconfig.GroupResource{Group: "oauth.openshift.io", Resource: "oauthclients"}, - gcconfig.GroupResource{Group: "quota.openshift.io", Resource: "clusterresourcequotas"}, gcconfig.GroupResource{Group: "user.openshift.io", Resource: "groups"}, gcconfig.GroupResource{Group: "user.openshift.io", Resource: "identities"}, gcconfig.GroupResource{Group: "user.openshift.io", Resource: "users"}, diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/autoscaling/managementcpusoverride/admission.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/autoscaling/managementcpusoverride/admission.go index c0a0ce074b..9bf0a1f8a1 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/autoscaling/managementcpusoverride/admission.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/autoscaling/managementcpusoverride/admission.go @@ -71,6 +71,14 @@ func Register(plugins *admission.Plugins) { }) } +type resourceAnnotation struct { + // CPUShares contains resource annotation value cpushares key + CPUShares uint64 `json:"cpushares,omitempty"` + // CPULimit contains the cpu limit in millicores to be used by the container runtime to calculate + // quota + CPULimit int64 `json:"cpulimit,omitempty"` +} + // managementCPUsOverride presents admission plugin that should replace pod container CPU requests with a new management resource. // It applies to all pods that: // 1. are in an allowed namespace @@ -252,13 +260,6 @@ func (a *managementCPUsOverride) Admit(ctx context.Context, attr admission.Attri return nil } - // we should skip mutation of the pod that has container with both CPU limit and request because once we will remove - // the request, the defaulter will set the request back with the CPU limit value - if podHasBothCPULimitAndRequest(allContainers) { - pod.Annotations[workloadAdmissionWarning] = "skip pod CPUs requests modifications because pod container has both CPU limit and request" - return nil - } - // before we update the pod available under admission attributes, we need to verify that deletion of the CPU request // will not change the pod QoS class, otherwise skip pod mutation // 1. Copy the pod @@ -360,6 +361,14 @@ func updateContainersResources(containers []coreapi.Container, podAnnotations ma continue } + resourceAnno := resourceAnnotation{} + + if c.Resources.Limits != nil { + if value, ok := c.Resources.Limits[coreapi.ResourceCPU]; ok { + resourceAnno.CPULimit = value.MilliValue() + } + } + if c.Resources.Requests != nil { if _, ok := c.Resources.Requests[coreapi.ResourceCPU]; !ok { continue @@ -368,9 +377,20 @@ func updateContainersResources(containers []coreapi.Container, podAnnotations ma cpuRequest := c.Resources.Requests[coreapi.ResourceCPU] cpuRequestInMilli := cpuRequest.MilliValue() - cpuShares := cm.MilliCPUToShares(cpuRequestInMilli) - podAnnotations[cpusharesAnnotationKey] = fmt.Sprintf(`{"%s": %d}`, containerResourcesAnnotationValueKeyCPUShares, cpuShares) + // Casting to uint64, Linux build returns uint64, noop Darwin build returns int64 + resourceAnno.CPUShares = uint64(cm.MilliCPUToShares(cpuRequestInMilli)) + + // This should not error but if something does go wrong we default to string creation of just CPU Shares + // and add a warning annotation + resourceAnnoString, err := json.Marshal(resourceAnno) + if err != nil { + podAnnotations[workloadAdmissionWarning] = fmt.Sprintf("failed to marshal cpu resources, using fallback: err: %s", err.Error()) + podAnnotations[cpusharesAnnotationKey] = fmt.Sprintf(`{"%s": %d}`, containerResourcesAnnotationValueKeyCPUShares, resourceAnno.CPUShares) + } else { + podAnnotations[cpusharesAnnotationKey] = string(resourceAnnoString) + } delete(c.Resources.Requests, coreapi.ResourceCPU) + delete(c.Resources.Limits, coreapi.ResourceCPU) if c.Resources.Limits == nil { c.Resources.Limits = coreapi.ResourceList{} @@ -569,17 +589,20 @@ func (a *managementCPUsOverride) Validate(ctx context.Context, attr admission.At allErrs = append(allErrs, getPodInvalidWorkloadAnnotationError(pod.Annotations, err.Error())) } - workloadResourceAnnotations := map[string]map[string]int{} + workloadResourceAnnotations := resourceAnnotation{} + hasWorkloadAnnotation := false for k, v := range pod.Annotations { if !strings.HasPrefix(k, containerResourcesAnnotationPrefix) { continue } + hasWorkloadAnnotation = true - resourceAnnotationValue := map[string]int{} - if err := json.Unmarshal([]byte(v), &resourceAnnotationValue); err != nil { + // Custom decoder to print invalid fields for resources + decoder := json.NewDecoder(strings.NewReader(v)) + decoder.DisallowUnknownFields() + if err := decoder.Decode(&workloadResourceAnnotations); err != nil { allErrs = append(allErrs, getPodInvalidWorkloadAnnotationError(pod.Annotations, err.Error())) } - workloadResourceAnnotations[k] = resourceAnnotationValue } containersWorkloadResources := map[string]*coreapi.Container{} @@ -596,9 +619,9 @@ func (a *managementCPUsOverride) Validate(ctx context.Context, attr admission.At } } - // the pod does not have workload annotation - if len(workloadType) == 0 { - if len(workloadResourceAnnotations) > 0 { + switch { + case len(workloadType) == 0: // the pod does not have workload annotation + if hasWorkloadAnnotation { allErrs = append(allErrs, getPodInvalidWorkloadAnnotationError(pod.Annotations, "the pod without workload annotation can not have resource annotation")) } @@ -609,21 +632,8 @@ func (a *managementCPUsOverride) Validate(ctx context.Context, attr admission.At allErrs = append(allErrs, field.Invalid(field.NewPath("spec.containers.resources.requests"), c.Resources.Requests, fmt.Sprintf("the pod without workload annotations can not have containers with workload resources %q", resourceName))) } - } else { - if !doesNamespaceAllowWorkloadType(ns.Annotations, workloadType) { // pod has workload annotation, but the pod does not have workload annotation - allErrs = append(allErrs, getPodInvalidWorkloadAnnotationError(pod.Annotations, fmt.Sprintf("the pod can not have workload annotation, when the namespace %q does not allow it", ns.Name))) - } - - for _, v := range workloadResourceAnnotations { - if len(v) > 1 { - allErrs = append(allErrs, field.Invalid(field.NewPath("metadata.annotations"), pod.Annotations, "the pod resource annotation value can not have more than one key")) - } - - // the pod should not have any resource annotations with the value that includes keys different from cpushares - if _, ok := v[containerResourcesAnnotationValueKeyCPUShares]; len(v) == 1 && !ok { - allErrs = append(allErrs, field.Invalid(field.NewPath("metadata.annotations"), pod.Annotations, "the pod resource annotation value should have only cpushares key")) - } - } + case !doesNamespaceAllowWorkloadType(ns.Annotations, workloadType): // pod has workload annotation, but the namespace does not allow specified workload + allErrs = append(allErrs, getPodInvalidWorkloadAnnotationError(pod.Annotations, fmt.Sprintf("the namespace %q does not allow the workload type %s", ns.Name, workloadType))) } if len(allErrs) == 0 { diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/apiserver/validation_wrapper.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/apiserver/validation_wrapper.go index 06e9e04c13..149361cd1e 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/apiserver/validation_wrapper.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/apiserver/validation_wrapper.go @@ -68,9 +68,5 @@ func (a *validateCustomResourceWithClient) ValidateInitialization() error { return fmt.Errorf(PluginName + " needs an infrastructureGetter") } - if initializationValidator, ok := a.ValidationInterface.(admission.InitializationValidator); ok { - return initializationValidator.ValidateInitialization() - } - return nil } diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/features/validate_features.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/features/validate_features.go index b552c5223d..fb3c07f3ff 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/features/validate_features.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/features/validate_features.go @@ -5,8 +5,6 @@ import ( "fmt" "io" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/api/validation" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" @@ -52,44 +50,6 @@ func toFeatureGateV1(uncastObj runtime.Object) (*configv1.FeatureGate, field.Err type featureGateV1 struct { } -var knownFeatureSets = sets.NewString( - "", - string(configv1.TechPreviewNoUpgrade), - string(configv1.CustomNoUpgrade), - string(configv1.LatencySensitive), -) - -func validateFeatureGateSpecCreate(spec configv1.FeatureGateSpec) field.ErrorList { - allErrs := field.ErrorList{} - - // on create, we only allow values that we are aware of - if !knownFeatureSets.Has(string(spec.FeatureSet)) { - allErrs = append(allErrs, field.NotSupported(field.NewPath("spec.featureSet"), spec.FeatureSet, knownFeatureSets.List())) - } - - return allErrs -} - -func validateFeatureGateSpecUpdate(spec, oldSpec configv1.FeatureGateSpec) field.ErrorList { - allErrs := field.ErrorList{} - - // on update, we don't fail validation on a field we don't recognize as long as it is not changing - if !knownFeatureSets.Has(string(spec.FeatureSet)) && oldSpec.FeatureSet != spec.FeatureSet { - allErrs = append(allErrs, field.NotSupported(field.NewPath("spec.featureSet"), spec.FeatureSet, knownFeatureSets.List())) - } - - // we do not allow anyone to take back TechPreview - if oldSpec.FeatureSet == configv1.TechPreviewNoUpgrade && spec.FeatureSet != configv1.TechPreviewNoUpgrade { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec.featureSet"), "once enabled, tech preview features may not be disabled")) - } - // we do not allow anyone to take back CustomNoUpgrade - if oldSpec.FeatureSet == configv1.CustomNoUpgrade && spec.FeatureSet != configv1.CustomNoUpgrade { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec.featureSet"), "once enabled, custom feature gates may not be disabled")) - } - - return allErrs -} - func (featureGateV1) ValidateCreate(_ context.Context, uncastObj runtime.Object) field.ErrorList { obj, allErrs := toFeatureGateV1(uncastObj) if len(allErrs) > 0 { @@ -97,7 +57,6 @@ func (featureGateV1) ValidateCreate(_ context.Context, uncastObj runtime.Object) } allErrs = append(allErrs, validation.ValidateObjectMeta(&obj.ObjectMeta, false, customresourcevalidation.RequireNameCluster, field.NewPath("metadata"))...) - allErrs = append(allErrs, validateFeatureGateSpecCreate(obj.Spec)...) return allErrs } @@ -113,7 +72,6 @@ func (featureGateV1) ValidateUpdate(_ context.Context, uncastObj runtime.Object, } allErrs = append(allErrs, validation.ValidateObjectMetaUpdate(&obj.ObjectMeta, &oldObj.ObjectMeta, field.NewPath("metadata"))...) - allErrs = append(allErrs, validateFeatureGateSpecUpdate(obj.Spec, oldObj.Spec)...) return allErrs } diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route/validate_route.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route/validate_route.go index fd4121c47c..ba8f004fb3 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route/validate_route.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route/validate_route.go @@ -6,26 +6,20 @@ import ( "io" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/apiserver/pkg/admission" + authorizationv1client "k8s.io/client-go/kubernetes/typed/authorization/v1" + corev1client "k8s.io/client-go/kubernetes/typed/core/v1" routev1 "github.com/openshift/api/route/v1" routevalidation "github.com/openshift/library-go/pkg/route/validation" - "k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation" ) const PluginName = "route.openshift.io/ValidateRoute" func Register(plugins *admission.Plugins) { plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { - return customresourcevalidation.NewValidator( - map[schema.GroupResource]bool{ - {Group: routev1.GroupName, Resource: "routes"}: true, - }, - map[schema.GroupVersionKind]customresourcevalidation.ObjectValidator{ - routev1.GroupVersion.WithKind("Route"): routeV1{}, - }) + return NewValidateRoute() }) } @@ -46,18 +40,21 @@ func toRoute(uncastObj runtime.Object) (*routev1.Route, field.ErrorList) { } type routeV1 struct { + secretsGetter func() corev1client.SecretsGetter + sarGetter func() authorizationv1client.SubjectAccessReviewsGetter + routeValidationOptsGetter func() RouteValidationOptionGetter } -func (routeV1) ValidateCreate(_ context.Context, obj runtime.Object) field.ErrorList { +func (r routeV1) ValidateCreate(ctx context.Context, obj runtime.Object) field.ErrorList { routeObj, errs := toRoute(obj) if len(errs) > 0 { return errs } - return routevalidation.ValidateRoute(routeObj) + return routevalidation.ValidateRoute(ctx, routeObj, r.sarGetter().SubjectAccessReviews(), r.secretsGetter(), r.routeValidationOptsGetter().GetValidationOptions()) } -func (routeV1) ValidateUpdate(_ context.Context, obj runtime.Object, oldObj runtime.Object) field.ErrorList { +func (r routeV1) ValidateUpdate(ctx context.Context, obj runtime.Object, oldObj runtime.Object) field.ErrorList { routeObj, errs := toRoute(obj) if len(errs) > 0 { return errs @@ -68,10 +65,10 @@ func (routeV1) ValidateUpdate(_ context.Context, obj runtime.Object, oldObj runt return errs } - return routevalidation.ValidateRouteUpdate(routeObj, routeOldObj) + return routevalidation.ValidateRouteUpdate(ctx, routeObj, routeOldObj, r.sarGetter().SubjectAccessReviews(), r.secretsGetter(), r.routeValidationOptsGetter().GetValidationOptions()) } -func (c routeV1) ValidateStatusUpdate(_ context.Context, obj runtime.Object, oldObj runtime.Object) field.ErrorList { +func (routeV1) ValidateStatusUpdate(_ context.Context, obj runtime.Object, oldObj runtime.Object) field.ErrorList { routeObj, errs := toRoute(obj) if len(errs) > 0 { return errs diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route/validation_opts.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route/validation_opts.go new file mode 100644 index 0000000000..325d4b83c2 --- /dev/null +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route/validation_opts.go @@ -0,0 +1,31 @@ +package route + +import ( + "k8s.io/apiserver/pkg/util/feature" + "k8s.io/component-base/featuregate" + + configv1 "github.com/openshift/api/config/v1" + routecommon "github.com/openshift/library-go/pkg/route" +) + +type RouteValidationOptionGetter interface { + GetValidationOptions() routecommon.RouteValidationOptions +} + +type RouteValidationOpts struct { + opts routecommon.RouteValidationOptions +} + +var _ RouteValidationOptionGetter = &RouteValidationOpts{} + +func NewRouteValidationOpts() *RouteValidationOpts { + return &RouteValidationOpts{ + opts: routecommon.RouteValidationOptions{ + AllowExternalCertificates: feature.DefaultMutableFeatureGate.Enabled(featuregate.Feature(configv1.FeatureGateRouteExternalCertificate)), + }, + } +} + +func (o *RouteValidationOpts) GetValidationOptions() routecommon.RouteValidationOptions { + return o.opts +} diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route/validation_wrapper.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route/validation_wrapper.go new file mode 100644 index 0000000000..2f0b733353 --- /dev/null +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route/validation_wrapper.go @@ -0,0 +1,92 @@ +package route + +import ( + "fmt" + + routev1 "github.com/openshift/api/route/v1" + "github.com/openshift/library-go/pkg/apiserver/admission/admissionrestconfig" + authorizationv1client "k8s.io/client-go/kubernetes/typed/authorization/v1" + corev1client "k8s.io/client-go/kubernetes/typed/core/v1" + + "k8s.io/apimachinery/pkg/runtime/schema" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/apiserver/pkg/admission" + "k8s.io/client-go/rest" + "k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation" +) + +type validateCustomResourceWithClient struct { + admission.ValidationInterface + + secretsGetter corev1client.SecretsGetter + sarGetter authorizationv1client.SubjectAccessReviewsGetter + routeValidationOptsGetter RouteValidationOptionGetter +} + +func NewValidateRoute() (admission.Interface, error) { + ret := &validateCustomResourceWithClient{} + + delegate, err := customresourcevalidation.NewValidator( + map[schema.GroupResource]bool{ + routev1.GroupVersion.WithResource("routes").GroupResource(): true, + }, + map[schema.GroupVersionKind]customresourcevalidation.ObjectValidator{ + routev1.GroupVersion.WithKind("Route"): routeV1{ + secretsGetter: ret.getSecretsGetter, + sarGetter: ret.getSubjectAccessReviewsGetter, + routeValidationOptsGetter: ret.getRouteValidationOptions, + }, + }) + if err != nil { + return nil, err + } + ret.ValidationInterface = delegate + + return ret, nil +} + +var _ admissionrestconfig.WantsRESTClientConfig = &validateCustomResourceWithClient{} + +func (a *validateCustomResourceWithClient) getSecretsGetter() corev1client.SecretsGetter { + return a.secretsGetter +} + +func (a *validateCustomResourceWithClient) getSubjectAccessReviewsGetter() authorizationv1client.SubjectAccessReviewsGetter { + return a.sarGetter +} + +func (a *validateCustomResourceWithClient) getRouteValidationOptions() RouteValidationOptionGetter { + return a.routeValidationOptsGetter +} + +func (a *validateCustomResourceWithClient) SetRESTClientConfig(restClientConfig rest.Config) { + var err error + + a.secretsGetter, err = corev1client.NewForConfig(&restClientConfig) + if err != nil { + utilruntime.HandleError(err) + return + } + + a.sarGetter, err = authorizationv1client.NewForConfig(&restClientConfig) + if err != nil { + utilruntime.HandleError(err) + return + } + + a.routeValidationOptsGetter = NewRouteValidationOpts() +} + +func (a *validateCustomResourceWithClient) ValidateInitialization() error { + if a.secretsGetter == nil { + return fmt.Errorf("%s needs a secretsGetter", PluginName) + } + if a.sarGetter == nil { + return fmt.Errorf("%s needs a subjectAccessReviewsGetter", PluginName) + } + if a.routeValidationOptsGetter == nil { + return fmt.Errorf("%s needs a routeValidationOptsGetter", PluginName) + } + + return nil +} diff --git a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/route/hostassignment/admission.go b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/route/hostassignment/admission.go index b7f8d084cb..f454bd22d5 100644 --- a/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/route/hostassignment/admission.go +++ b/vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/route/hostassignment/admission.go @@ -16,7 +16,9 @@ import ( routev1 "github.com/openshift/api/route/v1" "github.com/openshift/library-go/pkg/config/helpers" + routecommon "github.com/openshift/library-go/pkg/route" "github.com/openshift/library-go/pkg/route/hostassignment" + "k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route" hostassignmentapi "k8s.io/kubernetes/openshift-kube-apiserver/admission/route/apis/hostassignment" hostassignmentv1 "k8s.io/kubernetes/openshift-kube-apiserver/admission/route/apis/hostassignment/v1" ) @@ -38,6 +40,7 @@ type hostAssignment struct { hostnameGenerator hostassignment.HostnameGenerator sarClient authorizationv1.SubjectAccessReviewInterface + validationOpts routecommon.RouteValidationOptions } func readConfig(reader io.Reader) (*hostassignmentapi.HostAssignmentAdmissionConfig, error) { @@ -112,7 +115,7 @@ func (a *hostAssignment) Admit(ctx context.Context, attributes admission.Attribu if len(errs) > 0 { return errors.NewInvalid(attributes.GetKind().GroupKind(), attributes.GetName(), errs) } - errs = hostassignment.AllocateHost(ctx, r, a.sarClient, a.hostnameGenerator) + errs = hostassignment.AllocateHost(ctx, r, a.sarClient, a.hostnameGenerator, a.validationOpts) if len(errs) > 0 { return errors.NewInvalid(attributes.GetKind().GroupKind(), attributes.GetName(), errs) } @@ -132,7 +135,13 @@ func (a *hostAssignment) Admit(ctx context.Context, attributes admission.Attribu if len(errs) > 0 { return errors.NewInvalid(attributes.GetKind().GroupKind(), attributes.GetName(), errs) } - errs = hostassignment.ValidateHostUpdate(ctx, r, old, a.sarClient) + + errs = hostassignment.ValidateHostExternalCertificate(ctx, r, old, a.sarClient, a.validationOpts) + if len(errs) > 0 { + return errors.NewInvalid(attributes.GetKind().GroupKind(), attributes.GetName(), errs) + } + + errs = hostassignment.ValidateHostUpdate(ctx, r, old, a.sarClient, a.validationOpts) if len(errs) > 0 { return errors.NewInvalid(attributes.GetKind().GroupKind(), attributes.GetName(), errs) } @@ -147,6 +156,7 @@ var _ initializer.WantsExternalKubeClientSet = &hostAssignment{} func (a *hostAssignment) SetExternalKubeClientSet(clientset kubernetes.Interface) { a.sarClient = clientset.AuthorizationV1().SubjectAccessReviews() + a.validationOpts = route.NewRouteValidationOpts().GetValidationOptions() } func (a *hostAssignment) ValidateInitialization() error { diff --git a/vendor/k8s.io/kubernetes/pkg/features/kube_features.go b/vendor/k8s.io/kubernetes/pkg/features/kube_features.go index 99bac4b6cc..2e6163bb4c 100644 --- a/vendor/k8s.io/kubernetes/pkg/features/kube_features.go +++ b/vendor/k8s.io/kubernetes/pkg/features/kube_features.go @@ -1278,6 +1278,8 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS genericfeatures.ZeroLimitedNominalConcurrencyShares: {Default: false, PreRelease: featuregate.Beta}, + genericfeatures.WatchFromStorageWithoutResourceVersion: {Default: false, PreRelease: featuregate.Beta}, + // inherited features from apiextensions-apiserver, relisted here to get a conflict if it is changed // unintentionally on either side: diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/managed/managed.go b/vendor/k8s.io/kubernetes/pkg/kubelet/managed/managed.go index 3d9ff87aa6..4063d5381d 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/managed/managed.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/managed/managed.go @@ -41,6 +41,7 @@ const ( type WorkloadContainerAnnotation struct { CpuShares uint64 `json:"cpushares"` + CpuLimit int64 `json:"cpulimit,omitempty"` } func NewWorkloadContainerAnnotation(cpushares uint64) WorkloadContainerAnnotation { @@ -131,6 +132,10 @@ func updateContainers(workloadName string, pod *v1.Pod) error { cpuRequestInMilli := cpuRequest.MilliValue() containerAnnotation := NewWorkloadContainerAnnotation(MilliCPUToShares(cpuRequestInMilli)) + if value, ok := container.Resources.Limits[v1.ResourceCPU]; ok { + containerAnnotation.CpuLimit = value.MilliValue() + } + jsonAnnotation, _ := containerAnnotation.Serialize() containerNameKey := fmt.Sprintf("%v%v", ContainerAnnotationPrefix, container.Name) @@ -141,6 +146,7 @@ func updateContainers(workloadName string, pod *v1.Pod) error { container.Resources.Limits[GenerateResourceName(workloadName)] = *newCPURequest delete(container.Resources.Requests, v1.ResourceCPU) + delete(container.Resources.Limits, v1.ResourceCPU) return nil } for idx := range pod.Spec.Containers { diff --git a/vendor/k8s.io/kubernetes/pkg/volume/plugins.go b/vendor/k8s.io/kubernetes/pkg/volume/plugins.go index c02a0b9195..6ce01755fd 100644 --- a/vendor/k8s.io/kubernetes/pkg/volume/plugins.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/plugins.go @@ -1064,7 +1064,7 @@ func NewPersistentVolumeRecyclerPodTemplate() *v1.Pod { Containers: []v1.Container{ { Name: "pv-recycler", - Image: "registry.k8s.io/build-image/debian-base:bookworm-v1.0.1", + Image: "registry.k8s.io/build-image/debian-base:bookworm-v1.0.2", Command: []string{"/bin/sh"}, Args: []string{"-c", "test -e /scrub && find /scrub -mindepth 1 -delete && test -z \"$(ls -A /scrub)\" || exit 1"}, VolumeMounts: []v1.VolumeMount{ diff --git a/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/admission.go b/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/admission.go index 7b2ee011f4..b42c536b68 100644 --- a/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/admission.go +++ b/vendor/k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/admission.go @@ -337,6 +337,13 @@ func (s *Plugin) limitSecretReferences(serviceAccount *corev1.ServiceAccount, po } } } + for _, envFrom := range container.EnvFrom { + if envFrom.SecretRef != nil { + if !mountableSecrets.Has(envFrom.SecretRef.Name) { + return fmt.Errorf("init container %s with envFrom referencing secret.secretName=\"%s\" is not allowed because service account %s does not reference that secret", container.Name, envFrom.SecretRef.Name, serviceAccount.Name) + } + } + } } for _, container := range pod.Spec.Containers { @@ -347,6 +354,13 @@ func (s *Plugin) limitSecretReferences(serviceAccount *corev1.ServiceAccount, po } } } + for _, envFrom := range container.EnvFrom { + if envFrom.SecretRef != nil { + if !mountableSecrets.Has(envFrom.SecretRef.Name) { + return fmt.Errorf("container %s with envFrom referencing secret.secretName=\"%s\" is not allowed because service account %s does not reference that secret", container.Name, envFrom.SecretRef.Name, serviceAccount.Name) + } + } + } } // limit pull secret references as well @@ -388,6 +402,13 @@ func (s *Plugin) limitEphemeralContainerSecretReferences(pod *api.Pod, a admissi } } } + for _, envFrom := range container.EnvFrom { + if envFrom.SecretRef != nil { + if !mountableSecrets.Has(envFrom.SecretRef.Name) { + return fmt.Errorf("ephemeral container %s with envFrom referencing secret.secretName=\"%s\" is not allowed because service account %s does not reference that secret", container.Name, envFrom.SecretRef.Name, serviceAccount.Name) + } + } + } } return nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index 9592ded20a..033fc29712 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -108,9 +108,6 @@ github.com/asaskevich/govalidator # github.com/beorn7/perks v1.0.1 ## explicit; go 1.11 github.com/beorn7/perks/quantile -# github.com/blang/semver v3.5.1+incompatible -## explicit -github.com/blang/semver # github.com/blang/semver/v4 v4.0.0 ## explicit; go 1.14 github.com/blang/semver/v4 @@ -527,7 +524,7 @@ github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux/label github.com/opencontainers/selinux/pkg/pwalkdir -# github.com/openshift/api v0.0.0-20240207185517-ae973131190e +# github.com/openshift/api v0.0.0-20240405095747-3e50337fcaea ## explicit; go 1.21 github.com/openshift/api github.com/openshift/api/annotations @@ -631,7 +628,7 @@ github.com/openshift/build-machinery-go/make/targets/golang github.com/openshift/build-machinery-go/make/targets/openshift github.com/openshift/build-machinery-go/make/targets/openshift/operator github.com/openshift/build-machinery-go/scripts -# github.com/openshift/client-go v0.0.0-20240115204758-e6bf7d631d5e +# github.com/openshift/client-go v0.0.0-20240405120947-c67c8325cdd8 ## explicit; go 1.21 github.com/openshift/client-go/apiserver/applyconfigurations/apiserver/v1 github.com/openshift/client-go/apiserver/applyconfigurations/internal @@ -783,7 +780,7 @@ github.com/openshift/cluster-policy-controller/pkg/security/controller github.com/openshift/cluster-policy-controller/pkg/security/mcs github.com/openshift/cluster-policy-controller/pkg/security/uidallocator github.com/openshift/cluster-policy-controller/pkg/version -# github.com/openshift/library-go v0.0.0-20240207105404-126b47137408 +# github.com/openshift/library-go v0.0.0-20240411091851-558ed29cc1dd ## explicit; go 1.21 github.com/openshift/library-go/pkg/apiserver/admission/admissionrestconfig github.com/openshift/library-go/pkg/apiserver/admission/admissiontimeout @@ -824,6 +821,7 @@ github.com/openshift/library-go/pkg/operator/resource/resourceread github.com/openshift/library-go/pkg/operator/v1helpers github.com/openshift/library-go/pkg/quota/clusterquotamapping github.com/openshift/library-go/pkg/quota/quotautil +github.com/openshift/library-go/pkg/route github.com/openshift/library-go/pkg/route/defaulting github.com/openshift/library-go/pkg/route/hostassignment github.com/openshift/library-go/pkg/route/validation @@ -1074,7 +1072,7 @@ go.uber.org/zap/internal/color go.uber.org/zap/internal/exit go.uber.org/zap/zapcore go.uber.org/zap/zapgrpc -# golang.org/x/crypto v0.18.0 +# golang.org/x/crypto v0.21.0 ## explicit; go 1.18 golang.org/x/crypto/chacha20 golang.org/x/crypto/chacha20poly1305 @@ -1099,7 +1097,7 @@ golang.org/x/exp/slices golang.org/x/mod/internal/lazyregexp golang.org/x/mod/module golang.org/x/mod/semver -# golang.org/x/net v0.20.0 +# golang.org/x/net v0.23.0 ## explicit; go 1.18 golang.org/x/net/bpf golang.org/x/net/context @@ -1131,7 +1129,7 @@ golang.org/x/oauth2/jwt ## explicit; go 1.18 golang.org/x/sync/errgroup golang.org/x/sync/singleflight -# golang.org/x/sys v0.16.0 +# golang.org/x/sys v0.18.0 ## explicit; go 1.18 golang.org/x/sys/cpu golang.org/x/sys/plan9 @@ -1139,7 +1137,7 @@ golang.org/x/sys/unix golang.org/x/sys/windows golang.org/x/sys/windows/registry golang.org/x/sys/windows/svc -# golang.org/x/term v0.16.0 +# golang.org/x/term v0.18.0 ## explicit; go 1.18 golang.org/x/term # golang.org/x/text v0.14.0 @@ -1361,7 +1359,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/api v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1418,7 +1416,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.29.0 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/apiextensions-apiserver v0.29.0 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1465,7 +1463,7 @@ k8s.io/apiextensions-apiserver/pkg/generated/openapi k8s.io/apiextensions-apiserver/pkg/registry/customresource k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition -# k8s.io/apimachinery v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/apimachinery v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -1532,7 +1530,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/apiserver v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/cel @@ -1700,13 +1698,13 @@ k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/oidc k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/cli-runtime v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/cli-runtime v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/genericiooptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/client-go v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -2044,7 +2042,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/cloud-provider v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/cloud-provider v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/cloud-provider k8s.io/cloud-provider/api @@ -2067,14 +2065,14 @@ k8s.io/cloud-provider/service/helpers k8s.io/cloud-provider/volume k8s.io/cloud-provider/volume/errors k8s.io/cloud-provider/volume/helpers -# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/cluster-bootstrap v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/jws k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/component-base v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -2108,7 +2106,7 @@ k8s.io/component-base/tracing k8s.io/component-base/tracing/api/v1 k8s.io/component-base/version k8s.io/component-base/version/verflag -# k8s.io/component-helpers v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/component-helpers v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/component-helpers/apimachinery/lease k8s.io/component-helpers/apps/poddisruptionbudget @@ -2121,7 +2119,7 @@ k8s.io/component-helpers/scheduling/corev1 k8s.io/component-helpers/scheduling/corev1/nodeaffinity k8s.io/component-helpers/storage/ephemeral k8s.io/component-helpers/storage/volume -# k8s.io/controller-manager v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/controller-manager v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/controller-manager/app k8s.io/controller-manager/config @@ -2138,19 +2136,19 @@ k8s.io/controller-manager/pkg/informerfactory k8s.io/controller-manager/pkg/leadermigration k8s.io/controller-manager/pkg/leadermigration/config k8s.io/controller-manager/pkg/leadermigration/options -# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/cri-api v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/cri-api/pkg/apis k8s.io/cri-api/pkg/apis/runtime/v1 k8s.io/cri-api/pkg/errors -# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/csi-translation-lib v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/csi-translation-lib k8s.io/csi-translation-lib/plugins -# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/dynamic-resource-allocation v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/dynamic-resource-allocation/resourceclaim -# k8s.io/endpointslice v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/endpointslice v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/endpointslice k8s.io/endpointslice/metrics @@ -2174,13 +2172,13 @@ k8s.io/klog/v2/internal/dbg k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity k8s.io/klog/v2/internal/sloghandler -# k8s.io/kms v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/kms v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/kms/apis/v1beta1 k8s.io/kms/apis/v2 k8s.io/kms/pkg/service k8s.io/kms/pkg/util -# k8s.io/kube-aggregator v0.29.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/kube-aggregator v0.29.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install @@ -2211,7 +2209,7 @@ k8s.io/kube-aggregator/pkg/controllers/status k8s.io/kube-aggregator/pkg/registry/apiservice k8s.io/kube-aggregator/pkg/registry/apiservice/etcd k8s.io/kube-aggregator/pkg/registry/apiservice/rest -# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/kube-controller-manager v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/kube-controller-manager/config/v1alpha1 # k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 @@ -2244,11 +2242,11 @@ k8s.io/kube-openapi/pkg/validation/spec k8s.io/kube-openapi/pkg/validation/strfmt k8s.io/kube-openapi/pkg/validation/strfmt/bson k8s.io/kube-openapi/pkg/validation/validate -# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/kube-scheduler v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/kube-scheduler/config/v1 k8s.io/kube-scheduler/extender/v1 -# k8s.io/kubectl v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/kubectl v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/kubectl/pkg/apps k8s.io/kubectl/pkg/cmd/apiresources @@ -2283,7 +2281,7 @@ k8s.io/kubectl/pkg/util/storage k8s.io/kubectl/pkg/util/templates k8s.io/kubectl/pkg/util/term k8s.io/kubectl/pkg/validation -# k8s.io/kubelet v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/kubelet v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/kubelet/config/v1 k8s.io/kubelet/config/v1alpha1 @@ -2305,7 +2303,7 @@ k8s.io/kubelet/pkg/cri/streaming k8s.io/kubelet/pkg/cri/streaming/portforward k8s.io/kubelet/pkg/cri/streaming/remotecommand k8s.io/kubelet/pkg/types -# k8s.io/kubernetes v1.29.1 => github.com/openshift/kubernetes v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/kubernetes v1.29.1 => github.com/openshift/kubernetes v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -3104,7 +3102,7 @@ k8s.io/kubernetes/third_party/forked/gonum/graph k8s.io/kubernetes/third_party/forked/gonum/graph/internal/linear k8s.io/kubernetes/third_party/forked/gonum/graph/simple k8s.io/kubernetes/third_party/forked/gonum/graph/traverse -# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/legacy-cloud-providers v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/legacy-cloud-providers/azure k8s.io/legacy-cloud-providers/azure/auth @@ -3146,7 +3144,7 @@ k8s.io/legacy-cloud-providers/gce/gcpcredential k8s.io/legacy-cloud-providers/vsphere k8s.io/legacy-cloud-providers/vsphere/vclib k8s.io/legacy-cloud-providers/vsphere/vclib/diskmanagers -# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/metrics v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/metrics/pkg/apis/custom_metrics k8s.io/metrics/pkg/apis/custom_metrics/v1beta1 @@ -3161,10 +3159,10 @@ k8s.io/metrics/pkg/client/clientset/versioned/typed/metrics/v1beta1 k8s.io/metrics/pkg/client/custom_metrics k8s.io/metrics/pkg/client/custom_metrics/scheme k8s.io/metrics/pkg/client/external_metrics -# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/mount-utils v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/mount-utils -# k8s.io/pod-security-admission v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/pod-security-admission v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/pod-security-admission/admission k8s.io/pod-security-admission/admission/api @@ -3315,38 +3313,38 @@ sigs.k8s.io/structured-merge-diff/v4/value ## explicit; go 1.12 sigs.k8s.io/yaml # github.com/onsi/ginkgo/v2 => github.com/openshift/ginkgo/v2 v2.6.1-0.20231031162821-c5e24be53ea7 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240420191847-d9d45306df05 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240420191847-d9d45306df05 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240420191847-d9d45306df05 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240420191847-d9d45306df05 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240420191847-d9d45306df05 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240420191847-d9d45306df05 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240420191847-d9d45306df05 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240420191847-d9d45306df05 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240420191847-d9d45306df05 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240420191847-d9d45306df05 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240420191847-d9d45306df05 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240420191847-d9d45306df05 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240420191847-d9d45306df05 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240420191847-d9d45306df05 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kubernetes => github.com/openshift/kubernetes v0.0.0-20240420191847-d9d45306df05 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240420191847-d9d45306df05 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240420191847-d9d45306df05 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240420191847-d9d45306df05 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240420191847-d9d45306df05 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20240420191847-d9d45306df05 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20240420191847-d9d45306df05 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20240420191847-d9d45306df05 # go.etcd.io/etcd/api/v3 => github.com/openshift/etcd/api/v3 v3.5.1-0.20240408095611-aa0c441f97e0 # go.etcd.io/etcd/client/pkg/v3 => github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20240408095611-aa0c441f97e0 # go.etcd.io/etcd/client/v3 => github.com/openshift/etcd/client/v3 v3.5.1-0.20240408095611-aa0c441f97e0 # sigs.k8s.io/kube-storage-version-migrator => github.com/openshift/kubernetes-kube-storage-version-migrator v0.0.3-0.20240125051406-969a60e9e246 -# k8s.io/endpointslice => github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/endpointslice => github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240420191847-d9d45306df05 From ceade7266bcae5b9465e8fa1092cf09ee1d1706a Mon Sep 17 00:00:00 2001 From: ci-robot Date: Fri, 26 Apr 2024 05:34:57 +0000 Subject: [PATCH 5/9] update etcd/go.mod --- etcd/go.mod | 71 ++++++++++++++++++++++++++++------------------------- etcd/go.sum | 46 +++++++++++++++++++--------------- 2 files changed, 63 insertions(+), 54 deletions(-) diff --git a/etcd/go.mod b/etcd/go.mod index 1616539efa..587d1104de 100644 --- a/etcd/go.mod +++ b/etcd/go.mod @@ -29,6 +29,8 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect + github.com/openshift/api v0.0.0-20240405095747-3e50337fcaea // indirect + github.com/openshift/library-go v0.0.0-20240411091851-558ed29cc1dd // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/vishvananda/netlink v1.1.0 // indirect github.com/vishvananda/netns v0.0.4 // indirect @@ -36,6 +38,7 @@ require ( golang.org/x/sync v0.5.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect + k8s.io/apiserver v0.29.1 // indirect ) require ( @@ -115,11 +118,11 @@ require ( go.uber.org/atomic v1.10.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.19.0 // indirect - golang.org/x/crypto v0.18.0 // indirect - golang.org/x/net v0.20.0 // indirect + golang.org/x/crypto v0.21.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.11.0 // indirect - golang.org/x/sys v0.16.0 // indirect - golang.org/x/term v0.16.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect @@ -148,35 +151,35 @@ replace ( go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20240408095611-aa0c441f97e0 // from etcd go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20240408095611-aa0c441f97e0 // from etcd go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20240408095611-aa0c441f97e0 // from etcd - k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240411182632-6b4d6cb58038 // from kubernetes - k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes - k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes + k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240420191847-d9d45306df05 // from kubernetes + k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20240420191847-d9d45306df05 // staging kubernetes + k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20240420191847-d9d45306df05 // staging kubernetes ) -replace k8s.io/endpointslice => github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240411182632-6b4d6cb58038 // staging kubernetes +replace k8s.io/endpointslice => github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240420191847-d9d45306df05 // staging kubernetes diff --git a/etcd/go.sum b/etcd/go.sum index 8a4e23f84e..0c862c0588 100644 --- a/etcd/go.sum +++ b/etcd/go.sum @@ -188,6 +188,8 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/openshift/api v0.0.0-20240405095747-3e50337fcaea h1:cjCo7sUIjL+Q2ZGMfLXzFb70K+77R52GVjh10fRhA1M= +github.com/openshift/api v0.0.0-20240405095747-3e50337fcaea/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4= github.com/openshift/build-machinery-go v0.0.0-20231128094528-1e9b1b0595c8 h1:cu3YUMVGsKIyFyJGO3F6BZKGYQZpCKxAv9cBPgQAca8= github.com/openshift/build-machinery-go v0.0.0-20231128094528-1e9b1b0595c8/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/etcd/api/v3 v3.5.1-0.20240408095611-aa0c441f97e0 h1:Qz8nq7v3hwkvyrS6scwQSGKiLwcw7hDQRzlilbXv0pA= @@ -204,18 +206,22 @@ github.com/openshift/etcd/server/v3 v3.5.1-0.20240408095611-aa0c441f97e0 h1:r4FI github.com/openshift/etcd/server/v3 v3.5.1-0.20240408095611-aa0c441f97e0/go.mod h1:K/8nbsGupHqmr5MkgaZpLlH1QdX1pcNQLAkODy44XcQ= github.com/openshift/ginkgo/v2 v2.6.1-0.20231031162821-c5e24be53ea7 h1:jUM9Fdf+fT0LTccN58jrypOyzcfQUs1v2UH6f8vdBTA= github.com/openshift/ginkgo/v2 v2.6.1-0.20231031162821-c5e24be53ea7/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240411182632-6b4d6cb58038 h1:rKGQWNelsI5Yc9VXDifIX0QecVNjNcnUl9NZfDZ8Coc= -github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:TmaiXv9Cp++OTEqmCdI5k4wczjBgG5cfzeePPDQwMQY= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240411182632-6b4d6cb58038 h1:C+P9p3oHkhm4BWvGqhA7DZ1A5k0jNiOqCBEUVvVFWEM= -github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:M+j+5LA62rPH2S0hz+D7E2ErGzUc16Y1jTFR1BkP9cw= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240411182632-6b4d6cb58038 h1:qMEWE3KGJqzg1hxzxPX9jMFVbjL6FGCQXOcAPKP7cQU= -github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:sEQO/bfEeG8InvkctwFaCrrlRh67bF1L8fAu2IJOna4= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240411182632-6b4d6cb58038 h1:Qm+rG6ku6vg8EqXbFOWLXJDwADqsvvAfZH5hpUEQ+m0= -github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:wcaoSGTS0oWs9p6L2ZZKmsKKGM6I2Og8hdzQ27Ate4c= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240411182632-6b4d6cb58038 h1:VigatC9+x6SaCLWjC7HEx/LPgbwe1D0+HHObITTUwrY= -github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:uMZxP661ATTVxrN/iB2PZv1akCshKCiNIFV5k7KXaLo= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240411182632-6b4d6cb58038 h1:tR9XVEiwQOFmgkGb7XGlLb4SPsBcRDIkxAdM3VUM0y0= -github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240411182632-6b4d6cb58038/go.mod h1:0CwEJ2ZbolznQwiegk1OQHCP1NcQVMguYDjrGOwIHC8= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240420191847-d9d45306df05 h1:JEWCsnwnQOsjjNAKZdnqYjcxI9ZVpRbtPYrhuvoqasM= +github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240420191847-d9d45306df05/go.mod h1:oIThoHpI6Q+T3cndFnOnKY4n2GzS7mYQvvBIQ/VvI8M= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240420191847-d9d45306df05 h1:6QQfxXHET/L1c5HXRpXzoDyYGrT7R+PA9SOOE0YwCno= +github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240420191847-d9d45306df05/go.mod h1:IhHRRF080N9VU1QEEJ5zTYAQkPElZ84OH08nPyo0Lw0= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240420191847-d9d45306df05 h1:qYVckSwSzpQ6EujgV2xnVFtPYTheKR/Pf5d16Ud6Up0= +github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240420191847-d9d45306df05/go.mod h1:ry6KC66wtRKz9OEJXTpLj9OKjC5wZkMTM8Y/dMRAoVA= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240420191847-d9d45306df05 h1:vro9IL2dbnC53H7N9a5zmgg87NpNbP0pyepxdZk4fc0= +github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240420191847-d9d45306df05/go.mod h1:eq1ArtMJ3o/VUDn7NTP/eryQG8pTGjtattESXd5g42U= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240420191847-d9d45306df05 h1:okctlJNSQuMwGbkSkylt0WwgCaINrCs5/5Cg1aMQ8qM= +github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240420191847-d9d45306df05/go.mod h1:68E0AiovGRxyJ30s/QzLPLardQJCx/gm2GhdaAzJ10M= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240420191847-d9d45306df05 h1:zKwiMRlXmnXeXs9OhWZcdzSOB7SzXbIDn9SQswCEeBw= +github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240420191847-d9d45306df05/go.mod h1:JnCQWqQaTRtB1Mp/WKNpwndJeyVDa0DX0XfjeQlmB1M= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240420191847-d9d45306df05 h1:CINu9BKje3Xh5wqYjkuSGOtc1nczvd6Rcr3ZcIJN3Ps= +github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240420191847-d9d45306df05/go.mod h1:L0N5ONv4vn8oIGy8gjX0ZzkLT7GLQxP2G9R2+K/osEM= +github.com/openshift/library-go v0.0.0-20240411091851-558ed29cc1dd h1:svnVGaIsBgNRW/6FRRxIWOyYmpL7jL7LkkRYiYS8OFk= +github.com/openshift/library-go v0.0.0-20240411091851-558ed29cc1dd/go.mod h1:m/HsttSi90vSixwoy5mPUBHcZid2YRw/QbsLErLxF9s= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= @@ -316,8 +322,8 @@ go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= -golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -338,8 +344,8 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= @@ -366,12 +372,12 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= -golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= From 52839ab75e3b7450724dc33c633d2f07c96255bb Mon Sep 17 00:00:00 2001 From: ci-robot Date: Fri, 26 Apr 2024 05:35:02 +0000 Subject: [PATCH 6/9] update etcd/vendor --- etcd/vendor/github.com/openshift/api/LICENSE | 191 + .../openshift/api/config/v1/Makefile | 3 + .../github.com/openshift/api/config/v1/doc.go | 9 + .../openshift/api/config/v1/feature_gates.go | 598 ++ .../openshift/api/config/v1/register.go | 78 + .../openshift/api/config/v1/stringsource.go | 31 + .../openshift/api/config/v1/types.go | 430 ++ .../api/config/v1/types_apiserver.go | 226 + .../api/config/v1/types_authentication.go | 482 ++ .../openshift/api/config/v1/types_build.go | 133 + .../api/config/v1/types_cluster_operator.go | 227 + .../api/config/v1/types_cluster_version.go | 868 +++ .../openshift/api/config/v1/types_console.go | 80 + .../openshift/api/config/v1/types_dns.go | 140 + .../openshift/api/config/v1/types_feature.go | 153 + .../openshift/api/config/v1/types_image.go | 137 + .../config/v1/types_image_content_policy.go | 100 + .../v1/types_image_digest_mirror_set.go | 142 + .../config/v1/types_image_tag_mirror_set.go | 129 + .../api/config/v1/types_infrastructure.go | 1873 ++++++ .../openshift/api/config/v1/types_ingress.go | 339 + .../openshift/api/config/v1/types_network.go | 301 + .../openshift/api/config/v1/types_node.go | 117 + .../openshift/api/config/v1/types_oauth.go | 597 ++ .../api/config/v1/types_operatorhub.go | 96 + .../openshift/api/config/v1/types_project.go | 70 + .../openshift/api/config/v1/types_proxy.go | 110 + .../api/config/v1/types_scheduling.go | 144 + .../api/config/v1/types_tlssecurityprofile.go | 311 + .../api/config/v1/zz_generated.deepcopy.go | 5981 +++++++++++++++++ ..._generated.featuregated-crd-manifests.yaml | 490 ++ .../v1/zz_generated.swagger_doc_generated.go | 2565 +++++++ .../github.com/openshift/library-go/LICENSE | 201 + .../apiserver/audit/audit_policies.go | 119 + .../manifests/allrequestbodies-rules.yaml | 12 + .../audit/manifests/base-policy.yaml | 28 + .../audit/manifests/default-rules.yaml | 15 + .../apiserver/audit/manifests/none-rules.yaml | 1 + .../manifests/writerequestbodies-rules.yaml | 24 + .../audit/testdata/allrequestbodies.yaml | 42 + .../audit-policies-cm-scenario-1.yaml | 131 + .../apiserver/audit/testdata/default.yaml | 45 + .../apiserver/audit/testdata/multipleCr.yaml | 76 + .../apiserver/audit/testdata/none.yaml | 31 + .../apiserver/audit/testdata/oauth.yaml | 61 + .../audit/testdata/writerequestbodies.yaml | 54 + .../microshift/pkg/config/apiserver.go | 17 + .../microshift/pkg/config/apiserver/audit.go | 21 + .../openshift/microshift/pkg/config/config.go | 38 + etcd/vendor/golang.org/x/net/html/token.go | 12 +- etcd/vendor/golang.org/x/net/http2/frame.go | 42 +- etcd/vendor/golang.org/x/net/http2/pipe.go | 11 +- etcd/vendor/golang.org/x/net/http2/server.go | 13 +- .../vendor/golang.org/x/net/http2/testsync.go | 331 + .../golang.org/x/net/http2/transport.go | 307 +- etcd/vendor/golang.org/x/sys/unix/aliases.go | 2 +- etcd/vendor/golang.org/x/sys/unix/mkerrors.sh | 2 +- .../x/sys/unix/syscall_darwin_libSystem.go | 2 +- .../golang.org/x/sys/unix/syscall_freebsd.go | 12 +- .../golang.org/x/sys/unix/syscall_linux.go | 99 + .../golang.org/x/sys/unix/zerrors_linux.go | 36 +- .../x/sys/unix/zerrors_linux_386.go | 3 + .../x/sys/unix/zerrors_linux_amd64.go | 3 + .../x/sys/unix/zerrors_linux_arm.go | 3 + .../x/sys/unix/zerrors_linux_arm64.go | 3 + .../x/sys/unix/zerrors_linux_loong64.go | 3 + .../x/sys/unix/zerrors_linux_mips.go | 3 + .../x/sys/unix/zerrors_linux_mips64.go | 3 + .../x/sys/unix/zerrors_linux_mips64le.go | 3 + .../x/sys/unix/zerrors_linux_mipsle.go | 3 + .../x/sys/unix/zerrors_linux_ppc.go | 3 + .../x/sys/unix/zerrors_linux_ppc64.go | 3 + .../x/sys/unix/zerrors_linux_ppc64le.go | 3 + .../x/sys/unix/zerrors_linux_riscv64.go | 3 + .../x/sys/unix/zerrors_linux_s390x.go | 3 + .../x/sys/unix/zerrors_linux_sparc64.go | 3 + .../golang.org/x/sys/unix/zsyscall_linux.go | 10 + .../x/sys/unix/zsysnum_linux_386.go | 4 + .../x/sys/unix/zsysnum_linux_amd64.go | 3 + .../x/sys/unix/zsysnum_linux_arm.go | 4 + .../x/sys/unix/zsysnum_linux_arm64.go | 4 + .../x/sys/unix/zsysnum_linux_loong64.go | 4 + .../x/sys/unix/zsysnum_linux_mips.go | 4 + .../x/sys/unix/zsysnum_linux_mips64.go | 4 + .../x/sys/unix/zsysnum_linux_mips64le.go | 4 + .../x/sys/unix/zsysnum_linux_mipsle.go | 4 + .../x/sys/unix/zsysnum_linux_ppc.go | 4 + .../x/sys/unix/zsysnum_linux_ppc64.go | 4 + .../x/sys/unix/zsysnum_linux_ppc64le.go | 4 + .../x/sys/unix/zsysnum_linux_riscv64.go | 4 + .../x/sys/unix/zsysnum_linux_s390x.go | 4 + .../x/sys/unix/zsysnum_linux_sparc64.go | 4 + .../golang.org/x/sys/unix/ztypes_linux.go | 185 +- .../golang.org/x/sys/windows/env_windows.go | 17 +- .../x/sys/windows/syscall_windows.go | 3 +- etcd/vendor/k8s.io/apiserver/LICENSE | 202 + .../k8s.io/apiserver/pkg/apis/audit/OWNERS | 8 + .../k8s.io/apiserver/pkg/apis/audit/doc.go | 20 + .../apiserver/pkg/apis/audit/helpers.go | 38 + .../apiserver/pkg/apis/audit/register.go | 53 + .../k8s.io/apiserver/pkg/apis/audit/types.go | 312 + .../k8s.io/apiserver/pkg/apis/audit/v1/doc.go | 25 + .../pkg/apis/audit/v1/generated.pb.go | 3231 +++++++++ .../pkg/apis/audit/v1/generated.proto | 275 + .../apiserver/pkg/apis/audit/v1/register.go | 58 + .../apiserver/pkg/apis/audit/v1/types.go | 306 + .../apis/audit/v1/zz_generated.conversion.go | 327 + .../apis/audit/v1/zz_generated.deepcopy.go | 297 + .../apis/audit/v1/zz_generated.defaults.go | 33 + .../pkg/apis/audit/zz_generated.deepcopy.go | 297 + .../tools/remotecommand/websocket.go | 23 +- etcd/vendor/modules.txt | 91 +- 112 files changed, 24652 insertions(+), 199 deletions(-) create mode 100644 etcd/vendor/github.com/openshift/api/LICENSE create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/Makefile create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/doc.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/feature_gates.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/register.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/stringsource.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_apiserver.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_authentication.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_build.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_cluster_version.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_console.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_dns.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_feature.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_image.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_infrastructure.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_ingress.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_network.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_node.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_oauth.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_operatorhub.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_project.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_proxy.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_scheduling.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go create mode 100644 etcd/vendor/github.com/openshift/library-go/LICENSE create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/audit_policies.go create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/allrequestbodies-rules.yaml create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/base-policy.yaml create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/default-rules.yaml create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/none-rules.yaml create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/writerequestbodies-rules.yaml create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/audit-policies-cm-scenario-1.yaml create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/default.yaml create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/multipleCr.yaml create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/none.yaml create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/oauth.yaml create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml create mode 100644 etcd/vendor/github.com/openshift/microshift/pkg/config/apiserver/audit.go create mode 100644 etcd/vendor/golang.org/x/net/http2/testsync.go create mode 100644 etcd/vendor/k8s.io/apiserver/LICENSE create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/OWNERS create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/doc.go create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/helpers.go create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/register.go create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/types.go create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/doc.go create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.pb.go create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/register.go create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/types.go create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.conversion.go create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.deepcopy.go create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.defaults.go create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/zz_generated.deepcopy.go diff --git a/etcd/vendor/github.com/openshift/api/LICENSE b/etcd/vendor/github.com/openshift/api/LICENSE new file mode 100644 index 0000000000..5c389317ec --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/LICENSE @@ -0,0 +1,191 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + Copyright 2020 Red Hat, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/etcd/vendor/github.com/openshift/api/config/v1/Makefile b/etcd/vendor/github.com/openshift/api/config/v1/Makefile new file mode 100644 index 0000000000..66bf636305 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="config.openshift.io/v1" diff --git a/etcd/vendor/github.com/openshift/api/config/v1/doc.go b/etcd/vendor/github.com/openshift/api/config/v1/doc.go new file mode 100644 index 0000000000..f994547583 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/doc.go @@ -0,0 +1,9 @@ +// +k8s:deepcopy-gen=package,register +// +k8s:defaulter-gen=TypeMeta +// +k8s:openapi-gen=true +// +openshift:featuregated-schema-gen=true + +// +kubebuilder:validation:Optional +// +groupName=config.openshift.io +// Package v1 is the v1 version of the API. +package v1 diff --git a/etcd/vendor/github.com/openshift/api/config/v1/feature_gates.go b/etcd/vendor/github.com/openshift/api/config/v1/feature_gates.go new file mode 100644 index 0000000000..7a9d129cfb --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/feature_gates.go @@ -0,0 +1,598 @@ +package v1 + +import "fmt" + +// FeatureGateDescription is a golang-only interface used to contains details for a feature gate. +type FeatureGateDescription struct { + // FeatureGateAttributes is the information that appears in the API + FeatureGateAttributes FeatureGateAttributes + + // OwningJiraComponent is the jira component that owns most of the impl and first assignment for the bug. + // This is the team that owns the feature long term. + OwningJiraComponent string + // ResponsiblePerson is the person who is on the hook for first contact. This is often, but not always, a team lead. + // It is someone who can make the promise on the behalf of the team. + ResponsiblePerson string + // OwningProduct is the product that owns the lifecycle of the gate. + OwningProduct OwningProduct +} + +type ClusterProfileName string + +var ( + Hypershift = ClusterProfileName("include.release.openshift.io/ibm-cloud-managed") + SelfManaged = ClusterProfileName("include.release.openshift.io/self-managed-high-availability") + AllClusterProfiles = []ClusterProfileName{Hypershift, SelfManaged} +) + +type OwningProduct string + +var ( + ocpSpecific = OwningProduct("OCP") + kubernetes = OwningProduct("Kubernetes") +) + +type featureGateBuilder struct { + name string + owningJiraComponent string + responsiblePerson string + owningProduct OwningProduct + + statusByClusterProfileByFeatureSet map[ClusterProfileName]map[FeatureSet]bool +} + +// newFeatureGate featuregate are disabled in every FeatureSet and selectively enabled +func newFeatureGate(name string) *featureGateBuilder { + b := &featureGateBuilder{ + name: name, + statusByClusterProfileByFeatureSet: map[ClusterProfileName]map[FeatureSet]bool{}, + } + for _, clusterProfile := range AllClusterProfiles { + byFeatureSet := map[FeatureSet]bool{} + for _, featureSet := range AllFixedFeatureSets { + byFeatureSet[featureSet] = false + } + b.statusByClusterProfileByFeatureSet[clusterProfile] = byFeatureSet + } + return b +} + +func (b *featureGateBuilder) reportProblemsToJiraComponent(owningJiraComponent string) *featureGateBuilder { + b.owningJiraComponent = owningJiraComponent + return b +} + +func (b *featureGateBuilder) contactPerson(responsiblePerson string) *featureGateBuilder { + b.responsiblePerson = responsiblePerson + return b +} + +func (b *featureGateBuilder) productScope(owningProduct OwningProduct) *featureGateBuilder { + b.owningProduct = owningProduct + return b +} + +func (b *featureGateBuilder) enableIn(featureSets ...FeatureSet) *featureGateBuilder { + for clusterProfile := range b.statusByClusterProfileByFeatureSet { + for _, featureSet := range featureSets { + b.statusByClusterProfileByFeatureSet[clusterProfile][featureSet] = true + } + } + return b +} + +func (b *featureGateBuilder) enableForClusterProfile(clusterProfile ClusterProfileName, featureSets ...FeatureSet) *featureGateBuilder { + for _, featureSet := range featureSets { + b.statusByClusterProfileByFeatureSet[clusterProfile][featureSet] = true + } + return b +} + +func (b *featureGateBuilder) register() (FeatureGateName, error) { + if len(b.name) == 0 { + return "", fmt.Errorf("missing name") + } + if len(b.owningJiraComponent) == 0 { + return "", fmt.Errorf("missing owningJiraComponent") + } + if len(b.responsiblePerson) == 0 { + return "", fmt.Errorf("missing responsiblePerson") + } + if len(b.owningProduct) == 0 { + return "", fmt.Errorf("missing owningProduct") + } + + featureGateName := FeatureGateName(b.name) + description := FeatureGateDescription{ + FeatureGateAttributes: FeatureGateAttributes{ + Name: featureGateName, + }, + OwningJiraComponent: b.owningJiraComponent, + ResponsiblePerson: b.responsiblePerson, + OwningProduct: b.owningProduct, + } + + // statusByClusterProfileByFeatureSet is initialized by constructor to be false for every combination + for clusterProfile, byFeatureSet := range b.statusByClusterProfileByFeatureSet { + for featureSet, enabled := range byFeatureSet { + if _, ok := allFeatureGates[clusterProfile]; !ok { + allFeatureGates[clusterProfile] = map[FeatureSet]*FeatureGateEnabledDisabled{} + } + if _, ok := allFeatureGates[clusterProfile][featureSet]; !ok { + allFeatureGates[clusterProfile][featureSet] = &FeatureGateEnabledDisabled{} + } + + if enabled { + allFeatureGates[clusterProfile][featureSet].Enabled = append(allFeatureGates[clusterProfile][featureSet].Enabled, description) + } else { + allFeatureGates[clusterProfile][featureSet].Disabled = append(allFeatureGates[clusterProfile][featureSet].Disabled, description) + } + } + } + + return featureGateName, nil +} + +func (b *featureGateBuilder) mustRegister() FeatureGateName { + ret, err := b.register() + if err != nil { + panic(err) + } + return ret +} + +func FeatureSets(clusterProfile ClusterProfileName, featureSet FeatureSet) (*FeatureGateEnabledDisabled, error) { + byFeatureSet, ok := allFeatureGates[clusterProfile] + if !ok { + return nil, fmt.Errorf("no information found for ClusterProfile=%q", clusterProfile) + } + featureGates, ok := byFeatureSet[featureSet] + if !ok { + return nil, fmt.Errorf("no information found for FeatureSet=%q under ClusterProfile=%q", featureSet, clusterProfile) + } + return featureGates.DeepCopy(), nil +} + +func AllFeatureSets() map[ClusterProfileName]map[FeatureSet]*FeatureGateEnabledDisabled { + ret := map[ClusterProfileName]map[FeatureSet]*FeatureGateEnabledDisabled{} + + for clusterProfile, byFeatureSet := range allFeatureGates { + newByFeatureSet := map[FeatureSet]*FeatureGateEnabledDisabled{} + + for featureSet, enabledDisabled := range byFeatureSet { + newByFeatureSet[featureSet] = enabledDisabled.DeepCopy() + } + ret[clusterProfile] = newByFeatureSet + } + + return ret +} + +var ( + allFeatureGates = map[ClusterProfileName]map[FeatureSet]*FeatureGateEnabledDisabled{} + + FeatureGateServiceAccountTokenNodeBindingValidation = newFeatureGate("ServiceAccountTokenNodeBindingValidation"). + reportProblemsToJiraComponent("apiserver-auth"). + contactPerson("stlaz"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateServiceAccountTokenNodeBinding = newFeatureGate("ServiceAccountTokenNodeBinding"). + reportProblemsToJiraComponent("apiserver-auth"). + contactPerson("stlaz"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateServiceAccountTokenPodNodeInfo = newFeatureGate("ServiceAccountTokenPodNodeInfo"). + reportProblemsToJiraComponent("apiserver-auth"). + contactPerson("stlaz"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateValidatingAdmissionPolicy = newFeatureGate("ValidatingAdmissionPolicy"). + reportProblemsToJiraComponent("kube-apiserver"). + contactPerson("benluddy"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateGatewayAPI = newFeatureGate("GatewayAPI"). + reportProblemsToJiraComponent("Routing"). + contactPerson("miciah"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateOpenShiftPodSecurityAdmission = newFeatureGate("OpenShiftPodSecurityAdmission"). + reportProblemsToJiraComponent("auth"). + contactPerson("stlaz"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateExternalCloudProvider = newFeatureGate("ExternalCloudProvider"). + reportProblemsToJiraComponent("cloud-provider"). + contactPerson("jspeed"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateExternalCloudProviderAzure = newFeatureGate("ExternalCloudProviderAzure"). + reportProblemsToJiraComponent("cloud-provider"). + contactPerson("jspeed"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateExternalCloudProviderGCP = newFeatureGate("ExternalCloudProviderGCP"). + reportProblemsToJiraComponent("cloud-provider"). + contactPerson("jspeed"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateExternalCloudProviderExternal = newFeatureGate("ExternalCloudProviderExternal"). + reportProblemsToJiraComponent("cloud-provider"). + contactPerson("elmiko"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateCSIDriverSharedResource = newFeatureGate("CSIDriverSharedResource"). + reportProblemsToJiraComponent("builds"). + contactPerson("adkaplan"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateBuildCSIVolumes = newFeatureGate("BuildCSIVolumes"). + reportProblemsToJiraComponent("builds"). + contactPerson("adkaplan"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateNodeSwap = newFeatureGate("NodeSwap"). + reportProblemsToJiraComponent("node"). + contactPerson("ehashman"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateMachineAPIProviderOpenStack = newFeatureGate("MachineAPIProviderOpenStack"). + reportProblemsToJiraComponent("openstack"). + contactPerson("egarcia"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateInsightsConfigAPI = newFeatureGate("InsightsConfigAPI"). + reportProblemsToJiraComponent("insights"). + contactPerson("tremes"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateDynamicResourceAllocation = newFeatureGate("DynamicResourceAllocation"). + reportProblemsToJiraComponent("scheduling"). + contactPerson("jchaloup"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateAzureWorkloadIdentity = newFeatureGate("AzureWorkloadIdentity"). + reportProblemsToJiraComponent("cloud-credential-operator"). + contactPerson("abutcher"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateMaxUnavailableStatefulSet = newFeatureGate("MaxUnavailableStatefulSet"). + reportProblemsToJiraComponent("apps"). + contactPerson("atiratree"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateEventedPLEG = newFeatureGate("EventedPLEG"). + reportProblemsToJiraComponent("node"). + contactPerson("sairameshv"). + productScope(kubernetes). + mustRegister() + + FeatureGatePrivateHostedZoneAWS = newFeatureGate("PrivateHostedZoneAWS"). + reportProblemsToJiraComponent("Routing"). + contactPerson("miciah"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateSigstoreImageVerification = newFeatureGate("SigstoreImageVerification"). + reportProblemsToJiraComponent("node"). + contactPerson("sgrunert"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateGCPLabelsTags = newFeatureGate("GCPLabelsTags"). + reportProblemsToJiraComponent("Installer"). + contactPerson("bhb"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateAlibabaPlatform = newFeatureGate("AlibabaPlatform"). + reportProblemsToJiraComponent("cloud-provider"). + contactPerson("jspeed"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateCloudDualStackNodeIPs = newFeatureGate("CloudDualStackNodeIPs"). + reportProblemsToJiraComponent("machine-config-operator/platform-baremetal"). + contactPerson("mkowalsk"). + productScope(kubernetes). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateVSphereStaticIPs = newFeatureGate("VSphereStaticIPs"). + reportProblemsToJiraComponent("splat"). + contactPerson("rvanderp3"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateRouteExternalCertificate = newFeatureGate("RouteExternalCertificate"). + reportProblemsToJiraComponent("router"). + contactPerson("thejasn"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateAdminNetworkPolicy = newFeatureGate("AdminNetworkPolicy"). + reportProblemsToJiraComponent("Networking/ovn-kubernetes"). + contactPerson("tssurya"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateNetworkLiveMigration = newFeatureGate("NetworkLiveMigration"). + reportProblemsToJiraComponent("Networking/ovn-kubernetes"). + contactPerson("pliu"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateNetworkDiagnosticsConfig = newFeatureGate("NetworkDiagnosticsConfig"). + reportProblemsToJiraComponent("Networking/cluster-network-operator"). + contactPerson("kyrtapz"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateHardwareSpeed = newFeatureGate("HardwareSpeed"). + reportProblemsToJiraComponent("etcd"). + contactPerson("hasbro17"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateAutomatedEtcdBackup = newFeatureGate("AutomatedEtcdBackup"). + reportProblemsToJiraComponent("etcd"). + contactPerson("hasbro17"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateMachineAPIOperatorDisableMachineHealthCheckController = newFeatureGate("MachineAPIOperatorDisableMachineHealthCheckController"). + reportProblemsToJiraComponent("ecoproject"). + contactPerson("msluiter"). + productScope(ocpSpecific). + mustRegister() + + FeatureGateDNSNameResolver = newFeatureGate("DNSNameResolver"). + reportProblemsToJiraComponent("dns"). + contactPerson("miciah"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateVSphereControlPlaneMachineset = newFeatureGate("VSphereControlPlaneMachineSet"). + reportProblemsToJiraComponent("splat"). + contactPerson("rvanderp3"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateMachineConfigNodes = newFeatureGate("MachineConfigNodes"). + reportProblemsToJiraComponent("MachineConfigOperator"). + contactPerson("cdoern"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateClusterAPIInstall = newFeatureGate("ClusterAPIInstall"). + reportProblemsToJiraComponent("Installer"). + contactPerson("vincepri"). + productScope(ocpSpecific). + mustRegister() + + FeatureGateMetricsServer = newFeatureGate("MetricsServer"). + reportProblemsToJiraComponent("Monitoring"). + contactPerson("slashpai"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateInstallAlternateInfrastructureAWS = newFeatureGate("InstallAlternateInfrastructureAWS"). + reportProblemsToJiraComponent("Installer"). + contactPerson("padillon"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateGCPClusterHostedDNS = newFeatureGate("GCPClusterHostedDNS"). + reportProblemsToJiraComponent("Installer"). + contactPerson("barbacbd"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateMixedCPUsAllocation = newFeatureGate("MixedCPUsAllocation"). + reportProblemsToJiraComponent("NodeTuningOperator"). + contactPerson("titzhak"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateManagedBootImages = newFeatureGate("ManagedBootImages"). + reportProblemsToJiraComponent("MachineConfigOperator"). + contactPerson("djoshy"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateDisableKubeletCloudCredentialProviders = newFeatureGate("DisableKubeletCloudCredentialProviders"). + reportProblemsToJiraComponent("cloud-provider"). + contactPerson("jspeed"). + productScope(kubernetes). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateOnClusterBuild = newFeatureGate("OnClusterBuild"). + reportProblemsToJiraComponent("MachineConfigOperator"). + contactPerson("dkhater"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateSignatureStores = newFeatureGate("SignatureStores"). + reportProblemsToJiraComponent("Cluster Version Operator"). + contactPerson("lmohanty"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateKMSv1 = newFeatureGate("KMSv1"). + reportProblemsToJiraComponent("kube-apiserver"). + contactPerson("dgrisonnet"). + productScope(kubernetes). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGatePinnedImages = newFeatureGate("PinnedImages"). + reportProblemsToJiraComponent("MachineConfigOperator"). + contactPerson("jhernand"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateUpgradeStatus = newFeatureGate("UpgradeStatus"). + reportProblemsToJiraComponent("Cluster Version Operator"). + contactPerson("pmuller"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateTranslateStreamCloseWebsocketRequests = newFeatureGate("TranslateStreamCloseWebsocketRequests"). + reportProblemsToJiraComponent("kube-apiserver"). + contactPerson("akashem"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateVolumeGroupSnapshot = newFeatureGate("VolumeGroupSnapshot"). + reportProblemsToJiraComponent("Storage / Kubernetes External Components"). + contactPerson("fbertina"). + productScope(kubernetes). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateExternalOIDC = newFeatureGate("ExternalOIDC"). + reportProblemsToJiraComponent("authentication"). + contactPerson("stlaz"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + enableForClusterProfile(Hypershift, Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateExample = newFeatureGate("Example"). + reportProblemsToJiraComponent("cluster-config"). + contactPerson("deads"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGatePlatformOperators = newFeatureGate("PlatformOperators"). + reportProblemsToJiraComponent("olm"). + contactPerson("joe"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateNewOLM = newFeatureGate("NewOLM"). + reportProblemsToJiraComponent("olm"). + contactPerson("joe"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateExternalRouteCertificate = newFeatureGate("ExternalRouteCertificate"). + reportProblemsToJiraComponent("network-edge"). + contactPerson("miciah"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateInsightsOnDemandDataGather = newFeatureGate("InsightsOnDemandDataGather"). + reportProblemsToJiraComponent("insights"). + contactPerson("tremes"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateAlertingRules = newFeatureGate("AlertingRules"). + reportProblemsToJiraComponent("Monitoring"). + contactPerson("simon"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateBareMetalLoadBalancer = newFeatureGate("BareMetalLoadBalancer"). + reportProblemsToJiraComponent("metal"). + contactPerson("EmilienM"). + productScope(ocpSpecific). + enableIn(Default, TechPreviewNoUpgrade). + mustRegister() + + FeatureGateInsightsConfig = newFeatureGate("InsightsConfig"). + reportProblemsToJiraComponent("insights"). + contactPerson("tremes"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateImagePolicy = newFeatureGate("ImagePolicy"). + reportProblemsToJiraComponent("node"). + contactPerson("rphillips"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateNodeDisruptionPolicy = newFeatureGate("NodeDisruptionPolicy"). + reportProblemsToJiraComponent("MachineConfigOperator"). + contactPerson("jerzhang"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() + + FeatureGateMetricsCollectionProfiles = newFeatureGate("MetricsCollectionProfiles"). + reportProblemsToJiraComponent("Monitoring"). + contactPerson("rexagod"). + productScope(ocpSpecific). + enableIn(TechPreviewNoUpgrade). + mustRegister() +) diff --git a/etcd/vendor/github.com/openshift/api/config/v1/register.go b/etcd/vendor/github.com/openshift/api/config/v1/register.go new file mode 100644 index 0000000000..61302592ea --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/register.go @@ -0,0 +1,78 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + GroupName = "config.openshift.io" + GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + // Install is a function which adds this version to a scheme + Install = schemeBuilder.AddToScheme + + // SchemeGroupVersion generated code relies on this name + // Deprecated + SchemeGroupVersion = GroupVersion + // AddToScheme exists solely to keep the old generators creating valid code + // DEPRECATED + AddToScheme = schemeBuilder.AddToScheme +) + +// Resource generated code relies on this being here, but it logically belongs to the group +// DEPRECATED +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +// Adds the list of known types to api.Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(GroupVersion, + &APIServer{}, + &APIServerList{}, + &Authentication{}, + &AuthenticationList{}, + &Build{}, + &BuildList{}, + &ClusterOperator{}, + &ClusterOperatorList{}, + &ClusterVersion{}, + &ClusterVersionList{}, + &Console{}, + &ConsoleList{}, + &DNS{}, + &DNSList{}, + &FeatureGate{}, + &FeatureGateList{}, + &Image{}, + &ImageList{}, + &Infrastructure{}, + &InfrastructureList{}, + &Ingress{}, + &IngressList{}, + &Node{}, + &NodeList{}, + &Network{}, + &NetworkList{}, + &OAuth{}, + &OAuthList{}, + &OperatorHub{}, + &OperatorHubList{}, + &Project{}, + &ProjectList{}, + &Proxy{}, + &ProxyList{}, + &Scheduler{}, + &SchedulerList{}, + &ImageContentPolicy{}, + &ImageContentPolicyList{}, + &ImageDigestMirrorSet{}, + &ImageDigestMirrorSetList{}, + &ImageTagMirrorSet{}, + &ImageTagMirrorSetList{}, + ) + metav1.AddToGroupVersion(scheme, GroupVersion) + return nil +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/stringsource.go b/etcd/vendor/github.com/openshift/api/config/v1/stringsource.go new file mode 100644 index 0000000000..6a5718c1db --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/stringsource.go @@ -0,0 +1,31 @@ +package v1 + +import "encoding/json" + +// UnmarshalJSON implements the json.Unmarshaller interface. +// If the value is a string, it sets the Value field of the StringSource. +// Otherwise, it is unmarshaled into the StringSourceSpec struct +func (s *StringSource) UnmarshalJSON(value []byte) error { + // If we can unmarshal to a simple string, just set the value + var simpleValue string + if err := json.Unmarshal(value, &simpleValue); err == nil { + s.Value = simpleValue + return nil + } + + // Otherwise do the full struct unmarshal + return json.Unmarshal(value, &s.StringSourceSpec) +} + +// MarshalJSON implements the json.Marshaller interface. +// If the StringSource contains only a string Value (or is empty), it is marshaled as a JSON string. +// Otherwise, the StringSourceSpec struct is marshaled as a JSON object. +func (s *StringSource) MarshalJSON() ([]byte, error) { + // If we have only a cleartext value set, do a simple string marshal + if s.StringSourceSpec == (StringSourceSpec{Value: s.Value}) { + return json.Marshal(s.Value) + } + + // Otherwise do the full struct marshal of the externalized bits + return json.Marshal(s.StringSourceSpec) +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types.go b/etcd/vendor/github.com/openshift/api/config/v1/types.go new file mode 100644 index 0000000000..6fb1b9adc9 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types.go @@ -0,0 +1,430 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +// ConfigMapFileReference references a config map in a specific namespace. +// The namespace must be specified at the point of use. +type ConfigMapFileReference struct { + Name string `json:"name"` + // Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references. + Key string `json:"key,omitempty"` +} + +// ConfigMapNameReference references a config map in a specific namespace. +// The namespace must be specified at the point of use. +type ConfigMapNameReference struct { + // name is the metadata.name of the referenced config map + // +kubebuilder:validation:Required + // +required + Name string `json:"name"` +} + +// SecretNameReference references a secret in a specific namespace. +// The namespace must be specified at the point of use. +type SecretNameReference struct { + // name is the metadata.name of the referenced secret + // +kubebuilder:validation:Required + // +required + Name string `json:"name"` +} + +// HTTPServingInfo holds configuration for serving HTTP +type HTTPServingInfo struct { + // ServingInfo is the HTTP serving information + ServingInfo `json:",inline"` + // MaxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit. + MaxRequestsInFlight int64 `json:"maxRequestsInFlight"` + // RequestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if + // -1 there is no limit on requests. + RequestTimeoutSeconds int64 `json:"requestTimeoutSeconds"` +} + +// ServingInfo holds information about serving web pages +type ServingInfo struct { + // BindAddress is the ip:port to serve on + BindAddress string `json:"bindAddress"` + // BindNetwork is the type of network to bind to - defaults to "tcp4", accepts "tcp", + // "tcp4", and "tcp6" + BindNetwork string `json:"bindNetwork"` + // CertInfo is the TLS cert info for serving secure traffic. + // this is anonymous so that we can inline it for serialization + CertInfo `json:",inline"` + // ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates + // +optional + ClientCA string `json:"clientCA,omitempty"` + // NamedCertificates is a list of certificates to use to secure requests to specific hostnames + NamedCertificates []NamedCertificate `json:"namedCertificates,omitempty"` + // MinTLSVersion is the minimum TLS version supported. + // Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants + MinTLSVersion string `json:"minTLSVersion,omitempty"` + // CipherSuites contains an overridden list of ciphers for the server to support. + // Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants + CipherSuites []string `json:"cipherSuites,omitempty"` +} + +// CertInfo relates a certificate with a private key +type CertInfo struct { + // CertFile is a file containing a PEM-encoded certificate + CertFile string `json:"certFile"` + // KeyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile + KeyFile string `json:"keyFile"` +} + +// NamedCertificate specifies a certificate/key, and the names it should be served for +type NamedCertificate struct { + // Names is a list of DNS names this certificate should be used to secure + // A name can be a normal DNS name, or can contain leading wildcard segments. + Names []string `json:"names,omitempty"` + // CertInfo is the TLS cert info for serving secure traffic + CertInfo `json:",inline"` +} + +// LeaderElection provides information to elect a leader +type LeaderElection struct { + // disable allows leader election to be suspended while allowing a fully defaulted "normal" startup case. + Disable bool `json:"disable,omitempty"` + // namespace indicates which namespace the resource is in + Namespace string `json:"namespace,omitempty"` + // name indicates what name to use for the resource + Name string `json:"name,omitempty"` + + // leaseDuration is the duration that non-leader candidates will wait + // after observing a leadership renewal until attempting to acquire + // leadership of a led but unrenewed leader slot. This is effectively the + // maximum duration that a leader can be stopped before it is replaced + // by another candidate. This is only applicable if leader election is + // enabled. + // +nullable + LeaseDuration metav1.Duration `json:"leaseDuration"` + // renewDeadline is the interval between attempts by the acting master to + // renew a leadership slot before it stops leading. This must be less + // than or equal to the lease duration. This is only applicable if leader + // election is enabled. + // +nullable + RenewDeadline metav1.Duration `json:"renewDeadline"` + // retryPeriod is the duration the clients should wait between attempting + // acquisition and renewal of a leadership. This is only applicable if + // leader election is enabled. + // +nullable + RetryPeriod metav1.Duration `json:"retryPeriod"` +} + +// StringSource allows specifying a string inline, or externally via env var or file. +// When it contains only a string value, it marshals to a simple JSON string. +type StringSource struct { + // StringSourceSpec specifies the string value, or external location + StringSourceSpec `json:",inline"` +} + +// StringSourceSpec specifies a string value, or external location +type StringSourceSpec struct { + // Value specifies the cleartext value, or an encrypted value if keyFile is specified. + Value string `json:"value"` + + // Env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified. + Env string `json:"env"` + + // File references a file containing the cleartext value, or an encrypted value if a keyFile is specified. + File string `json:"file"` + + // KeyFile references a file containing the key to use to decrypt the value. + KeyFile string `json:"keyFile"` +} + +// RemoteConnectionInfo holds information necessary for establishing a remote connection +type RemoteConnectionInfo struct { + // URL is the remote URL to connect to + URL string `json:"url"` + // CA is the CA for verifying TLS connections + CA string `json:"ca"` + // CertInfo is the TLS client cert information to present + // this is anonymous so that we can inline it for serialization + CertInfo `json:",inline"` +} + +type AdmissionConfig struct { + PluginConfig map[string]AdmissionPluginConfig `json:"pluginConfig,omitempty"` + + // enabledPlugins is a list of admission plugins that must be on in addition to the default list. + // Some admission plugins are disabled by default, but certain configurations require them. This is fairly uncommon + // and can result in performance penalties and unexpected behavior. + EnabledAdmissionPlugins []string `json:"enabledPlugins,omitempty"` + + // disabledPlugins is a list of admission plugins that must be off. Putting something in this list + // is almost always a mistake and likely to result in cluster instability. + DisabledAdmissionPlugins []string `json:"disabledPlugins,omitempty"` +} + +// AdmissionPluginConfig holds the necessary configuration options for admission plugins +type AdmissionPluginConfig struct { + // Location is the path to a configuration file that contains the plugin's + // configuration + Location string `json:"location"` + + // Configuration is an embedded configuration object to be used as the plugin's + // configuration. If present, it will be used instead of the path to the configuration file. + // +nullable + // +kubebuilder:pruning:PreserveUnknownFields + Configuration runtime.RawExtension `json:"configuration"` +} + +type LogFormatType string + +type WebHookModeType string + +const ( + // LogFormatLegacy saves event in 1-line text format. + LogFormatLegacy LogFormatType = "legacy" + // LogFormatJson saves event in structured json format. + LogFormatJson LogFormatType = "json" + + // WebHookModeBatch indicates that the webhook should buffer audit events + // internally, sending batch updates either once a certain number of + // events have been received or a certain amount of time has passed. + WebHookModeBatch WebHookModeType = "batch" + // WebHookModeBlocking causes the webhook to block on every attempt to process + // a set of events. This causes requests to the API server to wait for a + // round trip to the external audit service before sending a response. + WebHookModeBlocking WebHookModeType = "blocking" +) + +// AuditConfig holds configuration for the audit capabilities +type AuditConfig struct { + // If this flag is set, audit log will be printed in the logs. + // The logs contains, method, user and a requested URL. + Enabled bool `json:"enabled"` + // All requests coming to the apiserver will be logged to this file. + AuditFilePath string `json:"auditFilePath"` + // Maximum number of days to retain old log files based on the timestamp encoded in their filename. + MaximumFileRetentionDays int32 `json:"maximumFileRetentionDays"` + // Maximum number of old log files to retain. + MaximumRetainedFiles int32 `json:"maximumRetainedFiles"` + // Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB. + MaximumFileSizeMegabytes int32 `json:"maximumFileSizeMegabytes"` + + // PolicyFile is a path to the file that defines the audit policy configuration. + PolicyFile string `json:"policyFile"` + // PolicyConfiguration is an embedded policy configuration object to be used + // as the audit policy configuration. If present, it will be used instead of + // the path to the policy file. + // +nullable + // +kubebuilder:pruning:PreserveUnknownFields + PolicyConfiguration runtime.RawExtension `json:"policyConfiguration"` + + // Format of saved audits (legacy or json). + LogFormat LogFormatType `json:"logFormat"` + + // Path to a .kubeconfig formatted file that defines the audit webhook configuration. + WebHookKubeConfig string `json:"webHookKubeConfig"` + // Strategy for sending audit events (block or batch). + WebHookMode WebHookModeType `json:"webHookMode"` +} + +// EtcdConnectionInfo holds information necessary for connecting to an etcd server +type EtcdConnectionInfo struct { + // URLs are the URLs for etcd + URLs []string `json:"urls,omitempty"` + // CA is a file containing trusted roots for the etcd server certificates + CA string `json:"ca"` + // CertInfo is the TLS client cert information for securing communication to etcd + // this is anonymous so that we can inline it for serialization + CertInfo `json:",inline"` +} + +type EtcdStorageConfig struct { + EtcdConnectionInfo `json:",inline"` + + // StoragePrefix is the path within etcd that the OpenShift resources will + // be rooted under. This value, if changed, will mean existing objects in etcd will + // no longer be located. + StoragePrefix string `json:"storagePrefix"` +} + +// GenericAPIServerConfig is an inline-able struct for aggregated apiservers that need to store data in etcd +type GenericAPIServerConfig struct { + // servingInfo describes how to start serving + ServingInfo HTTPServingInfo `json:"servingInfo"` + + // corsAllowedOrigins + CORSAllowedOrigins []string `json:"corsAllowedOrigins"` + + // auditConfig describes how to configure audit information + AuditConfig AuditConfig `json:"auditConfig"` + + // storageConfig contains information about how to use + StorageConfig EtcdStorageConfig `json:"storageConfig"` + + // admissionConfig holds information about how to configure admission. + AdmissionConfig AdmissionConfig `json:"admission"` + + KubeClientConfig KubeClientConfig `json:"kubeClientConfig"` +} + +type KubeClientConfig struct { + // kubeConfig is a .kubeconfig filename for going to the owning kube-apiserver. Empty uses an in-cluster-config + KubeConfig string `json:"kubeConfig"` + + // connectionOverrides specifies client overrides for system components to loop back to this master. + ConnectionOverrides ClientConnectionOverrides `json:"connectionOverrides"` +} + +type ClientConnectionOverrides struct { + // acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the + // default value of 'application/json'. This field will control all connections to the server used by a particular + // client. + AcceptContentTypes string `json:"acceptContentTypes"` + // contentType is the content type used when sending data to the server from this client. + ContentType string `json:"contentType"` + + // qps controls the number of queries per second allowed for this connection. + QPS float32 `json:"qps"` + // burst allows extra queries to accumulate when a client is exceeding its rate. + Burst int32 `json:"burst"` +} + +// GenericControllerConfig provides information to configure a controller +type GenericControllerConfig struct { + // ServingInfo is the HTTP serving information for the controller's endpoints + ServingInfo HTTPServingInfo `json:"servingInfo"` + + // leaderElection provides information to elect a leader. Only override this if you have a specific need + LeaderElection LeaderElection `json:"leaderElection"` + + // authentication allows configuration of authentication for the endpoints + Authentication DelegatedAuthentication `json:"authentication"` + // authorization allows configuration of authentication for the endpoints + Authorization DelegatedAuthorization `json:"authorization"` +} + +// DelegatedAuthentication allows authentication to be disabled. +type DelegatedAuthentication struct { + // disabled indicates that authentication should be disabled. By default it will use delegated authentication. + Disabled bool `json:"disabled,omitempty"` +} + +// DelegatedAuthorization allows authorization to be disabled. +type DelegatedAuthorization struct { + // disabled indicates that authorization should be disabled. By default it will use delegated authorization. + Disabled bool `json:"disabled,omitempty"` +} +type RequiredHSTSPolicy struct { + // namespaceSelector specifies a label selector such that the policy applies only to those routes that + // are in namespaces with labels that match the selector, and are in one of the DomainPatterns. + // Defaults to the empty LabelSelector, which matches everything. + // +optional + NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` + + // domainPatterns is a list of domains for which the desired HSTS annotations are required. + // If domainPatterns is specified and a route is created with a spec.host matching one of the domains, + // the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy. + // + // The use of wildcards is allowed like this: *.foo.com matches everything under foo.com. + // foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:Required + // +required + DomainPatterns []string `json:"domainPatterns"` + + // maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. + // If set to 0, it negates the effect, and hosts are removed as HSTS hosts. + // If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. + // maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS + // policy will eventually expire on that client. + MaxAge MaxAgePolicy `json:"maxAge"` + + // preloadPolicy directs the client to include hosts in its host preload list so that + // it never needs to do an initial load to get the HSTS header (note that this is not defined + // in RFC 6797 and is therefore client implementation-dependent). + // +optional + PreloadPolicy PreloadPolicy `json:"preloadPolicy,omitempty"` + + // includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's + // domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: + // - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com + // - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com + // - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com + // - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com + // +optional + IncludeSubDomainsPolicy IncludeSubDomainsPolicy `json:"includeSubDomainsPolicy,omitempty"` +} + +// MaxAgePolicy contains a numeric range for specifying a compliant HSTS max-age for the enclosing RequiredHSTSPolicy +type MaxAgePolicy struct { + // The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age + // This value can be left unspecified, in which case no upper limit is enforced. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=2147483647 + LargestMaxAge *int32 `json:"largestMaxAge,omitempty"` + + // The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age + // Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary + // tool for administrators to quickly correct mistakes. + // This value can be left unspecified, in which case no lower limit is enforced. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=2147483647 + SmallestMaxAge *int32 `json:"smallestMaxAge,omitempty"` +} + +// PreloadPolicy contains a value for specifying a compliant HSTS preload policy for the enclosing RequiredHSTSPolicy +// +kubebuilder:validation:Enum=RequirePreload;RequireNoPreload;NoOpinion +type PreloadPolicy string + +const ( + // RequirePreloadPolicy means HSTS "preload" is required by the RequiredHSTSPolicy + RequirePreloadPolicy PreloadPolicy = "RequirePreload" + + // RequireNoPreloadPolicy means HSTS "preload" is forbidden by the RequiredHSTSPolicy + RequireNoPreloadPolicy PreloadPolicy = "RequireNoPreload" + + // NoOpinionPreloadPolicy means HSTS "preload" doesn't matter to the RequiredHSTSPolicy + NoOpinionPreloadPolicy PreloadPolicy = "NoOpinion" +) + +// IncludeSubDomainsPolicy contains a value for specifying a compliant HSTS includeSubdomains policy +// for the enclosing RequiredHSTSPolicy +// +kubebuilder:validation:Enum=RequireIncludeSubDomains;RequireNoIncludeSubDomains;NoOpinion +type IncludeSubDomainsPolicy string + +const ( + // RequireIncludeSubDomains means HSTS "includeSubDomains" is required by the RequiredHSTSPolicy + RequireIncludeSubDomains IncludeSubDomainsPolicy = "RequireIncludeSubDomains" + + // RequireNoIncludeSubDomains means HSTS "includeSubDomains" is forbidden by the RequiredHSTSPolicy + RequireNoIncludeSubDomains IncludeSubDomainsPolicy = "RequireNoIncludeSubDomains" + + // NoOpinionIncludeSubDomains means HSTS "includeSubDomains" doesn't matter to the RequiredHSTSPolicy + NoOpinionIncludeSubDomains IncludeSubDomainsPolicy = "NoOpinion" +) + +// IBMCloudServiceName contains a value specifying the name of an IBM Cloud Service, +// which are used by MAPI, CIRO, CIO, Installer, etc. +// +kubebuilder:validation:Enum=CIS;COS;DNSServices;GlobalSearch;GlobalTagging;HyperProtect;IAM;KeyProtect;ResourceController;ResourceManager;VPC +type IBMCloudServiceName string + +const ( + // IBMCloudServiceCIS is the name for IBM Cloud CIS. + IBMCloudServiceCIS IBMCloudServiceName = "CIS" + // IBMCloudServiceCOS is the name for IBM Cloud COS. + IBMCloudServiceCOS IBMCloudServiceName = "COS" + // IBMCloudServiceDNSServices is the name for IBM Cloud DNS Services. + IBMCloudServiceDNSServices IBMCloudServiceName = "DNSServices" + // IBMCloudServiceGlobalSearch is the name for IBM Cloud Global Search. + IBMCloudServiceGlobalSearch IBMCloudServiceName = "GlobalSearch" + // IBMCloudServiceGlobalTagging is the name for IBM Cloud Global Tagging. + IBMCloudServiceGlobalTagging IBMCloudServiceName = "GlobalTagging" + // IBMCloudServiceHyperProtect is the name for IBM Cloud Hyper Protect. + IBMCloudServiceHyperProtect IBMCloudServiceName = "HyperProtect" + // IBMCloudServiceIAM is the name for IBM Cloud IAM. + IBMCloudServiceIAM IBMCloudServiceName = "IAM" + // IBMCloudServiceKeyProtect is the name for IBM Cloud Key Protect. + IBMCloudServiceKeyProtect IBMCloudServiceName = "KeyProtect" + // IBMCloudServiceResourceController is the name for IBM Cloud Resource Controller. + IBMCloudServiceResourceController IBMCloudServiceName = "ResourceController" + // IBMCloudServiceResourceManager is the name for IBM Cloud Resource Manager. + IBMCloudServiceResourceManager IBMCloudServiceName = "ResourceManager" + // IBMCloudServiceVPC is the name for IBM Cloud VPC. + IBMCloudServiceVPC IBMCloudServiceName = "VPC" +) diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_apiserver.go b/etcd/vendor/github.com/openshift/api/config/v1/types_apiserver.go new file mode 100644 index 0000000000..bdae466892 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_apiserver.go @@ -0,0 +1,226 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// APIServer holds configuration (like serving certificates, client CA and CORS domains) +// shared by all API servers in the system, among them especially kube-apiserver +// and openshift-apiserver. The canonical name of an instance is 'cluster'. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=apiservers,scope=Cluster +// +kubebuilder:subresource:status +type APIServer struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec APIServerSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status APIServerStatus `json:"status"` +} + +type APIServerSpec struct { + // servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates + // will be used for serving secure traffic. + // +optional + ServingCerts APIServerServingCerts `json:"servingCerts"` + // clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for + // incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. + // You usually only have to set this if you have your own PKI you wish to honor client certificates from. + // The ConfigMap must exist in the openshift-config namespace and contain the following required fields: + // - ConfigMap.Data["ca-bundle.crt"] - CA bundle. + // +optional + ClientCA ConfigMapNameReference `json:"clientCA"` + // additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the + // API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth + // server from JavaScript applications. + // The values are regular expressions that correspond to the Golang regular expression language. + // +optional + AdditionalCORSAllowedOrigins []string `json:"additionalCORSAllowedOrigins,omitempty"` + // encryption allows the configuration of encryption of resources at the datastore layer. + // +optional + Encryption APIServerEncryption `json:"encryption"` + // tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. + // + // If unset, a default (which may change between releases) is chosen. Note that only Old, + // Intermediate and Custom profiles are currently supported, and the maximum available + // minTLSVersion is VersionTLS12. + // +optional + TLSSecurityProfile *TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` + // audit specifies the settings for audit configuration to be applied to all OpenShift-provided + // API servers in the cluster. + // +optional + // +kubebuilder:default={profile: Default} + Audit Audit `json:"audit"` +} + +// AuditProfileType defines the audit policy profile type. +// +kubebuilder:validation:Enum=Default;WriteRequestBodies;AllRequestBodies;None +type AuditProfileType string + +const ( + // "None" disables audit logs. + NoneAuditProfileType AuditProfileType = "None" + + // "Default" is the existing default audit configuration policy. + DefaultAuditProfileType AuditProfileType = "Default" + + // "WriteRequestBodies" is similar to Default but it logs request and response + // HTTP payloads for write requests (create, update, patch) + WriteRequestBodiesAuditProfileType AuditProfileType = "WriteRequestBodies" + + // "AllRequestBodies" is similar to WriteRequestBodies, but also logs request + // and response HTTP payloads for read requests (get, list). + AllRequestBodiesAuditProfileType AuditProfileType = "AllRequestBodies" +) + +type Audit struct { + // profile specifies the name of the desired top-level audit profile to be applied to all requests + // sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, + // openshift-apiserver and oauth-apiserver), with the exception of those requests that match + // one or more of the customRules. + // + // The following profiles are provided: + // - Default: default policy which means MetaData level logging with the exception of events + // (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody + // level). + // - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for + // write requests (create, update, patch). + // - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response + // HTTP payloads for read requests (get, list). + // - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. + // + // Warning: It is not recommended to disable audit logging by using the `None` profile unless you + // are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. + // If you disable audit logging and a support situation arises, you might need to enable audit logging + // and reproduce the issue in order to troubleshoot properly. + // + // If unset, the 'Default' profile is used as the default. + // + // +kubebuilder:default=Default + Profile AuditProfileType `json:"profile,omitempty"` + // customRules specify profiles per group. These profile take precedence over the + // top-level profile field if they apply. They are evaluation from top to bottom and + // the first one that matches, applies. + // +listType=map + // +listMapKey=group + // +optional + CustomRules []AuditCustomRule `json:"customRules,omitempty"` +} + +// AuditCustomRule describes a custom rule for an audit profile that takes precedence over +// the top-level profile. +type AuditCustomRule struct { + // group is a name of group a request user must be member of in order to this profile to apply. + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + Group string `json:"group"` + // profile specifies the name of the desired audit policy configuration to be deployed to + // all OpenShift-provided API servers in the cluster. + // + // The following profiles are provided: + // - Default: the existing default policy. + // - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for + // write requests (create, update, patch). + // - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response + // HTTP payloads for read requests (get, list). + // - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. + // + // If unset, the 'Default' profile is used as the default. + // + // +kubebuilder:validation:Required + // +required + Profile AuditProfileType `json:"profile,omitempty"` +} + +type APIServerServingCerts struct { + // namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. + // If no named certificates are provided, or no named certificates match the server name as understood by a client, + // the defaultServingCertificate will be used. + // +optional + NamedCertificates []APIServerNamedServingCert `json:"namedCertificates,omitempty"` +} + +// APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate. +type APIServerNamedServingCert struct { + // names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to + // serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. + // Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. + // +optional + Names []string `json:"names,omitempty"` + // servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. + // The secret must exist in the openshift-config namespace and contain the following required fields: + // - Secret.Data["tls.key"] - TLS private key. + // - Secret.Data["tls.crt"] - TLS certificate. + ServingCertificate SecretNameReference `json:"servingCertificate"` +} + +type APIServerEncryption struct { + // type defines what encryption type should be used to encrypt resources at the datastore layer. + // When this field is unset (i.e. when it is set to the empty string), identity is implied. + // The behavior of unset can and will change over time. Even if encryption is enabled by default, + // the meaning of unset may change to a different encryption type based on changes in best practices. + // + // When encryption is enabled, all sensitive resources shipped with the platform are encrypted. + // This list of sensitive resources can and will change over time. The current authoritative list is: + // + // 1. secrets + // 2. configmaps + // 3. routes.route.openshift.io + // 4. oauthaccesstokens.oauth.openshift.io + // 5. oauthauthorizetokens.oauth.openshift.io + // + // +unionDiscriminator + // +optional + Type EncryptionType `json:"type,omitempty"` +} + +// +kubebuilder:validation:Enum="";identity;aescbc;aesgcm +type EncryptionType string + +const ( + // identity refers to a type where no encryption is performed at the datastore layer. + // Resources are written as-is without encryption. + EncryptionTypeIdentity EncryptionType = "identity" + + // aescbc refers to a type where AES-CBC with PKCS#7 padding and a 32-byte key + // is used to perform encryption at the datastore layer. + EncryptionTypeAESCBC EncryptionType = "aescbc" + + // aesgcm refers to a type where AES-GCM with random nonce and a 32-byte key + // is used to perform encryption at the datastore layer. + EncryptionTypeAESGCM EncryptionType = "aesgcm" +) + +type APIServerStatus struct { +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type APIServerList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + Items []APIServer `json:"items"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_authentication.go b/etcd/vendor/github.com/openshift/api/config/v1/types_authentication.go new file mode 100644 index 0000000000..b3dfa61b51 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -0,0 +1,482 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalOIDC,rule="!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace == specC.componentNamespace && statusC.componentName == specC.componentName) || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, oldC.componentNamespace == specC.componentNamespace && oldC.componentName == specC.componentName)))))",message="all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" + +// Authentication specifies cluster-wide settings for authentication (like OAuth and +// webhook token authenticators). The canonical name of an instance is `cluster`. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=authentications,scope=Cluster +// +kubebuilder:subresource:status +type Authentication struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec AuthenticationSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status AuthenticationStatus `json:"status"` +} + +type AuthenticationSpec struct { + // type identifies the cluster managed, user facing authentication mode in use. + // Specifically, it manages the component that responds to login attempts. + // The default is IntegratedOAuth. + // +optional + Type AuthenticationType `json:"type"` + + // oauthMetadata contains the discovery endpoint data for OAuth 2.0 + // Authorization Server Metadata for an external OAuth server. + // This discovery document can be viewed from its served location: + // oc get --raw '/.well-known/oauth-authorization-server' + // For further details, see the IETF Draft: + // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 + // If oauthMetadata.name is non-empty, this value has precedence + // over any metadata reference stored in status. + // The key "oauthMetadata" is used to locate the data. + // If specified and the config map or expected key is not found, no metadata is served. + // If the specified metadata is not valid, no metadata is served. + // The namespace for this config map is openshift-config. + // +optional + OAuthMetadata ConfigMapNameReference `json:"oauthMetadata"` + + // webhookTokenAuthenticators is DEPRECATED, setting it has no effect. + // +listType=atomic + WebhookTokenAuthenticators []DeprecatedWebhookTokenAuthenticator `json:"webhookTokenAuthenticators,omitempty"` + + // webhookTokenAuthenticator configures a remote token reviewer. + // These remote authentication webhooks can be used to verify bearer tokens + // via the tokenreviews.authentication.k8s.io REST API. This is required to + // honor bearer tokens that are provisioned by an external authentication service. + // + // Can only be set if "Type" is set to "None". + // + // +optional + WebhookTokenAuthenticator *WebhookTokenAuthenticator `json:"webhookTokenAuthenticator,omitempty"` + + // serviceAccountIssuer is the identifier of the bound service account token + // issuer. + // The default is https://kubernetes.default.svc + // WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the + // previous issuer value. Instead, the tokens issued by previous service account issuer will continue to + // be trusted for a time period chosen by the platform (currently set to 24h). + // This time period is subject to change over time. + // This allows internal components to transition to use new service account issuer without service distruption. + // +optional + ServiceAccountIssuer string `json:"serviceAccountIssuer"` + + // OIDCProviders are OIDC identity providers that can issue tokens + // for this cluster + // Can only be set if "Type" is set to "OIDC". + // + // At most one provider can be configured. + // + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=1 + // +openshift:enable:FeatureGate=ExternalOIDC + OIDCProviders []OIDCProvider `json:"oidcProviders,omitempty"` +} + +type AuthenticationStatus struct { + // integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 + // Authorization Server Metadata for the in-cluster integrated OAuth server. + // This discovery document can be viewed from its served location: + // oc get --raw '/.well-known/oauth-authorization-server' + // For further details, see the IETF Draft: + // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 + // This contains the observed value based on cluster state. + // An explicitly set value in spec.oauthMetadata has precedence over this field. + // This field has no meaning if authentication spec.type is not set to IntegratedOAuth. + // The key "oauthMetadata" is used to locate the data. + // If the config map or expected key is not found, no metadata is served. + // If the specified metadata is not valid, no metadata is served. + // The namespace for this config map is openshift-config-managed. + IntegratedOAuthMetadata ConfigMapNameReference `json:"integratedOAuthMetadata"` + + // OIDCClients is where participating operators place the current OIDC client status + // for OIDC clients that can be customized by the cluster-admin. + // + // +listType=map + // +listMapKey=componentNamespace + // +listMapKey=componentName + // +kubebuilder:validation:MaxItems=20 + // +openshift:enable:FeatureGate=ExternalOIDC + OIDCClients []OIDCClientStatus `json:"oidcClients"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type AuthenticationList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []Authentication `json:"items"` +} + +// +openshift:validation:FeatureGateAwareEnum:featureGate="",enum="";None;IntegratedOAuth +// +openshift:validation:FeatureGateAwareEnum:featureGate=ExternalOIDC,enum="";None;IntegratedOAuth;OIDC +type AuthenticationType string + +const ( + // None means that no cluster managed authentication system is in place. + // Note that user login will only work if a manually configured system is in place and + // referenced in authentication spec via oauthMetadata and + // webhookTokenAuthenticator/oidcProviders + AuthenticationTypeNone AuthenticationType = "None" + + // IntegratedOAuth refers to the cluster managed OAuth server. + // It is configured via the top level OAuth config. + AuthenticationTypeIntegratedOAuth AuthenticationType = "IntegratedOAuth" + + // AuthenticationTypeOIDC refers to a configuration with an external + // OIDC server configured directly with the kube-apiserver. + AuthenticationTypeOIDC AuthenticationType = "OIDC" +) + +// deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. +// It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field. +type DeprecatedWebhookTokenAuthenticator struct { + // kubeConfig contains kube config file data which describes how to access the remote webhook service. + // For further details, see: + // https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication + // The key "kubeConfig" is used to locate the data. + // If the secret or expected key is not found, the webhook is not honored. + // If the specified kube config data is not valid, the webhook is not honored. + // The namespace for this secret is determined by the point of use. + KubeConfig SecretNameReference `json:"kubeConfig"` +} + +// webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator +type WebhookTokenAuthenticator struct { + // kubeConfig references a secret that contains kube config file data which + // describes how to access the remote webhook service. + // The namespace for the referenced secret is openshift-config. + // + // For further details, see: + // + // https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication + // + // The key "kubeConfig" is used to locate the data. + // If the secret or expected key is not found, the webhook is not honored. + // If the specified kube config data is not valid, the webhook is not honored. + // +kubebuilder:validation:Required + // +required + KubeConfig SecretNameReference `json:"kubeConfig"` +} + +const ( + // OAuthMetadataKey is the key for the oauth authorization server metadata + OAuthMetadataKey = "oauthMetadata" + + // KubeConfigKey is the key for the kube config file data in a secret + KubeConfigKey = "kubeConfig" +) + +type OIDCProvider struct { + // Name of the OIDC provider + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Required + // +required + Name string `json:"name"` + // Issuer describes atributes of the OIDC token issuer + // + // +kubebuilder:validation:Required + // +required + Issuer TokenIssuer `json:"issuer"` + + // OIDCClients contains configuration for the platform's clients that + // need to request tokens from the issuer + // + // +listType=map + // +listMapKey=componentNamespace + // +listMapKey=componentName + // +kubebuilder:validation:MaxItems=20 + OIDCClients []OIDCClientConfig `json:"oidcClients"` + + // ClaimMappings describes rules on how to transform information from an + // ID token into a cluster identity + ClaimMappings TokenClaimMappings `json:"claimMappings"` + + // ClaimValidationRules are rules that are applied to validate token claims to authenticate users. + // + // +listType=atomic + ClaimValidationRules []TokenClaimValidationRule `json:"claimValidationRules,omitempty"` +} + +// +kubebuilder:validation:MinLength=1 +type TokenAudience string + +type TokenIssuer struct { + // URL is the serving URL of the token issuer. + // Must use the https:// scheme. + // + // +kubebuilder:validation:Pattern=`^https:\/\/[^\s]` + // +kubebuilder:validation:Required + // +required + URL string `json:"issuerURL"` + + // Audiences is an array of audiences that the token was issued for. + // Valid tokens must include at least one of these values in their + // "aud" claim. + // Must be set to exactly one value. + // + // +listType=set + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=10 + // +required + Audiences []TokenAudience `json:"audiences"` + + // CertificateAuthority is a reference to a config map in the + // configuration namespace. The .data of the configMap must contain + // the "ca-bundle.crt" key. + // If unset, system trust is used instead. + CertificateAuthority ConfigMapNameReference `json:"issuerCertificateAuthority"` +} + +type TokenClaimMappings struct { + // Username is a name of the claim that should be used to construct + // usernames for the cluster identity. + // + // Default value: "sub" + Username UsernameClaimMapping `json:"username,omitempty"` + + // Groups is a name of the claim that should be used to construct + // groups for the cluster identity. + // The referenced claim must use array of strings values. + Groups PrefixedClaimMapping `json:"groups,omitempty"` +} + +type TokenClaimMapping struct { + // Claim is a JWT token claim to be used in the mapping + // + // +kubebuilder:validation:Required + // +required + Claim string `json:"claim"` +} + +type OIDCClientConfig struct { + // ComponentName is the name of the component that is supposed to consume this + // client configuration + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Required + // +required + ComponentName string `json:"componentName"` + + // ComponentNamespace is the namespace of the component that is supposed to consume this + // client configuration + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Required + // +required + ComponentNamespace string `json:"componentNamespace"` + + // ClientID is the identifier of the OIDC client from the OIDC provider + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Required + // +required + ClientID string `json:"clientID"` + + // ClientSecret refers to a secret in the `openshift-config` namespace that + // contains the client secret in the `clientSecret` key of the `.data` field + ClientSecret SecretNameReference `json:"clientSecret"` + + // ExtraScopes is an optional set of scopes to request tokens with. + // + // +listType=set + ExtraScopes []string `json:"extraScopes"` +} + +type OIDCClientStatus struct { + // ComponentName is the name of the component that will consume a client configuration. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Required + // +required + ComponentName string `json:"componentName"` + + // ComponentNamespace is the namespace of the component that will consume a client configuration. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Required + // +required + ComponentNamespace string `json:"componentNamespace"` + + // CurrentOIDCClients is a list of clients that the component is currently using. + // + // +listType=map + // +listMapKey=issuerURL + // +listMapKey=clientID + CurrentOIDCClients []OIDCClientReference `json:"currentOIDCClients"` + + // ConsumingUsers is a slice of ServiceAccounts that need to have read + // permission on the `clientSecret` secret. + // + // +kubebuilder:validation:MaxItems=5 + // +listType=set + ConsumingUsers []ConsumingUser `json:"consumingUsers"` + + // Conditions are used to communicate the state of the `oidcClients` entry. + // + // Supported conditions include Available, Degraded and Progressing. + // + // If Available is true, the component is successfully using the configured client. + // If Degraded is true, that means something has gone wrong trying to handle the client configuration. + // If Progressing is true, that means the component is taking some action related to the `oidcClients` entry. + // + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +type OIDCClientReference struct { + // OIDCName refers to the `name` of the provider from `oidcProviders` + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Required + // +required + OIDCProviderName string `json:"oidcProviderName"` + + // URL is the serving URL of the token issuer. + // Must use the https:// scheme. + // + // +kubebuilder:validation:Pattern=`^https:\/\/[^\s]` + // +kubebuilder:validation:Required + // +required + IssuerURL string `json:"issuerURL"` + + // ClientID is the identifier of the OIDC client from the OIDC provider + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Required + // +required + ClientID string `json:"clientID"` +} + +// +kubebuilder:validation:XValidation:rule="has(self.prefixPolicy) && self.prefixPolicy == 'Prefix' ? (has(self.prefix) && size(self.prefix.prefixString) > 0) : !has(self.prefix)",message="prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" +type UsernameClaimMapping struct { + TokenClaimMapping `json:",inline"` + + // PrefixPolicy specifies how a prefix should apply. + // + // By default, claims other than `email` will be prefixed with the issuer URL to + // prevent naming clashes with other plugins. + // + // Set to "NoPrefix" to disable prefixing. + // + // Example: + // (1) `prefix` is set to "myoidc:" and `claim` is set to "username". + // If the JWT claim `username` contains value `userA`, the resulting + // mapped value will be "myoidc:userA". + // (2) `prefix` is set to "myoidc:" and `claim` is set to "email". If the + // JWT `email` claim contains value "userA@myoidc.tld", the resulting + // mapped value will be "myoidc:userA@myoidc.tld". + // (3) `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`, + // the JWT claims include "username":"userA" and "email":"userA@myoidc.tld", + // and `claim` is set to: + // (a) "username": the mapped value will be "https://myoidc.tld#userA" + // (b) "email": the mapped value will be "userA@myoidc.tld" + // + // +kubebuilder:validation:Enum={"", "NoPrefix", "Prefix"} + PrefixPolicy UsernamePrefixPolicy `json:"prefixPolicy"` + + Prefix *UsernamePrefix `json:"prefix"` +} + +type UsernamePrefixPolicy string + +var ( + // NoOpinion let's the cluster assign prefixes. If the username claim is email, there is no prefix + // If the username claim is anything else, it is prefixed by the issuerURL + NoOpinion UsernamePrefixPolicy = "" + + // NoPrefix means the username claim value will not have any prefix + NoPrefix UsernamePrefixPolicy = "NoPrefix" + + // Prefix means the prefix value must be specified. It cannot be empty + Prefix UsernamePrefixPolicy = "Prefix" +) + +type UsernamePrefix struct { + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + PrefixString string `json:"prefixString"` +} + +type PrefixedClaimMapping struct { + TokenClaimMapping `json:",inline"` + + // Prefix is a string to prefix the value from the token in the result of the + // claim mapping. + // + // By default, no prefixing occurs. + // + // Example: if `prefix` is set to "myoidc:"" and the `claim` in JWT contains + // an array of strings "a", "b" and "c", the mapping will result in an + // array of string "myoidc:a", "myoidc:b" and "myoidc:c". + Prefix string `json:"prefix"` +} + +type TokenValidationRuleType string + +const ( + TokenValidationRuleTypeRequiredClaim = "RequiredClaim" +) + +type TokenClaimValidationRule struct { + // Type sets the type of the validation rule + // + // +kubebuilder:validation:Enum={"RequiredClaim"} + // +kubebuilder:default="RequiredClaim" + Type TokenValidationRuleType `json:"type"` + + // RequiredClaim allows configuring a required claim name and its expected + // value + RequiredClaim *TokenRequiredClaim `json:"requiredClaim"` +} + +type TokenRequiredClaim struct { + // Claim is a name of a required claim. Only claims with string values are + // supported. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Required + // +required + Claim string `json:"claim"` + + // RequiredValue is the required value for the claim. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Required + // +required + RequiredValue string `json:"requiredValue"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_build.go b/etcd/vendor/github.com/openshift/api/config/v1/types_build.go new file mode 100644 index 0000000000..dad47666db --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_build.go @@ -0,0 +1,133 @@ +package v1 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Build configures the behavior of OpenShift builds for the entire cluster. +// This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds. +// +// The canonical name is "cluster" +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=openshift-controller-manager,operatorOrdering=01 +// +openshift:capability=Build +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=builds,scope=Cluster +// +kubebuilder:subresource:status +type Build struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec holds user-settable values for the build controller configuration + // +kubebuilder:validation:Required + // +required + Spec BuildSpec `json:"spec"` +} + +type BuildSpec struct { + // AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that + // should be trusted for image pushes and pulls during builds. + // The namespace for this config map is openshift-config. + // + // DEPRECATED: Additional CAs for image pull and push should be set on + // image.config.openshift.io/cluster instead. + // + // +optional + AdditionalTrustedCA ConfigMapNameReference `json:"additionalTrustedCA"` + // BuildDefaults controls the default information for Builds + // +optional + BuildDefaults BuildDefaults `json:"buildDefaults"` + // BuildOverrides controls override settings for builds + // +optional + BuildOverrides BuildOverrides `json:"buildOverrides"` +} + +type BuildDefaults struct { + // DefaultProxy contains the default proxy settings for all build operations, including image pull/push + // and source download. + // + // Values can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables + // in the build config's strategy. + // +optional + DefaultProxy *ProxySpec `json:"defaultProxy,omitempty"` + + // GitProxy contains the proxy settings for git operations only. If set, this will override + // any Proxy settings for all git commands, such as git clone. + // + // Values that are not set here will be inherited from DefaultProxy. + // +optional + GitProxy *ProxySpec `json:"gitProxy,omitempty"` + + // Env is a set of default environment variables that will be applied to the + // build if the specified variables do not exist on the build + // +optional + Env []corev1.EnvVar `json:"env,omitempty"` + + // ImageLabels is a list of docker labels that are applied to the resulting image. + // User can override a default label by providing a label with the same name in their + // Build/BuildConfig. + // +optional + ImageLabels []ImageLabel `json:"imageLabels,omitempty"` + + // Resources defines resource requirements to execute the build. + // +optional + Resources corev1.ResourceRequirements `json:"resources"` +} + +type ImageLabel struct { + // Name defines the name of the label. It must have non-zero length. + Name string `json:"name"` + + // Value defines the literal value of the label. + // +optional + Value string `json:"value,omitempty"` +} + +type BuildOverrides struct { + // ImageLabels is a list of docker labels that are applied to the resulting image. + // If user provided a label in their Build/BuildConfig with the same name as one in this + // list, the user's label will be overwritten. + // +optional + ImageLabels []ImageLabel `json:"imageLabels,omitempty"` + + // NodeSelector is a selector which must be true for the build pod to fit on a node + // +optional + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + + // Tolerations is a list of Tolerations that will override any existing + // tolerations set on a build pod. + // +optional + Tolerations []corev1.Toleration `json:"tolerations,omitempty"` + + // ForcePull overrides, if set, the equivalent value in the builds, + // i.e. false disables force pull for all builds, + // true enables force pull for all builds, + // independently of what each build specifies itself + // +optional + ForcePull *bool `json:"forcePull,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type BuildList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []Build `json:"items"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go b/etcd/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go new file mode 100644 index 0000000000..7951762ccd --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go @@ -0,0 +1,227 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ClusterOperator is the Custom Resource object which holds the current state +// of an operator. This object is used by operators to convey their state to +// the rest of the cluster. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/497 +// +openshift:file-pattern=cvoRunLevel=0000_00,operatorName=cluster-version-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=clusteroperators,scope=Cluster,shortName=co +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name=Version,JSONPath=.status.versions[?(@.name=="operator")].version,type=string,description=The version the operator is at. +// +kubebuilder:printcolumn:name=Available,JSONPath=.status.conditions[?(@.type=="Available")].status,type=string,description=Whether the operator is running and stable. +// +kubebuilder:printcolumn:name=Progressing,JSONPath=.status.conditions[?(@.type=="Progressing")].status,type=string,description=Whether the operator is processing changes. +// +kubebuilder:printcolumn:name=Degraded,JSONPath=.status.conditions[?(@.type=="Degraded")].status,type=string,description=Whether the operator is degraded. +// +kubebuilder:printcolumn:name=Since,JSONPath=.status.conditions[?(@.type=="Available")].lastTransitionTime,type=date,description=The time the operator's Available status last changed. +// +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true +type ClusterOperator struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + // spec holds configuration that could apply to any operator. + // +kubebuilder:validation:Required + // +required + Spec ClusterOperatorSpec `json:"spec"` + + // status holds the information about the state of an operator. It is consistent with status information across + // the Kubernetes ecosystem. + // +optional + Status ClusterOperatorStatus `json:"status"` +} + +// ClusterOperatorSpec is empty for now, but you could imagine holding information like "pause". +type ClusterOperatorSpec struct { +} + +// ClusterOperatorStatus provides information about the status of the operator. +// +k8s:deepcopy-gen=true +type ClusterOperatorStatus struct { + // conditions describes the state of the operator's managed and monitored components. + // +patchMergeKey=type + // +patchStrategy=merge + // +optional + Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + + // versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple + // operand entries in the array. Available operators must report the version of the operator itself with the name "operator". + // An operator reports a new "operator" version when it has rolled out the new version to all of its operands. + // +optional + Versions []OperandVersion `json:"versions,omitempty"` + + // relatedObjects is a list of objects that are "interesting" or related to this operator. Common uses are: + // 1. the detailed resource driving the operator + // 2. operator namespaces + // 3. operand namespaces + // +optional + RelatedObjects []ObjectReference `json:"relatedObjects,omitempty"` + + // extension contains any additional status information specific to the + // operator which owns this status object. + // +nullable + // +optional + // +kubebuilder:pruning:PreserveUnknownFields + Extension runtime.RawExtension `json:"extension"` +} + +type OperandVersion struct { + // name is the name of the particular operand this version is for. It usually matches container images, not operators. + // +kubebuilder:validation:Required + // +required + Name string `json:"name"` + + // version indicates which version of a particular operand is currently being managed. It must always match the Available + // operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout + // 1.1.0 + // +kubebuilder:validation:Required + // +required + Version string `json:"version"` +} + +// ObjectReference contains enough information to let you inspect or modify the referred object. +type ObjectReference struct { + // group of the referent. + // +kubebuilder:validation:Required + // +required + Group string `json:"group"` + // resource of the referent. + // +kubebuilder:validation:Required + // +required + Resource string `json:"resource"` + // namespace of the referent. + // +optional + Namespace string `json:"namespace,omitempty"` + // name of the referent. + // +kubebuilder:validation:Required + // +required + Name string `json:"name"` +} + +type ConditionStatus string + +// These are valid condition statuses. "ConditionTrue" means a resource is in the condition. +// "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes +// can't decide if a resource is in the condition or not. In the future, we could add other +// intermediate conditions, e.g. ConditionDegraded. +const ( + ConditionTrue ConditionStatus = "True" + ConditionFalse ConditionStatus = "False" + ConditionUnknown ConditionStatus = "Unknown" +) + +// ClusterOperatorStatusCondition represents the state of the operator's +// managed and monitored components. +// +k8s:deepcopy-gen=true +type ClusterOperatorStatusCondition struct { + // type specifies the aspect reported by this condition. + // +kubebuilder:validation:Required + // +required + Type ClusterStatusConditionType `json:"type"` + + // status of the condition, one of True, False, Unknown. + // +kubebuilder:validation:Required + // +required + Status ConditionStatus `json:"status"` + + // lastTransitionTime is the time of the last update to the current status property. + // +kubebuilder:validation:Required + // +required + LastTransitionTime metav1.Time `json:"lastTransitionTime"` + + // reason is the CamelCase reason for the condition's current status. + // +optional + Reason string `json:"reason,omitempty"` + + // message provides additional information about the current condition. + // This is only to be consumed by humans. It may contain Line Feed + // characters (U+000A), which should be rendered as new lines. + // +optional + Message string `json:"message,omitempty"` +} + +// ClusterStatusConditionType is an aspect of operator state. +type ClusterStatusConditionType string + +const ( + // Available indicates that the component (operator and all configured operands) + // is functional and available in the cluster. Available=False means at least + // part of the component is non-functional, and that the condition requires + // immediate administrator intervention. + OperatorAvailable ClusterStatusConditionType = "Available" + + // Progressing indicates that the component (operator and all configured operands) + // is actively rolling out new code, propagating config changes, or otherwise + // moving from one steady state to another. Operators should not report + // progressing when they are reconciling (without action) a previously known + // state. If the observed cluster state has changed and the component is + // reacting to it (scaling up for instance), Progressing should become true + // since it is moving from one steady state to another. + OperatorProgressing ClusterStatusConditionType = "Progressing" + + // Degraded indicates that the component (operator and all configured operands) + // does not match its desired state over a period of time resulting in a lower + // quality of service. The period of time may vary by component, but a Degraded + // state represents persistent observation of a condition. As a result, a + // component should not oscillate in and out of Degraded state. A component may + // be Available even if its degraded. For example, a component may desire 3 + // running pods, but 1 pod is crash-looping. The component is Available but + // Degraded because it may have a lower quality of service. A component may be + // Progressing but not Degraded because the transition from one state to + // another does not persist over a long enough period to report Degraded. A + // component should not report Degraded during the course of a normal upgrade. + // A component may report Degraded in response to a persistent infrastructure + // failure that requires eventual administrator intervention. For example, if + // a control plane host is unhealthy and must be replaced. A component should + // report Degraded if unexpected errors occur over a period, but the + // expectation is that all unexpected errors are handled as operators mature. + OperatorDegraded ClusterStatusConditionType = "Degraded" + + // Upgradeable indicates whether the component (operator and all configured + // operands) is safe to upgrade based on the current cluster state. When + // Upgradeable is False, the cluster-version operator will prevent the + // cluster from performing impacted updates unless forced. When set on + // ClusterVersion, the message will explain which updates (minor or patch) + // are impacted. When set on ClusterOperator, False will block minor + // OpenShift updates. The message field should contain a human readable + // description of what the administrator should do to allow the cluster or + // component to successfully update. The cluster-version operator will + // allow updates when this condition is not False, including when it is + // missing, True, or Unknown. + OperatorUpgradeable ClusterStatusConditionType = "Upgradeable" + + // EvaluationConditionsDetected is used to indicate the result of the detection + // logic that was added to a component to evaluate the introduction of an + // invasive change that could potentially result in highly visible alerts, + // breakages or upgrade failures. You can concatenate multiple Reason using + // the "::" delimiter if you need to evaluate the introduction of multiple changes. + EvaluationConditionsDetected ClusterStatusConditionType = "EvaluationConditionsDetected" +) + +// ClusterOperatorList is a list of OperatorStatus resources. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=1 +type ClusterOperatorList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []ClusterOperator `json:"items"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/etcd/vendor/github.com/openshift/api/config/v1/types_cluster_version.go new file mode 100644 index 0000000000..2b8c302134 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -0,0 +1,868 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ClusterVersion is the configuration for the ClusterVersionOperator. This is where +// parameters related to automatic updates can be set. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/495 +// +openshift:file-pattern=cvoRunLevel=0000_00,operatorName=cluster-version-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:path=clusterversions,scope=Cluster +// +kubebuilder:validation:XValidation:rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'baremetal' in self.spec.capabilities.additionalEnabledCapabilities ? 'MachineAPI' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'MachineAPI' in self.status.capabilities.enabledCapabilities) : true",message="the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability" +// +kubebuilder:validation:XValidation:rule="has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) && self.spec.capabilities.baselineCapabilitySet == 'None' && 'marketplace' in self.spec.capabilities.additionalEnabledCapabilities ? 'OperatorLifecycleManager' in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) && 'OperatorLifecycleManager' in self.status.capabilities.enabledCapabilities) : true",message="the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability" +// +kubebuilder:printcolumn:name=Version,JSONPath=.status.history[?(@.state=="Completed")].version,type=string +// +kubebuilder:printcolumn:name=Available,JSONPath=.status.conditions[?(@.type=="Available")].status,type=string +// +kubebuilder:printcolumn:name=Progressing,JSONPath=.status.conditions[?(@.type=="Progressing")].status,type=string +// +kubebuilder:printcolumn:name=Since,JSONPath=.status.conditions[?(@.type=="Progressing")].lastTransitionTime,type=date +// +kubebuilder:printcolumn:name=Status,JSONPath=.status.conditions[?(@.type=="Progressing")].message,type=string +// +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true +type ClusterVersion struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec is the desired state of the cluster version - the operator will work + // to ensure that the desired version is applied to the cluster. + // +kubebuilder:validation:Required + // +required + Spec ClusterVersionSpec `json:"spec"` + // status contains information about the available updates and any in-progress + // updates. + // +optional + Status ClusterVersionStatus `json:"status"` +} + +// ClusterVersionSpec is the desired version state of the cluster. It includes +// the version the cluster should be at, how the cluster is identified, and +// where the cluster should look for version updates. +// +k8s:deepcopy-gen=true +type ClusterVersionSpec struct { + // clusterID uniquely identifies this cluster. This is expected to be + // an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in + // hexadecimal values). This is a required field. + // +kubebuilder:validation:Required + // +required + ClusterID ClusterID `json:"clusterID"` + + // desiredUpdate is an optional field that indicates the desired value of + // the cluster version. Setting this value will trigger an upgrade (if + // the current version does not match the desired version). The set of + // recommended update values is listed as part of available updates in + // status, and setting values outside that range may cause the upgrade + // to fail. + // + // Some of the fields are inter-related with restrictions and meanings described here. + // 1. image is specified, version is specified, architecture is specified. API validation error. + // 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. + // 3. image is specified, version is not specified, architecture is specified. API validation error. + // 4. image is specified, version is not specified, architecture is not specified. image is used. + // 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. + // 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. + // 7. image is not specified, version is not specified, architecture is specified. API validation error. + // 8. image is not specified, version is not specified, architecture is not specified. API validation error. + // + // If an upgrade fails the operator will halt and report status + // about the failing component. Setting the desired update value back to + // the previous version will cause a rollback to be attempted. Not all + // rollbacks will succeed. + // + // +optional + DesiredUpdate *Update `json:"desiredUpdate,omitempty"` + + // upstream may be used to specify the preferred update server. By default + // it will use the appropriate update server for the cluster and region. + // + // +optional + Upstream URL `json:"upstream,omitempty"` + // channel is an identifier for explicitly requesting that a non-default + // set of updates be applied to this cluster. The default channel will be + // contain stable updates that are appropriate for production clusters. + // + // +optional + Channel string `json:"channel,omitempty"` + + // capabilities configures the installation of optional, core + // cluster components. A null value here is identical to an + // empty object; see the child properties for default semantics. + // +optional + Capabilities *ClusterVersionCapabilitiesSpec `json:"capabilities,omitempty"` + + // signatureStores contains the upstream URIs to verify release signatures and optional + // reference to a config map by name containing the PEM-encoded CA bundle. + // + // By default, CVO will use existing signature stores if this property is empty. + // The CVO will check the release signatures in the local ConfigMaps first. It will search for a valid signature + // in these stores in parallel only when local ConfigMaps did not include a valid signature. + // Validation will fail if none of the signature stores reply with valid signature before timeout. + // Setting signatureStores will replace the default signature stores with custom signature stores. + // Default stores can be used with custom signature stores by adding them manually. + // + // A maximum of 32 signature stores may be configured. + // +kubebuilder:validation:MaxItems=32 + // +openshift:enable:FeatureGate=SignatureStores + // +listType=map + // +listMapKey=url + // +optional + SignatureStores []SignatureStore `json:"signatureStores"` + + // overrides is list of overides for components that are managed by + // cluster version operator. Marking a component unmanaged will prevent + // the operator from creating or updating the object. + // +listType=map + // +listMapKey=kind + // +listMapKey=group + // +listMapKey=namespace + // +listMapKey=name + // +optional + Overrides []ComponentOverride `json:"overrides,omitempty"` +} + +// ClusterVersionStatus reports the status of the cluster versioning, +// including any upgrades that are in progress. The current field will +// be set to whichever version the cluster is reconciling to, and the +// conditions array will report whether the update succeeded, is in +// progress, or is failing. +// +k8s:deepcopy-gen=true +type ClusterVersionStatus struct { + // desired is the version that the cluster is reconciling towards. + // If the cluster is not yet fully initialized desired will be set + // with the information available, which may be an image or a tag. + // +kubebuilder:validation:Required + // +required + Desired Release `json:"desired"` + + // history contains a list of the most recent versions applied to the cluster. + // This value may be empty during cluster startup, and then will be updated + // when a new update is being applied. The newest update is first in the + // list and it is ordered by recency. Updates in the history have state + // Completed if the rollout completed - if an update was failing or halfway + // applied the state will be Partial. Only a limited amount of update history + // is preserved. + // +listType=atomic + // +optional + History []UpdateHistory `json:"history,omitempty"` + + // observedGeneration reports which version of the spec is being synced. + // If this value is not equal to metadata.generation, then the desired + // and conditions fields may represent a previous version. + // +kubebuilder:validation:Required + // +required + ObservedGeneration int64 `json:"observedGeneration"` + + // versionHash is a fingerprint of the content that the cluster will be + // updated with. It is used by the operator to avoid unnecessary work + // and is for internal use only. + // +kubebuilder:validation:Required + // +required + VersionHash string `json:"versionHash"` + + // capabilities describes the state of optional, core cluster components. + Capabilities ClusterVersionCapabilitiesStatus `json:"capabilities"` + + // conditions provides information about the cluster version. The condition + // "Available" is set to true if the desiredUpdate has been reached. The + // condition "Progressing" is set to true if an update is being applied. + // The condition "Degraded" is set to true if an update is currently blocked + // by a temporary or permanent error. Conditions are only valid for the + // current desiredUpdate when metadata.generation is equal to + // status.generation. + // +listType=map + // +listMapKey=type + // +patchMergeKey=type + // +patchStrategy=merge + // +optional + Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + + // availableUpdates contains updates recommended for this + // cluster. Updates which appear in conditionalUpdates but not in + // availableUpdates may expose this cluster to known issues. This list + // may be empty if no updates are recommended, if the update service + // is unavailable, or if an invalid channel has been specified. + // +nullable + // +kubebuilder:validation:Required + // +listType=atomic + // +required + AvailableUpdates []Release `json:"availableUpdates"` + + // conditionalUpdates contains the list of updates that may be + // recommended for this cluster if it meets specific required + // conditions. Consumers interested in the set of updates that are + // actually recommended for this cluster should use + // availableUpdates. This list may be empty if no updates are + // recommended, if the update service is unavailable, or if an empty + // or invalid channel has been specified. + // +listType=atomic + // +optional + ConditionalUpdates []ConditionalUpdate `json:"conditionalUpdates,omitempty"` +} + +// UpdateState is a constant representing whether an update was successfully +// applied to the cluster or not. +type UpdateState string + +const ( + // CompletedUpdate indicates an update was successfully applied + // to the cluster (all resource updates were successful). + CompletedUpdate UpdateState = "Completed" + // PartialUpdate indicates an update was never completely applied + // or is currently being applied. + PartialUpdate UpdateState = "Partial" +) + +// UpdateHistory is a single attempted update to the cluster. +type UpdateHistory struct { + // state reflects whether the update was fully applied. The Partial state + // indicates the update is not fully applied, while the Completed state + // indicates the update was successfully rolled out at least once (all + // parts of the update successfully applied). + // +kubebuilder:validation:Required + // +required + State UpdateState `json:"state"` + + // startedTime is the time at which the update was started. + // +kubebuilder:validation:Required + // +required + StartedTime metav1.Time `json:"startedTime"` + + // completionTime, if set, is when the update was fully applied. The update + // that is currently being applied will have a null completion time. + // Completion time will always be set for entries that are not the current + // update (usually to the started time of the next update). + // +kubebuilder:validation:Required + // +required + // +nullable + CompletionTime *metav1.Time `json:"completionTime"` + + // version is a semantic version identifying the update version. If the + // requested image does not define a version, or if a failure occurs + // retrieving the image, this value may be empty. + // + // +optional + Version string `json:"version"` + + // image is a container image location that contains the update. This value + // is always populated. + // +kubebuilder:validation:Required + // +required + Image string `json:"image"` + + // verified indicates whether the provided update was properly verified + // before it was installed. If this is false the cluster may not be trusted. + // Verified does not cover upgradeable checks that depend on the cluster + // state at the time when the update target was accepted. + // +kubebuilder:validation:Required + // +required + Verified bool `json:"verified"` + + // acceptedRisks records risks which were accepted to initiate the update. + // For example, it may menition an Upgradeable=False or missing signature + // that was overriden via desiredUpdate.force, or an update that was + // initiated despite not being in the availableUpdates set of recommended + // update targets. + // +optional + AcceptedRisks string `json:"acceptedRisks,omitempty"` +} + +// ClusterID is string RFC4122 uuid. +type ClusterID string + +// ClusterVersionArchitecture enumerates valid cluster architectures. +// +kubebuilder:validation:Enum="Multi";"" +type ClusterVersionArchitecture string + +const ( + // ClusterVersionArchitectureMulti identifies a multi architecture. A multi + // architecture cluster is capable of running nodes with multiple architectures. + ClusterVersionArchitectureMulti ClusterVersionArchitecture = "Multi" +) + +// ClusterVersionCapability enumerates optional, core cluster components. +// +kubebuilder:validation:Enum=openshift-samples;baremetal;marketplace;Console;Insights;Storage;CSISnapshot;NodeTuning;MachineAPI;Build;DeploymentConfig;ImageRegistry;OperatorLifecycleManager;CloudCredential;Ingress;CloudControllerManager +type ClusterVersionCapability string + +const ( + // ClusterVersionCapabilityOpenShiftSamples manages the sample + // image streams and templates stored in the openshift + // namespace, and any registry credentials, stored as a secret, + // needed for the image streams to import the images they + // reference. + ClusterVersionCapabilityOpenShiftSamples ClusterVersionCapability = "openshift-samples" + + // ClusterVersionCapabilityBaremetal manages the cluster + // baremetal operator which is responsible for running the metal3 + // deployment. + ClusterVersionCapabilityBaremetal ClusterVersionCapability = "baremetal" + + // ClusterVersionCapabilityMarketplace manages the Marketplace operator which + // supplies Operator Lifecycle Manager (OLM) users with default catalogs of + // "optional" operators. + // + // Note that Marketplace has a hard requirement on OLM. OLM can not be disabled + // while Marketplace is enabled. + ClusterVersionCapabilityMarketplace ClusterVersionCapability = "marketplace" + + // ClusterVersionCapabilityConsole manages the Console operator which + // installs and maintains the web console. + ClusterVersionCapabilityConsole ClusterVersionCapability = "Console" + + // ClusterVersionCapabilityInsights manages the Insights operator which + // collects anonymized information about the cluster to generate + // recommendations for possible cluster issues. + ClusterVersionCapabilityInsights ClusterVersionCapability = "Insights" + + // ClusterVersionCapabilityStorage manages the storage operator which + // is responsible for providing cluster-wide storage defaults + // WARNING: Do not disable this capability when deployed to + // RHEV and OpenStack without reading the docs. + // These clusters heavily rely on that capability and may cause + // damage to the cluster. + ClusterVersionCapabilityStorage ClusterVersionCapability = "Storage" + + // ClusterVersionCapabilityCSISnapshot manages the csi snapshot + // controller operator which is responsible for watching the + // VolumeSnapshot CRD objects and manages the creation and deletion + // lifecycle of volume snapshots + ClusterVersionCapabilityCSISnapshot ClusterVersionCapability = "CSISnapshot" + + // ClusterVersionCapabilityNodeTuning manages the Node Tuning Operator + // which is responsible for watching the Tuned and Profile CRD + // objects and manages the containerized TuneD daemon which controls + // system level tuning of Nodes + ClusterVersionCapabilityNodeTuning ClusterVersionCapability = "NodeTuning" + + // ClusterVersionCapabilityMachineAPI manages + // machine-api-operator + // cluster-autoscaler-operator + // cluster-control-plane-machine-set-operator + // which is responsible for machines configuration and heavily + // targeted for SNO clusters. + // + // The following CRDs are disabled as well + // machines + // machineset + // controlplanemachineset + // + // WARNING: Do not disable that capability without reading + // documentation. This is important part of openshift system + // and may cause cluster damage + ClusterVersionCapabilityMachineAPI ClusterVersionCapability = "MachineAPI" + + // ClusterVersionCapabilityBuild manages the Build API which is responsible + // for watching the Build API objects and managing their lifecycle. + // The functionality is located under openshift-apiserver and openshift-controller-manager. + // + // The following resources are taken into account: + // - builds + // - buildconfigs + ClusterVersionCapabilityBuild ClusterVersionCapability = "Build" + + // ClusterVersionCapabilityDeploymentConfig manages the DeploymentConfig API + // which is responsible for watching the DeploymentConfig API and managing their lifecycle. + // The functionality is located under openshift-apiserver and openshift-controller-manager. + // + // The following resources are taken into account: + // - deploymentconfigs + ClusterVersionCapabilityDeploymentConfig ClusterVersionCapability = "DeploymentConfig" + + // ClusterVersionCapabilityImageRegistry manages the image registry which + // allows to distribute Docker images + ClusterVersionCapabilityImageRegistry ClusterVersionCapability = "ImageRegistry" + + // ClusterVersionCapabilityOperatorLifecycleManager manages the Operator Lifecycle Manager + // which itself manages the lifecycle of operators + ClusterVersionCapabilityOperatorLifecycleManager ClusterVersionCapability = "OperatorLifecycleManager" + + // ClusterVersionCapabilityCloudCredential manages credentials for cloud providers + // in openshift cluster + ClusterVersionCapabilityCloudCredential ClusterVersionCapability = "CloudCredential" + + // ClusterVersionCapabilityIngress manages the cluster ingress operator + // which is responsible for running the ingress controllers (including OpenShift router). + // + // The following CRDs are part of the capability as well: + // IngressController + // DNSRecord + // GatewayClass + // Gateway + // HTTPRoute + // ReferenceGrant + // + // WARNING: This capability cannot be disabled on the standalone OpenShift. + ClusterVersionCapabilityIngress ClusterVersionCapability = "Ingress" + + // ClusterVersionCapabilityCloudControllerManager manages various Cloud Controller + // Managers deployed on top of OpenShift. They help you to work with cloud + // provider API and embeds cloud-specific control logic. + ClusterVersionCapabilityCloudControllerManager ClusterVersionCapability = "CloudControllerManager" +) + +// KnownClusterVersionCapabilities includes all known optional, core cluster components. +var KnownClusterVersionCapabilities = []ClusterVersionCapability{ + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, + ClusterVersionCapabilityOperatorLifecycleManager, + ClusterVersionCapabilityCloudCredential, + ClusterVersionCapabilityIngress, + ClusterVersionCapabilityCloudControllerManager, +} + +// ClusterVersionCapabilitySet defines sets of cluster version capabilities. +// +kubebuilder:validation:Enum=None;v4.11;v4.12;v4.13;v4.14;v4.15;v4.16;vCurrent +type ClusterVersionCapabilitySet string + +const ( + // ClusterVersionCapabilitySetNone is an empty set enabling + // no optional capabilities. + ClusterVersionCapabilitySetNone ClusterVersionCapabilitySet = "None" + + // ClusterVersionCapabilitySet4_11 is the recommended set of + // optional capabilities to enable for the 4.11 version of + // OpenShift. This list will remain the same no matter which + // version of OpenShift is installed. + ClusterVersionCapabilitySet4_11 ClusterVersionCapabilitySet = "v4.11" + + // ClusterVersionCapabilitySet4_12 is the recommended set of + // optional capabilities to enable for the 4.12 version of + // OpenShift. This list will remain the same no matter which + // version of OpenShift is installed. + ClusterVersionCapabilitySet4_12 ClusterVersionCapabilitySet = "v4.12" + + // ClusterVersionCapabilitySet4_13 is the recommended set of + // optional capabilities to enable for the 4.13 version of + // OpenShift. This list will remain the same no matter which + // version of OpenShift is installed. + ClusterVersionCapabilitySet4_13 ClusterVersionCapabilitySet = "v4.13" + + // ClusterVersionCapabilitySet4_14 is the recommended set of + // optional capabilities to enable for the 4.14 version of + // OpenShift. This list will remain the same no matter which + // version of OpenShift is installed. + ClusterVersionCapabilitySet4_14 ClusterVersionCapabilitySet = "v4.14" + + // ClusterVersionCapabilitySet4_15 is the recommended set of + // optional capabilities to enable for the 4.15 version of + // OpenShift. This list will remain the same no matter which + // version of OpenShift is installed. + ClusterVersionCapabilitySet4_15 ClusterVersionCapabilitySet = "v4.15" + + // ClusterVersionCapabilitySet4_16 is the recommended set of + // optional capabilities to enable for the 4.16 version of + // OpenShift. This list will remain the same no matter which + // version of OpenShift is installed. + ClusterVersionCapabilitySet4_16 ClusterVersionCapabilitySet = "v4.16" + + // ClusterVersionCapabilitySetCurrent is the recommended set + // of optional capabilities to enable for the cluster's + // current version of OpenShift. + ClusterVersionCapabilitySetCurrent ClusterVersionCapabilitySet = "vCurrent" +) + +// ClusterVersionCapabilitySets defines sets of cluster version capabilities. +var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVersionCapability{ + ClusterVersionCapabilitySetNone: {}, + ClusterVersionCapabilitySet4_11: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityMachineAPI, + }, + ClusterVersionCapabilitySet4_12: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityMachineAPI, + }, + ClusterVersionCapabilitySet4_13: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, + }, + ClusterVersionCapabilitySet4_14: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, + }, + ClusterVersionCapabilitySet4_15: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, + ClusterVersionCapabilityOperatorLifecycleManager, + ClusterVersionCapabilityCloudCredential, + }, + ClusterVersionCapabilitySet4_16: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, + ClusterVersionCapabilityOperatorLifecycleManager, + ClusterVersionCapabilityCloudCredential, + ClusterVersionCapabilityIngress, + ClusterVersionCapabilityCloudControllerManager, + }, + ClusterVersionCapabilitySetCurrent: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, + ClusterVersionCapabilityOperatorLifecycleManager, + ClusterVersionCapabilityCloudCredential, + ClusterVersionCapabilityIngress, + ClusterVersionCapabilityCloudControllerManager, + }, +} + +// ClusterVersionCapabilitiesSpec selects the managed set of +// optional, core cluster components. +// +k8s:deepcopy-gen=true +type ClusterVersionCapabilitiesSpec struct { + // baselineCapabilitySet selects an initial set of + // optional capabilities to enable, which can be extended via + // additionalEnabledCapabilities. If unset, the cluster will + // choose a default, and the default may change over time. + // The current default is vCurrent. + // +optional + BaselineCapabilitySet ClusterVersionCapabilitySet `json:"baselineCapabilitySet,omitempty"` + + // additionalEnabledCapabilities extends the set of managed + // capabilities beyond the baseline defined in + // baselineCapabilitySet. The default is an empty set. + // +listType=atomic + // +optional + AdditionalEnabledCapabilities []ClusterVersionCapability `json:"additionalEnabledCapabilities,omitempty"` +} + +// ClusterVersionCapabilitiesStatus describes the state of optional, +// core cluster components. +// +k8s:deepcopy-gen=true +type ClusterVersionCapabilitiesStatus struct { + // enabledCapabilities lists all the capabilities that are currently managed. + // +listType=atomic + // +optional + EnabledCapabilities []ClusterVersionCapability `json:"enabledCapabilities,omitempty"` + + // knownCapabilities lists all the capabilities known to the current cluster. + // +listType=atomic + // +optional + KnownCapabilities []ClusterVersionCapability `json:"knownCapabilities,omitempty"` +} + +// ComponentOverride allows overriding cluster version operator's behavior +// for a component. +// +k8s:deepcopy-gen=true +type ComponentOverride struct { + // kind indentifies which object to override. + // +kubebuilder:validation:Required + // +required + Kind string `json:"kind"` + // group identifies the API group that the kind is in. + // +kubebuilder:validation:Required + // +required + Group string `json:"group"` + + // namespace is the component's namespace. If the resource is cluster + // scoped, the namespace should be empty. + // +kubebuilder:validation:Required + // +required + Namespace string `json:"namespace"` + // name is the component's name. + // +kubebuilder:validation:Required + // +required + Name string `json:"name"` + + // unmanaged controls if cluster version operator should stop managing the + // resources in this cluster. + // Default: false + // +kubebuilder:validation:Required + // +required + Unmanaged bool `json:"unmanaged"` +} + +// URL is a thin wrapper around string that ensures the string is a valid URL. +type URL string + +// Update represents an administrator update request. +// +kubebuilder:validation:XValidation:rule="has(self.architecture) && has(self.image) ? (self.architecture == '' || self.image == '') : true",message="cannot set both Architecture and Image" +// +kubebuilder:validation:XValidation:rule="has(self.architecture) && self.architecture != '' ? self.version != '' : true",message="Version must be set if Architecture is set" +// +k8s:deepcopy-gen=true +type Update struct { + // architecture is an optional field that indicates the desired + // value of the cluster architecture. In this context cluster + // architecture means either a single architecture or a multi + // architecture. architecture can only be set to Multi thereby + // only allowing updates from single to multi architecture. If + // architecture is set, image cannot be set and version must be + // set. + // Valid values are 'Multi' and empty. + // + // +optional + Architecture ClusterVersionArchitecture `json:"architecture"` + + // version is a semantic version identifying the update version. + // version is ignored if image is specified and required if + // architecture is specified. + // + // +optional + Version string `json:"version"` + + // image is a container image location that contains the update. + // image should be used when the desired version does not exist in availableUpdates or history. + // When image is set, version is ignored. When image is set, version should be empty. + // When image is set, architecture cannot be specified. + // + // +optional + Image string `json:"image"` + + // force allows an administrator to update to an image that has failed + // verification or upgradeable checks. This option should only + // be used when the authenticity of the provided image has been verified out + // of band because the provided image will run with full administrative access + // to the cluster. Do not use this flag with images that comes from unknown + // or potentially malicious sources. + // + // +optional + Force bool `json:"force"` +} + +// Release represents an OpenShift release image and associated metadata. +// +k8s:deepcopy-gen=true +type Release struct { + // version is a semantic version identifying the update version. When this + // field is part of spec, version is optional if image is specified. + // +required + Version string `json:"version"` + + // image is a container image location that contains the update. When this + // field is part of spec, image is optional if version is specified and the + // availableUpdates field contains a matching version. + // +required + Image string `json:"image"` + + // url contains information about this release. This URL is set by + // the 'url' metadata property on a release or the metadata returned by + // the update API and should be displayed as a link in user + // interfaces. The URL field may not be set for test or nightly + // releases. + // +optional + URL URL `json:"url,omitempty"` + + // channels is the set of Cincinnati channels to which the release + // currently belongs. + // +listType=set + // +optional + Channels []string `json:"channels,omitempty"` +} + +// RetrievedUpdates reports whether available updates have been retrieved from +// the upstream update server. The condition is Unknown before retrieval, False +// if the updates could not be retrieved or recently failed, or True if the +// availableUpdates field is accurate and recent. +const RetrievedUpdates ClusterStatusConditionType = "RetrievedUpdates" + +// ConditionalUpdate represents an update which is recommended to some +// clusters on the version the current cluster is reconciling, but which +// may not be recommended for the current cluster. +type ConditionalUpdate struct { + // release is the target of the update. + // +kubebuilder:validation:Required + // +required + Release Release `json:"release"` + + // risks represents the range of issues associated with + // updating to the target release. The cluster-version + // operator will evaluate all entries, and only recommend the + // update if there is at least one entry and all entries + // recommend the update. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + // +patchMergeKey=name + // +patchStrategy=merge + // +listType=map + // +listMapKey=name + // +required + Risks []ConditionalUpdateRisk `json:"risks" patchStrategy:"merge" patchMergeKey:"name"` + + // conditions represents the observations of the conditional update's + // current status. Known types are: + // * Recommended, for whether the update is recommended for the current cluster. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +} + +// ConditionalUpdateRisk represents a reason and cluster-state +// for not recommending a conditional update. +// +k8s:deepcopy-gen=true +type ConditionalUpdateRisk struct { + // url contains information about this risk. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Format=uri + // +kubebuilder:validation:MinLength=1 + // +required + URL string `json:"url"` + + // name is the CamelCase reason for not recommending a + // conditional update, in the event that matchingRules match the + // cluster state. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + Name string `json:"name"` + + // message provides additional information about the risk of + // updating, in the event that matchingRules match the cluster + // state. This is only to be consumed by humans. It may + // contain Line Feed characters (U+000A), which should be + // rendered as new lines. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +required + Message string `json:"message"` + + // matchingRules is a slice of conditions for deciding which + // clusters match the risk and which do not. The slice is + // ordered by decreasing precedence. The cluster-version + // operator will walk the slice in order, and stop after the + // first it can successfully evaluate. If no condition can be + // successfully evaluated, the update will not be recommended. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + // +required + MatchingRules []ClusterCondition `json:"matchingRules"` +} + +// ClusterCondition is a union of typed cluster conditions. The 'type' +// property determines which of the type-specific properties are relevant. +// When evaluated on a cluster, the condition may match, not match, or +// fail to evaluate. +// +k8s:deepcopy-gen=true +type ClusterCondition struct { + // type represents the cluster-condition type. This defines + // the members and semantics of any additional properties. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum={"Always","PromQL"} + // +required + Type string `json:"type"` + + // promQL represents a cluster condition based on PromQL. + // +optional + PromQL *PromQLClusterCondition `json:"promql,omitempty"` +} + +// PromQLClusterCondition represents a cluster condition based on PromQL. +type PromQLClusterCondition struct { + // PromQL is a PromQL query classifying clusters. This query + // query should return a 1 in the match case and a 0 in the + // does-not-match case. Queries which return no time + // series, or which return values besides 0 or 1, are + // evaluation failures. + // +kubebuilder:validation:Required + // +required + PromQL string `json:"promql"` +} + +// ClusterVersionList is a list of ClusterVersion resources. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=1 +type ClusterVersionList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []ClusterVersion `json:"items"` +} + +// SignatureStore represents the URL of custom Signature Store +type SignatureStore struct { + + // url contains the upstream custom signature store URL. + // url should be a valid absolute http/https URI of an upstream signature store as per rfc1738. + // This must be provided and cannot be empty. + // + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="url must be a valid absolute URL" + // +kubebuilder:validation:Required + URL string `json:"url"` + + // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. + // It is used as a trust anchor to validate the TLS certificate presented by the remote server. + // The key "ca.crt" is used to locate the data. + // If specified and the config map or expected key is not found, the signature store is not honored. + // If the specified ca data is not valid, the signature store is not honored. + // If empty, we fall back to the CA configured via Proxy, which is appended to the default system roots. + // The namespace for this config map is openshift-config. + // +optional + CA ConfigMapNameReference `json:"ca"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_console.go b/etcd/vendor/github.com/openshift/api/config/v1/types_console.go new file mode 100644 index 0000000000..36b1696af9 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_console.go @@ -0,0 +1,80 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Console holds cluster-wide configuration for the web console, including the +// logout URL, and reports the public URL of the console. The canonical name is +// `cluster`. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=consoles,scope=Cluster +// +kubebuilder:subresource:status +type Console struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec ConsoleSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status ConsoleStatus `json:"status"` +} + +// ConsoleSpec is the specification of the desired behavior of the Console. +type ConsoleSpec struct { + // +optional + Authentication ConsoleAuthentication `json:"authentication"` +} + +// ConsoleStatus defines the observed status of the Console. +type ConsoleStatus struct { + // The URL for the console. This will be derived from the host for the route that + // is created for the console. + ConsoleURL string `json:"consoleURL"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ConsoleList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []Console `json:"items"` +} + +// ConsoleAuthentication defines a list of optional configuration for console authentication. +type ConsoleAuthentication struct { + // An optional, absolute URL to redirect web browsers to after logging out of + // the console. If not specified, it will redirect to the default login page. + // This is required when using an identity provider that supports single + // sign-on (SSO) such as: + // - OpenID (Keycloak, Azure) + // - RequestHeader (GSSAPI, SSPI, SAML) + // - OAuth (GitHub, GitLab, Google) + // Logging out of the console will destroy the user's token. The logoutRedirect + // provides the user the option to perform single logout (SLO) through the identity + // provider to destroy their single sign-on session. + // +optional + // +kubebuilder:validation:Pattern=`^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$` + LogoutRedirect string `json:"logoutRedirect,omitempty"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_dns.go b/etcd/vendor/github.com/openshift/api/config/v1/types_dns.go new file mode 100644 index 0000000000..1875c9cddf --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_dns.go @@ -0,0 +1,140 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// DNS holds cluster-wide information about DNS. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=dnses,scope=Cluster +// +kubebuilder:subresource:status +type DNS struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec DNSSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status DNSStatus `json:"status"` +} + +type DNSSpec struct { + // baseDomain is the base domain of the cluster. All managed DNS records will + // be sub-domains of this base. + // + // For example, given the base domain `openshift.example.com`, an API server + // DNS record may be created for `cluster-api.openshift.example.com`. + // + // Once set, this field cannot be changed. + BaseDomain string `json:"baseDomain"` + // publicZone is the location where all the DNS records that are publicly accessible to + // the internet exist. + // + // If this field is nil, no public records should be created. + // + // Once set, this field cannot be changed. + // + // +optional + PublicZone *DNSZone `json:"publicZone,omitempty"` + // privateZone is the location where all the DNS records that are only available internally + // to the cluster exist. + // + // If this field is nil, no private records should be created. + // + // Once set, this field cannot be changed. + // + // +optional + PrivateZone *DNSZone `json:"privateZone,omitempty"` + // platform holds configuration specific to the underlying + // infrastructure provider for DNS. + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // +optional + Platform DNSPlatformSpec `json:"platform,omitempty"` +} + +// DNSZone is used to define a DNS hosted zone. +// A zone can be identified by an ID or tags. +type DNSZone struct { + // id is the identifier that can be used to find the DNS hosted zone. + // + // on AWS zone can be fetched using `ID` as id in [1] + // on Azure zone can be fetched using `ID` as a pre-determined name in [2], + // on GCP zone can be fetched using `ID` as a pre-determined name in [3]. + // + // [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + // [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show + // [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get + // +optional + ID string `json:"id,omitempty"` + + // tags can be used to query the DNS hosted zone. + // + // on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, + // + // [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options + // +optional + Tags map[string]string `json:"tags,omitempty"` +} + +type DNSStatus struct { + // dnsSuffix (service-ca amongst others) +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type DNSList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []DNS `json:"items"` +} + +// DNSPlatformSpec holds cloud-provider-specific configuration +// for DNS administration. +// +union +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'AWS' ? has(self.aws) : !has(self.aws)",message="aws configuration is required when platform is AWS, and forbidden otherwise" +type DNSPlatformSpec struct { + // type is the underlying infrastructure provider for the cluster. + // Allowed values: "", "AWS". + // + // Individual components may not support all platforms, + // and must handle unrecognized platforms with best-effort defaults. + // + // +unionDiscriminator + // +kubebuilder:validation:Required + // +kubebuilder:validation:XValidation:rule="self in ['','AWS']",message="allowed values are '' and 'AWS'" + Type PlatformType `json:"type"` + + // aws contains DNS configuration specific to the Amazon Web Services cloud provider. + // +optional + AWS *AWSDNSSpec `json:"aws"` +} + +// AWSDNSSpec contains DNS configuration specific to the Amazon Web Services cloud provider. +type AWSDNSSpec struct { + // privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing + // operations on the cluster's private hosted zone specified in the cluster DNS config. + // When left empty, no role should be assumed. + // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$` + // +optional + PrivateZoneIAMRole string `json:"privateZoneIAMRole"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_feature.go b/etcd/vendor/github.com/openshift/api/config/v1/types_feature.go new file mode 100644 index 0000000000..2efe16f4e6 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -0,0 +1,153 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Feature holds cluster-wide information about feature gates. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=featuregates,scope=Cluster +// +kubebuilder:subresource:status +type FeatureGate struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec FeatureGateSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status FeatureGateStatus `json:"status"` +} + +type FeatureSet string + +var ( + // Default feature set that allows upgrades. + Default FeatureSet = "" + + // TechPreviewNoUpgrade turns on tech preview features that are not part of the normal supported platform. Turning + // this feature set on CANNOT BE UNDONE and PREVENTS UPGRADES. + TechPreviewNoUpgrade FeatureSet = "TechPreviewNoUpgrade" + + // CustomNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. + // Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations + // your cluster may fail in an unrecoverable way. + CustomNoUpgrade FeatureSet = "CustomNoUpgrade" + + // TopologyManager enables ToplogyManager support. Upgrades are enabled with this feature. + LatencySensitive FeatureSet = "LatencySensitive" + + // AllFixedFeatureSets are the featuresets that have known featuregates. Custom doesn't for instance. LatencySensitive is dead + AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade} +) + +type FeatureGateSpec struct { + FeatureGateSelection `json:",inline"` +} + +// +union +type FeatureGateSelection struct { + // featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. + // Turning on or off features may cause irreversible changes in your cluster which cannot be undone. + // +unionDiscriminator + // +optional + // +kubebuilder:validation:XValidation:rule="oldSelf == 'CustomNoUpgrade' ? self == 'CustomNoUpgrade' : true",message="CustomNoUpgrade may not be changed" + // +kubebuilder:validation:XValidation:rule="oldSelf == 'TechPreviewNoUpgrade' ? self == 'TechPreviewNoUpgrade' : true",message="TechPreviewNoUpgrade may not be changed" + FeatureSet FeatureSet `json:"featureSet,omitempty"` + + // customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. + // Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations + // your cluster may fail in an unrecoverable way. featureSet must equal "CustomNoUpgrade" must be set to use this field. + // +optional + // +nullable + CustomNoUpgrade *CustomFeatureGates `json:"customNoUpgrade,omitempty"` +} + +type CustomFeatureGates struct { + // enabled is a list of all feature gates that you want to force on + // +optional + Enabled []FeatureGateName `json:"enabled,omitempty"` + // disabled is a list of all feature gates that you want to force off + // +optional + Disabled []FeatureGateName `json:"disabled,omitempty"` +} + +// FeatureGateName is a string to enforce patterns on the name of a FeatureGate +// +kubebuilder:validation:Pattern=`^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$` +type FeatureGateName string + +type FeatureGateStatus struct { + // conditions represent the observations of the current state. + // Known .status.conditions.type are: "DeterminationDegraded" + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. + // Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate + // the version they are managing, find the enabled/disabled featuregates and make the operand and operator match. + // The enabled/disabled values for a particular version may change during the life of the cluster as various + // .spec.featureSet values are selected. + // Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable + // lists is beyond the scope of this API and is the responsibility of individual operators. + // Only featureGates with .version in the ClusterVersion.status will be present in this list. + // +listType=map + // +listMapKey=version + FeatureGates []FeatureGateDetails `json:"featureGates"` +} + +type FeatureGateDetails struct { + // version matches the version provided by the ClusterVersion and in the ClusterOperator.Status.Versions field. + // +kubebuilder:validation:Required + // +required + Version string `json:"version"` + // enabled is a list of all feature gates that are enabled in the cluster for the named version. + // +optional + Enabled []FeatureGateAttributes `json:"enabled"` + // disabled is a list of all feature gates that are disabled in the cluster for the named version. + // +optional + Disabled []FeatureGateAttributes `json:"disabled"` +} + +type FeatureGateAttributes struct { + // name is the name of the FeatureGate. + // +kubebuilder:validation:Required + Name FeatureGateName `json:"name"` + + // possible (probable?) future additions include + // 1. support level (Stable, ServiceDeliveryOnly, TechPreview, DevPreview) + // 2. description +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type FeatureGateList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []FeatureGate `json:"items"` +} + +type FeatureGateEnabledDisabled struct { + Enabled []FeatureGateDescription + Disabled []FeatureGateDescription +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_image.go b/etcd/vendor/github.com/openshift/api/config/v1/types_image.go new file mode 100644 index 0000000000..74511f8640 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_image.go @@ -0,0 +1,137 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Image governs policies related to imagestream imports and runtime configuration +// for external registries. It allows cluster admins to configure which registries +// OpenShift is allowed to import images from, extra CA trust bundles for external +// registries, and policies to block or allow registry hostnames. +// When exposing OpenShift's image registry to the public, this also lets cluster +// admins specify the external hostname. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=images,scope=Cluster +// +kubebuilder:subresource:status +type Image struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec ImageSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status ImageStatus `json:"status"` +} + +type ImageSpec struct { + // allowedRegistriesForImport limits the container image registries that normal users may import + // images from. Set this list to the registries that you trust to contain valid Docker + // images and that you want applications to be able to import from. Users with + // permission to create Images or ImageStreamMappings via the API are not affected by + // this policy - typically only administrators or system integrations will have those + // permissions. + // +optional + AllowedRegistriesForImport []RegistryLocation `json:"allowedRegistriesForImport,omitempty"` + + // externalRegistryHostnames provides the hostnames for the default external image + // registry. The external hostname should be set only when the image registry + // is exposed externally. The first value is used in 'publicDockerImageRepository' + // field in ImageStreams. The value must be in "hostname[:port]" format. + // +optional + ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"` + + // additionalTrustedCA is a reference to a ConfigMap containing additional CAs that + // should be trusted during imagestream import, pod image pull, build image pull, and + // imageregistry pullthrough. + // The namespace for this config map is openshift-config. + // +optional + AdditionalTrustedCA ConfigMapNameReference `json:"additionalTrustedCA"` + + // registrySources contains configuration that determines how the container runtime + // should treat individual registries when accessing images for builds+pods. (e.g. + // whether or not to allow insecure access). It does not contain configuration for the + // internal cluster registry. + // +optional + RegistrySources RegistrySources `json:"registrySources"` +} + +type ImageStatus struct { + // internalRegistryHostname sets the hostname for the default internal image + // registry. The value must be in "hostname[:port]" format. + // This value is set by the image registry operator which controls the internal registry + // hostname. + // +optional + InternalRegistryHostname string `json:"internalRegistryHostname,omitempty"` + + // externalRegistryHostnames provides the hostnames for the default external image + // registry. The external hostname should be set only when the image registry + // is exposed externally. The first value is used in 'publicDockerImageRepository' + // field in ImageStreams. The value must be in "hostname[:port]" format. + // +optional + ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ImageList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []Image `json:"items"` +} + +// RegistryLocation contains a location of the registry specified by the registry domain +// name. The domain name might include wildcards, like '*' or '??'. +type RegistryLocation struct { + // domainName specifies a domain name for the registry + // In case the registry use non-standard (80 or 443) port, the port should be included + // in the domain name as well. + DomainName string `json:"domainName"` + // insecure indicates whether the registry is secure (https) or insecure (http) + // By default (if not specified) the registry is assumed as secure. + // +optional + Insecure bool `json:"insecure,omitempty"` +} + +// RegistrySources holds cluster-wide information about how to handle the registries config. +type RegistrySources struct { + // insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. + // +optional + InsecureRegistries []string `json:"insecureRegistries,omitempty"` + // blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. + // + // Only one of BlockedRegistries or AllowedRegistries may be set. + // +optional + BlockedRegistries []string `json:"blockedRegistries,omitempty"` + // allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. + // + // Only one of BlockedRegistries or AllowedRegistries may be set. + // +optional + AllowedRegistries []string `json:"allowedRegistries,omitempty"` + // containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified + // domains in their pull specs. Registries will be searched in the order provided in the list. + // Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:Format=hostname + // +listType=set + ContainerRuntimeSearchRegistries []string `json:"containerRuntimeSearchRegistries,omitempty"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go b/etcd/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go new file mode 100644 index 0000000000..f2faf1996d --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go @@ -0,0 +1,100 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. +// When multiple policies are defined, the outcome of the behavior is defined on each field. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/874 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=imagecontentpolicies,scope=Cluster +// +kubebuilder:subresource:status +type ImageContentPolicy struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec ImageContentPolicySpec `json:"spec"` +} + +// ImageContentPolicySpec is the specification of the ImageContentPolicy CRD. +type ImageContentPolicySpec struct { + // repositoryDigestMirrors allows images referenced by image digests in pods to be + // pulled from alternative mirrored repository locations. The image pull specification + // provided to the pod will be compared to the source locations described in RepositoryDigestMirrors + // and the image may be pulled down from any of the mirrors in the list instead of the + // specified repository allowing administrators to choose a potentially faster mirror. + // To pull image from mirrors by tags, should set the "allowMirrorByTags". + // + // Each “source” repository is treated independently; configurations for different “source” + // repositories don’t interact. + // + // If the "mirrors" is not specified, the image will continue to be pulled from the specified + // repository in the pull spec. + // + // When multiple policies are defined for the same “source” repository, the sets of defined + // mirrors will be merged together, preserving the relative order of the mirrors, if possible. + // For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the + // mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict + // (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. + // +optional + // +listType=map + // +listMapKey=source + RepositoryDigestMirrors []RepositoryDigestMirrors `json:"repositoryDigestMirrors"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ImageContentPolicyList lists the items in the ImageContentPolicy CRD. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ImageContentPolicyList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []ImageContentPolicy `json:"items"` +} + +// RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config. +type RepositoryDigestMirrors struct { + // source is the repository that users refer to, e.g. in image pull specifications. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$` + Source string `json:"source"` + // allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests. + // Pulling images by tag can potentially yield different images, depending on which endpoint + // we pull from. Forcing digest-pulls for mirrors avoids that issue. + // +optional + AllowMirrorByTags bool `json:"allowMirrorByTags,omitempty"` + // mirrors is zero or more repositories that may also contain the same images. + // If the "mirrors" is not specified, the image will continue to be pulled from the specified + // repository in the pull spec. No mirror will be configured. + // The order of mirrors in this list is treated as the user's desired priority, while source + // is by default considered lower priority than all mirrors. Other cluster configuration, + // including (but not limited to) other repositoryDigestMirrors objects, + // may impact the exact order mirrors are contacted in, or some mirrors may be contacted + // in parallel, so this should be considered a preference rather than a guarantee of ordering. + // +optional + // +listType=set + Mirrors []Mirror `json:"mirrors,omitempty"` +} + +// +kubebuilder:validation:Pattern=`^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$` +type Mirror string diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go b/etcd/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go new file mode 100644 index 0000000000..8fa38f223b --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go @@ -0,0 +1,142 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. +// When multiple policies are defined, the outcome of the behavior is defined on each field. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1126 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=imagedigestmirrorsets,scope=Cluster,shortName=idms +// +kubebuilder:subresource:status +type ImageDigestMirrorSet struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec ImageDigestMirrorSetSpec `json:"spec"` + // status contains the observed state of the resource. + // +optional + Status ImageDigestMirrorSetStatus `json:"status,omitempty"` +} + +// ImageDigestMirrorSetSpec is the specification of the ImageDigestMirrorSet CRD. +type ImageDigestMirrorSetSpec struct { + // imageDigestMirrors allows images referenced by image digests in pods to be + // pulled from alternative mirrored repository locations. The image pull specification + // provided to the pod will be compared to the source locations described in imageDigestMirrors + // and the image may be pulled down from any of the mirrors in the list instead of the + // specified repository allowing administrators to choose a potentially faster mirror. + // To use mirrors to pull images using tag specification, users should configure + // a list of mirrors using "ImageTagMirrorSet" CRD. + // + // If the image pull specification matches the repository of "source" in multiple imagedigestmirrorset objects, + // only the objects which define the most specific namespace match will be used. + // For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as + // the "source", only the objects using quay.io/libpod/busybox are going to apply + // for pull specification quay.io/libpod/busybox. + // Each “source” repository is treated independently; configurations for different “source” + // repositories don’t interact. + // + // If the "mirrors" is not specified, the image will continue to be pulled from the specified + // repository in the pull spec. + // + // When multiple policies are defined for the same “source” repository, the sets of defined + // mirrors will be merged together, preserving the relative order of the mirrors, if possible. + // For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the + // mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict + // (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. + // Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order. + // +optional + // +listType=atomic + ImageDigestMirrors []ImageDigestMirrors `json:"imageDigestMirrors"` +} + +type ImageDigestMirrorSetStatus struct{} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ImageDigestMirrorSetList lists the items in the ImageDigestMirrorSet CRD. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ImageDigestMirrorSetList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []ImageDigestMirrorSet `json:"items"` +} + +// +kubebuilder:validation:Pattern=`^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$` +type ImageMirror string + +// MirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. +// +kubebuilder:validation:Enum=NeverContactSource;AllowContactingSource +type MirrorSourcePolicy string + +const ( + // NeverContactSource prevents image pull from the specified repository in the pull spec if the image pull from the mirror list fails. + NeverContactSource MirrorSourcePolicy = "NeverContactSource" + + // AllowContactingSource allows falling back to the specified repository in the pull spec if the image pull from the mirror list fails. + AllowContactingSource MirrorSourcePolicy = "AllowContactingSource" +) + +// ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config. +type ImageDigestMirrors struct { + // source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname + // e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. + // "source" uses one of the following formats: + // host[:port] + // host[:port]/namespace[/namespace…] + // host[:port]/namespace[/namespace…]/repo + // [*.]host + // for more information about the format, see the document about the location field: + // https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$` + Source string `json:"source"` + // mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. + // Images can be pulled from these mirrors only if they are referenced by their digests. + // The mirrored location is obtained by replacing the part of the input reference that + // matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, + // a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo + // repository to be used. + // The order of mirrors in this list is treated as the user's desired priority, while source + // is by default considered lower priority than all mirrors. + // If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be + // pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy" + // Other cluster configuration, including (but not limited to) other imageDigestMirrors objects, + // may impact the exact order mirrors are contacted in, or some mirrors may be contacted + // in parallel, so this should be considered a preference rather than a guarantee of ordering. + // "mirrors" uses one of the following formats: + // host[:port] + // host[:port]/namespace[/namespace…] + // host[:port]/namespace[/namespace…]/repo + // for more information about the format, see the document about the location field: + // https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table + // +optional + // +listType=set + Mirrors []ImageMirror `json:"mirrors,omitempty"` + // mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. + // If unset, the image will continue to be pulled from the the repository in the pull spec. + // sourcePolicy is valid configuration only when one or more mirrors are in the mirror list. + // +optional + MirrorSourcePolicy MirrorSourcePolicy `json:"mirrorSourcePolicy,omitempty"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go b/etcd/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go new file mode 100644 index 0000000000..d9627b78cc --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go @@ -0,0 +1,129 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. +// When multiple policies are defined, the outcome of the behavior is defined on each field. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1126 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=imagetagmirrorsets,scope=Cluster,shortName=itms +// +kubebuilder:subresource:status +type ImageTagMirrorSet struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec ImageTagMirrorSetSpec `json:"spec"` + // status contains the observed state of the resource. + // +optional + Status ImageTagMirrorSetStatus `json:"status,omitempty"` +} + +// ImageTagMirrorSetSpec is the specification of the ImageTagMirrorSet CRD. +type ImageTagMirrorSetSpec struct { + // imageTagMirrors allows images referenced by image tags in pods to be + // pulled from alternative mirrored repository locations. The image pull specification + // provided to the pod will be compared to the source locations described in imageTagMirrors + // and the image may be pulled down from any of the mirrors in the list instead of the + // specified repository allowing administrators to choose a potentially faster mirror. + // To use mirrors to pull images using digest specification only, users should configure + // a list of mirrors using "ImageDigestMirrorSet" CRD. + // + // If the image pull specification matches the repository of "source" in multiple imagetagmirrorset objects, + // only the objects which define the most specific namespace match will be used. + // For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as + // the "source", only the objects using quay.io/libpod/busybox are going to apply + // for pull specification quay.io/libpod/busybox. + // Each “source” repository is treated independently; configurations for different “source” + // repositories don’t interact. + // + // If the "mirrors" is not specified, the image will continue to be pulled from the specified + // repository in the pull spec. + // + // When multiple policies are defined for the same “source” repository, the sets of defined + // mirrors will be merged together, preserving the relative order of the mirrors, if possible. + // For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the + // mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict + // (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. + // Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order. + // +optional + // +listType=atomic + ImageTagMirrors []ImageTagMirrors `json:"imageTagMirrors"` +} + +type ImageTagMirrorSetStatus struct{} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ImageTagMirrorSetList lists the items in the ImageTagMirrorSet CRD. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ImageTagMirrorSetList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []ImageTagMirrorSet `json:"items"` +} + +// ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config. +type ImageTagMirrors struct { + // source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname + // e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. + // "source" uses one of the following formats: + // host[:port] + // host[:port]/namespace[/namespace…] + // host[:port]/namespace[/namespace…]/repo + // [*.]host + // for more information about the format, see the document about the location field: + // https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$` + Source string `json:"source"` + // mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. + // Images can be pulled from these mirrors only if they are referenced by their tags. + // The mirrored location is obtained by replacing the part of the input reference that + // matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, + // a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo + // repository to be used. + // Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. + // Configuring a list of mirrors using "ImageDigestMirrorSet" CRD and forcing digest-pulls for mirrors avoids that issue. + // The order of mirrors in this list is treated as the user's desired priority, while source + // is by default considered lower priority than all mirrors. + // If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be + // pulled from the repository in the pull spec unless explicitly prohibited by "mirrorSourcePolicy". + // Other cluster configuration, including (but not limited to) other imageTagMirrors objects, + // may impact the exact order mirrors are contacted in, or some mirrors may be contacted + // in parallel, so this should be considered a preference rather than a guarantee of ordering. + // "mirrors" uses one of the following formats: + // host[:port] + // host[:port]/namespace[/namespace…] + // host[:port]/namespace[/namespace…]/repo + // for more information about the format, see the document about the location field: + // https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table + // +optional + // +listType=set + Mirrors []ImageMirror `json:"mirrors,omitempty"` + // mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. + // If unset, the image will continue to be pulled from the repository in the pull spec. + // sourcePolicy is valid configuration only when one or more mirrors are in the mirror list. + // +optional + MirrorSourcePolicy MirrorSourcePolicy `json:"mirrorSourcePolicy,omitempty"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/etcd/vendor/github.com/openshift/api/config/v1/types_infrastructure.go new file mode 100644 index 0000000000..611ba928cb --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -0,0 +1,1873 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:subresource:status + +// Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=infrastructures,scope=Cluster +// +kubebuilder:subresource:status +type Infrastructure struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec InfrastructureSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status InfrastructureStatus `json:"status"` +} + +// InfrastructureSpec contains settings that apply to the cluster infrastructure. +type InfrastructureSpec struct { + // cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. + // This configuration file is used to configure the Kubernetes cloud provider integration + // when using the built-in cloud provider integration or the external cloud controller manager. + // The namespace for this config map is openshift-config. + // + // cloudConfig should only be consumed by the kube_cloud_config controller. + // The controller is responsible for using the user configuration in the spec + // for various platforms and combining that with the user provided ConfigMap in this field + // to create a stitched kube cloud config. + // The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace + // with the kube cloud config is stored in `cloud.conf` key. + // All the clients are expected to use the generated ConfigMap only. + // + // +optional + CloudConfig ConfigMapFileReference `json:"cloudConfig"` + + // platformSpec holds desired information specific to the underlying + // infrastructure provider. + PlatformSpec PlatformSpec `json:"platformSpec,omitempty"` +} + +// InfrastructureStatus describes the infrastructure the cluster is leveraging. +type InfrastructureStatus struct { + // infrastructureName uniquely identifies a cluster with a human friendly name. + // Once set it should not be changed. Must be of max length 27 and must have only + // alphanumeric or hyphen characters. + InfrastructureName string `json:"infrastructureName"` + + // platform is the underlying infrastructure provider for the cluster. + // + // Deprecated: Use platformStatus.type instead. + Platform PlatformType `json:"platform,omitempty"` + + // platformStatus holds status information specific to the underlying + // infrastructure provider. + // +optional + PlatformStatus *PlatformStatus `json:"platformStatus,omitempty"` + + // etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering + // etcd servers and clients. + // For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery + // deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release. + EtcdDiscoveryDomain string `json:"etcdDiscoveryDomain"` + + // apiServerURL is a valid URI with scheme 'https', address and + // optionally a port (defaulting to 443). apiServerURL can be used by components like the web console + // to tell users where to find the Kubernetes API. + APIServerURL string `json:"apiServerURL"` + + // apiServerInternalURL is a valid URI with scheme 'https', + // address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components + // like kubelets, to contact the Kubernetes API server using the + // infrastructure provider rather than Kubernetes networking. + APIServerInternalURL string `json:"apiServerInternalURI"` + + // controlPlaneTopology expresses the expectations for operands that normally run on control nodes. + // The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. + // The 'SingleReplica' mode will be used in single-node deployments + // and the operators should not configure the operand for highly-available operation + // The 'External' mode indicates that the control plane is hosted externally to the cluster and that + // its components are not visible within the cluster. + // +kubebuilder:default=HighlyAvailable + // +kubebuilder:validation:Enum=HighlyAvailable;SingleReplica;External + ControlPlaneTopology TopologyMode `json:"controlPlaneTopology"` + + // infrastructureTopology expresses the expectations for infrastructure services that do not run on control + // plane nodes, usually indicated by a node selector for a `role` value + // other than `master`. + // The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. + // The 'SingleReplica' mode will be used in single-node deployments + // and the operators should not configure the operand for highly-available operation + // NOTE: External topology mode is not applicable for this field. + // +kubebuilder:default=HighlyAvailable + // +kubebuilder:validation:Enum=HighlyAvailable;SingleReplica + InfrastructureTopology TopologyMode `json:"infrastructureTopology"` + + // cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. + // CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. + // Valid values are "None" and "AllNodes". When omitted, the default value is "None". + // The default value of "None" indicates that no nodes will be setup with CPU partitioning. + // The "AllNodes" value indicates that all nodes have been setup with CPU partitioning, + // and can then be further configured via the PerformanceProfile API. + // +kubebuilder:default=None + // +default="None" + // +kubebuilder:validation:Enum=None;AllNodes + // +optional + CPUPartitioning CPUPartitioningMode `json:"cpuPartitioning,omitempty"` +} + +// TopologyMode defines the topology mode of the control/infra nodes. +// NOTE: Enum validation is specified in each field that uses this type, +// given that External value is not applicable to the InfrastructureTopology +// field. +type TopologyMode string + +const ( + // "HighlyAvailable" is for operators to configure high-availability as much as possible. + HighlyAvailableTopologyMode TopologyMode = "HighlyAvailable" + + // "SingleReplica" is for operators to avoid spending resources for high-availability purpose. + SingleReplicaTopologyMode TopologyMode = "SingleReplica" + + // "External" indicates that the component is running externally to the cluster. When specified + // as the control plane topology, operators should avoid scheduling workloads to masters or assume + // that any of the control plane components such as kubernetes API server or etcd are visible within + // the cluster. + ExternalTopologyMode TopologyMode = "External" +) + +// CPUPartitioningMode defines the mode for CPU partitioning +type CPUPartitioningMode string + +const ( + // CPUPartitioningNone means that no CPU Partitioning is on in this cluster infrastructure + CPUPartitioningNone CPUPartitioningMode = "None" + + // CPUPartitioningAllNodes means that all nodes are configured with CPU Partitioning in this cluster + CPUPartitioningAllNodes CPUPartitioningMode = "AllNodes" +) + +// PlatformLoadBalancerType defines the type of load balancer used by the cluster. +type PlatformLoadBalancerType string + +const ( + // LoadBalancerTypeUserManaged is a load balancer with control-plane VIPs managed outside of the cluster by the customer. + LoadBalancerTypeUserManaged PlatformLoadBalancerType = "UserManaged" + + // LoadBalancerTypeOpenShiftManagedDefault is the default load balancer with control-plane VIPs managed by the OpenShift cluster. + LoadBalancerTypeOpenShiftManagedDefault PlatformLoadBalancerType = "OpenShiftManagedDefault" +) + +// PlatformType is a specific supported infrastructure provider. +// +kubebuilder:validation:Enum="";AWS;Azure;BareMetal;GCP;Libvirt;OpenStack;None;VSphere;oVirt;IBMCloud;KubeVirt;EquinixMetal;PowerVS;AlibabaCloud;Nutanix;External +type PlatformType string + +const ( + // AWSPlatformType represents Amazon Web Services infrastructure. + AWSPlatformType PlatformType = "AWS" + + // AzurePlatformType represents Microsoft Azure infrastructure. + AzurePlatformType PlatformType = "Azure" + + // BareMetalPlatformType represents managed bare metal infrastructure. + BareMetalPlatformType PlatformType = "BareMetal" + + // GCPPlatformType represents Google Cloud Platform infrastructure. + GCPPlatformType PlatformType = "GCP" + + // LibvirtPlatformType represents libvirt infrastructure. + LibvirtPlatformType PlatformType = "Libvirt" + + // OpenStackPlatformType represents OpenStack infrastructure. + OpenStackPlatformType PlatformType = "OpenStack" + + // NonePlatformType means there is no infrastructure provider. + NonePlatformType PlatformType = "None" + + // VSpherePlatformType represents VMWare vSphere infrastructure. + VSpherePlatformType PlatformType = "VSphere" + + // OvirtPlatformType represents oVirt/RHV infrastructure. + OvirtPlatformType PlatformType = "oVirt" + + // IBMCloudPlatformType represents IBM Cloud infrastructure. + IBMCloudPlatformType PlatformType = "IBMCloud" + + // KubevirtPlatformType represents KubeVirt/Openshift Virtualization infrastructure. + KubevirtPlatformType PlatformType = "KubeVirt" + + // EquinixMetalPlatformType represents Equinix Metal infrastructure. + EquinixMetalPlatformType PlatformType = "EquinixMetal" + + // PowerVSPlatformType represents IBM Power Systems Virtual Servers infrastructure. + PowerVSPlatformType PlatformType = "PowerVS" + + // AlibabaCloudPlatformType represents Alibaba Cloud infrastructure. + AlibabaCloudPlatformType PlatformType = "AlibabaCloud" + + // NutanixPlatformType represents Nutanix infrastructure. + NutanixPlatformType PlatformType = "Nutanix" + + // ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately. + ExternalPlatformType PlatformType = "External" +) + +// IBMCloudProviderType is a specific supported IBM Cloud provider cluster type +type IBMCloudProviderType string + +const ( + // Classic means that the IBM Cloud cluster is using classic infrastructure + IBMCloudProviderTypeClassic IBMCloudProviderType = "Classic" + + // VPC means that the IBM Cloud cluster is using VPC infrastructure + IBMCloudProviderTypeVPC IBMCloudProviderType = "VPC" + + // IBMCloudProviderTypeUPI means that the IBM Cloud cluster is using user provided infrastructure. + // This is utilized in IBM Cloud Satellite environments. + IBMCloudProviderTypeUPI IBMCloudProviderType = "UPI" +) + +// DNSType indicates whether the cluster DNS is hosted by the cluster or Core DNS . +type DNSType string + +const ( + // ClusterHosted indicates that a DNS solution other than the default provided by the + // cloud platform is in use. In this mode, the cluster hosts a DNS solution during installation and the + // user is expected to provide their own DNS solution post-install. + // When the DNS solution is `ClusterHosted`, the cluster will continue to use the + // default Load Balancers provided by the cloud platform. + ClusterHostedDNSType DNSType = "ClusterHosted" + + // PlatformDefault indicates that the cluster is using the default DNS solution for the + // cloud platform. OpenShift is responsible for all the LB and DNS configuration needed for the + // cluster to be functional with no intervention from the user. To accomplish this, OpenShift + // configures the default LB and DNS solutions provided by the underlying cloud. + PlatformDefaultDNSType DNSType = "PlatformDefault" +) + +// ExternalPlatformSpec holds the desired state for the generic External infrastructure provider. +type ExternalPlatformSpec struct { + // PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. + // This field is solely for informational and reporting purposes and is not expected to be used for decision-making. + // +kubebuilder:default:="Unknown" + // +default="Unknown" + // +kubebuilder:validation:XValidation:rule="oldSelf == 'Unknown' || self == oldSelf",message="platform name cannot be changed once set" + // +optional + PlatformName string `json:"platformName,omitempty"` +} + +// PlatformSpec holds the desired state specific to the underlying infrastructure provider +// of the current cluster. Since these are used at spec-level for the underlying cluster, it +// is supposed that only one of the spec structs is set. +type PlatformSpec struct { + // type is the underlying infrastructure provider for the cluster. This + // value controls whether infrastructure automation such as service load + // balancers, dynamic volume provisioning, machine creation and deletion, and + // other integrations are enabled. If None, no infrastructure automation is + // enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", + // "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", + // "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, + // and must handle unrecognized platforms as None if they do not support that platform. + // + // +unionDiscriminator + Type PlatformType `json:"type"` + + // AWS contains settings specific to the Amazon Web Services infrastructure provider. + // +optional + AWS *AWSPlatformSpec `json:"aws,omitempty"` + + // Azure contains settings specific to the Azure infrastructure provider. + // +optional + Azure *AzurePlatformSpec `json:"azure,omitempty"` + + // GCP contains settings specific to the Google Cloud Platform infrastructure provider. + // +optional + GCP *GCPPlatformSpec `json:"gcp,omitempty"` + + // BareMetal contains settings specific to the BareMetal platform. + // +optional + BareMetal *BareMetalPlatformSpec `json:"baremetal,omitempty"` + + // OpenStack contains settings specific to the OpenStack infrastructure provider. + // +optional + OpenStack *OpenStackPlatformSpec `json:"openstack,omitempty"` + + // Ovirt contains settings specific to the oVirt infrastructure provider. + // +optional + Ovirt *OvirtPlatformSpec `json:"ovirt,omitempty"` + + // VSphere contains settings specific to the VSphere infrastructure provider. + // +optional + VSphere *VSpherePlatformSpec `json:"vsphere,omitempty"` + + // IBMCloud contains settings specific to the IBMCloud infrastructure provider. + // +optional + IBMCloud *IBMCloudPlatformSpec `json:"ibmcloud,omitempty"` + + // Kubevirt contains settings specific to the kubevirt infrastructure provider. + // +optional + Kubevirt *KubevirtPlatformSpec `json:"kubevirt,omitempty"` + + // EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + // +optional + EquinixMetal *EquinixMetalPlatformSpec `json:"equinixMetal,omitempty"` + + // PowerVS contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider. + // +optional + PowerVS *PowerVSPlatformSpec `json:"powervs,omitempty"` + + // AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider. + // +optional + AlibabaCloud *AlibabaCloudPlatformSpec `json:"alibabaCloud,omitempty"` + + // Nutanix contains settings specific to the Nutanix infrastructure provider. + // +optional + Nutanix *NutanixPlatformSpec `json:"nutanix,omitempty"` + + // ExternalPlatformType represents generic infrastructure provider. + // Platform-specific components should be supplemented separately. + // +optional + External *ExternalPlatformSpec `json:"external,omitempty"` +} + +// CloudControllerManagerState defines whether Cloud Controller Manager presence is expected or not +type CloudControllerManagerState string + +const ( + // Cloud Controller Manager is enabled and expected to be installed. + // This value indicates that new nodes should be tainted as uninitialized when created, + // preventing them from running workloads until they are initialized by the cloud controller manager. + CloudControllerManagerExternal CloudControllerManagerState = "External" + + // Cloud Controller Manager is disabled and not expected to be installed. + // This value indicates that new nodes should not be tainted + // and no extra node initialization is expected from the cloud controller manager. + CloudControllerManagerNone CloudControllerManagerState = "None" +) + +// CloudControllerManagerStatus holds the state of Cloud Controller Manager (a.k.a. CCM or CPI) related settings +// +kubebuilder:validation:XValidation:rule="(has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) && self.state != \"External\")",message="state may not be added or removed once set" +type CloudControllerManagerStatus struct { + // state determines whether or not an external Cloud Controller Manager is expected to + // be installed within the cluster. + // https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager + // + // Valid values are "External", "None" and omitted. + // When set to "External", new nodes will be tainted as uninitialized when created, + // preventing them from running workloads until they are initialized by the cloud controller manager. + // When omitted or set to "None", new nodes will be not tainted + // and no extra initialization from the cloud controller manager is expected. + // +kubebuilder:validation:Enum="";External;None + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="state is immutable once set" + // +optional + State CloudControllerManagerState `json:"state"` +} + +// ExternalPlatformStatus holds the current status of the generic External infrastructure provider. +// +kubebuilder:validation:XValidation:rule="has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager)",message="cloudControllerManager may not be added or removed once set" +type ExternalPlatformStatus struct { + // cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). + // When omitted, new nodes will be not tainted + // and no extra initialization from the cloud controller manager is expected. + // +optional + CloudControllerManager CloudControllerManagerStatus `json:"cloudControllerManager"` +} + +// PlatformStatus holds the current status specific to the underlying infrastructure provider +// of the current cluster. Since these are used at status-level for the underlying cluster, it +// is supposed that only one of the status structs is set. +type PlatformStatus struct { + // type is the underlying infrastructure provider for the cluster. This + // value controls whether infrastructure automation such as service load + // balancers, dynamic volume provisioning, machine creation and deletion, and + // other integrations are enabled. If None, no infrastructure automation is + // enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", + // "OpenStack", "VSphere", "oVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and "None". + // Individual components may not support all platforms, and must handle + // unrecognized platforms as None if they do not support that platform. + // + // This value will be synced with to the `status.platform` and `status.platformStatus.type`. + // Currently this value cannot be changed once set. + Type PlatformType `json:"type"` + + // AWS contains settings specific to the Amazon Web Services infrastructure provider. + // +optional + AWS *AWSPlatformStatus `json:"aws,omitempty"` + + // Azure contains settings specific to the Azure infrastructure provider. + // +optional + Azure *AzurePlatformStatus `json:"azure,omitempty"` + + // GCP contains settings specific to the Google Cloud Platform infrastructure provider. + // +optional + GCP *GCPPlatformStatus `json:"gcp,omitempty"` + + // BareMetal contains settings specific to the BareMetal platform. + // +optional + BareMetal *BareMetalPlatformStatus `json:"baremetal,omitempty"` + + // OpenStack contains settings specific to the OpenStack infrastructure provider. + // +optional + OpenStack *OpenStackPlatformStatus `json:"openstack,omitempty"` + + // Ovirt contains settings specific to the oVirt infrastructure provider. + // +optional + Ovirt *OvirtPlatformStatus `json:"ovirt,omitempty"` + + // VSphere contains settings specific to the VSphere infrastructure provider. + // +optional + VSphere *VSpherePlatformStatus `json:"vsphere,omitempty"` + + // IBMCloud contains settings specific to the IBMCloud infrastructure provider. + // +optional + IBMCloud *IBMCloudPlatformStatus `json:"ibmcloud,omitempty"` + + // Kubevirt contains settings specific to the kubevirt infrastructure provider. + // +optional + Kubevirt *KubevirtPlatformStatus `json:"kubevirt,omitempty"` + + // EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + // +optional + EquinixMetal *EquinixMetalPlatformStatus `json:"equinixMetal,omitempty"` + + // PowerVS contains settings specific to the Power Systems Virtual Servers infrastructure provider. + // +optional + PowerVS *PowerVSPlatformStatus `json:"powervs,omitempty"` + + // AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider. + // +optional + AlibabaCloud *AlibabaCloudPlatformStatus `json:"alibabaCloud,omitempty"` + + // Nutanix contains settings specific to the Nutanix infrastructure provider. + // +optional + Nutanix *NutanixPlatformStatus `json:"nutanix,omitempty"` + + // External contains settings specific to the generic External infrastructure provider. + // +optional + External *ExternalPlatformStatus `json:"external,omitempty"` +} + +// AWSServiceEndpoint store the configuration of a custom url to +// override existing defaults of AWS Services. +type AWSServiceEndpoint struct { + // name is the name of the AWS service. + // The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + // This must be provided and cannot be empty. + // + // +kubebuilder:validation:Pattern=`^[a-z0-9-]+$` + Name string `json:"name"` + + // url is fully qualified URI with scheme https, that overrides the default generated + // endpoint for a client. + // This must be provided and cannot be empty. + // + // +kubebuilder:validation:Pattern=`^https://` + URL string `json:"url"` +} + +// AWSPlatformSpec holds the desired state of the Amazon Web Services infrastructure provider. +// This only includes fields that can be modified in the cluster. +type AWSPlatformSpec struct { + // serviceEndpoints list contains custom endpoints which will override default + // service endpoint of AWS Services. + // There must be only one ServiceEndpoint for a service. + // +listType=atomic + // +optional + ServiceEndpoints []AWSServiceEndpoint `json:"serviceEndpoints,omitempty"` +} + +// AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider. +type AWSPlatformStatus struct { + // region holds the default AWS region for new AWS resources created by the cluster. + Region string `json:"region"` + + // ServiceEndpoints list contains custom endpoints which will override default + // service endpoint of AWS Services. + // There must be only one ServiceEndpoint for a service. + // +listType=atomic + // +optional + ServiceEndpoints []AWSServiceEndpoint `json:"serviceEndpoints,omitempty"` + + // resourceTags is a list of additional tags to apply to AWS resources created for the cluster. + // See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. + // AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags + // available for the user. + // +kubebuilder:validation:MaxItems=25 + // +listType=atomic + // +optional + ResourceTags []AWSResourceTag `json:"resourceTags,omitempty"` +} + +// AWSResourceTag is a tag to apply to AWS resources created for the cluster. +type AWSResourceTag struct { + // key is the key of the tag + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.:/=+-@]+$` + // +required + Key string `json:"key"` + // value is the value of the tag. + // Some AWS service do not support empty values. Since tags are added to resources in many services, the + // length of the tag value must meet the requirements of all services. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.:/=+-@]+$` + // +required + Value string `json:"value"` +} + +// AzurePlatformSpec holds the desired state of the Azure infrastructure provider. +// This only includes fields that can be modified in the cluster. +type AzurePlatformSpec struct{} + +// AzurePlatformStatus holds the current status of the Azure infrastructure provider. +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)",message="resourceTags may only be configured during installation" +type AzurePlatformStatus struct { + // resourceGroupName is the Resource Group for new Azure resources created for the cluster. + ResourceGroupName string `json:"resourceGroupName"` + + // networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. + // If empty, the value is same as ResourceGroupName. + // +optional + NetworkResourceGroupName string `json:"networkResourceGroupName,omitempty"` + + // cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK + // with the appropriate Azure API endpoints. + // If empty, the value is equal to `AzurePublicCloud`. + // +optional + CloudName AzureCloudEnvironment `json:"cloudName,omitempty"` + + // armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack. + // +optional + ARMEndpoint string `json:"armEndpoint,omitempty"` + + // resourceTags is a list of additional tags to apply to Azure resources created for the cluster. + // See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. + // Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags + // may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration. + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.all(x, x in oldSelf) && oldSelf.all(x, x in self)",message="resourceTags are immutable and may only be configured during installation" + // +listType=atomic + // +optional + ResourceTags []AzureResourceTag `json:"resourceTags,omitempty"` +} + +// AzureResourceTag is a tag to apply to Azure resources created for the cluster. +type AzureResourceTag struct { + // key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key + // must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric + // characters and the following special characters `_ . -`. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + // +kubebuilder:validation:Pattern=`^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$` + Key string `json:"key"` + // value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value + // must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Pattern=`^[0-9A-Za-z_.=+-@]+$` + Value string `json:"value"` +} + +// AzureCloudEnvironment is the name of the Azure cloud environment +// +kubebuilder:validation:Enum="";AzurePublicCloud;AzureUSGovernmentCloud;AzureChinaCloud;AzureGermanCloud;AzureStackCloud +type AzureCloudEnvironment string + +const ( + // AzurePublicCloud is the general-purpose, public Azure cloud environment. + AzurePublicCloud AzureCloudEnvironment = "AzurePublicCloud" + + // AzureUSGovernmentCloud is the Azure cloud environment for the US government. + AzureUSGovernmentCloud AzureCloudEnvironment = "AzureUSGovernmentCloud" + + // AzureChinaCloud is the Azure cloud environment used in China. + AzureChinaCloud AzureCloudEnvironment = "AzureChinaCloud" + + // AzureGermanCloud is the Azure cloud environment used in Germany. + AzureGermanCloud AzureCloudEnvironment = "AzureGermanCloud" + + // AzureStackCloud is the Azure cloud environment used at the edge and on premises. + AzureStackCloud AzureCloudEnvironment = "AzureStackCloud" +) + +// GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. +// This only includes fields that can be modified in the cluster. +type GCPPlatformSpec struct{} + +// GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider. +// +openshift:validation:FeatureGateAwareXValidation:featureGate=GCPLabelsTags,rule="!has(oldSelf.resourceLabels) && !has(self.resourceLabels) || has(oldSelf.resourceLabels) && has(self.resourceLabels)",message="resourceLabels may only be configured during installation" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=GCPLabelsTags,rule="!has(oldSelf.resourceTags) && !has(self.resourceTags) || has(oldSelf.resourceTags) && has(self.resourceTags)",message="resourceTags may only be configured during installation" +type GCPPlatformStatus struct { + // resourceGroupName is the Project ID for new GCP resources created for the cluster. + ProjectID string `json:"projectID"` + + // region holds the region for new GCP resources created for the cluster. + Region string `json:"region"` + + // resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. + // See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. + // GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, + // allowing 32 labels for user configuration. + // +kubebuilder:validation:MaxItems=32 + // +kubebuilder:validation:XValidation:rule="self.all(x, x in oldSelf) && oldSelf.all(x, x in self)",message="resourceLabels are immutable and may only be configured during installation" + // +listType=map + // +listMapKey=key + // +optional + // +openshift:enable:FeatureGate=GCPLabelsTags + ResourceLabels []GCPResourceLabel `json:"resourceLabels,omitempty"` + + // resourceTags is a list of additional tags to apply to GCP resources created for the cluster. + // See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on + // tagging GCP resources. GCP supports a maximum of 50 tags per resource. + // +kubebuilder:validation:MaxItems=50 + // +kubebuilder:validation:XValidation:rule="self.all(x, x in oldSelf) && oldSelf.all(x, x in self)",message="resourceTags are immutable and may only be configured during installation" + // +listType=map + // +listMapKey=key + // +optional + // +openshift:enable:FeatureGate=GCPLabelsTags + ResourceTags []GCPResourceTag `json:"resourceTags,omitempty"` + + // This field was introduced and removed under tech preview. + // To avoid conflicts with serialisation, this field name may never be used again. + // Tombstone the field as a reminder. + // ClusterHostedDNS ClusterHostedDNS `json:"clusterHostedDNS,omitempty"` + + // cloudLoadBalancerConfig is a union that contains the IP addresses of API, + // API-Int and Ingress Load Balancers created on the cloud platform. These + // values would not be populated on on-prem platforms. These Load Balancer + // IPs are used to configure the in-cluster DNS instances for API, API-Int + // and Ingress services. `dnsType` is expected to be set to `ClusterHosted` + // when these Load Balancer IP addresses are populated and used. + // + // +default={"dnsType": "PlatformDefault"} + // +kubebuilder:default={"dnsType": "PlatformDefault"} + // +openshift:enable:FeatureGate=GCPClusterHostedDNS + // +optional + // +nullable + CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` +} + +// GCPResourceLabel is a label to apply to GCP resources created for the cluster. +type GCPResourceLabel struct { + // key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. + // Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, + // and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` + // and `openshift-io`. + // +kubebuilder:validation:XValidation:rule="!self.startsWith('openshift-io') && !self.startsWith('kubernetes-io')",message="label keys must not start with either `openshift-io` or `kubernetes-io`" + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-z][0-9a-z_-]{0,62}$` + Key string `json:"key"` + + // value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. + // Value must contain only lowercase letters, numeric characters, and the following special characters `_-`. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[0-9a-z_-]{1,63}$` + Value string `json:"value"` +} + +// GCPResourceTag is a tag to apply to GCP resources created for the cluster. +type GCPResourceTag struct { + // parentID is the ID of the hierarchical resource where the tags are defined, + // e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: + // https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, + // https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. + // An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. + // A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, + // and hyphens, and must start with a letter, and cannot end with a hyphen. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=32 + // +kubebuilder:validation:Pattern=`(^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$)` + ParentID string `json:"parentID"` + + // key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. + // Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase + // alphanumeric characters, and the following special characters `._-`. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$` + Key string `json:"key"` + + // value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. + // Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase + // alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$` + Value string `json:"value"` +} + +// CloudLoadBalancerConfig contains an union discriminator indicating the type of DNS +// solution in use within the cluster. When the DNSType is `ClusterHosted`, the cloud's +// Load Balancer configuration needs to be provided so that the DNS solution hosted +// within the cluster can be configured with those values. +// +kubebuilder:validation:XValidation:rule="has(self.dnsType) && self.dnsType != 'ClusterHosted' ? !has(self.clusterHosted) : true",message="clusterHosted is permitted only when dnsType is ClusterHosted" +// +union +type CloudLoadBalancerConfig struct { + // dnsType indicates the type of DNS solution in use within the cluster. Its default value of + // `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform. + // It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode, + // the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed. + // The cluster's use of the cloud's Load Balancers is unaffected by this setting. + // The value is immutable after it has been set at install time. + // Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS. + // Enabling this functionality allows the user to start their own DNS solution outside the cluster after + // installation is complete. The customer would be responsible for configuring this custom DNS solution, + // and it can be run in addition to the in-cluster DNS solution. + // +default="PlatformDefault" + // +kubebuilder:default:="PlatformDefault" + // +kubebuilder:validation:Enum="ClusterHosted";"PlatformDefault" + // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="dnsType is immutable" + // +optional + // +unionDiscriminator + DNSType DNSType `json:"dnsType,omitempty"` + + // clusterHosted holds the IP addresses of API, API-Int and Ingress Load + // Balancers on Cloud Platforms. The DNS solution hosted within the cluster + // use these IP addresses to provide resolution for API, API-Int and Ingress + // services. + // +optional + // +unionMember,optional + ClusterHosted *CloudLoadBalancerIPs `json:"clusterHosted,omitempty"` +} + +// CloudLoadBalancerIPs contains the Load Balancer IPs for the cloud's API, +// API-Int and Ingress Load balancers. They will be populated as soon as the +// respective Load Balancers have been configured. These values are utilized +// to configure the DNS solution hosted within the cluster. +type CloudLoadBalancerIPs struct { + // apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service. + // These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. + // Entries in the apiIntLoadBalancerIPs must be unique. + // A maximum of 16 IP addresses are permitted. + // +kubebuilder:validation:Format=ip + // +listType=set + // +kubebuilder:validation:MaxItems=16 + // +optional + APIIntLoadBalancerIPs []IP `json:"apiIntLoadBalancerIPs,omitempty"` + + // apiLoadBalancerIPs holds Load Balancer IPs for the API service. + // These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. + // Could be empty for private clusters. + // Entries in the apiLoadBalancerIPs must be unique. + // A maximum of 16 IP addresses are permitted. + // +kubebuilder:validation:Format=ip + // +listType=set + // +kubebuilder:validation:MaxItems=16 + // +optional + APILoadBalancerIPs []IP `json:"apiLoadBalancerIPs,omitempty"` + + // ingressLoadBalancerIPs holds IPs for Ingress Load Balancers. + // These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. + // Entries in the ingressLoadBalancerIPs must be unique. + // A maximum of 16 IP addresses are permitted. + // +kubebuilder:validation:Format=ip + // +listType=set + // +kubebuilder:validation:MaxItems=16 + // +optional + IngressLoadBalancerIPs []IP `json:"ingressLoadBalancerIPs,omitempty"` +} + +// BareMetalPlatformLoadBalancer defines the load balancer used by the cluster on BareMetal platform. +// +union +type BareMetalPlatformLoadBalancer struct { + // type defines the type of load balancer used by the cluster on BareMetal platform + // which can be a user-managed or openshift-managed load balancer + // that is to be used for the OpenShift API and Ingress endpoints. + // When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing + // defined in the machine config operator will be deployed. + // When set to UserManaged these static pods will not be deployed and it is expected that + // the load balancer is configured out of band by the deployer. + // When omitted, this means no opinion and the platform is left to choose a reasonable default. + // The default value is OpenShiftManagedDefault. + // +default="OpenShiftManagedDefault" + // +kubebuilder:default:="OpenShiftManagedDefault" + // +kubebuilder:validation:Enum:="OpenShiftManagedDefault";"UserManaged" + // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="type is immutable once set" + // +optional + // +unionDiscriminator + Type PlatformLoadBalancerType `json:"type,omitempty"` +} + +// BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. +// This only includes fields that can be modified in the cluster. +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)",message="apiServerInternalIPs list is required once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ingressIPs) || has(self.ingressIPs)",message="ingressIPs list is required once set" +type BareMetalPlatformSpec struct { + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. + // In dual stack clusters this list contains two IP addresses, one from IPv4 + // family and one from IPv6. + // In single stack clusters a single IP address is expected. + // When omitted, values from the status.apiServerInternalIPs will be used. + // Once set, the list cannot be completely removed (but its second entry can). + // + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=set + // +optional + APIServerInternalIPs []IP `json:"apiServerInternalIPs"` + + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. + // In dual stack clusters this list contains two IP addresses, one from IPv4 + // family and one from IPv6. + // In single stack clusters a single IP address is expected. + // When omitted, values from the status.ingressIPs will be used. + // Once set, the list cannot be completely removed (but its second entry can). + // + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=set + // +optional + IngressIPs []IP `json:"ingressIPs"` + + // machineNetworks are IP networks used to connect all the OpenShift cluster + // nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, + // for example "10.0.0.0/8" or "fd00::/8". + // +listType=set + // +kubebuilder:validation:MaxItems=32 + // +optional + MachineNetworks []CIDR `json:"machineNetworks"` +} + +// BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. +// For more information about the network architecture used with the BareMetal platform type, see: +// https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md +type BareMetalPlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + // + // Deprecated: Use APIServerInternalIPs instead. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. In dual + // stack clusters this list contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + // +listType=set + APIServerInternalIPs []string `json:"apiServerInternalIPs"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + // + // Deprecated: Use IngressIPs instead. + IngressIP string `json:"ingressIP,omitempty"` + + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. In dual stack clusters this list + // contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + // +listType=set + IngressIPs []string `json:"ingressIPs"` + + // nodeDNSIP is the IP address for the internal DNS used by the + // nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` + // provides name resolution for the nodes themselves. There is no DNS-as-a-service for + // BareMetal deployments. In order to minimize necessary changes to the + // datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames + // to the nodes in the cluster. + NodeDNSIP string `json:"nodeDNSIP,omitempty"` + + // loadBalancer defines how the load balancer used by the cluster is configured. + // +default={"type": "OpenShiftManagedDefault"} + // +kubebuilder:default={"type": "OpenShiftManagedDefault"} + // +openshift:enable:FeatureGate=BareMetalLoadBalancer + // +optional + LoadBalancer *BareMetalPlatformLoadBalancer `json:"loadBalancer,omitempty"` + + // machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + // +listType=set + // +kubebuilder:validation:MaxItems=32 + // +optional + MachineNetworks []CIDR `json:"machineNetworks"` +} + +// OpenStackPlatformLoadBalancer defines the load balancer used by the cluster on OpenStack platform. +// +union +type OpenStackPlatformLoadBalancer struct { + // type defines the type of load balancer used by the cluster on OpenStack platform + // which can be a user-managed or openshift-managed load balancer + // that is to be used for the OpenShift API and Ingress endpoints. + // When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing + // defined in the machine config operator will be deployed. + // When set to UserManaged these static pods will not be deployed and it is expected that + // the load balancer is configured out of band by the deployer. + // When omitted, this means no opinion and the platform is left to choose a reasonable default. + // The default value is OpenShiftManagedDefault. + // +default="OpenShiftManagedDefault" + // +kubebuilder:default:="OpenShiftManagedDefault" + // +kubebuilder:validation:Enum:="OpenShiftManagedDefault";"UserManaged" + // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="type is immutable once set" + // +optional + // +unionDiscriminator + Type PlatformLoadBalancerType `json:"type,omitempty"` +} + +// OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. +// This only includes fields that can be modified in the cluster. +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)",message="apiServerInternalIPs list is required once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ingressIPs) || has(self.ingressIPs)",message="ingressIPs list is required once set" +type OpenStackPlatformSpec struct { + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. + // In dual stack clusters this list contains two IP addresses, one from IPv4 + // family and one from IPv6. + // In single stack clusters a single IP address is expected. + // When omitted, values from the status.apiServerInternalIPs will be used. + // Once set, the list cannot be completely removed (but its second entry can). + // + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=set + // +optional + APIServerInternalIPs []IP `json:"apiServerInternalIPs"` + + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. + // In dual stack clusters this list contains two IP addresses, one from IPv4 + // family and one from IPv6. + // In single stack clusters a single IP address is expected. + // When omitted, values from the status.ingressIPs will be used. + // Once set, the list cannot be completely removed (but its second entry can). + // + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=set + // +optional + IngressIPs []IP `json:"ingressIPs"` + + // machineNetworks are IP networks used to connect all the OpenShift cluster + // nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, + // for example "10.0.0.0/8" or "fd00::/8". + // +listType=set + // +kubebuilder:validation:MaxItems=32 + // +optional + MachineNetworks []CIDR `json:"machineNetworks"` +} + +// OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider. +type OpenStackPlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + // + // Deprecated: Use APIServerInternalIPs instead. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. In dual + // stack clusters this list contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + // +listType=set + APIServerInternalIPs []string `json:"apiServerInternalIPs"` + + // cloudName is the name of the desired OpenStack cloud in the + // client configuration file (`clouds.yaml`). + CloudName string `json:"cloudName,omitempty"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + // + // Deprecated: Use IngressIPs instead. + IngressIP string `json:"ingressIP,omitempty"` + + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. In dual stack clusters this list + // contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + // +listType=set + IngressIPs []string `json:"ingressIPs"` + + // nodeDNSIP is the IP address for the internal DNS used by the + // nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` + // provides name resolution for the nodes themselves. There is no DNS-as-a-service for + // OpenStack deployments. In order to minimize necessary changes to the + // datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames + // to the nodes in the cluster. + NodeDNSIP string `json:"nodeDNSIP,omitempty"` + + // loadBalancer defines how the load balancer used by the cluster is configured. + // +default={"type": "OpenShiftManagedDefault"} + // +kubebuilder:default={"type": "OpenShiftManagedDefault"} + // +optional + LoadBalancer *OpenStackPlatformLoadBalancer `json:"loadBalancer,omitempty"` + + // machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + // +listType=set + // +kubebuilder:validation:MaxItems=32 + // +optional + MachineNetworks []CIDR `json:"machineNetworks"` +} + +// OvirtPlatformLoadBalancer defines the load balancer used by the cluster on Ovirt platform. +// +union +type OvirtPlatformLoadBalancer struct { + // type defines the type of load balancer used by the cluster on Ovirt platform + // which can be a user-managed or openshift-managed load balancer + // that is to be used for the OpenShift API and Ingress endpoints. + // When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing + // defined in the machine config operator will be deployed. + // When set to UserManaged these static pods will not be deployed and it is expected that + // the load balancer is configured out of band by the deployer. + // When omitted, this means no opinion and the platform is left to choose a reasonable default. + // The default value is OpenShiftManagedDefault. + // +default="OpenShiftManagedDefault" + // +kubebuilder:default:="OpenShiftManagedDefault" + // +kubebuilder:validation:Enum:="OpenShiftManagedDefault";"UserManaged" + // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="type is immutable once set" + // +optional + // +unionDiscriminator + Type PlatformLoadBalancerType `json:"type,omitempty"` +} + +// OvirtPlatformSpec holds the desired state of the oVirt infrastructure provider. +// This only includes fields that can be modified in the cluster. +type OvirtPlatformSpec struct{} + +// OvirtPlatformStatus holds the current status of the oVirt infrastructure provider. +type OvirtPlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + // + // Deprecated: Use APIServerInternalIPs instead. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. In dual + // stack clusters this list contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + // +listType=set + APIServerInternalIPs []string `json:"apiServerInternalIPs"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + // + // Deprecated: Use IngressIPs instead. + IngressIP string `json:"ingressIP,omitempty"` + + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. In dual stack clusters this list + // contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + // +listType=set + IngressIPs []string `json:"ingressIPs"` + + // deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release. + NodeDNSIP string `json:"nodeDNSIP,omitempty"` + + // loadBalancer defines how the load balancer used by the cluster is configured. + // +default={"type": "OpenShiftManagedDefault"} + // +kubebuilder:default={"type": "OpenShiftManagedDefault"} + // +openshift:enable:FeatureGate=BareMetalLoadBalancer + // +optional + LoadBalancer *OvirtPlatformLoadBalancer `json:"loadBalancer,omitempty"` +} + +// VSpherePlatformLoadBalancer defines the load balancer used by the cluster on VSphere platform. +// +union +type VSpherePlatformLoadBalancer struct { + // type defines the type of load balancer used by the cluster on VSphere platform + // which can be a user-managed or openshift-managed load balancer + // that is to be used for the OpenShift API and Ingress endpoints. + // When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing + // defined in the machine config operator will be deployed. + // When set to UserManaged these static pods will not be deployed and it is expected that + // the load balancer is configured out of band by the deployer. + // When omitted, this means no opinion and the platform is left to choose a reasonable default. + // The default value is OpenShiftManagedDefault. + // +default="OpenShiftManagedDefault" + // +kubebuilder:default:="OpenShiftManagedDefault" + // +kubebuilder:validation:Enum:="OpenShiftManagedDefault";"UserManaged" + // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="type is immutable once set" + // +optional + // +unionDiscriminator + Type PlatformLoadBalancerType `json:"type,omitempty"` +} + +// VSpherePlatformFailureDomainSpec holds the region and zone failure domain and +// the vCenter topology of that failure domain. +type VSpherePlatformFailureDomainSpec struct { + // name defines the arbitrary but unique name + // of a failure domain. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + Name string `json:"name"` + + // region defines the name of a region tag that will + // be attached to a vCenter datacenter. The tag + // category in vCenter must be named openshift-region. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=80 + // +kubebuilder:validation:Required + Region string `json:"region"` + + // zone defines the name of a zone tag that will + // be attached to a vCenter cluster. The tag + // category in vCenter must be named openshift-zone. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=80 + // +kubebuilder:validation:Required + Zone string `json:"zone"` + + // server is the fully-qualified domain name or the IP address of the vCenter server. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=255 + // --- + // + Validation is applied via a patch, we validate the format as either ipv4, ipv6 or hostname + Server string `json:"server"` + + // Topology describes a given failure domain using vSphere constructs + // +kubebuilder:validation:Required + Topology VSpherePlatformTopology `json:"topology"` +} + +// VSpherePlatformTopology holds the required and optional vCenter objects - datacenter, +// computeCluster, networks, datastore and resourcePool - to provision virtual machines. +type VSpherePlatformTopology struct { + // datacenter is the name of vCenter datacenter in which virtual machines will be located. + // The maximum length of the datacenter name is 80 characters. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=80 + Datacenter string `json:"datacenter"` + + // computeCluster the absolute path of the vCenter cluster + // in which virtual machine will be located. + // The absolute path is of the form //host/. + // The maximum length of the path is 2048 characters. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^/.*?/host/.*?` + ComputeCluster string `json:"computeCluster"` + + // networks is the list of port group network names within this failure domain. + // Currently, we only support a single interface per RHCOS virtual machine. + // The available networks (port groups) can be listed using + // `govc ls 'network/*'` + // The single interface should be the absolute path of the form + // //network/. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:validation:MinItems=1 + // +listType=atomic + Networks []string `json:"networks"` + + // datastore is the absolute path of the datastore in which the + // virtual machine is located. + // The absolute path is of the form //datastore/ + // The maximum length of the path is 2048 characters. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^/.*?/datastore/.*?` + Datastore string `json:"datastore"` + + // resourcePool is the absolute path of the resource pool where virtual machines will be + // created. The absolute path is of the form //host//Resources/. + // The maximum length of the path is 2048 characters. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^/.*?/host/.*?/Resources.*` + // +optional + ResourcePool string `json:"resourcePool,omitempty"` + + // folder is the absolute path of the folder where + // virtual machines are located. The absolute path + // is of the form //vm/. + // The maximum length of the path is 2048 characters. + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^/.*?/vm/.*?` + // +optional + Folder string `json:"folder,omitempty"` + + // template is the full inventory path of the virtual machine or template + // that will be cloned when creating new machines in this failure domain. + // The maximum length of the path is 2048 characters. + // + // When omitted, the template will be calculated by the control plane + // machineset operator based on the region and zone defined in + // VSpherePlatformFailureDomainSpec. + // For example, for zone=zonea, region=region1, and infrastructure name=test, + // the template path would be calculated as //vm/test-rhcos-region1-zonea. + // +openshift:enable:FeatureGate=VSphereControlPlaneMachineSet + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 + // +kubebuilder:validation:Pattern=`^/.*?/vm/.*?` + // +optional + Template string `json:"template,omitempty"` +} + +// VSpherePlatformVCenterSpec stores the vCenter connection fields. +// This is used by the vSphere CCM. +type VSpherePlatformVCenterSpec struct { + + // server is the fully-qualified domain name or the IP address of the vCenter server. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=255 + // --- + // + Validation is applied via a patch, we validate the format as either ipv4, ipv6 or hostname + Server string `json:"server"` + + // port is the TCP port that will be used to communicate to + // the vCenter endpoint. + // When omitted, this means the user has no opinion and + // it is up to the platform to choose a sensible default, + // which is subject to change over time. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=32767 + // +optional + Port int32 `json:"port,omitempty"` + + // The vCenter Datacenters in which the RHCOS + // vm guests are located. This field will + // be used by the Cloud Controller Manager. + // Each datacenter listed here should be used within + // a topology. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + // +listType=set + Datacenters []string `json:"datacenters"` +} + +// VSpherePlatformNodeNetworkingSpec holds the network CIDR(s) and port group name for +// including and excluding IP ranges in the cloud provider. +// This would be used for example when multiple network adapters are attached to +// a guest to help determine which IP address the cloud config manager should use +// for the external and internal node networking. +type VSpherePlatformNodeNetworkingSpec struct { + // networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs + // that will be used in respective status.addresses fields. + // --- + // + Validation is applied via a patch, we validate the format as cidr + // +listType=set + // +optional + NetworkSubnetCIDR []string `json:"networkSubnetCidr,omitempty"` + + // network VirtualMachine's VM Network names that will be used to when searching + // for status.addresses fields. Note that if internal.networkSubnetCIDR and + // external.networkSubnetCIDR are not set, then the vNIC associated to this network must + // only have a single IP address assigned to it. + // The available networks (port groups) can be listed using + // `govc ls 'network/*'` + // +optional + Network string `json:"network,omitempty"` + + // excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting + // the IP address from the VirtualMachine's VM for use in the status.addresses fields. + // --- + // + Validation is applied via a patch, we validate the format as cidr + // +listType=atomic + // +optional + ExcludeNetworkSubnetCIDR []string `json:"excludeNetworkSubnetCidr,omitempty"` +} + +// VSpherePlatformNodeNetworking holds the external and internal node networking spec. +type VSpherePlatformNodeNetworking struct { + // external represents the network configuration of the node that is externally routable. + // +optional + External VSpherePlatformNodeNetworkingSpec `json:"external"` + // internal represents the network configuration of the node that is routable only within the cluster. + // +optional + Internal VSpherePlatformNodeNetworkingSpec `json:"internal"` +} + +// VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. +// In the future the cloud provider operator, storage operator and machine operator will +// use these fields for configuration. +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)",message="apiServerInternalIPs list is required once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ingressIPs) || has(self.ingressIPs)",message="ingressIPs list is required once set" +type VSpherePlatformSpec struct { + // vcenters holds the connection details for services to communicate with vCenter. + // Currently, only a single vCenter is supported. + // --- + // + If VCenters is not defined use the existing cloud-config configmap defined + // + in openshift-config. + // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:validation:MinItems=0 + // +listType=atomic + // +optional + VCenters []VSpherePlatformVCenterSpec `json:"vcenters,omitempty"` + + // failureDomains contains the definition of region, zone and the vCenter topology. + // If this is omitted failure domains (regions and zones) will not be used. + // +listType=map + // +listMapKey=name + // +optional + FailureDomains []VSpherePlatformFailureDomainSpec `json:"failureDomains,omitempty"` + + // nodeNetworking contains the definition of internal and external network constraints for + // assigning the node's networking. + // If this field is omitted, networking defaults to the legacy + // address selection behavior which is to only support a single address and + // return the first one found. + // +optional + NodeNetworking VSpherePlatformNodeNetworking `json:"nodeNetworking,omitempty"` + + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. + // In dual stack clusters this list contains two IP addresses, one from IPv4 + // family and one from IPv6. + // In single stack clusters a single IP address is expected. + // When omitted, values from the status.apiServerInternalIPs will be used. + // Once set, the list cannot be completely removed (but its second entry can). + // + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=set + // +optional + APIServerInternalIPs []IP `json:"apiServerInternalIPs"` + + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. + // In dual stack clusters this list contains two IP addresses, one from IPv4 + // family and one from IPv6. + // In single stack clusters a single IP address is expected. + // When omitted, values from the status.ingressIPs will be used. + // Once set, the list cannot be completely removed (but its second entry can). + // + // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=set + // +optional + IngressIPs []IP `json:"ingressIPs"` + + // machineNetworks are IP networks used to connect all the OpenShift cluster + // nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, + // for example "10.0.0.0/8" or "fd00::/8". + // +listType=set + // +kubebuilder:validation:MaxItems=32 + // +optional + MachineNetworks []CIDR `json:"machineNetworks"` +} + +// VSpherePlatformStatus holds the current status of the vSphere infrastructure provider. +type VSpherePlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + // + // Deprecated: Use APIServerInternalIPs instead. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. In dual + // stack clusters this list contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + // +listType=set + APIServerInternalIPs []string `json:"apiServerInternalIPs"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + // + // Deprecated: Use IngressIPs instead. + IngressIP string `json:"ingressIP,omitempty"` + + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. In dual stack clusters this list + // contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + // +listType=set + IngressIPs []string `json:"ingressIPs"` + + // nodeDNSIP is the IP address for the internal DNS used by the + // nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` + // provides name resolution for the nodes themselves. There is no DNS-as-a-service for + // vSphere deployments. In order to minimize necessary changes to the + // datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames + // to the nodes in the cluster. + NodeDNSIP string `json:"nodeDNSIP,omitempty"` + + // loadBalancer defines how the load balancer used by the cluster is configured. + // +default={"type": "OpenShiftManagedDefault"} + // +kubebuilder:default={"type": "OpenShiftManagedDefault"} + // +openshift:enable:FeatureGate=BareMetalLoadBalancer + // +optional + LoadBalancer *VSpherePlatformLoadBalancer `json:"loadBalancer,omitempty"` + + // machineNetworks are IP networks used to connect all the OpenShift cluster nodes. + // +listType=set + // +kubebuilder:validation:MaxItems=32 + // +optional + MachineNetworks []CIDR `json:"machineNetworks"` +} + +// IBMCloudServiceEndpoint stores the configuration of a custom url to +// override existing defaults of IBM Cloud Services. +type IBMCloudServiceEndpoint struct { + // name is the name of the IBM Cloud service. + // Possible values are: CIS, COS, DNSServices, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. + // For example, the IBM Cloud Private IAM service could be configured with the + // service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` + // Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured + // with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com` + // + // +kubebuilder:validation:Required + Name IBMCloudServiceName `json:"name"` + + // url is fully qualified URI with scheme https, that overrides the default generated + // endpoint for a client. + // This must be provided and cannot be empty. + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:XValidation:rule="isURL(self)",message="url must be a valid absolute URL" + URL string `json:"url"` +} + +// IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. +// This only includes fields that can be modified in the cluster. +type IBMCloudPlatformSpec struct{} + +// IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider. +type IBMCloudPlatformStatus struct { + // Location is where the cluster has been deployed + Location string `json:"location,omitempty"` + + // ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster. + ResourceGroupName string `json:"resourceGroupName,omitempty"` + + // ProviderType indicates the type of cluster that was created + ProviderType IBMCloudProviderType `json:"providerType,omitempty"` + + // CISInstanceCRN is the CRN of the Cloud Internet Services instance managing + // the DNS zone for the cluster's base domain + CISInstanceCRN string `json:"cisInstanceCRN,omitempty"` + + // DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone + // for the cluster's base domain + DNSInstanceCRN string `json:"dnsInstanceCRN,omitempty"` + + // serviceEndpoints is a list of custom endpoints which will override the default + // service endpoints of an IBM Cloud service. These endpoints are consumed by + // components within the cluster to reach the respective IBM Cloud Services. + // +listType=map + // +listMapKey=name + // +optional + ServiceEndpoints []IBMCloudServiceEndpoint `json:"serviceEndpoints,omitempty"` +} + +// KubevirtPlatformSpec holds the desired state of the kubevirt infrastructure provider. +// This only includes fields that can be modified in the cluster. +type KubevirtPlatformSpec struct{} + +// KubevirtPlatformStatus holds the current status of the kubevirt infrastructure provider. +type KubevirtPlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + IngressIP string `json:"ingressIP,omitempty"` +} + +// EquinixMetalPlatformSpec holds the desired state of the Equinix Metal infrastructure provider. +// This only includes fields that can be modified in the cluster. +type EquinixMetalPlatformSpec struct{} + +// EquinixMetalPlatformStatus holds the current status of the Equinix Metal infrastructure provider. +type EquinixMetalPlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + IngressIP string `json:"ingressIP,omitempty"` +} + +// PowervsServiceEndpoint stores the configuration of a custom url to +// override existing defaults of PowerVS Services. +type PowerVSServiceEndpoint struct { + // name is the name of the Power VS service. + // Few of the services are + // IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api + // ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller + // Power Cloud - https://cloud.ibm.com/apidocs/power-cloud + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^[a-z0-9-]+$` + Name string `json:"name"` + + // url is fully qualified URI with scheme https, that overrides the default generated + // endpoint for a client. + // This must be provided and cannot be empty. + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Format=uri + // +kubebuilder:validation:Pattern=`^https://` + URL string `json:"url"` +} + +// PowerVSPlatformSpec holds the desired state of the IBM Power Systems Virtual Servers infrastructure provider. +// This only includes fields that can be modified in the cluster. +type PowerVSPlatformSpec struct { + // serviceEndpoints is a list of custom endpoints which will override the default + // service endpoints of a Power VS service. + // +listType=map + // +listMapKey=name + // +optional + ServiceEndpoints []PowerVSServiceEndpoint `json:"serviceEndpoints,omitempty"` +} + +// PowerVSPlatformStatus holds the current status of the IBM Power Systems Virtual Servers infrastrucutre provider. +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.resourceGroup) || has(self.resourceGroup)",message="cannot unset resourceGroup once set" +type PowerVSPlatformStatus struct { + // region holds the default Power VS region for new Power VS resources created by the cluster. + Region string `json:"region"` + + // zone holds the default zone for the new Power VS resources created by the cluster. + // Note: Currently only single-zone OCP clusters are supported + Zone string `json:"zone"` + + // resourceGroup is the resource group name for new IBMCloud resources created for a cluster. + // The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry. + // More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. + // When omitted, the image registry operator won't be able to configure storage, + // which results in the image registry cluster operator not being in an available state. + // + // +kubebuilder:validation:Pattern=^[a-zA-Z0-9-_ ]+$ + // +kubebuilder:validation:MaxLength=40 + // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="resourceGroup is immutable once set" + // +optional + ResourceGroup string `json:"resourceGroup"` + + // serviceEndpoints is a list of custom endpoints which will override the default + // service endpoints of a Power VS service. + // +listType=map + // +listMapKey=name + // +optional + ServiceEndpoints []PowerVSServiceEndpoint `json:"serviceEndpoints,omitempty"` + + // CISInstanceCRN is the CRN of the Cloud Internet Services instance managing + // the DNS zone for the cluster's base domain + CISInstanceCRN string `json:"cisInstanceCRN,omitempty"` + + // DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone + // for the cluster's base domain + DNSInstanceCRN string `json:"dnsInstanceCRN,omitempty"` +} + +// AlibabaCloudPlatformSpec holds the desired state of the Alibaba Cloud infrastructure provider. +// This only includes fields that can be modified in the cluster. +type AlibabaCloudPlatformSpec struct{} + +// AlibabaCloudPlatformStatus holds the current status of the Alibaba Cloud infrastructure provider. +type AlibabaCloudPlatformStatus struct { + // region specifies the region for Alibaba Cloud resources created for the cluster. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^[0-9A-Za-z-]+$` + // +required + Region string `json:"region"` + // resourceGroupID is the ID of the resource group for the cluster. + // +kubebuilder:validation:Pattern=`^(rg-[0-9A-Za-z]+)?$` + // +optional + ResourceGroupID string `json:"resourceGroupID,omitempty"` + // resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster. + // +kubebuilder:validation:MaxItems=20 + // +listType=map + // +listMapKey=key + // +optional + ResourceTags []AlibabaCloudResourceTag `json:"resourceTags,omitempty"` +} + +// AlibabaCloudResourceTag is the set of tags to add to apply to resources. +type AlibabaCloudResourceTag struct { + // key is the key of the tag. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + // +required + Key string `json:"key"` + // value is the value of the tag. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=128 + // +required + Value string `json:"value"` +} + +// NutanixPlatformLoadBalancer defines the load balancer used by the cluster on Nutanix platform. +// +union +type NutanixPlatformLoadBalancer struct { + // type defines the type of load balancer used by the cluster on Nutanix platform + // which can be a user-managed or openshift-managed load balancer + // that is to be used for the OpenShift API and Ingress endpoints. + // When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing + // defined in the machine config operator will be deployed. + // When set to UserManaged these static pods will not be deployed and it is expected that + // the load balancer is configured out of band by the deployer. + // When omitted, this means no opinion and the platform is left to choose a reasonable default. + // The default value is OpenShiftManagedDefault. + // +default="OpenShiftManagedDefault" + // +kubebuilder:default:="OpenShiftManagedDefault" + // +kubebuilder:validation:Enum:="OpenShiftManagedDefault";"UserManaged" + // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="type is immutable once set" + // +optional + // +unionDiscriminator + Type PlatformLoadBalancerType `json:"type,omitempty"` +} + +// NutanixPlatformSpec holds the desired state of the Nutanix infrastructure provider. +// This only includes fields that can be modified in the cluster. +type NutanixPlatformSpec struct { + // prismCentral holds the endpoint address and port to access the Nutanix Prism Central. + // When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. + // Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the + // proxy spec.noProxy list. + // +kubebuilder:validation:Required + PrismCentral NutanixPrismEndpoint `json:"prismCentral"` + + // prismElements holds one or more endpoint address and port data to access the Nutanix + // Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one + // Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) + // used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) + // spread over multiple Prism Elements (clusters) of the Prism Central. + // +kubebuilder:validation:Required + // +listType=map + // +listMapKey=name + PrismElements []NutanixPrismElementEndpoint `json:"prismElements"` + + // failureDomains configures failure domains information for the Nutanix platform. + // When set, the failure domains defined here may be used to spread Machines across + // prism element clusters to improve fault tolerance of the cluster. + // +listType=map + // +listMapKey=name + // +optional + FailureDomains []NutanixFailureDomain `json:"failureDomains"` +} + +// NutanixFailureDomain configures failure domain information for the Nutanix platform. +type NutanixFailureDomain struct { + // name defines the unique name of a failure domain. + // Name is required and must be at most 64 characters in length. + // It must consist of only lower case alphanumeric characters and hyphens (-). + // It must start and end with an alphanumeric character. + // This value is arbitrary and is used to identify the failure domain within the platform. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:Pattern=`[a-z0-9]([-a-z0-9]*[a-z0-9])?` + Name string `json:"name"` + + // cluster is to identify the cluster (the Prism Element under management of the Prism Central), + // in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained + // from the Prism Central console or using the prism_central API. + // +kubebuilder:validation:Required + Cluster NutanixResourceIdentifier `json:"cluster"` + + // subnets holds a list of identifiers (one or more) of the cluster's network subnets + // for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be + // obtained from the Prism Central console or using the prism_central API. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=1 + // +listType=map + // +listMapKey=type + Subnets []NutanixResourceIdentifier `json:"subnets"` +} + +// NutanixIdentifierType is an enumeration of different resource identifier types. +// +kubebuilder:validation:Enum:=UUID;Name +type NutanixIdentifierType string + +const ( + // NutanixIdentifierUUID is a resource identifier identifying the object by UUID. + NutanixIdentifierUUID NutanixIdentifierType = "UUID" + + // NutanixIdentifierName is a resource identifier identifying the object by Name. + NutanixIdentifierName NutanixIdentifierType = "Name" +) + +// NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.) +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'UUID' ? has(self.uuid) : !has(self.uuid)",message="uuid configuration is required when type is UUID, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Name' ? has(self.name) : !has(self.name)",message="name configuration is required when type is Name, and forbidden otherwise" +// +union +type NutanixResourceIdentifier struct { + // type is the identifier type to use for this resource. + // +unionDiscriminator + // +kubebuilder:validation:Required + Type NutanixIdentifierType `json:"type"` + + // uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID. + // +optional + UUID *string `json:"uuid,omitempty"` + + // name is the resource name in the PC. It cannot be empty if the type is Name. + // +optional + Name *string `json:"name,omitempty"` +} + +// NutanixPrismEndpoint holds the endpoint address and port to access the Nutanix Prism Central or Element (cluster) +type NutanixPrismEndpoint struct { + // address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster) + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=256 + Address string `json:"address"` + + // port is the port number to access the Nutanix Prism Central or Element (cluster) + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=65535 + Port int32 `json:"port"` +} + +// NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster) +type NutanixPrismElementEndpoint struct { + // name is the name of the Prism Element (cluster). This value will correspond with + // the cluster field configured on other resources (eg Machines, PVCs, etc). + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=256 + Name string `json:"name"` + + // endpoint holds the endpoint address and port data of the Prism Element (cluster). + // When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. + // Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the + // proxy spec.noProxy list. + // +kubebuilder:validation:Required + Endpoint NutanixPrismEndpoint `json:"endpoint"` +} + +// NutanixPlatformStatus holds the current status of the Nutanix infrastructure provider. +type NutanixPlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + // + // Deprecated: Use APIServerInternalIPs instead. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // apiServerInternalIPs are the IP addresses to contact the Kubernetes API + // server that can be used by components inside the cluster, like kubelets + // using the infrastructure rather than Kubernetes networking. These are the + // IPs for a self-hosted load balancer in front of the API servers. In dual + // stack clusters this list contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + // +listType=set + APIServerInternalIPs []string `json:"apiServerInternalIPs"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + // + // Deprecated: Use IngressIPs instead. + IngressIP string `json:"ingressIP,omitempty"` + + // ingressIPs are the external IPs which route to the default ingress + // controller. The IPs are suitable targets of a wildcard DNS record used to + // resolve default route host names. In dual stack clusters this list + // contains two IPs otherwise only one. + // + // +kubebuilder:validation:Format=ip + // +kubebuilder:validation:MaxItems=2 + // +listType=set + IngressIPs []string `json:"ingressIPs"` + + // loadBalancer defines how the load balancer used by the cluster is configured. + // +default={"type": "OpenShiftManagedDefault"} + // +kubebuilder:default={"type": "OpenShiftManagedDefault"} + // +openshift:enable:FeatureGate=BareMetalLoadBalancer + // +optional + LoadBalancer *NutanixPlatformLoadBalancer `json:"loadBalancer,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// InfrastructureList is +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type InfrastructureList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []Infrastructure `json:"items"` +} + +// IP is an IP address (for example, "10.0.0.0" or "fd00::"). +// +kubebuilder:validation:Pattern=`(^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*)` +// + --- +// + The regex for the IPv4 and IPv6 address was taken from +// + https://blog.markhatton.co.uk/2011/03/15/regular-expressions-for-ip-addresses-cidr-ranges-and-hostnames/ +// + The resulting regex is an OR of both regexes. +type IP string + +// CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). +// +kubebuilder:validation:Pattern=`(^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$)` +// + --- +// + The regex for the IPv4 and IPv6 CIDR range was taken from +// + https://blog.markhatton.co.uk/2011/03/15/regular-expressions-for-ip-addresses-cidr-ranges-and-hostnames/ +// + The resulting regex is an OR of both regexes. +type CIDR string diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_ingress.go b/etcd/vendor/github.com/openshift/api/config/v1/types_ingress.go new file mode 100644 index 0000000000..e58ad7f00b --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_ingress.go @@ -0,0 +1,339 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Ingress holds cluster-wide information about ingress, including the default ingress domain +// used for routes. The canonical name is `cluster`. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=ingresses,scope=Cluster +// +kubebuilder:subresource:status +type Ingress struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec IngressSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status IngressStatus `json:"status"` +} + +type IngressSpec struct { + // domain is used to generate a default host name for a route when the + // route's host name is empty. The generated host name will follow this + // pattern: "..". + // + // It is also used as the default wildcard domain suffix for ingress. The + // default ingresscontroller domain will follow this pattern: "*.". + // + // Once set, changing domain is not currently supported. + Domain string `json:"domain"` + + // appsDomain is an optional domain to use instead of the one specified + // in the domain field when a Route is created without specifying an explicit + // host. If appsDomain is nonempty, this value is used to generate default + // host values for Route. Unlike domain, appsDomain may be modified after + // installation. + // This assumes a new ingresscontroller has been setup with a wildcard + // certificate. + // +optional + AppsDomain string `json:"appsDomain,omitempty"` + + // componentRoutes is an optional list of routes that are managed by OpenShift components + // that a cluster-admin is able to configure the hostname and serving certificate for. + // The namespace and name of each route in this list should match an existing entry in the + // status.componentRoutes list. + // + // To determine the set of configurable Routes, look at namespace and name of entries in the + // .status.componentRoutes list, where participating operators write the status of + // configurable routes. + // +optional + // +listType=map + // +listMapKey=namespace + // +listMapKey=name + ComponentRoutes []ComponentRouteSpec `json:"componentRoutes,omitempty"` + + // requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes + // matching the domainPattern/s and namespaceSelector/s that are specified in the policy. + // Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route + // annotation, and affect route admission. + // + // A candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: + // "haproxy.router.openshift.io/hsts_header" + // E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains + // + // - For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, + // then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route + // is rejected. + // - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies + // determines the route's admission status. + // - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, + // then it may use any HSTS Policy annotation. + // + // The HSTS policy configuration may be changed after routes have already been created. An update to a previously + // admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. + // However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working. + // + // Note that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid. + // +optional + RequiredHSTSPolicies []RequiredHSTSPolicy `json:"requiredHSTSPolicies,omitempty"` + + // loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure + // provider of the current cluster and are required for Ingress Controller to work on OpenShift. + // +optional + LoadBalancer LoadBalancer `json:"loadBalancer,omitempty"` +} + +// IngressPlatformSpec holds the desired state of Ingress specific to the underlying infrastructure provider +// of the current cluster. Since these are used at spec-level for the underlying cluster, it +// is supposed that only one of the spec structs is set. +// +union +type IngressPlatformSpec struct { + // type is the underlying infrastructure provider for the cluster. + // Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", + // "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", + // "AlibabaCloud", "Nutanix" and "None". Individual components may not support all platforms, + // and must handle unrecognized platforms as None if they do not support that platform. + // + // +unionDiscriminator + Type PlatformType `json:"type"` + + // aws contains settings specific to the Amazon Web Services infrastructure provider. + // +optional + AWS *AWSIngressSpec `json:"aws,omitempty"` +} + +type LoadBalancer struct { + // platform holds configuration specific to the underlying + // infrastructure provider for the ingress load balancers. + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // +optional + Platform IngressPlatformSpec `json:"platform,omitempty"` +} + +// AWSIngressSpec holds the desired state of the Ingress for Amazon Web Services infrastructure provider. +// This only includes fields that can be modified in the cluster. +// +union +type AWSIngressSpec struct { + // type allows user to set a load balancer type. + // When this field is set the default ingresscontroller will get created using the specified LBType. + // If this field is not set then the default ingress controller of LBType Classic will be created. + // Valid values are: + // + // * "Classic": A Classic Load Balancer that makes routing decisions at either + // the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + // the following for additional details: + // + // https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + // + // * "NLB": A Network Load Balancer that makes routing decisions at the + // transport layer (TCP/SSL). See the following for additional details: + // + // https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb + // +unionDiscriminator + // +kubebuilder:validation:Enum:=NLB;Classic + // +kubebuilder:validation:Required + Type AWSLBType `json:"type,omitempty"` +} + +type AWSLBType string + +const ( + // NLB is the Network Load Balancer Type of AWS. Using NLB one can set NLB load balancer type for the default ingress controller. + NLB AWSLBType = "NLB" + + // Classic is the Classic Load Balancer Type of AWS. Using CLassic one can set Classic load balancer type for the default ingress controller. + Classic AWSLBType = "Classic" +) + +// ConsumingUser is an alias for string which we add validation to. Currently only service accounts are supported. +// +kubebuilder:validation:Pattern="^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=512 +type ConsumingUser string + +// Hostname is a host name as defined by RFC-1123. +// + --- +// + The left operand of the | is the original kubebuilder hostname validation format, which is incorrect because it +// + allows upper case letters, disallows hyphen or number in the TLD, and allows labels to start/end in non-alphanumeric +// + characters. See https://bugzilla.redhat.com/show_bug.cgi?id=2039256. +// + ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$ +// + +// + The right operand of the | is a new pattern that mimics the current API route admission validation on hostname, +// + except that it allows hostnames longer than the maximum length: +// + ^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ +// + +// + Both operand patterns are made available so that modifications on ingress spec can still happen after an invalid hostname +// + was saved via validation by the incorrect left operand of the | operator. +// + +// +kubebuilder:validation:Pattern=`^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$` +type Hostname string + +type IngressStatus struct { + // componentRoutes is where participating operators place the current route status for routes whose + // hostnames and serving certificates can be customized by the cluster-admin. + // +optional + // +listType=map + // +listMapKey=namespace + // +listMapKey=name + ComponentRoutes []ComponentRouteStatus `json:"componentRoutes,omitempty"` + + // defaultPlacement is set at installation time to control which + // nodes will host the ingress router pods by default. The options are + // control-plane nodes or worker nodes. + // + // This field works by dictating how the Cluster Ingress Operator will + // consider unset replicas and nodePlacement fields in IngressController + // resources when creating the corresponding Deployments. + // + // See the documentation for the IngressController replicas and nodePlacement + // fields for more information. + // + // When omitted, the default value is Workers + // + // +kubebuilder:validation:Enum:="ControlPlane";"Workers";"" + // +optional + DefaultPlacement DefaultPlacement `json:"defaultPlacement"` +} + +// ComponentRouteSpec allows for configuration of a route's hostname and serving certificate. +type ComponentRouteSpec struct { + // namespace is the namespace of the route to customize. + // + // The namespace and name of this componentRoute must match a corresponding + // entry in the list of status.componentRoutes if the route is to be customized. + // +kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Required + // +required + Namespace string `json:"namespace"` + + // name is the logical name of the route to customize. + // + // The namespace and name of this componentRoute must match a corresponding + // entry in the list of status.componentRoutes if the route is to be customized. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Required + // +required + Name string `json:"name"` + + // hostname is the hostname that should be used by the route. + // +kubebuilder:validation:Required + // +required + Hostname Hostname `json:"hostname"` + + // servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. + // The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. + // If the custom hostname uses the default routing suffix of the cluster, + // the Secret specification for a serving certificate will not be needed. + // +optional + ServingCertKeyPairSecret SecretNameReference `json:"servingCertKeyPairSecret"` +} + +// ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate. +type ComponentRouteStatus struct { + // namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace + // ensures that no two components will conflict and the same component can be installed multiple times. + // + // The namespace and name of this componentRoute must match a corresponding + // entry in the list of spec.componentRoutes if the route is to be customized. + // +kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Required + // +required + Namespace string `json:"namespace"` + + // name is the logical name of the route to customize. It does not have to be the actual name of a route resource + // but it cannot be renamed. + // + // The namespace and name of this componentRoute must match a corresponding + // entry in the list of spec.componentRoutes if the route is to be customized. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Required + // +required + Name string `json:"name"` + + // defaultHostname is the hostname of this route prior to customization. + // +kubebuilder:validation:Required + // +required + DefaultHostname Hostname `json:"defaultHostname"` + + // consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret. + // +kubebuilder:validation:MaxItems=5 + // +optional + ConsumingUsers []ConsumingUser `json:"consumingUsers,omitempty"` + + // currentHostnames is the list of current names used by the route. Typically, this list should consist of a single + // hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list. + // +kubebuilder:validation:MinItems=1 + // +optional + CurrentHostnames []Hostname `json:"currentHostnames,omitempty"` + + // conditions are used to communicate the state of the componentRoutes entry. + // + // Supported conditions include Available, Degraded and Progressing. + // + // If available is true, the content served by the route can be accessed by users. This includes cases + // where a default may continue to serve content while the customized route specified by the cluster-admin + // is being configured. + // + // If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. + // The currentHostnames field may or may not be in effect. + // + // If Progressing is true, that means the component is taking some action related to the componentRoutes entry. + // +optional + // +listType=map + // +listMapKey=type + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:Required + // +required + RelatedObjects []ObjectReference `json:"relatedObjects"` +} + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +openshift:compatibility-gen:level=1 +type IngressList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []Ingress `json:"items"` +} + +// DefaultPlacement defines the default placement of ingress router pods. +type DefaultPlacement string + +const ( + // "Workers" is for having router pods placed on worker nodes by default. + DefaultPlacementWorkers DefaultPlacement = "Workers" + + // "ControlPlane" is for having router pods placed on control-plane nodes by default. + DefaultPlacementControlPlane DefaultPlacement = "ControlPlane" +) diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_network.go b/etcd/vendor/github.com/openshift/api/config/v1/types_network.go new file mode 100644 index 0000000000..618aeff3b0 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_network.go @@ -0,0 +1,301 @@ +package v1 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. +// Please view network.spec for an explanation on what applies when configuring this resource. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:compatibility-gen:level=1 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=networks,scope=Cluster +type Network struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration. + // As a general rule, this SHOULD NOT be read directly. Instead, you should + // consume the NetworkStatus, as it indicates the currently deployed configuration. + // Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each. + // +kubebuilder:validation:Required + // +required + Spec NetworkSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status NetworkStatus `json:"status"` +} + +// NetworkSpec is the desired network configuration. +// As a general rule, this SHOULD NOT be read directly. Instead, you should +// consume the NetworkStatus, as it indicates the currently deployed configuration. +// Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each. +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NetworkDiagnosticsConfig,rule="!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) || self.networkDiagnostics.mode!='Disabled' || !has(self.networkDiagnostics.sourcePlacement) && !has(self.networkDiagnostics.targetPlacement)",message="cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement when networkDiagnostics.mode is Disabled" +type NetworkSpec struct { + // IP address pool to use for pod IPs. + // This field is immutable after installation. + ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork"` + + // IP address pool for services. + // Currently, we only support a single entry here. + // This field is immutable after installation. + ServiceNetwork []string `json:"serviceNetwork"` + + // NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). + // This should match a value that the cluster-network-operator understands, + // or else no networking will be installed. + // Currently supported values are: + // - OpenShiftSDN + // This field is immutable after installation. + NetworkType string `json:"networkType"` + + // externalIP defines configuration for controllers that + // affect Service.ExternalIP. If nil, then ExternalIP is + // not allowed to be set. + // +optional + ExternalIP *ExternalIPConfig `json:"externalIP,omitempty"` + + // The port range allowed for Services of type NodePort. + // If not specified, the default of 30000-32767 will be used. + // Such Services without a NodePort specified will have one + // automatically allocated from this range. + // This parameter can be updated after the cluster is + // installed. + // +kubebuilder:validation:Pattern=`^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$` + ServiceNodePortRange string `json:"serviceNodePortRange,omitempty"` + + // networkDiagnostics defines network diagnostics configuration. + // + // Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. + // If networkDiagnostics is not specified or is empty, + // and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, + // the network diagnostics feature will be disabled. + // + // +optional + // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig + NetworkDiagnostics NetworkDiagnostics `json:"networkDiagnostics"` +} + +// NetworkStatus is the current network configuration. +type NetworkStatus struct { + // IP address pool to use for pod IPs. + ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork,omitempty"` + + // IP address pool for services. + // Currently, we only support a single entry here. + ServiceNetwork []string `json:"serviceNetwork,omitempty"` + + // NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). + NetworkType string `json:"networkType,omitempty"` + + // ClusterNetworkMTU is the MTU for inter-pod networking. + ClusterNetworkMTU int `json:"clusterNetworkMTU,omitempty"` + + // Migration contains the cluster network migration configuration. + Migration *NetworkMigration `json:"migration,omitempty"` + + // conditions represents the observations of a network.config current state. + // Known .status.conditions.type are: "NetworkTypeMigrationInProgress", "NetworkTypeMigrationMTUReady", + // "NetworkTypeMigrationTargetCNIAvailable", "NetworkTypeMigrationTargetCNIInUse", + // "NetworkTypeMigrationOriginalCNIPurged" and "NetworkDiagnosticsAvailable" + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + // +openshift:enable:FeatureGate=NetworkLiveMigration + // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` +} + +// ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs +// are allocated. +type ClusterNetworkEntry struct { + // The complete block for pod IPs. + CIDR string `json:"cidr"` + + // The size (prefix) of block to allocate to each node. If this + // field is not used by the plugin, it can be left unset. + // +kubebuilder:validation:Minimum=0 + // +optional + HostPrefix uint32 `json:"hostPrefix,omitempty"` +} + +// ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field +// of a Service resource. +type ExternalIPConfig struct { + // policy is a set of restrictions applied to the ExternalIP field. + // If nil or empty, then ExternalIP is not allowed to be set. + // +optional + Policy *ExternalIPPolicy `json:"policy,omitempty"` + + // autoAssignCIDRs is a list of CIDRs from which to automatically assign + // Service.ExternalIP. These are assigned when the service is of type + // LoadBalancer. In general, this is only useful for bare-metal clusters. + // In Openshift 3.x, this was misleadingly called "IngressIPs". + // Automatically assigned External IPs are not affected by any + // ExternalIPPolicy rules. + // Currently, only one entry may be provided. + // +optional + AutoAssignCIDRs []string `json:"autoAssignCIDRs,omitempty"` +} + +// ExternalIPPolicy configures exactly which IPs are allowed for the ExternalIP +// field in a Service. If the zero struct is supplied, then none are permitted. +// The policy controller always allows automatically assigned external IPs. +type ExternalIPPolicy struct { + // allowedCIDRs is the list of allowed CIDRs. + AllowedCIDRs []string `json:"allowedCIDRs,omitempty"` + + // rejectedCIDRs is the list of disallowed CIDRs. These take precedence + // over allowedCIDRs. + // +optional + RejectedCIDRs []string `json:"rejectedCIDRs,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type NetworkList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []Network `json:"items"` +} + +// NetworkMigration represents the cluster network configuration. +type NetworkMigration struct { + // NetworkType is the target plugin that is to be deployed. + // Currently supported values are: OpenShiftSDN, OVNKubernetes + // +kubebuilder:validation:Enum={"OpenShiftSDN","OVNKubernetes"} + // +optional + NetworkType string `json:"networkType,omitempty"` + + // MTU contains the MTU migration configuration. + // +optional + MTU *MTUMigration `json:"mtu,omitempty"` +} + +// MTUMigration contains infomation about MTU migration. +type MTUMigration struct { + // Network contains MTU migration configuration for the default network. + // +optional + Network *MTUMigrationValues `json:"network,omitempty"` + + // Machine contains MTU migration configuration for the machine's uplink. + // +optional + Machine *MTUMigrationValues `json:"machine,omitempty"` +} + +// MTUMigrationValues contains the values for a MTU migration. +type MTUMigrationValues struct { + // To is the MTU to migrate to. + // +kubebuilder:validation:Minimum=0 + To *uint32 `json:"to"` + + // From is the MTU to migrate from. + // +kubebuilder:validation:Minimum=0 + // +optional + From *uint32 `json:"from,omitempty"` +} + +// NetworkDiagnosticsMode is an enumeration of the available network diagnostics modes +// Valid values are "", "All", "Disabled". +// +kubebuilder:validation:Enum:="";All;Disabled +type NetworkDiagnosticsMode string + +const ( + // NetworkDiagnosticsNoOpinion means that the user has no opinion and the platform is left + // to choose reasonable default. The current default is All and is a subject to change over time. + NetworkDiagnosticsNoOpinion NetworkDiagnosticsMode = "" + // NetworkDiagnosticsAll means that all network diagnostics checks are enabled + NetworkDiagnosticsAll NetworkDiagnosticsMode = "All" + // NetworkDiagnosticsDisabled means that network diagnostics is disabled + NetworkDiagnosticsDisabled NetworkDiagnosticsMode = "Disabled" +) + +// NetworkDiagnostics defines network diagnostics configuration + +type NetworkDiagnostics struct { + // mode controls the network diagnostics mode + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is All. + // + // +optional + Mode NetworkDiagnosticsMode `json:"mode"` + + // sourcePlacement controls the scheduling of network diagnostics source deployment + // + // See NetworkDiagnosticsSourcePlacement for more details about default values. + // + // +optional + SourcePlacement NetworkDiagnosticsSourcePlacement `json:"sourcePlacement"` + + // targetPlacement controls the scheduling of network diagnostics target daemonset + // + // See NetworkDiagnosticsTargetPlacement for more details about default values. + // + // +optional + TargetPlacement NetworkDiagnosticsTargetPlacement `json:"targetPlacement"` +} + +// NetworkDiagnosticsSourcePlacement defines node scheduling configuration network diagnostics source components +type NetworkDiagnosticsSourcePlacement struct { + // nodeSelector is the node selector applied to network diagnostics components + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is `kubernetes.io/os: linux`. + // + // +optional + NodeSelector map[string]string `json:"nodeSelector"` + + // tolerations is a list of tolerations applied to network diagnostics components + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is an empty list. + // + // +optional + // +listType=atomic + Tolerations []corev1.Toleration `json:"tolerations"` +} + +// NetworkDiagnosticsTargetPlacement defines node scheduling configuration network diagnostics target components +type NetworkDiagnosticsTargetPlacement struct { + // nodeSelector is the node selector applied to network diagnostics components + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is `kubernetes.io/os: linux`. + // + // +optional + NodeSelector map[string]string `json:"nodeSelector"` + + // tolerations is a list of tolerations applied to network diagnostics components + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is `- operator: "Exists"` which means that all taints are tolerated. + // + // +optional + // +listType=atomic + Tolerations []corev1.Toleration `json:"tolerations"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_node.go b/etcd/vendor/github.com/openshift/api/config/v1/types_node.go new file mode 100644 index 0000000000..3dd31f39ad --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_node.go @@ -0,0 +1,117 @@ +package v1 + +import ( + "time" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Node holds cluster-wide information about node specific features. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1107 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=nodes,scope=Cluster +// +kubebuilder:subresource:status +type Node struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec NodeSpec `json:"spec"` + + // status holds observed values. + // +optional + Status NodeStatus `json:"status"` +} + +type NodeSpec struct { + // CgroupMode determines the cgroups version on the node + // +optional + CgroupMode CgroupMode `json:"cgroupMode,omitempty"` + + // WorkerLatencyProfile determins the how fast the kubelet is updating + // the status and corresponding reaction of the cluster + // +optional + WorkerLatencyProfile WorkerLatencyProfileType `json:"workerLatencyProfile,omitempty"` +} + +type NodeStatus struct{} + +// +kubebuilder:validation:Enum=v1;v2;"" +type CgroupMode string + +const ( + CgroupModeEmpty CgroupMode = "" // Empty string indicates to honor user set value on the system that should not be overridden by OpenShift + CgroupModeV1 CgroupMode = "v1" + CgroupModeV2 CgroupMode = "v2" + CgroupModeDefault CgroupMode = CgroupModeV1 +) + +// +kubebuilder:validation:Enum=Default;MediumUpdateAverageReaction;LowUpdateSlowReaction +type WorkerLatencyProfileType string + +const ( + // Medium Kubelet Update Frequency (heart-beat) and Average Reaction Time to unresponsive Node + MediumUpdateAverageReaction WorkerLatencyProfileType = "MediumUpdateAverageReaction" + + // Low Kubelet Update Frequency (heart-beat) and Slow Reaction Time to unresponsive Node + LowUpdateSlowReaction WorkerLatencyProfileType = "LowUpdateSlowReaction" + + // Default values of relavent Kubelet, Kube Controller Manager and Kube API Server + DefaultUpdateDefaultReaction WorkerLatencyProfileType = "Default" +) + +const ( + // DefaultNodeStatusUpdateFrequency refers to the "--node-status-update-frequency" of the kubelet in case of DefaultUpdateDefaultReaction WorkerLatencyProfile type + DefaultNodeStatusUpdateFrequency = 10 * time.Second + // DefaultNodeMonitorGracePeriod refers to the "--node-monitor-grace-period" of the Kube Controller Manager in case of DefaultUpdateDefaultReaction WorkerLatencyProfile type + DefaultNodeMonitorGracePeriod = 40 * time.Second + // DefaultNotReadyTolerationSeconds refers to the "--default-not-ready-toleration-seconds" of the Kube API Server in case of DefaultUpdateDefaultReaction WorkerLatencyProfile type + DefaultNotReadyTolerationSeconds = 300 + // DefaultUnreachableTolerationSeconds refers to the "--default-unreachable-toleration-seconds" of the Kube API Server in case of DefaultUpdateDefaultReaction WorkerLatencyProfile type + DefaultUnreachableTolerationSeconds = 300 + + // MediumNodeStatusUpdateFrequency refers to the "--node-status-update-frequency" of the kubelet in case of MediumUpdateAverageReaction WorkerLatencyProfile type + MediumNodeStatusUpdateFrequency = 20 * time.Second + // MediumNodeMonitorGracePeriod refers to the "--node-monitor-grace-period" of the Kube Controller Manager in case of MediumUpdateAverageReaction WorkerLatencyProfile type + MediumNodeMonitorGracePeriod = 2 * time.Minute + // MediumNotReadyTolerationSeconds refers to the "--default-not-ready-toleration-seconds" of the Kube API Server in case of MediumUpdateAverageReaction WorkerLatencyProfile type + MediumNotReadyTolerationSeconds = 60 + // MediumUnreachableTolerationSeconds refers to the "--default-unreachable-toleration-seconds" of the Kube API Server in case of MediumUpdateAverageReaction WorkerLatencyProfile type + MediumUnreachableTolerationSeconds = 60 + + // LowNodeStatusUpdateFrequency refers to the "--node-status-update-frequency" of the kubelet in case of LowUpdateSlowReaction WorkerLatencyProfile type + LowNodeStatusUpdateFrequency = 1 * time.Minute + // LowNodeMonitorGracePeriod refers to the "--node-monitor-grace-period" of the Kube Controller Manager in case of LowUpdateSlowReaction WorkerLatencyProfile type + LowNodeMonitorGracePeriod = 5 * time.Minute + // LowNotReadyTolerationSeconds refers to the "--default-not-ready-toleration-seconds" of the Kube API Server in case of LowUpdateSlowReaction WorkerLatencyProfile type + LowNotReadyTolerationSeconds = 60 + // LowUnreachableTolerationSeconds refers to the "--default-unreachable-toleration-seconds" of the Kube API Server in case of LowUpdateSlowReaction WorkerLatencyProfile type + LowUnreachableTolerationSeconds = 60 +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type NodeList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []Node `json:"items"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_oauth.go b/etcd/vendor/github.com/openshift/api/config/v1/types_oauth.go new file mode 100644 index 0000000000..6654479dc8 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_oauth.go @@ -0,0 +1,597 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// OAuth Server and Identity Provider Config + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. +// It is used to configure the integrated OAuth server. +// This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=oauths,scope=Cluster +// +kubebuilder:subresource:status +type OAuth struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec OAuthSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status OAuthStatus `json:"status"` +} + +// OAuthSpec contains desired cluster auth configuration +type OAuthSpec struct { + // identityProviders is an ordered list of ways for a user to identify themselves. + // When this list is empty, no identities are provisioned for users. + // +optional + // +listType=atomic + IdentityProviders []IdentityProvider `json:"identityProviders,omitempty"` + + // tokenConfig contains options for authorization and access tokens + TokenConfig TokenConfig `json:"tokenConfig"` + + // templates allow you to customize pages like the login page. + // +optional + Templates OAuthTemplates `json:"templates"` +} + +// OAuthStatus shows current known state of OAuth server in the cluster +type OAuthStatus struct { + // TODO Fill in with status of identityProviders and templates (and maybe tokenConfig) +} + +// TokenConfig holds the necessary configuration options for authorization and access tokens +type TokenConfig struct { + // accessTokenMaxAgeSeconds defines the maximum age of access tokens + AccessTokenMaxAgeSeconds int32 `json:"accessTokenMaxAgeSeconds,omitempty"` + + // accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect. + // +optional + AccessTokenInactivityTimeoutSeconds int32 `json:"accessTokenInactivityTimeoutSeconds,omitempty"` + + // accessTokenInactivityTimeout defines the token inactivity timeout + // for tokens granted by any client. + // The value represents the maximum amount of time that can occur between + // consecutive uses of the token. Tokens become invalid if they are not + // used within this temporal window. The user will need to acquire a new + // token to regain access once a token times out. Takes valid time + // duration string such as "5m", "1.5h" or "2h45m". The minimum allowed + // value for duration is 300s (5 minutes). If the timeout is configured + // per client, then that value takes precedence. If the timeout value is + // not specified and the client does not override the value, then tokens + // are valid until their lifetime. + // + // WARNING: existing tokens' timeout will not be affected (lowered) by changing this value + // +optional + AccessTokenInactivityTimeout *metav1.Duration `json:"accessTokenInactivityTimeout,omitempty"` +} + +const ( + // LoginTemplateKey is the key of the login template in a secret + LoginTemplateKey = "login.html" + + // ProviderSelectionTemplateKey is the key for the provider selection template in a secret + ProviderSelectionTemplateKey = "providers.html" + + // ErrorsTemplateKey is the key for the errors template in a secret + ErrorsTemplateKey = "errors.html" + + // BindPasswordKey is the key for the LDAP bind password in a secret + BindPasswordKey = "bindPassword" + + // ClientSecretKey is the key for the oauth client secret data in a secret + ClientSecretKey = "clientSecret" + + // HTPasswdDataKey is the key for the htpasswd file data in a secret + HTPasswdDataKey = "htpasswd" +) + +// OAuthTemplates allow for customization of pages like the login page +type OAuthTemplates struct { + // login is the name of a secret that specifies a go template to use to render the login page. + // The key "login.html" is used to locate the template data. + // If specified and the secret or expected key is not found, the default login page is used. + // If the specified template is not valid, the default login page is used. + // If unspecified, the default login page is used. + // The namespace for this secret is openshift-config. + // +optional + Login SecretNameReference `json:"login"` + + // providerSelection is the name of a secret that specifies a go template to use to render + // the provider selection page. + // The key "providers.html" is used to locate the template data. + // If specified and the secret or expected key is not found, the default provider selection page is used. + // If the specified template is not valid, the default provider selection page is used. + // If unspecified, the default provider selection page is used. + // The namespace for this secret is openshift-config. + // +optional + ProviderSelection SecretNameReference `json:"providerSelection"` + + // error is the name of a secret that specifies a go template to use to render error pages + // during the authentication or grant flow. + // The key "errors.html" is used to locate the template data. + // If specified and the secret or expected key is not found, the default error page is used. + // If the specified template is not valid, the default error page is used. + // If unspecified, the default error page is used. + // The namespace for this secret is openshift-config. + // +optional + Error SecretNameReference `json:"error"` +} + +// IdentityProvider provides identities for users authenticating using credentials +type IdentityProvider struct { + // name is used to qualify the identities returned by this provider. + // - It MUST be unique and not shared by any other identity provider used + // - It MUST be a valid path segment: name cannot equal "." or ".." or contain "/" or "%" or ":" + // Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName + Name string `json:"name"` + + // mappingMethod determines how identities from this provider are mapped to users + // Defaults to "claim" + // +optional + MappingMethod MappingMethodType `json:"mappingMethod,omitempty"` + + IdentityProviderConfig `json:",inline"` +} + +// MappingMethodType specifies how new identities should be mapped to users when they log in +type MappingMethodType string + +const ( + // MappingMethodClaim provisions a user with the identity’s preferred user name. Fails if a user + // with that user name is already mapped to another identity. + // Default. + MappingMethodClaim MappingMethodType = "claim" + + // MappingMethodLookup looks up existing users already mapped to an identity but does not + // automatically provision users or identities. Requires identities and users be set up + // manually or using an external process. + MappingMethodLookup MappingMethodType = "lookup" + + // MappingMethodAdd provisions a user with the identity’s preferred user name. If a user with + // that user name already exists, the identity is mapped to the existing user, adding to any + // existing identity mappings for the user. + MappingMethodAdd MappingMethodType = "add" +) + +type IdentityProviderType string + +const ( + // IdentityProviderTypeBasicAuth provides identities for users authenticating with HTTP Basic Auth + IdentityProviderTypeBasicAuth IdentityProviderType = "BasicAuth" + + // IdentityProviderTypeGitHub provides identities for users authenticating using GitHub credentials + IdentityProviderTypeGitHub IdentityProviderType = "GitHub" + + // IdentityProviderTypeGitLab provides identities for users authenticating using GitLab credentials + IdentityProviderTypeGitLab IdentityProviderType = "GitLab" + + // IdentityProviderTypeGoogle provides identities for users authenticating using Google credentials + IdentityProviderTypeGoogle IdentityProviderType = "Google" + + // IdentityProviderTypeHTPasswd provides identities from an HTPasswd file + IdentityProviderTypeHTPasswd IdentityProviderType = "HTPasswd" + + // IdentityProviderTypeKeystone provides identitities for users authenticating using keystone password credentials + IdentityProviderTypeKeystone IdentityProviderType = "Keystone" + + // IdentityProviderTypeLDAP provides identities for users authenticating using LDAP credentials + IdentityProviderTypeLDAP IdentityProviderType = "LDAP" + + // IdentityProviderTypeOpenID provides identities for users authenticating using OpenID credentials + IdentityProviderTypeOpenID IdentityProviderType = "OpenID" + + // IdentityProviderTypeRequestHeader provides identities for users authenticating using request header credentials + IdentityProviderTypeRequestHeader IdentityProviderType = "RequestHeader" +) + +// IdentityProviderConfig contains configuration for using a specific identity provider +type IdentityProviderConfig struct { + // type identifies the identity provider type for this entry. + Type IdentityProviderType `json:"type"` + + // Provider-specific configuration + // The json tag MUST match the `Type` specified above, case-insensitively + // e.g. For `Type: "LDAP"`, the `ldap` configuration should be provided + + // basicAuth contains configuration options for the BasicAuth IdP + // +optional + BasicAuth *BasicAuthIdentityProvider `json:"basicAuth,omitempty"` + + // github enables user authentication using GitHub credentials + // +optional + GitHub *GitHubIdentityProvider `json:"github,omitempty"` + + // gitlab enables user authentication using GitLab credentials + // +optional + GitLab *GitLabIdentityProvider `json:"gitlab,omitempty"` + + // google enables user authentication using Google credentials + // +optional + Google *GoogleIdentityProvider `json:"google,omitempty"` + + // htpasswd enables user authentication using an HTPasswd file to validate credentials + // +optional + HTPasswd *HTPasswdIdentityProvider `json:"htpasswd,omitempty"` + + // keystone enables user authentication using keystone password credentials + // +optional + Keystone *KeystoneIdentityProvider `json:"keystone,omitempty"` + + // ldap enables user authentication using LDAP credentials + // +optional + LDAP *LDAPIdentityProvider `json:"ldap,omitempty"` + + // openID enables user authentication using OpenID credentials + // +optional + OpenID *OpenIDIdentityProvider `json:"openID,omitempty"` + + // requestHeader enables user authentication using request header credentials + // +optional + RequestHeader *RequestHeaderIdentityProvider `json:"requestHeader,omitempty"` +} + +// BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials +type BasicAuthIdentityProvider struct { + // OAuthRemoteConnectionInfo contains information about how to connect to the external basic auth server + OAuthRemoteConnectionInfo `json:",inline"` +} + +// OAuthRemoteConnectionInfo holds information necessary for establishing a remote connection +type OAuthRemoteConnectionInfo struct { + // url is the remote URL to connect to + URL string `json:"url"` + + // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. + // It is used as a trust anchor to validate the TLS certificate presented by the remote server. + // The key "ca.crt" is used to locate the data. + // If specified and the config map or expected key is not found, the identity provider is not honored. + // If the specified ca data is not valid, the identity provider is not honored. + // If empty, the default system roots are used. + // The namespace for this config map is openshift-config. + // +optional + CA ConfigMapNameReference `json:"ca"` + + // tlsClientCert is an optional reference to a secret by name that contains the + // PEM-encoded TLS client certificate to present when connecting to the server. + // The key "tls.crt" is used to locate the data. + // If specified and the secret or expected key is not found, the identity provider is not honored. + // If the specified certificate data is not valid, the identity provider is not honored. + // The namespace for this secret is openshift-config. + // +optional + TLSClientCert SecretNameReference `json:"tlsClientCert"` + + // tlsClientKey is an optional reference to a secret by name that contains the + // PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. + // The key "tls.key" is used to locate the data. + // If specified and the secret or expected key is not found, the identity provider is not honored. + // If the specified certificate data is not valid, the identity provider is not honored. + // The namespace for this secret is openshift-config. + // +optional + TLSClientKey SecretNameReference `json:"tlsClientKey"` +} + +// HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials +type HTPasswdIdentityProvider struct { + // fileData is a required reference to a secret by name containing the data to use as the htpasswd file. + // The key "htpasswd" is used to locate the data. + // If the secret or expected key is not found, the identity provider is not honored. + // If the specified htpasswd data is not valid, the identity provider is not honored. + // The namespace for this secret is openshift-config. + FileData SecretNameReference `json:"fileData"` +} + +// LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials +type LDAPIdentityProvider struct { + // url is an RFC 2255 URL which specifies the LDAP search parameters to use. + // The syntax of the URL is: + // ldap://host:port/basedn?attribute?scope?filter + URL string `json:"url"` + + // bindDN is an optional DN to bind with during the search phase. + // +optional + BindDN string `json:"bindDN"` + + // bindPassword is an optional reference to a secret by name + // containing a password to bind with during the search phase. + // The key "bindPassword" is used to locate the data. + // If specified and the secret or expected key is not found, the identity provider is not honored. + // The namespace for this secret is openshift-config. + // +optional + BindPassword SecretNameReference `json:"bindPassword"` + + // insecure, if true, indicates the connection should not use TLS + // WARNING: Should not be set to `true` with the URL scheme "ldaps://" as "ldaps://" URLs always + // attempt to connect using TLS, even when `insecure` is set to `true` + // When `true`, "ldap://" URLS connect insecurely. When `false`, "ldap://" URLs are upgraded to + // a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830. + Insecure bool `json:"insecure"` + + // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. + // It is used as a trust anchor to validate the TLS certificate presented by the remote server. + // The key "ca.crt" is used to locate the data. + // If specified and the config map or expected key is not found, the identity provider is not honored. + // If the specified ca data is not valid, the identity provider is not honored. + // If empty, the default system roots are used. + // The namespace for this config map is openshift-config. + // +optional + CA ConfigMapNameReference `json:"ca"` + + // attributes maps LDAP attributes to identities + Attributes LDAPAttributeMapping `json:"attributes"` +} + +// LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields +type LDAPAttributeMapping struct { + // id is the list of attributes whose values should be used as the user ID. Required. + // First non-empty attribute is used. At least one attribute is required. If none of the listed + // attribute have a value, authentication fails. + // LDAP standard identity attribute is "dn" + ID []string `json:"id"` + + // preferredUsername is the list of attributes whose values should be used as the preferred username. + // LDAP standard login attribute is "uid" + // +optional + PreferredUsername []string `json:"preferredUsername,omitempty"` + + // name is the list of attributes whose values should be used as the display name. Optional. + // If unspecified, no display name is set for the identity + // LDAP standard display name attribute is "cn" + // +optional + Name []string `json:"name,omitempty"` + + // email is the list of attributes whose values should be used as the email address. Optional. + // If unspecified, no email is set for the identity + // +optional + Email []string `json:"email,omitempty"` +} + +// KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials +type KeystoneIdentityProvider struct { + // OAuthRemoteConnectionInfo contains information about how to connect to the keystone server + OAuthRemoteConnectionInfo `json:",inline"` + + // domainName is required for keystone v3 + DomainName string `json:"domainName"` + + // TODO if we ever add support for 3.11 to 4.0 upgrades, add this configuration + // useUsernameIdentity indicates that users should be authenticated by username, not keystone ID + // DEPRECATED - only use this option for legacy systems to ensure backwards compatibility + // +optional + // UseUsernameIdentity bool `json:"useUsernameIdentity"` +} + +// RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials +type RequestHeaderIdentityProvider struct { + // loginURL is a URL to redirect unauthenticated /authorize requests to + // Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here + // ${url} is replaced with the current URL, escaped to be safe in a query parameter + // https://www.example.com/sso-login?then=${url} + // ${query} is replaced with the current query string + // https://www.example.com/auth-proxy/oauth/authorize?${query} + // Required when login is set to true. + LoginURL string `json:"loginURL"` + + // challengeURL is a URL to redirect unauthenticated /authorize requests to + // Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be + // redirected here. + // ${url} is replaced with the current URL, escaped to be safe in a query parameter + // https://www.example.com/sso-login?then=${url} + // ${query} is replaced with the current query string + // https://www.example.com/auth-proxy/oauth/authorize?${query} + // Required when challenge is set to true. + ChallengeURL string `json:"challengeURL"` + + // ca is a required reference to a config map by name containing the PEM-encoded CA bundle. + // It is used as a trust anchor to validate the TLS certificate presented by the remote server. + // Specifically, it allows verification of incoming requests to prevent header spoofing. + // The key "ca.crt" is used to locate the data. + // If the config map or expected key is not found, the identity provider is not honored. + // If the specified ca data is not valid, the identity provider is not honored. + // The namespace for this config map is openshift-config. + ClientCA ConfigMapNameReference `json:"ca"` + + // clientCommonNames is an optional list of common names to require a match from. If empty, any + // client certificate validated against the clientCA bundle is considered authoritative. + // +optional + ClientCommonNames []string `json:"clientCommonNames,omitempty"` + + // headers is the set of headers to check for identity information + Headers []string `json:"headers"` + + // preferredUsernameHeaders is the set of headers to check for the preferred username + PreferredUsernameHeaders []string `json:"preferredUsernameHeaders"` + + // nameHeaders is the set of headers to check for the display name + NameHeaders []string `json:"nameHeaders"` + + // emailHeaders is the set of headers to check for the email address + EmailHeaders []string `json:"emailHeaders"` +} + +// GitHubIdentityProvider provides identities for users authenticating using GitHub credentials +type GitHubIdentityProvider struct { + // clientID is the oauth client ID + ClientID string `json:"clientID"` + + // clientSecret is a required reference to the secret by name containing the oauth client secret. + // The key "clientSecret" is used to locate the data. + // If the secret or expected key is not found, the identity provider is not honored. + // The namespace for this secret is openshift-config. + ClientSecret SecretNameReference `json:"clientSecret"` + + // organizations optionally restricts which organizations are allowed to log in + // +optional + Organizations []string `json:"organizations,omitempty"` + + // teams optionally restricts which teams are allowed to log in. Format is /. + // +optional + Teams []string `json:"teams,omitempty"` + + // hostname is the optional domain (e.g. "mycompany.com") for use with a hosted instance of + // GitHub Enterprise. + // It must match the GitHub Enterprise settings value configured at /setup/settings#hostname. + // +optional + Hostname string `json:"hostname"` + + // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. + // It is used as a trust anchor to validate the TLS certificate presented by the remote server. + // The key "ca.crt" is used to locate the data. + // If specified and the config map or expected key is not found, the identity provider is not honored. + // If the specified ca data is not valid, the identity provider is not honored. + // If empty, the default system roots are used. + // This can only be configured when hostname is set to a non-empty value. + // The namespace for this config map is openshift-config. + // +optional + CA ConfigMapNameReference `json:"ca"` +} + +// GitLabIdentityProvider provides identities for users authenticating using GitLab credentials +type GitLabIdentityProvider struct { + // clientID is the oauth client ID + ClientID string `json:"clientID"` + + // clientSecret is a required reference to the secret by name containing the oauth client secret. + // The key "clientSecret" is used to locate the data. + // If the secret or expected key is not found, the identity provider is not honored. + // The namespace for this secret is openshift-config. + ClientSecret SecretNameReference `json:"clientSecret"` + + // url is the oauth server base URL + URL string `json:"url"` + + // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. + // It is used as a trust anchor to validate the TLS certificate presented by the remote server. + // The key "ca.crt" is used to locate the data. + // If specified and the config map or expected key is not found, the identity provider is not honored. + // If the specified ca data is not valid, the identity provider is not honored. + // If empty, the default system roots are used. + // The namespace for this config map is openshift-config. + // +optional + CA ConfigMapNameReference `json:"ca"` +} + +// GoogleIdentityProvider provides identities for users authenticating using Google credentials +type GoogleIdentityProvider struct { + // clientID is the oauth client ID + ClientID string `json:"clientID"` + + // clientSecret is a required reference to the secret by name containing the oauth client secret. + // The key "clientSecret" is used to locate the data. + // If the secret or expected key is not found, the identity provider is not honored. + // The namespace for this secret is openshift-config. + ClientSecret SecretNameReference `json:"clientSecret"` + + // hostedDomain is the optional Google App domain (e.g. "mycompany.com") to restrict logins to + // +optional + HostedDomain string `json:"hostedDomain"` +} + +// OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials +type OpenIDIdentityProvider struct { + // clientID is the oauth client ID + ClientID string `json:"clientID"` + + // clientSecret is a required reference to the secret by name containing the oauth client secret. + // The key "clientSecret" is used to locate the data. + // If the secret or expected key is not found, the identity provider is not honored. + // The namespace for this secret is openshift-config. + ClientSecret SecretNameReference `json:"clientSecret"` + + // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. + // It is used as a trust anchor to validate the TLS certificate presented by the remote server. + // The key "ca.crt" is used to locate the data. + // If specified and the config map or expected key is not found, the identity provider is not honored. + // If the specified ca data is not valid, the identity provider is not honored. + // If empty, the default system roots are used. + // The namespace for this config map is openshift-config. + // +optional + CA ConfigMapNameReference `json:"ca"` + + // extraScopes are any scopes to request in addition to the standard "openid" scope. + // +optional + ExtraScopes []string `json:"extraScopes,omitempty"` + + // extraAuthorizeParameters are any custom parameters to add to the authorize request. + // +optional + ExtraAuthorizeParameters map[string]string `json:"extraAuthorizeParameters,omitempty"` + + // issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. + // It must use the https scheme with no query or fragment component. + Issuer string `json:"issuer"` + + // claims mappings + Claims OpenIDClaims `json:"claims"` +} + +// UserIDClaim is the claim used to provide a stable identifier for OIDC identities. +// Per http://openid.net/specs/openid-connect-core-1_0.html#ClaimStability +// +// "The sub (subject) and iss (issuer) Claims, used together, are the only Claims that an RP can +// rely upon as a stable identifier for the End-User, since the sub Claim MUST be locally unique +// and never reassigned within the Issuer for a particular End-User, as described in Section 2. +// Therefore, the only guaranteed unique identifier for a given End-User is the combination of the +// iss Claim and the sub Claim." +const UserIDClaim = "sub" + +// OpenIDClaim represents a claim retrieved from an OpenID provider's tokens or userInfo +// responses +// +kubebuilder:validation:MinLength=1 +type OpenIDClaim string + +// OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider +type OpenIDClaims struct { + // preferredUsername is the list of claims whose values should be used as the preferred username. + // If unspecified, the preferred username is determined from the value of the sub claim + // +listType=atomic + // +optional + PreferredUsername []string `json:"preferredUsername,omitempty"` + + // name is the list of claims whose values should be used as the display name. Optional. + // If unspecified, no display name is set for the identity + // +listType=atomic + // +optional + Name []string `json:"name,omitempty"` + + // email is the list of claims whose values should be used as the email address. Optional. + // If unspecified, no email is set for the identity + // +listType=atomic + // +optional + Email []string `json:"email,omitempty"` + + // groups is the list of claims value of which should be used to synchronize groups + // from the OIDC provider to OpenShift for the user. + // If multiple claims are specified, the first one with a non-empty value is used. + // +listType=atomic + // +optional + Groups []OpenIDClaim `json:"groups,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type OAuthList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []OAuth `json:"items"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_operatorhub.go b/etcd/vendor/github.com/openshift/api/config/v1/types_operatorhub.go new file mode 100644 index 0000000000..1fddfa51e5 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_operatorhub.go @@ -0,0 +1,96 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// OperatorHubSpec defines the desired state of OperatorHub +type OperatorHubSpec struct { + // disableAllDefaultSources allows you to disable all the default hub + // sources. If this is true, a specific entry in sources can be used to + // enable a default source. If this is false, a specific entry in + // sources can be used to disable or enable a default source. + // +optional + DisableAllDefaultSources bool `json:"disableAllDefaultSources,omitempty"` + // sources is the list of default hub sources and their configuration. + // If the list is empty, it implies that the default hub sources are + // enabled on the cluster unless disableAllDefaultSources is true. + // If disableAllDefaultSources is true and sources is not empty, + // the configuration present in sources will take precedence. The list of + // default hub sources and their current state will always be reflected in + // the status block. + // +optional + Sources []HubSource `json:"sources,omitempty"` +} + +// OperatorHubStatus defines the observed state of OperatorHub. The current +// state of the default hub sources will always be reflected here. +type OperatorHubStatus struct { + // sources encapsulates the result of applying the configuration for each + // hub source + Sources []HubSourceStatus `json:"sources,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// OperatorHub is the Schema for the operatorhubs API. It can be used to change +// the state of the default hub sources for OperatorHub on the cluster from +// enabled to disabled and vice versa. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=operatorhubs,scope=Cluster +// +kubebuilder:subresource:status +// +genclient +// +genclient:nonNamespaced +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=marketplace,operatorOrdering=01 +// +openshift:capability=marketplace +// +openshift:compatibility-gen:level=1 +type OperatorHub struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata"` + + Spec OperatorHubSpec `json:"spec"` + Status OperatorHubStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// OperatorHubList contains a list of OperatorHub +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type OperatorHubList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + Items []OperatorHub `json:"items"` +} + +// HubSource is used to specify the hub source and its configuration +type HubSource struct { + // name is the name of one of the default hub sources + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:Required + Name string `json:"name"` + // disabled is used to disable a default hub source on cluster + // +kubebuilder:Required + Disabled bool `json:"disabled"` +} + +// HubSourceStatus is used to reflect the current state of applying the +// configuration to a default source +type HubSourceStatus struct { + HubSource `json:",omitempty"` + // status indicates success or failure in applying the configuration + Status string `json:"status,omitempty"` + // message provides more information regarding failures + Message string `json:"message,omitempty"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_project.go b/etcd/vendor/github.com/openshift/api/config/v1/types_project.go new file mode 100644 index 0000000000..8d6d614b67 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_project.go @@ -0,0 +1,70 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Project holds cluster-wide information about Project. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=projects,scope=Cluster +// +kubebuilder:subresource:status +type Project struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec ProjectSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status ProjectStatus `json:"status"` +} + +// TemplateReference references a template in a specific namespace. +// The namespace must be specified at the point of use. +type TemplateReference struct { + // name is the metadata.name of the referenced project request template + Name string `json:"name"` +} + +// ProjectSpec holds the project creation configuration. +type ProjectSpec struct { + // projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint + // +optional + ProjectRequestMessage string `json:"projectRequestMessage"` + + // projectRequestTemplate is the template to use for creating projects in response to projectrequest. + // This must point to a template in 'openshift-config' namespace. It is optional. + // If it is not specified, a default template is used. + // + // +optional + ProjectRequestTemplate TemplateReference `json:"projectRequestTemplate"` +} + +type ProjectStatus struct { +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ProjectList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []Project `json:"items"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_proxy.go b/etcd/vendor/github.com/openshift/api/config/v1/types_proxy.go new file mode 100644 index 0000000000..851291bb05 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_proxy.go @@ -0,0 +1,110 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster` +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=proxies,scope=Cluster +// +kubebuilder:subresource:status +type Proxy struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // Spec holds user-settable values for the proxy configuration + // +kubebuilder:validation:Required + // +required + Spec ProxySpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status ProxyStatus `json:"status"` +} + +// ProxySpec contains cluster proxy creation configuration. +type ProxySpec struct { + // httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var. + // +optional + HTTPProxy string `json:"httpProxy,omitempty"` + + // httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var. + // +optional + HTTPSProxy string `json:"httpsProxy,omitempty"` + + // noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. + // Empty means unset and will not result in an env var. + // +optional + NoProxy string `json:"noProxy,omitempty"` + + // readinessEndpoints is a list of endpoints used to verify readiness of the proxy. + // +optional + ReadinessEndpoints []string `json:"readinessEndpoints,omitempty"` + + // trustedCA is a reference to a ConfigMap containing a CA certificate bundle. + // The trustedCA field should only be consumed by a proxy validator. The + // validator is responsible for reading the certificate bundle from the required + // key "ca-bundle.crt", merging it with the system default trust bundle, + // and writing the merged trust bundle to a ConfigMap named "trusted-ca-bundle" + // in the "openshift-config-managed" namespace. Clients that expect to make + // proxy connections must use the trusted-ca-bundle for all HTTPS requests to + // the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as + // well. + // + // The namespace for the ConfigMap referenced by trustedCA is + // "openshift-config". Here is an example ConfigMap (in yaml): + // + // apiVersion: v1 + // kind: ConfigMap + // metadata: + // name: user-ca-bundle + // namespace: openshift-config + // data: + // ca-bundle.crt: | + // -----BEGIN CERTIFICATE----- + // Custom CA certificate bundle. + // -----END CERTIFICATE----- + // + // +optional + TrustedCA ConfigMapNameReference `json:"trustedCA,omitempty"` +} + +// ProxyStatus shows current known state of the cluster proxy. +type ProxyStatus struct { + // httpProxy is the URL of the proxy for HTTP requests. + // +optional + HTTPProxy string `json:"httpProxy,omitempty"` + + // httpsProxy is the URL of the proxy for HTTPS requests. + // +optional + HTTPSProxy string `json:"httpsProxy,omitempty"` + + // noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. + // +optional + NoProxy string `json:"noProxy,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type ProxyList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []Proxy `json:"items"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_scheduling.go b/etcd/vendor/github.com/openshift/api/config/v1/types_scheduling.go new file mode 100644 index 0000000000..061c4a8835 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_scheduling.go @@ -0,0 +1,144 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Scheduler holds cluster-wide config information to run the Kubernetes Scheduler +// and influence its placement decisions. The canonical name for this config is `cluster`. +// +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=schedulers,scope=Cluster +// +kubebuilder:subresource:status +type Scheduler struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec SchedulerSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status SchedulerStatus `json:"status"` +} + +type SchedulerSpec struct { + // DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. + // policy is a reference to a ConfigMap containing scheduler policy which has + // user specified predicates and priorities. If this ConfigMap is not available + // scheduler will default to use DefaultAlgorithmProvider. + // The namespace for this configmap is openshift-config. + // +optional + Policy ConfigMapNameReference `json:"policy,omitempty"` + // profile sets which scheduling profile should be set in order to configure scheduling + // decisions for new pods. + // + // Valid values are "LowNodeUtilization", "HighNodeUtilization", "NoScoring" + // Defaults to "LowNodeUtilization" + // +optional + Profile SchedulerProfile `json:"profile,omitempty"` + // profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. + // +openshift:enable:FeatureGate=DynamicResourceAllocation + // +optional + ProfileCustomizations ProfileCustomizations `json:"profileCustomizations"` + // defaultNodeSelector helps set the cluster-wide default node selector to + // restrict pod placement to specific nodes. This is applied to the pods + // created in all namespaces and creates an intersection with any existing + // nodeSelectors already set on a pod, additionally constraining that pod's selector. + // For example, + // defaultNodeSelector: "type=user-node,region=east" would set nodeSelector + // field in pod spec to "type=user-node,region=east" to all pods created + // in all namespaces. Namespaces having project-wide node selectors won't be + // impacted even if this field is set. This adds an annotation section to + // the namespace. + // For example, if a new namespace is created with + // node-selector='type=user-node,region=east', + // the annotation openshift.io/node-selector: type=user-node,region=east + // gets added to the project. When the openshift.io/node-selector annotation + // is set on the project the value is used in preference to the value we are setting + // for defaultNodeSelector field. + // For instance, + // openshift.io/node-selector: "type=user-node,region=west" means + // that the default of "type=user-node,region=east" set in defaultNodeSelector + // would not be applied. + // +optional + DefaultNodeSelector string `json:"defaultNodeSelector,omitempty"` + // MastersSchedulable allows masters nodes to be schedulable. When this flag is + // turned on, all the master nodes in the cluster will be made schedulable, + // so that workload pods can run on them. The default value for this field is false, + // meaning none of the master nodes are schedulable. + // Important Note: Once the workload pods start running on the master nodes, + // extreme care must be taken to ensure that cluster-critical control plane components + // are not impacted. + // Please turn on this field after doing due diligence. + // +optional + MastersSchedulable bool `json:"mastersSchedulable"` +} + +// +kubebuilder:validation:Enum="";LowNodeUtilization;HighNodeUtilization;NoScoring +type SchedulerProfile string + +var ( + // LowNodeUtililization is the default, and defines a scheduling profile which prefers to + // spread pods evenly among nodes targeting low resource consumption on each node. + LowNodeUtilization SchedulerProfile = "LowNodeUtilization" + + // HighNodeUtilization defines a scheduling profile which packs as many pods as possible onto + // as few nodes as possible targeting a small node count but high resource usage on each node. + HighNodeUtilization SchedulerProfile = "HighNodeUtilization" + + // NoScoring defines a scheduling profile which tries to provide lower-latency scheduling + // at the expense of potentially less optimal pod placement decisions. + NoScoring SchedulerProfile = "NoScoring" +) + +// ProfileCustomizations contains various parameters for modifying the default behavior of certain profiles +type ProfileCustomizations struct { + // dynamicResourceAllocation allows to enable or disable dynamic resource allocation within the scheduler. + // Dynamic resource allocation is an API for requesting and sharing resources between pods and containers inside a pod. + // Third-party resource drivers are responsible for tracking and allocating resources. + // Different kinds of resources support arbitrary parameters for defining requirements and initialization. + // Valid values are Enabled, Disabled and omitted. + // When omitted, this means no opinion and the platform is left to choose a reasonable default, + // which is subject to change over time. + // The current default is Disabled. + // +optional + DynamicResourceAllocation DRAEnablement `json:"dynamicResourceAllocation"` +} + +// +kubebuilder:validation:Enum:="";"Enabled";"Disabled" +type DRAEnablement string + +var ( + // DRAEnablementEnabled enables dynamic resource allocation feature + DRAEnablementEnabled DRAEnablement = "Enabled" + // DRAEnablementDisabled disables dynamic resource allocation feature + DRAEnablementDisabled DRAEnablement = "Disabled" +) + +type SchedulerStatus struct { +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). +// +openshift:compatibility-gen:level=1 +type SchedulerList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []Scheduler `json:"items"` +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go b/etcd/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go new file mode 100644 index 0000000000..c5dea1a032 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go @@ -0,0 +1,311 @@ +package v1 + +// TLSSecurityProfile defines the schema for a TLS security profile. This object +// is used by operators to apply TLS security settings to operands. +// +union +type TLSSecurityProfile struct { + // type is one of Old, Intermediate, Modern or Custom. Custom provides + // the ability to specify individual TLS security profile parameters. + // Old, Intermediate and Modern are TLS security profiles based on: + // + // https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + // + // The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers + // are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be + // reduced. + // + // Note that the Modern profile is currently not supported because it is not + // yet well adopted by common software libraries. + // + // +unionDiscriminator + // +optional + Type TLSProfileType `json:"type"` + // old is a TLS security profile based on: + // + // https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + // + // and looks like this (yaml): + // + // ciphers: + // + // - TLS_AES_128_GCM_SHA256 + // + // - TLS_AES_256_GCM_SHA384 + // + // - TLS_CHACHA20_POLY1305_SHA256 + // + // - ECDHE-ECDSA-AES128-GCM-SHA256 + // + // - ECDHE-RSA-AES128-GCM-SHA256 + // + // - ECDHE-ECDSA-AES256-GCM-SHA384 + // + // - ECDHE-RSA-AES256-GCM-SHA384 + // + // - ECDHE-ECDSA-CHACHA20-POLY1305 + // + // - ECDHE-RSA-CHACHA20-POLY1305 + // + // - DHE-RSA-AES128-GCM-SHA256 + // + // - DHE-RSA-AES256-GCM-SHA384 + // + // - DHE-RSA-CHACHA20-POLY1305 + // + // - ECDHE-ECDSA-AES128-SHA256 + // + // - ECDHE-RSA-AES128-SHA256 + // + // - ECDHE-ECDSA-AES128-SHA + // + // - ECDHE-RSA-AES128-SHA + // + // - ECDHE-ECDSA-AES256-SHA384 + // + // - ECDHE-RSA-AES256-SHA384 + // + // - ECDHE-ECDSA-AES256-SHA + // + // - ECDHE-RSA-AES256-SHA + // + // - DHE-RSA-AES128-SHA256 + // + // - DHE-RSA-AES256-SHA256 + // + // - AES128-GCM-SHA256 + // + // - AES256-GCM-SHA384 + // + // - AES128-SHA256 + // + // - AES256-SHA256 + // + // - AES128-SHA + // + // - AES256-SHA + // + // - DES-CBC3-SHA + // + // minTLSVersion: VersionTLS10 + // + // +optional + // +nullable + Old *OldTLSProfile `json:"old,omitempty"` + // intermediate is a TLS security profile based on: + // + // https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + // + // and looks like this (yaml): + // + // ciphers: + // + // - TLS_AES_128_GCM_SHA256 + // + // - TLS_AES_256_GCM_SHA384 + // + // - TLS_CHACHA20_POLY1305_SHA256 + // + // - ECDHE-ECDSA-AES128-GCM-SHA256 + // + // - ECDHE-RSA-AES128-GCM-SHA256 + // + // - ECDHE-ECDSA-AES256-GCM-SHA384 + // + // - ECDHE-RSA-AES256-GCM-SHA384 + // + // - ECDHE-ECDSA-CHACHA20-POLY1305 + // + // - ECDHE-RSA-CHACHA20-POLY1305 + // + // - DHE-RSA-AES128-GCM-SHA256 + // + // - DHE-RSA-AES256-GCM-SHA384 + // + // minTLSVersion: VersionTLS12 + // + // +optional + // +nullable + Intermediate *IntermediateTLSProfile `json:"intermediate,omitempty"` + // modern is a TLS security profile based on: + // + // https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + // + // and looks like this (yaml): + // + // ciphers: + // + // - TLS_AES_128_GCM_SHA256 + // + // - TLS_AES_256_GCM_SHA384 + // + // - TLS_CHACHA20_POLY1305_SHA256 + // + // minTLSVersion: VersionTLS13 + // + // +optional + // +nullable + Modern *ModernTLSProfile `json:"modern,omitempty"` + // custom is a user-defined TLS security profile. Be extremely careful using a custom + // profile as invalid configurations can be catastrophic. An example custom profile + // looks like this: + // + // ciphers: + // + // - ECDHE-ECDSA-CHACHA20-POLY1305 + // + // - ECDHE-RSA-CHACHA20-POLY1305 + // + // - ECDHE-RSA-AES128-GCM-SHA256 + // + // - ECDHE-ECDSA-AES128-GCM-SHA256 + // + // minTLSVersion: VersionTLS11 + // + // +optional + // +nullable + Custom *CustomTLSProfile `json:"custom,omitempty"` +} + +// OldTLSProfile is a TLS security profile based on: +// https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility +type OldTLSProfile struct{} + +// IntermediateTLSProfile is a TLS security profile based on: +// https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 +type IntermediateTLSProfile struct{} + +// ModernTLSProfile is a TLS security profile based on: +// https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility +type ModernTLSProfile struct{} + +// CustomTLSProfile is a user-defined TLS security profile. Be extremely careful +// using a custom TLS profile as invalid configurations can be catastrophic. +type CustomTLSProfile struct { + TLSProfileSpec `json:",inline"` +} + +// TLSProfileType defines a TLS security profile type. +// +kubebuilder:validation:Enum=Old;Intermediate;Modern;Custom +type TLSProfileType string + +const ( + // Old is a TLS security profile based on: + // https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + TLSProfileOldType TLSProfileType = "Old" + // Intermediate is a TLS security profile based on: + // https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 + TLSProfileIntermediateType TLSProfileType = "Intermediate" + // Modern is a TLS security profile based on: + // https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + TLSProfileModernType TLSProfileType = "Modern" + // Custom is a TLS security profile that allows for user-defined parameters. + TLSProfileCustomType TLSProfileType = "Custom" +) + +// TLSProfileSpec is the desired behavior of a TLSSecurityProfile. +type TLSProfileSpec struct { + // ciphers is used to specify the cipher algorithms that are negotiated + // during the TLS handshake. Operators may remove entries their operands + // do not support. For example, to use DES-CBC3-SHA (yaml): + // + // ciphers: + // - DES-CBC3-SHA + // + Ciphers []string `json:"ciphers"` + // minTLSVersion is used to specify the minimal version of the TLS protocol + // that is negotiated during the TLS handshake. For example, to use TLS + // versions 1.1, 1.2 and 1.3 (yaml): + // + // minTLSVersion: VersionTLS11 + // + // NOTE: currently the highest minTLSVersion allowed is VersionTLS12 + // + MinTLSVersion TLSProtocolVersion `json:"minTLSVersion"` +} + +// TLSProtocolVersion is a way to specify the protocol version used for TLS connections. +// Protocol versions are based on the following most common TLS configurations: +// +// https://ssl-config.mozilla.org/ +// +// Note that SSLv3.0 is not a supported protocol version due to well known +// vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE +// +kubebuilder:validation:Enum=VersionTLS10;VersionTLS11;VersionTLS12;VersionTLS13 +type TLSProtocolVersion string + +const ( + // VersionTLSv10 is version 1.0 of the TLS security protocol. + VersionTLS10 TLSProtocolVersion = "VersionTLS10" + // VersionTLSv11 is version 1.1 of the TLS security protocol. + VersionTLS11 TLSProtocolVersion = "VersionTLS11" + // VersionTLSv12 is version 1.2 of the TLS security protocol. + VersionTLS12 TLSProtocolVersion = "VersionTLS12" + // VersionTLSv13 is version 1.3 of the TLS security protocol. + VersionTLS13 TLSProtocolVersion = "VersionTLS13" +) + +// TLSProfiles Contains a map of TLSProfileType names to TLSProfileSpec. +// +// NOTE: The caller needs to make sure to check that these constants are valid for their binary. Not all +// entries map to values for all binaries. In the case of ties, the kube-apiserver wins. Do not fail, +// just be sure to whitelist only and everything will be ok. +var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ + TLSProfileOldType: { + Ciphers: []string{ + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "DHE-RSA-AES128-GCM-SHA256", + "DHE-RSA-AES256-GCM-SHA384", + "DHE-RSA-CHACHA20-POLY1305", + "ECDHE-ECDSA-AES128-SHA256", + "ECDHE-RSA-AES128-SHA256", + "ECDHE-ECDSA-AES128-SHA", + "ECDHE-RSA-AES128-SHA", + "ECDHE-ECDSA-AES256-SHA384", + "ECDHE-RSA-AES256-SHA384", + "ECDHE-ECDSA-AES256-SHA", + "ECDHE-RSA-AES256-SHA", + "DHE-RSA-AES128-SHA256", + "DHE-RSA-AES256-SHA256", + "AES128-GCM-SHA256", + "AES256-GCM-SHA384", + "AES128-SHA256", + "AES256-SHA256", + "AES128-SHA", + "AES256-SHA", + "DES-CBC3-SHA", + }, + MinTLSVersion: VersionTLS10, + }, + TLSProfileIntermediateType: { + Ciphers: []string{ + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + "DHE-RSA-AES128-GCM-SHA256", + "DHE-RSA-AES256-GCM-SHA384", + }, + MinTLSVersion: VersionTLS12, + }, + TLSProfileModernType: { + Ciphers: []string{ + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256", + }, + MinTLSVersion: VersionTLS13, + }, +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go new file mode 100644 index 0000000000..02c2d7221d --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -0,0 +1,5981 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServer) DeepCopyInto(out *APIServer) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServer. +func (in *APIServer) DeepCopy() *APIServer { + if in == nil { + return nil + } + out := new(APIServer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *APIServer) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServerEncryption) DeepCopyInto(out *APIServerEncryption) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServerEncryption. +func (in *APIServerEncryption) DeepCopy() *APIServerEncryption { + if in == nil { + return nil + } + out := new(APIServerEncryption) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServerList) DeepCopyInto(out *APIServerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]APIServer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServerList. +func (in *APIServerList) DeepCopy() *APIServerList { + if in == nil { + return nil + } + out := new(APIServerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *APIServerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServerNamedServingCert) DeepCopyInto(out *APIServerNamedServingCert) { + *out = *in + if in.Names != nil { + in, out := &in.Names, &out.Names + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.ServingCertificate = in.ServingCertificate + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServerNamedServingCert. +func (in *APIServerNamedServingCert) DeepCopy() *APIServerNamedServingCert { + if in == nil { + return nil + } + out := new(APIServerNamedServingCert) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServerServingCerts) DeepCopyInto(out *APIServerServingCerts) { + *out = *in + if in.NamedCertificates != nil { + in, out := &in.NamedCertificates, &out.NamedCertificates + *out = make([]APIServerNamedServingCert, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServerServingCerts. +func (in *APIServerServingCerts) DeepCopy() *APIServerServingCerts { + if in == nil { + return nil + } + out := new(APIServerServingCerts) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServerSpec) DeepCopyInto(out *APIServerSpec) { + *out = *in + in.ServingCerts.DeepCopyInto(&out.ServingCerts) + out.ClientCA = in.ClientCA + if in.AdditionalCORSAllowedOrigins != nil { + in, out := &in.AdditionalCORSAllowedOrigins, &out.AdditionalCORSAllowedOrigins + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.Encryption = in.Encryption + if in.TLSSecurityProfile != nil { + in, out := &in.TLSSecurityProfile, &out.TLSSecurityProfile + *out = new(TLSSecurityProfile) + (*in).DeepCopyInto(*out) + } + in.Audit.DeepCopyInto(&out.Audit) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServerSpec. +func (in *APIServerSpec) DeepCopy() *APIServerSpec { + if in == nil { + return nil + } + out := new(APIServerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *APIServerStatus) DeepCopyInto(out *APIServerStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIServerStatus. +func (in *APIServerStatus) DeepCopy() *APIServerStatus { + if in == nil { + return nil + } + out := new(APIServerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSDNSSpec) DeepCopyInto(out *AWSDNSSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSDNSSpec. +func (in *AWSDNSSpec) DeepCopy() *AWSDNSSpec { + if in == nil { + return nil + } + out := new(AWSDNSSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSIngressSpec) DeepCopyInto(out *AWSIngressSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSIngressSpec. +func (in *AWSIngressSpec) DeepCopy() *AWSIngressSpec { + if in == nil { + return nil + } + out := new(AWSIngressSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSPlatformSpec) DeepCopyInto(out *AWSPlatformSpec) { + *out = *in + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]AWSServiceEndpoint, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSPlatformSpec. +func (in *AWSPlatformSpec) DeepCopy() *AWSPlatformSpec { + if in == nil { + return nil + } + out := new(AWSPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSPlatformStatus) DeepCopyInto(out *AWSPlatformStatus) { + *out = *in + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]AWSServiceEndpoint, len(*in)) + copy(*out, *in) + } + if in.ResourceTags != nil { + in, out := &in.ResourceTags, &out.ResourceTags + *out = make([]AWSResourceTag, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSPlatformStatus. +func (in *AWSPlatformStatus) DeepCopy() *AWSPlatformStatus { + if in == nil { + return nil + } + out := new(AWSPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSResourceTag) DeepCopyInto(out *AWSResourceTag) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSResourceTag. +func (in *AWSResourceTag) DeepCopy() *AWSResourceTag { + if in == nil { + return nil + } + out := new(AWSResourceTag) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSServiceEndpoint) DeepCopyInto(out *AWSServiceEndpoint) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSServiceEndpoint. +func (in *AWSServiceEndpoint) DeepCopy() *AWSServiceEndpoint { + if in == nil { + return nil + } + out := new(AWSServiceEndpoint) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdmissionConfig) DeepCopyInto(out *AdmissionConfig) { + *out = *in + if in.PluginConfig != nil { + in, out := &in.PluginConfig, &out.PluginConfig + *out = make(map[string]AdmissionPluginConfig, len(*in)) + for key, val := range *in { + (*out)[key] = *val.DeepCopy() + } + } + if in.EnabledAdmissionPlugins != nil { + in, out := &in.EnabledAdmissionPlugins, &out.EnabledAdmissionPlugins + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.DisabledAdmissionPlugins != nil { + in, out := &in.DisabledAdmissionPlugins, &out.DisabledAdmissionPlugins + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionConfig. +func (in *AdmissionConfig) DeepCopy() *AdmissionConfig { + if in == nil { + return nil + } + out := new(AdmissionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdmissionPluginConfig) DeepCopyInto(out *AdmissionPluginConfig) { + *out = *in + in.Configuration.DeepCopyInto(&out.Configuration) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionPluginConfig. +func (in *AdmissionPluginConfig) DeepCopy() *AdmissionPluginConfig { + if in == nil { + return nil + } + out := new(AdmissionPluginConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AlibabaCloudPlatformSpec) DeepCopyInto(out *AlibabaCloudPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaCloudPlatformSpec. +func (in *AlibabaCloudPlatformSpec) DeepCopy() *AlibabaCloudPlatformSpec { + if in == nil { + return nil + } + out := new(AlibabaCloudPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AlibabaCloudPlatformStatus) DeepCopyInto(out *AlibabaCloudPlatformStatus) { + *out = *in + if in.ResourceTags != nil { + in, out := &in.ResourceTags, &out.ResourceTags + *out = make([]AlibabaCloudResourceTag, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaCloudPlatformStatus. +func (in *AlibabaCloudPlatformStatus) DeepCopy() *AlibabaCloudPlatformStatus { + if in == nil { + return nil + } + out := new(AlibabaCloudPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AlibabaCloudResourceTag) DeepCopyInto(out *AlibabaCloudResourceTag) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AlibabaCloudResourceTag. +func (in *AlibabaCloudResourceTag) DeepCopy() *AlibabaCloudResourceTag { + if in == nil { + return nil + } + out := new(AlibabaCloudResourceTag) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Audit) DeepCopyInto(out *Audit) { + *out = *in + if in.CustomRules != nil { + in, out := &in.CustomRules, &out.CustomRules + *out = make([]AuditCustomRule, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Audit. +func (in *Audit) DeepCopy() *Audit { + if in == nil { + return nil + } + out := new(Audit) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuditConfig) DeepCopyInto(out *AuditConfig) { + *out = *in + in.PolicyConfiguration.DeepCopyInto(&out.PolicyConfiguration) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditConfig. +func (in *AuditConfig) DeepCopy() *AuditConfig { + if in == nil { + return nil + } + out := new(AuditConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuditCustomRule) DeepCopyInto(out *AuditCustomRule) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuditCustomRule. +func (in *AuditCustomRule) DeepCopy() *AuditCustomRule { + if in == nil { + return nil + } + out := new(AuditCustomRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Authentication) DeepCopyInto(out *Authentication) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Authentication. +func (in *Authentication) DeepCopy() *Authentication { + if in == nil { + return nil + } + out := new(Authentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Authentication) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthenticationList) DeepCopyInto(out *AuthenticationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Authentication, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationList. +func (in *AuthenticationList) DeepCopy() *AuthenticationList { + if in == nil { + return nil + } + out := new(AuthenticationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AuthenticationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthenticationSpec) DeepCopyInto(out *AuthenticationSpec) { + *out = *in + out.OAuthMetadata = in.OAuthMetadata + if in.WebhookTokenAuthenticators != nil { + in, out := &in.WebhookTokenAuthenticators, &out.WebhookTokenAuthenticators + *out = make([]DeprecatedWebhookTokenAuthenticator, len(*in)) + copy(*out, *in) + } + if in.WebhookTokenAuthenticator != nil { + in, out := &in.WebhookTokenAuthenticator, &out.WebhookTokenAuthenticator + *out = new(WebhookTokenAuthenticator) + **out = **in + } + if in.OIDCProviders != nil { + in, out := &in.OIDCProviders, &out.OIDCProviders + *out = make([]OIDCProvider, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationSpec. +func (in *AuthenticationSpec) DeepCopy() *AuthenticationSpec { + if in == nil { + return nil + } + out := new(AuthenticationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthenticationStatus) DeepCopyInto(out *AuthenticationStatus) { + *out = *in + out.IntegratedOAuthMetadata = in.IntegratedOAuthMetadata + if in.OIDCClients != nil { + in, out := &in.OIDCClients, &out.OIDCClients + *out = make([]OIDCClientStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationStatus. +func (in *AuthenticationStatus) DeepCopy() *AuthenticationStatus { + if in == nil { + return nil + } + out := new(AuthenticationStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzurePlatformSpec) DeepCopyInto(out *AzurePlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzurePlatformSpec. +func (in *AzurePlatformSpec) DeepCopy() *AzurePlatformSpec { + if in == nil { + return nil + } + out := new(AzurePlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzurePlatformStatus) DeepCopyInto(out *AzurePlatformStatus) { + *out = *in + if in.ResourceTags != nil { + in, out := &in.ResourceTags, &out.ResourceTags + *out = make([]AzureResourceTag, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzurePlatformStatus. +func (in *AzurePlatformStatus) DeepCopy() *AzurePlatformStatus { + if in == nil { + return nil + } + out := new(AzurePlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureResourceTag) DeepCopyInto(out *AzureResourceTag) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureResourceTag. +func (in *AzureResourceTag) DeepCopy() *AzureResourceTag { + if in == nil { + return nil + } + out := new(AzureResourceTag) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BareMetalPlatformLoadBalancer) DeepCopyInto(out *BareMetalPlatformLoadBalancer) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BareMetalPlatformLoadBalancer. +func (in *BareMetalPlatformLoadBalancer) DeepCopy() *BareMetalPlatformLoadBalancer { + if in == nil { + return nil + } + out := new(BareMetalPlatformLoadBalancer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BareMetalPlatformSpec) DeepCopyInto(out *BareMetalPlatformSpec) { + *out = *in + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + if in.MachineNetworks != nil { + in, out := &in.MachineNetworks, &out.MachineNetworks + *out = make([]CIDR, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BareMetalPlatformSpec. +func (in *BareMetalPlatformSpec) DeepCopy() *BareMetalPlatformSpec { + if in == nil { + return nil + } + out := new(BareMetalPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BareMetalPlatformStatus) DeepCopyInto(out *BareMetalPlatformStatus) { + *out = *in + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.LoadBalancer != nil { + in, out := &in.LoadBalancer, &out.LoadBalancer + *out = new(BareMetalPlatformLoadBalancer) + **out = **in + } + if in.MachineNetworks != nil { + in, out := &in.MachineNetworks, &out.MachineNetworks + *out = make([]CIDR, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BareMetalPlatformStatus. +func (in *BareMetalPlatformStatus) DeepCopy() *BareMetalPlatformStatus { + if in == nil { + return nil + } + out := new(BareMetalPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BasicAuthIdentityProvider) DeepCopyInto(out *BasicAuthIdentityProvider) { + *out = *in + out.OAuthRemoteConnectionInfo = in.OAuthRemoteConnectionInfo + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BasicAuthIdentityProvider. +func (in *BasicAuthIdentityProvider) DeepCopy() *BasicAuthIdentityProvider { + if in == nil { + return nil + } + out := new(BasicAuthIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Build) DeepCopyInto(out *Build) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Build. +func (in *Build) DeepCopy() *Build { + if in == nil { + return nil + } + out := new(Build) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Build) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BuildDefaults) DeepCopyInto(out *BuildDefaults) { + *out = *in + if in.DefaultProxy != nil { + in, out := &in.DefaultProxy, &out.DefaultProxy + *out = new(ProxySpec) + (*in).DeepCopyInto(*out) + } + if in.GitProxy != nil { + in, out := &in.GitProxy, &out.GitProxy + *out = new(ProxySpec) + (*in).DeepCopyInto(*out) + } + if in.Env != nil { + in, out := &in.Env, &out.Env + *out = make([]corev1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ImageLabels != nil { + in, out := &in.ImageLabels, &out.ImageLabels + *out = make([]ImageLabel, len(*in)) + copy(*out, *in) + } + in.Resources.DeepCopyInto(&out.Resources) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BuildDefaults. +func (in *BuildDefaults) DeepCopy() *BuildDefaults { + if in == nil { + return nil + } + out := new(BuildDefaults) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BuildList) DeepCopyInto(out *BuildList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Build, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BuildList. +func (in *BuildList) DeepCopy() *BuildList { + if in == nil { + return nil + } + out := new(BuildList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *BuildList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BuildOverrides) DeepCopyInto(out *BuildOverrides) { + *out = *in + if in.ImageLabels != nil { + in, out := &in.ImageLabels, &out.ImageLabels + *out = make([]ImageLabel, len(*in)) + copy(*out, *in) + } + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]corev1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ForcePull != nil { + in, out := &in.ForcePull, &out.ForcePull + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BuildOverrides. +func (in *BuildOverrides) DeepCopy() *BuildOverrides { + if in == nil { + return nil + } + out := new(BuildOverrides) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BuildSpec) DeepCopyInto(out *BuildSpec) { + *out = *in + out.AdditionalTrustedCA = in.AdditionalTrustedCA + in.BuildDefaults.DeepCopyInto(&out.BuildDefaults) + in.BuildOverrides.DeepCopyInto(&out.BuildOverrides) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BuildSpec. +func (in *BuildSpec) DeepCopy() *BuildSpec { + if in == nil { + return nil + } + out := new(BuildSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertInfo) DeepCopyInto(out *CertInfo) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertInfo. +func (in *CertInfo) DeepCopy() *CertInfo { + if in == nil { + return nil + } + out := new(CertInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClientConnectionOverrides) DeepCopyInto(out *ClientConnectionOverrides) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientConnectionOverrides. +func (in *ClientConnectionOverrides) DeepCopy() *ClientConnectionOverrides { + if in == nil { + return nil + } + out := new(ClientConnectionOverrides) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudControllerManagerStatus) DeepCopyInto(out *CloudControllerManagerStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudControllerManagerStatus. +func (in *CloudControllerManagerStatus) DeepCopy() *CloudControllerManagerStatus { + if in == nil { + return nil + } + out := new(CloudControllerManagerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudLoadBalancerConfig) DeepCopyInto(out *CloudLoadBalancerConfig) { + *out = *in + if in.ClusterHosted != nil { + in, out := &in.ClusterHosted, &out.ClusterHosted + *out = new(CloudLoadBalancerIPs) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudLoadBalancerConfig. +func (in *CloudLoadBalancerConfig) DeepCopy() *CloudLoadBalancerConfig { + if in == nil { + return nil + } + out := new(CloudLoadBalancerConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudLoadBalancerIPs) DeepCopyInto(out *CloudLoadBalancerIPs) { + *out = *in + if in.APIIntLoadBalancerIPs != nil { + in, out := &in.APIIntLoadBalancerIPs, &out.APIIntLoadBalancerIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + if in.APILoadBalancerIPs != nil { + in, out := &in.APILoadBalancerIPs, &out.APILoadBalancerIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + if in.IngressLoadBalancerIPs != nil { + in, out := &in.IngressLoadBalancerIPs, &out.IngressLoadBalancerIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudLoadBalancerIPs. +func (in *CloudLoadBalancerIPs) DeepCopy() *CloudLoadBalancerIPs { + if in == nil { + return nil + } + out := new(CloudLoadBalancerIPs) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterCondition) DeepCopyInto(out *ClusterCondition) { + *out = *in + if in.PromQL != nil { + in, out := &in.PromQL, &out.PromQL + *out = new(PromQLClusterCondition) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCondition. +func (in *ClusterCondition) DeepCopy() *ClusterCondition { + if in == nil { + return nil + } + out := new(ClusterCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterNetworkEntry) DeepCopyInto(out *ClusterNetworkEntry) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkEntry. +func (in *ClusterNetworkEntry) DeepCopy() *ClusterNetworkEntry { + if in == nil { + return nil + } + out := new(ClusterNetworkEntry) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterOperator) DeepCopyInto(out *ClusterOperator) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterOperator. +func (in *ClusterOperator) DeepCopy() *ClusterOperator { + if in == nil { + return nil + } + out := new(ClusterOperator) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterOperator) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterOperatorList) DeepCopyInto(out *ClusterOperatorList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterOperator, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterOperatorList. +func (in *ClusterOperatorList) DeepCopy() *ClusterOperatorList { + if in == nil { + return nil + } + out := new(ClusterOperatorList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterOperatorList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterOperatorSpec) DeepCopyInto(out *ClusterOperatorSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterOperatorSpec. +func (in *ClusterOperatorSpec) DeepCopy() *ClusterOperatorSpec { + if in == nil { + return nil + } + out := new(ClusterOperatorSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterOperatorStatus) DeepCopyInto(out *ClusterOperatorStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]ClusterOperatorStatusCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Versions != nil { + in, out := &in.Versions, &out.Versions + *out = make([]OperandVersion, len(*in)) + copy(*out, *in) + } + if in.RelatedObjects != nil { + in, out := &in.RelatedObjects, &out.RelatedObjects + *out = make([]ObjectReference, len(*in)) + copy(*out, *in) + } + in.Extension.DeepCopyInto(&out.Extension) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterOperatorStatus. +func (in *ClusterOperatorStatus) DeepCopy() *ClusterOperatorStatus { + if in == nil { + return nil + } + out := new(ClusterOperatorStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterOperatorStatusCondition) DeepCopyInto(out *ClusterOperatorStatusCondition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterOperatorStatusCondition. +func (in *ClusterOperatorStatusCondition) DeepCopy() *ClusterOperatorStatusCondition { + if in == nil { + return nil + } + out := new(ClusterOperatorStatusCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterVersion) DeepCopyInto(out *ClusterVersion) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterVersion. +func (in *ClusterVersion) DeepCopy() *ClusterVersion { + if in == nil { + return nil + } + out := new(ClusterVersion) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterVersion) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterVersionCapabilitiesSpec) DeepCopyInto(out *ClusterVersionCapabilitiesSpec) { + *out = *in + if in.AdditionalEnabledCapabilities != nil { + in, out := &in.AdditionalEnabledCapabilities, &out.AdditionalEnabledCapabilities + *out = make([]ClusterVersionCapability, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterVersionCapabilitiesSpec. +func (in *ClusterVersionCapabilitiesSpec) DeepCopy() *ClusterVersionCapabilitiesSpec { + if in == nil { + return nil + } + out := new(ClusterVersionCapabilitiesSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterVersionCapabilitiesStatus) DeepCopyInto(out *ClusterVersionCapabilitiesStatus) { + *out = *in + if in.EnabledCapabilities != nil { + in, out := &in.EnabledCapabilities, &out.EnabledCapabilities + *out = make([]ClusterVersionCapability, len(*in)) + copy(*out, *in) + } + if in.KnownCapabilities != nil { + in, out := &in.KnownCapabilities, &out.KnownCapabilities + *out = make([]ClusterVersionCapability, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterVersionCapabilitiesStatus. +func (in *ClusterVersionCapabilitiesStatus) DeepCopy() *ClusterVersionCapabilitiesStatus { + if in == nil { + return nil + } + out := new(ClusterVersionCapabilitiesStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterVersionList) DeepCopyInto(out *ClusterVersionList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterVersion, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterVersionList. +func (in *ClusterVersionList) DeepCopy() *ClusterVersionList { + if in == nil { + return nil + } + out := new(ClusterVersionList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterVersionList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterVersionSpec) DeepCopyInto(out *ClusterVersionSpec) { + *out = *in + if in.DesiredUpdate != nil { + in, out := &in.DesiredUpdate, &out.DesiredUpdate + *out = new(Update) + **out = **in + } + if in.Capabilities != nil { + in, out := &in.Capabilities, &out.Capabilities + *out = new(ClusterVersionCapabilitiesSpec) + (*in).DeepCopyInto(*out) + } + if in.SignatureStores != nil { + in, out := &in.SignatureStores, &out.SignatureStores + *out = make([]SignatureStore, len(*in)) + copy(*out, *in) + } + if in.Overrides != nil { + in, out := &in.Overrides, &out.Overrides + *out = make([]ComponentOverride, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterVersionSpec. +func (in *ClusterVersionSpec) DeepCopy() *ClusterVersionSpec { + if in == nil { + return nil + } + out := new(ClusterVersionSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterVersionStatus) DeepCopyInto(out *ClusterVersionStatus) { + *out = *in + in.Desired.DeepCopyInto(&out.Desired) + if in.History != nil { + in, out := &in.History, &out.History + *out = make([]UpdateHistory, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.Capabilities.DeepCopyInto(&out.Capabilities) + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]ClusterOperatorStatusCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.AvailableUpdates != nil { + in, out := &in.AvailableUpdates, &out.AvailableUpdates + *out = make([]Release, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.ConditionalUpdates != nil { + in, out := &in.ConditionalUpdates, &out.ConditionalUpdates + *out = make([]ConditionalUpdate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterVersionStatus. +func (in *ClusterVersionStatus) DeepCopy() *ClusterVersionStatus { + if in == nil { + return nil + } + out := new(ClusterVersionStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ComponentOverride) DeepCopyInto(out *ComponentOverride) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentOverride. +func (in *ComponentOverride) DeepCopy() *ComponentOverride { + if in == nil { + return nil + } + out := new(ComponentOverride) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ComponentRouteSpec) DeepCopyInto(out *ComponentRouteSpec) { + *out = *in + out.ServingCertKeyPairSecret = in.ServingCertKeyPairSecret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentRouteSpec. +func (in *ComponentRouteSpec) DeepCopy() *ComponentRouteSpec { + if in == nil { + return nil + } + out := new(ComponentRouteSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ComponentRouteStatus) DeepCopyInto(out *ComponentRouteStatus) { + *out = *in + if in.ConsumingUsers != nil { + in, out := &in.ConsumingUsers, &out.ConsumingUsers + *out = make([]ConsumingUser, len(*in)) + copy(*out, *in) + } + if in.CurrentHostnames != nil { + in, out := &in.CurrentHostnames, &out.CurrentHostnames + *out = make([]Hostname, len(*in)) + copy(*out, *in) + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RelatedObjects != nil { + in, out := &in.RelatedObjects, &out.RelatedObjects + *out = make([]ObjectReference, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentRouteStatus. +func (in *ComponentRouteStatus) DeepCopy() *ComponentRouteStatus { + if in == nil { + return nil + } + out := new(ComponentRouteStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConditionalUpdate) DeepCopyInto(out *ConditionalUpdate) { + *out = *in + in.Release.DeepCopyInto(&out.Release) + if in.Risks != nil { + in, out := &in.Risks, &out.Risks + *out = make([]ConditionalUpdateRisk, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionalUpdate. +func (in *ConditionalUpdate) DeepCopy() *ConditionalUpdate { + if in == nil { + return nil + } + out := new(ConditionalUpdate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConditionalUpdateRisk) DeepCopyInto(out *ConditionalUpdateRisk) { + *out = *in + if in.MatchingRules != nil { + in, out := &in.MatchingRules, &out.MatchingRules + *out = make([]ClusterCondition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConditionalUpdateRisk. +func (in *ConditionalUpdateRisk) DeepCopy() *ConditionalUpdateRisk { + if in == nil { + return nil + } + out := new(ConditionalUpdateRisk) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigMapFileReference) DeepCopyInto(out *ConfigMapFileReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapFileReference. +func (in *ConfigMapFileReference) DeepCopy() *ConfigMapFileReference { + if in == nil { + return nil + } + out := new(ConfigMapFileReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigMapNameReference) DeepCopyInto(out *ConfigMapNameReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigMapNameReference. +func (in *ConfigMapNameReference) DeepCopy() *ConfigMapNameReference { + if in == nil { + return nil + } + out := new(ConfigMapNameReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Console) DeepCopyInto(out *Console) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Console. +func (in *Console) DeepCopy() *Console { + if in == nil { + return nil + } + out := new(Console) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Console) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleAuthentication) DeepCopyInto(out *ConsoleAuthentication) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleAuthentication. +func (in *ConsoleAuthentication) DeepCopy() *ConsoleAuthentication { + if in == nil { + return nil + } + out := new(ConsoleAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleList) DeepCopyInto(out *ConsoleList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Console, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleList. +func (in *ConsoleList) DeepCopy() *ConsoleList { + if in == nil { + return nil + } + out := new(ConsoleList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ConsoleList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleSpec) DeepCopyInto(out *ConsoleSpec) { + *out = *in + out.Authentication = in.Authentication + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleSpec. +func (in *ConsoleSpec) DeepCopy() *ConsoleSpec { + if in == nil { + return nil + } + out := new(ConsoleSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsoleStatus) DeepCopyInto(out *ConsoleStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsoleStatus. +func (in *ConsoleStatus) DeepCopy() *ConsoleStatus { + if in == nil { + return nil + } + out := new(ConsoleStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomFeatureGates) DeepCopyInto(out *CustomFeatureGates) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = make([]FeatureGateName, len(*in)) + copy(*out, *in) + } + if in.Disabled != nil { + in, out := &in.Disabled, &out.Disabled + *out = make([]FeatureGateName, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomFeatureGates. +func (in *CustomFeatureGates) DeepCopy() *CustomFeatureGates { + if in == nil { + return nil + } + out := new(CustomFeatureGates) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomTLSProfile) DeepCopyInto(out *CustomTLSProfile) { + *out = *in + in.TLSProfileSpec.DeepCopyInto(&out.TLSProfileSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomTLSProfile. +func (in *CustomTLSProfile) DeepCopy() *CustomTLSProfile { + if in == nil { + return nil + } + out := new(CustomTLSProfile) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNS) DeepCopyInto(out *DNS) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNS. +func (in *DNS) DeepCopy() *DNS { + if in == nil { + return nil + } + out := new(DNS) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *DNS) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSList) DeepCopyInto(out *DNSList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]DNS, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSList. +func (in *DNSList) DeepCopy() *DNSList { + if in == nil { + return nil + } + out := new(DNSList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *DNSList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSPlatformSpec) DeepCopyInto(out *DNSPlatformSpec) { + *out = *in + if in.AWS != nil { + in, out := &in.AWS, &out.AWS + *out = new(AWSDNSSpec) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSPlatformSpec. +func (in *DNSPlatformSpec) DeepCopy() *DNSPlatformSpec { + if in == nil { + return nil + } + out := new(DNSPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSSpec) DeepCopyInto(out *DNSSpec) { + *out = *in + if in.PublicZone != nil { + in, out := &in.PublicZone, &out.PublicZone + *out = new(DNSZone) + (*in).DeepCopyInto(*out) + } + if in.PrivateZone != nil { + in, out := &in.PrivateZone, &out.PrivateZone + *out = new(DNSZone) + (*in).DeepCopyInto(*out) + } + in.Platform.DeepCopyInto(&out.Platform) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSSpec. +func (in *DNSSpec) DeepCopy() *DNSSpec { + if in == nil { + return nil + } + out := new(DNSSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSStatus) DeepCopyInto(out *DNSStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSStatus. +func (in *DNSStatus) DeepCopy() *DNSStatus { + if in == nil { + return nil + } + out := new(DNSStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSZone) DeepCopyInto(out *DNSZone) { + *out = *in + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSZone. +func (in *DNSZone) DeepCopy() *DNSZone { + if in == nil { + return nil + } + out := new(DNSZone) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DelegatedAuthentication) DeepCopyInto(out *DelegatedAuthentication) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DelegatedAuthentication. +func (in *DelegatedAuthentication) DeepCopy() *DelegatedAuthentication { + if in == nil { + return nil + } + out := new(DelegatedAuthentication) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DelegatedAuthorization) DeepCopyInto(out *DelegatedAuthorization) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DelegatedAuthorization. +func (in *DelegatedAuthorization) DeepCopy() *DelegatedAuthorization { + if in == nil { + return nil + } + out := new(DelegatedAuthorization) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DeprecatedWebhookTokenAuthenticator) DeepCopyInto(out *DeprecatedWebhookTokenAuthenticator) { + *out = *in + out.KubeConfig = in.KubeConfig + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeprecatedWebhookTokenAuthenticator. +func (in *DeprecatedWebhookTokenAuthenticator) DeepCopy() *DeprecatedWebhookTokenAuthenticator { + if in == nil { + return nil + } + out := new(DeprecatedWebhookTokenAuthenticator) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EquinixMetalPlatformSpec) DeepCopyInto(out *EquinixMetalPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EquinixMetalPlatformSpec. +func (in *EquinixMetalPlatformSpec) DeepCopy() *EquinixMetalPlatformSpec { + if in == nil { + return nil + } + out := new(EquinixMetalPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EquinixMetalPlatformStatus) DeepCopyInto(out *EquinixMetalPlatformStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EquinixMetalPlatformStatus. +func (in *EquinixMetalPlatformStatus) DeepCopy() *EquinixMetalPlatformStatus { + if in == nil { + return nil + } + out := new(EquinixMetalPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EtcdConnectionInfo) DeepCopyInto(out *EtcdConnectionInfo) { + *out = *in + if in.URLs != nil { + in, out := &in.URLs, &out.URLs + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.CertInfo = in.CertInfo + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdConnectionInfo. +func (in *EtcdConnectionInfo) DeepCopy() *EtcdConnectionInfo { + if in == nil { + return nil + } + out := new(EtcdConnectionInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EtcdStorageConfig) DeepCopyInto(out *EtcdStorageConfig) { + *out = *in + in.EtcdConnectionInfo.DeepCopyInto(&out.EtcdConnectionInfo) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EtcdStorageConfig. +func (in *EtcdStorageConfig) DeepCopy() *EtcdStorageConfig { + if in == nil { + return nil + } + out := new(EtcdStorageConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalIPConfig) DeepCopyInto(out *ExternalIPConfig) { + *out = *in + if in.Policy != nil { + in, out := &in.Policy, &out.Policy + *out = new(ExternalIPPolicy) + (*in).DeepCopyInto(*out) + } + if in.AutoAssignCIDRs != nil { + in, out := &in.AutoAssignCIDRs, &out.AutoAssignCIDRs + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIPConfig. +func (in *ExternalIPConfig) DeepCopy() *ExternalIPConfig { + if in == nil { + return nil + } + out := new(ExternalIPConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalIPPolicy) DeepCopyInto(out *ExternalIPPolicy) { + *out = *in + if in.AllowedCIDRs != nil { + in, out := &in.AllowedCIDRs, &out.AllowedCIDRs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.RejectedCIDRs != nil { + in, out := &in.RejectedCIDRs, &out.RejectedCIDRs + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalIPPolicy. +func (in *ExternalIPPolicy) DeepCopy() *ExternalIPPolicy { + if in == nil { + return nil + } + out := new(ExternalIPPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalPlatformSpec) DeepCopyInto(out *ExternalPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalPlatformSpec. +func (in *ExternalPlatformSpec) DeepCopy() *ExternalPlatformSpec { + if in == nil { + return nil + } + out := new(ExternalPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalPlatformStatus) DeepCopyInto(out *ExternalPlatformStatus) { + *out = *in + out.CloudControllerManager = in.CloudControllerManager + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalPlatformStatus. +func (in *ExternalPlatformStatus) DeepCopy() *ExternalPlatformStatus { + if in == nil { + return nil + } + out := new(ExternalPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureGate) DeepCopyInto(out *FeatureGate) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGate. +func (in *FeatureGate) DeepCopy() *FeatureGate { + if in == nil { + return nil + } + out := new(FeatureGate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *FeatureGate) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureGateAttributes) DeepCopyInto(out *FeatureGateAttributes) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateAttributes. +func (in *FeatureGateAttributes) DeepCopy() *FeatureGateAttributes { + if in == nil { + return nil + } + out := new(FeatureGateAttributes) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureGateDescription) DeepCopyInto(out *FeatureGateDescription) { + *out = *in + out.FeatureGateAttributes = in.FeatureGateAttributes + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateDescription. +func (in *FeatureGateDescription) DeepCopy() *FeatureGateDescription { + if in == nil { + return nil + } + out := new(FeatureGateDescription) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureGateDetails) DeepCopyInto(out *FeatureGateDetails) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = make([]FeatureGateAttributes, len(*in)) + copy(*out, *in) + } + if in.Disabled != nil { + in, out := &in.Disabled, &out.Disabled + *out = make([]FeatureGateAttributes, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateDetails. +func (in *FeatureGateDetails) DeepCopy() *FeatureGateDetails { + if in == nil { + return nil + } + out := new(FeatureGateDetails) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureGateEnabledDisabled) DeepCopyInto(out *FeatureGateEnabledDisabled) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = make([]FeatureGateDescription, len(*in)) + copy(*out, *in) + } + if in.Disabled != nil { + in, out := &in.Disabled, &out.Disabled + *out = make([]FeatureGateDescription, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateEnabledDisabled. +func (in *FeatureGateEnabledDisabled) DeepCopy() *FeatureGateEnabledDisabled { + if in == nil { + return nil + } + out := new(FeatureGateEnabledDisabled) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureGateList) DeepCopyInto(out *FeatureGateList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]FeatureGate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateList. +func (in *FeatureGateList) DeepCopy() *FeatureGateList { + if in == nil { + return nil + } + out := new(FeatureGateList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *FeatureGateList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureGateSelection) DeepCopyInto(out *FeatureGateSelection) { + *out = *in + if in.CustomNoUpgrade != nil { + in, out := &in.CustomNoUpgrade, &out.CustomNoUpgrade + *out = new(CustomFeatureGates) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateSelection. +func (in *FeatureGateSelection) DeepCopy() *FeatureGateSelection { + if in == nil { + return nil + } + out := new(FeatureGateSelection) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureGateSpec) DeepCopyInto(out *FeatureGateSpec) { + *out = *in + in.FeatureGateSelection.DeepCopyInto(&out.FeatureGateSelection) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateSpec. +func (in *FeatureGateSpec) DeepCopy() *FeatureGateSpec { + if in == nil { + return nil + } + out := new(FeatureGateSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureGateStatus) DeepCopyInto(out *FeatureGateStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.FeatureGates != nil { + in, out := &in.FeatureGates, &out.FeatureGates + *out = make([]FeatureGateDetails, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateStatus. +func (in *FeatureGateStatus) DeepCopy() *FeatureGateStatus { + if in == nil { + return nil + } + out := new(FeatureGateStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPPlatformSpec) DeepCopyInto(out *GCPPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPPlatformSpec. +func (in *GCPPlatformSpec) DeepCopy() *GCPPlatformSpec { + if in == nil { + return nil + } + out := new(GCPPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPPlatformStatus) DeepCopyInto(out *GCPPlatformStatus) { + *out = *in + if in.ResourceLabels != nil { + in, out := &in.ResourceLabels, &out.ResourceLabels + *out = make([]GCPResourceLabel, len(*in)) + copy(*out, *in) + } + if in.ResourceTags != nil { + in, out := &in.ResourceTags, &out.ResourceTags + *out = make([]GCPResourceTag, len(*in)) + copy(*out, *in) + } + if in.CloudLoadBalancerConfig != nil { + in, out := &in.CloudLoadBalancerConfig, &out.CloudLoadBalancerConfig + *out = new(CloudLoadBalancerConfig) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPPlatformStatus. +func (in *GCPPlatformStatus) DeepCopy() *GCPPlatformStatus { + if in == nil { + return nil + } + out := new(GCPPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPResourceLabel) DeepCopyInto(out *GCPResourceLabel) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPResourceLabel. +func (in *GCPResourceLabel) DeepCopy() *GCPResourceLabel { + if in == nil { + return nil + } + out := new(GCPResourceLabel) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPResourceTag) DeepCopyInto(out *GCPResourceTag) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPResourceTag. +func (in *GCPResourceTag) DeepCopy() *GCPResourceTag { + if in == nil { + return nil + } + out := new(GCPResourceTag) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GenericAPIServerConfig) DeepCopyInto(out *GenericAPIServerConfig) { + *out = *in + in.ServingInfo.DeepCopyInto(&out.ServingInfo) + if in.CORSAllowedOrigins != nil { + in, out := &in.CORSAllowedOrigins, &out.CORSAllowedOrigins + *out = make([]string, len(*in)) + copy(*out, *in) + } + in.AuditConfig.DeepCopyInto(&out.AuditConfig) + in.StorageConfig.DeepCopyInto(&out.StorageConfig) + in.AdmissionConfig.DeepCopyInto(&out.AdmissionConfig) + out.KubeClientConfig = in.KubeClientConfig + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericAPIServerConfig. +func (in *GenericAPIServerConfig) DeepCopy() *GenericAPIServerConfig { + if in == nil { + return nil + } + out := new(GenericAPIServerConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GenericControllerConfig) DeepCopyInto(out *GenericControllerConfig) { + *out = *in + in.ServingInfo.DeepCopyInto(&out.ServingInfo) + out.LeaderElection = in.LeaderElection + out.Authentication = in.Authentication + out.Authorization = in.Authorization + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericControllerConfig. +func (in *GenericControllerConfig) DeepCopy() *GenericControllerConfig { + if in == nil { + return nil + } + out := new(GenericControllerConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GitHubIdentityProvider) DeepCopyInto(out *GitHubIdentityProvider) { + *out = *in + out.ClientSecret = in.ClientSecret + if in.Organizations != nil { + in, out := &in.Organizations, &out.Organizations + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Teams != nil { + in, out := &in.Teams, &out.Teams + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.CA = in.CA + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitHubIdentityProvider. +func (in *GitHubIdentityProvider) DeepCopy() *GitHubIdentityProvider { + if in == nil { + return nil + } + out := new(GitHubIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GitLabIdentityProvider) DeepCopyInto(out *GitLabIdentityProvider) { + *out = *in + out.ClientSecret = in.ClientSecret + out.CA = in.CA + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GitLabIdentityProvider. +func (in *GitLabIdentityProvider) DeepCopy() *GitLabIdentityProvider { + if in == nil { + return nil + } + out := new(GitLabIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GoogleIdentityProvider) DeepCopyInto(out *GoogleIdentityProvider) { + *out = *in + out.ClientSecret = in.ClientSecret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GoogleIdentityProvider. +func (in *GoogleIdentityProvider) DeepCopy() *GoogleIdentityProvider { + if in == nil { + return nil + } + out := new(GoogleIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTPasswdIdentityProvider) DeepCopyInto(out *HTPasswdIdentityProvider) { + *out = *in + out.FileData = in.FileData + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTPasswdIdentityProvider. +func (in *HTPasswdIdentityProvider) DeepCopy() *HTPasswdIdentityProvider { + if in == nil { + return nil + } + out := new(HTPasswdIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPServingInfo) DeepCopyInto(out *HTTPServingInfo) { + *out = *in + in.ServingInfo.DeepCopyInto(&out.ServingInfo) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPServingInfo. +func (in *HTTPServingInfo) DeepCopy() *HTTPServingInfo { + if in == nil { + return nil + } + out := new(HTTPServingInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HubSource) DeepCopyInto(out *HubSource) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HubSource. +func (in *HubSource) DeepCopy() *HubSource { + if in == nil { + return nil + } + out := new(HubSource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HubSourceStatus) DeepCopyInto(out *HubSourceStatus) { + *out = *in + out.HubSource = in.HubSource + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HubSourceStatus. +func (in *HubSourceStatus) DeepCopy() *HubSourceStatus { + if in == nil { + return nil + } + out := new(HubSourceStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IBMCloudPlatformSpec) DeepCopyInto(out *IBMCloudPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMCloudPlatformSpec. +func (in *IBMCloudPlatformSpec) DeepCopy() *IBMCloudPlatformSpec { + if in == nil { + return nil + } + out := new(IBMCloudPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IBMCloudPlatformStatus) DeepCopyInto(out *IBMCloudPlatformStatus) { + *out = *in + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]IBMCloudServiceEndpoint, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMCloudPlatformStatus. +func (in *IBMCloudPlatformStatus) DeepCopy() *IBMCloudPlatformStatus { + if in == nil { + return nil + } + out := new(IBMCloudPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IBMCloudServiceEndpoint) DeepCopyInto(out *IBMCloudServiceEndpoint) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IBMCloudServiceEndpoint. +func (in *IBMCloudServiceEndpoint) DeepCopy() *IBMCloudServiceEndpoint { + if in == nil { + return nil + } + out := new(IBMCloudServiceEndpoint) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IdentityProvider) DeepCopyInto(out *IdentityProvider) { + *out = *in + in.IdentityProviderConfig.DeepCopyInto(&out.IdentityProviderConfig) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityProvider. +func (in *IdentityProvider) DeepCopy() *IdentityProvider { + if in == nil { + return nil + } + out := new(IdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IdentityProviderConfig) DeepCopyInto(out *IdentityProviderConfig) { + *out = *in + if in.BasicAuth != nil { + in, out := &in.BasicAuth, &out.BasicAuth + *out = new(BasicAuthIdentityProvider) + **out = **in + } + if in.GitHub != nil { + in, out := &in.GitHub, &out.GitHub + *out = new(GitHubIdentityProvider) + (*in).DeepCopyInto(*out) + } + if in.GitLab != nil { + in, out := &in.GitLab, &out.GitLab + *out = new(GitLabIdentityProvider) + **out = **in + } + if in.Google != nil { + in, out := &in.Google, &out.Google + *out = new(GoogleIdentityProvider) + **out = **in + } + if in.HTPasswd != nil { + in, out := &in.HTPasswd, &out.HTPasswd + *out = new(HTPasswdIdentityProvider) + **out = **in + } + if in.Keystone != nil { + in, out := &in.Keystone, &out.Keystone + *out = new(KeystoneIdentityProvider) + **out = **in + } + if in.LDAP != nil { + in, out := &in.LDAP, &out.LDAP + *out = new(LDAPIdentityProvider) + (*in).DeepCopyInto(*out) + } + if in.OpenID != nil { + in, out := &in.OpenID, &out.OpenID + *out = new(OpenIDIdentityProvider) + (*in).DeepCopyInto(*out) + } + if in.RequestHeader != nil { + in, out := &in.RequestHeader, &out.RequestHeader + *out = new(RequestHeaderIdentityProvider) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityProviderConfig. +func (in *IdentityProviderConfig) DeepCopy() *IdentityProviderConfig { + if in == nil { + return nil + } + out := new(IdentityProviderConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Image) DeepCopyInto(out *Image) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Image. +func (in *Image) DeepCopy() *Image { + if in == nil { + return nil + } + out := new(Image) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Image) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageContentPolicy) DeepCopyInto(out *ImageContentPolicy) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageContentPolicy. +func (in *ImageContentPolicy) DeepCopy() *ImageContentPolicy { + if in == nil { + return nil + } + out := new(ImageContentPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ImageContentPolicy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageContentPolicyList) DeepCopyInto(out *ImageContentPolicyList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ImageContentPolicy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageContentPolicyList. +func (in *ImageContentPolicyList) DeepCopy() *ImageContentPolicyList { + if in == nil { + return nil + } + out := new(ImageContentPolicyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ImageContentPolicyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageContentPolicySpec) DeepCopyInto(out *ImageContentPolicySpec) { + *out = *in + if in.RepositoryDigestMirrors != nil { + in, out := &in.RepositoryDigestMirrors, &out.RepositoryDigestMirrors + *out = make([]RepositoryDigestMirrors, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageContentPolicySpec. +func (in *ImageContentPolicySpec) DeepCopy() *ImageContentPolicySpec { + if in == nil { + return nil + } + out := new(ImageContentPolicySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageDigestMirrorSet) DeepCopyInto(out *ImageDigestMirrorSet) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageDigestMirrorSet. +func (in *ImageDigestMirrorSet) DeepCopy() *ImageDigestMirrorSet { + if in == nil { + return nil + } + out := new(ImageDigestMirrorSet) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ImageDigestMirrorSet) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageDigestMirrorSetList) DeepCopyInto(out *ImageDigestMirrorSetList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ImageDigestMirrorSet, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageDigestMirrorSetList. +func (in *ImageDigestMirrorSetList) DeepCopy() *ImageDigestMirrorSetList { + if in == nil { + return nil + } + out := new(ImageDigestMirrorSetList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ImageDigestMirrorSetList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageDigestMirrorSetSpec) DeepCopyInto(out *ImageDigestMirrorSetSpec) { + *out = *in + if in.ImageDigestMirrors != nil { + in, out := &in.ImageDigestMirrors, &out.ImageDigestMirrors + *out = make([]ImageDigestMirrors, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageDigestMirrorSetSpec. +func (in *ImageDigestMirrorSetSpec) DeepCopy() *ImageDigestMirrorSetSpec { + if in == nil { + return nil + } + out := new(ImageDigestMirrorSetSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageDigestMirrorSetStatus) DeepCopyInto(out *ImageDigestMirrorSetStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageDigestMirrorSetStatus. +func (in *ImageDigestMirrorSetStatus) DeepCopy() *ImageDigestMirrorSetStatus { + if in == nil { + return nil + } + out := new(ImageDigestMirrorSetStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageDigestMirrors) DeepCopyInto(out *ImageDigestMirrors) { + *out = *in + if in.Mirrors != nil { + in, out := &in.Mirrors, &out.Mirrors + *out = make([]ImageMirror, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageDigestMirrors. +func (in *ImageDigestMirrors) DeepCopy() *ImageDigestMirrors { + if in == nil { + return nil + } + out := new(ImageDigestMirrors) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageLabel) DeepCopyInto(out *ImageLabel) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageLabel. +func (in *ImageLabel) DeepCopy() *ImageLabel { + if in == nil { + return nil + } + out := new(ImageLabel) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageList) DeepCopyInto(out *ImageList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Image, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageList. +func (in *ImageList) DeepCopy() *ImageList { + if in == nil { + return nil + } + out := new(ImageList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ImageList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageSpec) DeepCopyInto(out *ImageSpec) { + *out = *in + if in.AllowedRegistriesForImport != nil { + in, out := &in.AllowedRegistriesForImport, &out.AllowedRegistriesForImport + *out = make([]RegistryLocation, len(*in)) + copy(*out, *in) + } + if in.ExternalRegistryHostnames != nil { + in, out := &in.ExternalRegistryHostnames, &out.ExternalRegistryHostnames + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.AdditionalTrustedCA = in.AdditionalTrustedCA + in.RegistrySources.DeepCopyInto(&out.RegistrySources) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageSpec. +func (in *ImageSpec) DeepCopy() *ImageSpec { + if in == nil { + return nil + } + out := new(ImageSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageStatus) DeepCopyInto(out *ImageStatus) { + *out = *in + if in.ExternalRegistryHostnames != nil { + in, out := &in.ExternalRegistryHostnames, &out.ExternalRegistryHostnames + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageStatus. +func (in *ImageStatus) DeepCopy() *ImageStatus { + if in == nil { + return nil + } + out := new(ImageStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageTagMirrorSet) DeepCopyInto(out *ImageTagMirrorSet) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageTagMirrorSet. +func (in *ImageTagMirrorSet) DeepCopy() *ImageTagMirrorSet { + if in == nil { + return nil + } + out := new(ImageTagMirrorSet) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ImageTagMirrorSet) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageTagMirrorSetList) DeepCopyInto(out *ImageTagMirrorSetList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ImageTagMirrorSet, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageTagMirrorSetList. +func (in *ImageTagMirrorSetList) DeepCopy() *ImageTagMirrorSetList { + if in == nil { + return nil + } + out := new(ImageTagMirrorSetList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ImageTagMirrorSetList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageTagMirrorSetSpec) DeepCopyInto(out *ImageTagMirrorSetSpec) { + *out = *in + if in.ImageTagMirrors != nil { + in, out := &in.ImageTagMirrors, &out.ImageTagMirrors + *out = make([]ImageTagMirrors, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageTagMirrorSetSpec. +func (in *ImageTagMirrorSetSpec) DeepCopy() *ImageTagMirrorSetSpec { + if in == nil { + return nil + } + out := new(ImageTagMirrorSetSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageTagMirrorSetStatus) DeepCopyInto(out *ImageTagMirrorSetStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageTagMirrorSetStatus. +func (in *ImageTagMirrorSetStatus) DeepCopy() *ImageTagMirrorSetStatus { + if in == nil { + return nil + } + out := new(ImageTagMirrorSetStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ImageTagMirrors) DeepCopyInto(out *ImageTagMirrors) { + *out = *in + if in.Mirrors != nil { + in, out := &in.Mirrors, &out.Mirrors + *out = make([]ImageMirror, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImageTagMirrors. +func (in *ImageTagMirrors) DeepCopy() *ImageTagMirrors { + if in == nil { + return nil + } + out := new(ImageTagMirrors) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Infrastructure) DeepCopyInto(out *Infrastructure) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Infrastructure. +func (in *Infrastructure) DeepCopy() *Infrastructure { + if in == nil { + return nil + } + out := new(Infrastructure) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Infrastructure) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InfrastructureList) DeepCopyInto(out *InfrastructureList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Infrastructure, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureList. +func (in *InfrastructureList) DeepCopy() *InfrastructureList { + if in == nil { + return nil + } + out := new(InfrastructureList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InfrastructureList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InfrastructureSpec) DeepCopyInto(out *InfrastructureSpec) { + *out = *in + out.CloudConfig = in.CloudConfig + in.PlatformSpec.DeepCopyInto(&out.PlatformSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureSpec. +func (in *InfrastructureSpec) DeepCopy() *InfrastructureSpec { + if in == nil { + return nil + } + out := new(InfrastructureSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InfrastructureStatus) DeepCopyInto(out *InfrastructureStatus) { + *out = *in + if in.PlatformStatus != nil { + in, out := &in.PlatformStatus, &out.PlatformStatus + *out = new(PlatformStatus) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfrastructureStatus. +func (in *InfrastructureStatus) DeepCopy() *InfrastructureStatus { + if in == nil { + return nil + } + out := new(InfrastructureStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Ingress) DeepCopyInto(out *Ingress) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Ingress. +func (in *Ingress) DeepCopy() *Ingress { + if in == nil { + return nil + } + out := new(Ingress) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Ingress) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressList) DeepCopyInto(out *IngressList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Ingress, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressList. +func (in *IngressList) DeepCopy() *IngressList { + if in == nil { + return nil + } + out := new(IngressList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IngressList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressPlatformSpec) DeepCopyInto(out *IngressPlatformSpec) { + *out = *in + if in.AWS != nil { + in, out := &in.AWS, &out.AWS + *out = new(AWSIngressSpec) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressPlatformSpec. +func (in *IngressPlatformSpec) DeepCopy() *IngressPlatformSpec { + if in == nil { + return nil + } + out := new(IngressPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressSpec) DeepCopyInto(out *IngressSpec) { + *out = *in + if in.ComponentRoutes != nil { + in, out := &in.ComponentRoutes, &out.ComponentRoutes + *out = make([]ComponentRouteSpec, len(*in)) + copy(*out, *in) + } + if in.RequiredHSTSPolicies != nil { + in, out := &in.RequiredHSTSPolicies, &out.RequiredHSTSPolicies + *out = make([]RequiredHSTSPolicy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.LoadBalancer.DeepCopyInto(&out.LoadBalancer) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressSpec. +func (in *IngressSpec) DeepCopy() *IngressSpec { + if in == nil { + return nil + } + out := new(IngressSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressStatus) DeepCopyInto(out *IngressStatus) { + *out = *in + if in.ComponentRoutes != nil { + in, out := &in.ComponentRoutes, &out.ComponentRoutes + *out = make([]ComponentRouteStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressStatus. +func (in *IngressStatus) DeepCopy() *IngressStatus { + if in == nil { + return nil + } + out := new(IngressStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IntermediateTLSProfile) DeepCopyInto(out *IntermediateTLSProfile) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IntermediateTLSProfile. +func (in *IntermediateTLSProfile) DeepCopy() *IntermediateTLSProfile { + if in == nil { + return nil + } + out := new(IntermediateTLSProfile) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KeystoneIdentityProvider) DeepCopyInto(out *KeystoneIdentityProvider) { + *out = *in + out.OAuthRemoteConnectionInfo = in.OAuthRemoteConnectionInfo + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeystoneIdentityProvider. +func (in *KeystoneIdentityProvider) DeepCopy() *KeystoneIdentityProvider { + if in == nil { + return nil + } + out := new(KeystoneIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeClientConfig) DeepCopyInto(out *KubeClientConfig) { + *out = *in + out.ConnectionOverrides = in.ConnectionOverrides + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeClientConfig. +func (in *KubeClientConfig) DeepCopy() *KubeClientConfig { + if in == nil { + return nil + } + out := new(KubeClientConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubevirtPlatformSpec) DeepCopyInto(out *KubevirtPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubevirtPlatformSpec. +func (in *KubevirtPlatformSpec) DeepCopy() *KubevirtPlatformSpec { + if in == nil { + return nil + } + out := new(KubevirtPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubevirtPlatformStatus) DeepCopyInto(out *KubevirtPlatformStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubevirtPlatformStatus. +func (in *KubevirtPlatformStatus) DeepCopy() *KubevirtPlatformStatus { + if in == nil { + return nil + } + out := new(KubevirtPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LDAPAttributeMapping) DeepCopyInto(out *LDAPAttributeMapping) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.PreferredUsername != nil { + in, out := &in.PreferredUsername, &out.PreferredUsername + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Email != nil { + in, out := &in.Email, &out.Email + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPAttributeMapping. +func (in *LDAPAttributeMapping) DeepCopy() *LDAPAttributeMapping { + if in == nil { + return nil + } + out := new(LDAPAttributeMapping) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LDAPIdentityProvider) DeepCopyInto(out *LDAPIdentityProvider) { + *out = *in + out.BindPassword = in.BindPassword + out.CA = in.CA + in.Attributes.DeepCopyInto(&out.Attributes) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LDAPIdentityProvider. +func (in *LDAPIdentityProvider) DeepCopy() *LDAPIdentityProvider { + if in == nil { + return nil + } + out := new(LDAPIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LeaderElection) DeepCopyInto(out *LeaderElection) { + *out = *in + out.LeaseDuration = in.LeaseDuration + out.RenewDeadline = in.RenewDeadline + out.RetryPeriod = in.RetryPeriod + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElection. +func (in *LeaderElection) DeepCopy() *LeaderElection { + if in == nil { + return nil + } + out := new(LeaderElection) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoadBalancer) DeepCopyInto(out *LoadBalancer) { + *out = *in + in.Platform.DeepCopyInto(&out.Platform) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancer. +func (in *LoadBalancer) DeepCopy() *LoadBalancer { + if in == nil { + return nil + } + out := new(LoadBalancer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MTUMigration) DeepCopyInto(out *MTUMigration) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(MTUMigrationValues) + (*in).DeepCopyInto(*out) + } + if in.Machine != nil { + in, out := &in.Machine, &out.Machine + *out = new(MTUMigrationValues) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MTUMigration. +func (in *MTUMigration) DeepCopy() *MTUMigration { + if in == nil { + return nil + } + out := new(MTUMigration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MTUMigrationValues) DeepCopyInto(out *MTUMigrationValues) { + *out = *in + if in.To != nil { + in, out := &in.To, &out.To + *out = new(uint32) + **out = **in + } + if in.From != nil { + in, out := &in.From, &out.From + *out = new(uint32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MTUMigrationValues. +func (in *MTUMigrationValues) DeepCopy() *MTUMigrationValues { + if in == nil { + return nil + } + out := new(MTUMigrationValues) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MaxAgePolicy) DeepCopyInto(out *MaxAgePolicy) { + *out = *in + if in.LargestMaxAge != nil { + in, out := &in.LargestMaxAge, &out.LargestMaxAge + *out = new(int32) + **out = **in + } + if in.SmallestMaxAge != nil { + in, out := &in.SmallestMaxAge, &out.SmallestMaxAge + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaxAgePolicy. +func (in *MaxAgePolicy) DeepCopy() *MaxAgePolicy { + if in == nil { + return nil + } + out := new(MaxAgePolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ModernTLSProfile) DeepCopyInto(out *ModernTLSProfile) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ModernTLSProfile. +func (in *ModernTLSProfile) DeepCopy() *ModernTLSProfile { + if in == nil { + return nil + } + out := new(ModernTLSProfile) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NamedCertificate) DeepCopyInto(out *NamedCertificate) { + *out = *in + if in.Names != nil { + in, out := &in.Names, &out.Names + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.CertInfo = in.CertInfo + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamedCertificate. +func (in *NamedCertificate) DeepCopy() *NamedCertificate { + if in == nil { + return nil + } + out := new(NamedCertificate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Network) DeepCopyInto(out *Network) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Network. +func (in *Network) DeepCopy() *Network { + if in == nil { + return nil + } + out := new(Network) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Network) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkDiagnostics) DeepCopyInto(out *NetworkDiagnostics) { + *out = *in + in.SourcePlacement.DeepCopyInto(&out.SourcePlacement) + in.TargetPlacement.DeepCopyInto(&out.TargetPlacement) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkDiagnostics. +func (in *NetworkDiagnostics) DeepCopy() *NetworkDiagnostics { + if in == nil { + return nil + } + out := new(NetworkDiagnostics) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkDiagnosticsSourcePlacement) DeepCopyInto(out *NetworkDiagnosticsSourcePlacement) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]corev1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkDiagnosticsSourcePlacement. +func (in *NetworkDiagnosticsSourcePlacement) DeepCopy() *NetworkDiagnosticsSourcePlacement { + if in == nil { + return nil + } + out := new(NetworkDiagnosticsSourcePlacement) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkDiagnosticsTargetPlacement) DeepCopyInto(out *NetworkDiagnosticsTargetPlacement) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]corev1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkDiagnosticsTargetPlacement. +func (in *NetworkDiagnosticsTargetPlacement) DeepCopy() *NetworkDiagnosticsTargetPlacement { + if in == nil { + return nil + } + out := new(NetworkDiagnosticsTargetPlacement) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkList) DeepCopyInto(out *NetworkList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Network, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkList. +func (in *NetworkList) DeepCopy() *NetworkList { + if in == nil { + return nil + } + out := new(NetworkList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NetworkList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkMigration) DeepCopyInto(out *NetworkMigration) { + *out = *in + if in.MTU != nil { + in, out := &in.MTU, &out.MTU + *out = new(MTUMigration) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkMigration. +func (in *NetworkMigration) DeepCopy() *NetworkMigration { + if in == nil { + return nil + } + out := new(NetworkMigration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { + *out = *in + if in.ClusterNetwork != nil { + in, out := &in.ClusterNetwork, &out.ClusterNetwork + *out = make([]ClusterNetworkEntry, len(*in)) + copy(*out, *in) + } + if in.ServiceNetwork != nil { + in, out := &in.ServiceNetwork, &out.ServiceNetwork + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ExternalIP != nil { + in, out := &in.ExternalIP, &out.ExternalIP + *out = new(ExternalIPConfig) + (*in).DeepCopyInto(*out) + } + in.NetworkDiagnostics.DeepCopyInto(&out.NetworkDiagnostics) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkSpec. +func (in *NetworkSpec) DeepCopy() *NetworkSpec { + if in == nil { + return nil + } + out := new(NetworkSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkStatus) DeepCopyInto(out *NetworkStatus) { + *out = *in + if in.ClusterNetwork != nil { + in, out := &in.ClusterNetwork, &out.ClusterNetwork + *out = make([]ClusterNetworkEntry, len(*in)) + copy(*out, *in) + } + if in.ServiceNetwork != nil { + in, out := &in.ServiceNetwork, &out.ServiceNetwork + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Migration != nil { + in, out := &in.Migration, &out.Migration + *out = new(NetworkMigration) + (*in).DeepCopyInto(*out) + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkStatus. +func (in *NetworkStatus) DeepCopy() *NetworkStatus { + if in == nil { + return nil + } + out := new(NetworkStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Node) DeepCopyInto(out *Node) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Node. +func (in *Node) DeepCopy() *Node { + if in == nil { + return nil + } + out := new(Node) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Node) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeList) DeepCopyInto(out *NodeList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Node, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeList. +func (in *NodeList) DeepCopy() *NodeList { + if in == nil { + return nil + } + out := new(NodeList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *NodeList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeSpec) DeepCopyInto(out *NodeSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeSpec. +func (in *NodeSpec) DeepCopy() *NodeSpec { + if in == nil { + return nil + } + out := new(NodeSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeStatus) DeepCopyInto(out *NodeStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeStatus. +func (in *NodeStatus) DeepCopy() *NodeStatus { + if in == nil { + return nil + } + out := new(NodeStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NutanixFailureDomain) DeepCopyInto(out *NutanixFailureDomain) { + *out = *in + in.Cluster.DeepCopyInto(&out.Cluster) + if in.Subnets != nil { + in, out := &in.Subnets, &out.Subnets + *out = make([]NutanixResourceIdentifier, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NutanixFailureDomain. +func (in *NutanixFailureDomain) DeepCopy() *NutanixFailureDomain { + if in == nil { + return nil + } + out := new(NutanixFailureDomain) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NutanixPlatformLoadBalancer) DeepCopyInto(out *NutanixPlatformLoadBalancer) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NutanixPlatformLoadBalancer. +func (in *NutanixPlatformLoadBalancer) DeepCopy() *NutanixPlatformLoadBalancer { + if in == nil { + return nil + } + out := new(NutanixPlatformLoadBalancer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NutanixPlatformSpec) DeepCopyInto(out *NutanixPlatformSpec) { + *out = *in + out.PrismCentral = in.PrismCentral + if in.PrismElements != nil { + in, out := &in.PrismElements, &out.PrismElements + *out = make([]NutanixPrismElementEndpoint, len(*in)) + copy(*out, *in) + } + if in.FailureDomains != nil { + in, out := &in.FailureDomains, &out.FailureDomains + *out = make([]NutanixFailureDomain, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NutanixPlatformSpec. +func (in *NutanixPlatformSpec) DeepCopy() *NutanixPlatformSpec { + if in == nil { + return nil + } + out := new(NutanixPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NutanixPlatformStatus) DeepCopyInto(out *NutanixPlatformStatus) { + *out = *in + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.LoadBalancer != nil { + in, out := &in.LoadBalancer, &out.LoadBalancer + *out = new(NutanixPlatformLoadBalancer) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NutanixPlatformStatus. +func (in *NutanixPlatformStatus) DeepCopy() *NutanixPlatformStatus { + if in == nil { + return nil + } + out := new(NutanixPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NutanixPrismElementEndpoint) DeepCopyInto(out *NutanixPrismElementEndpoint) { + *out = *in + out.Endpoint = in.Endpoint + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NutanixPrismElementEndpoint. +func (in *NutanixPrismElementEndpoint) DeepCopy() *NutanixPrismElementEndpoint { + if in == nil { + return nil + } + out := new(NutanixPrismElementEndpoint) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NutanixPrismEndpoint) DeepCopyInto(out *NutanixPrismEndpoint) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NutanixPrismEndpoint. +func (in *NutanixPrismEndpoint) DeepCopy() *NutanixPrismEndpoint { + if in == nil { + return nil + } + out := new(NutanixPrismEndpoint) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NutanixResourceIdentifier) DeepCopyInto(out *NutanixResourceIdentifier) { + *out = *in + if in.UUID != nil { + in, out := &in.UUID, &out.UUID + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NutanixResourceIdentifier. +func (in *NutanixResourceIdentifier) DeepCopy() *NutanixResourceIdentifier { + if in == nil { + return nil + } + out := new(NutanixResourceIdentifier) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuth) DeepCopyInto(out *OAuth) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuth. +func (in *OAuth) DeepCopy() *OAuth { + if in == nil { + return nil + } + out := new(OAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OAuth) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuthList) DeepCopyInto(out *OAuthList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]OAuth, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthList. +func (in *OAuthList) DeepCopy() *OAuthList { + if in == nil { + return nil + } + out := new(OAuthList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OAuthList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuthRemoteConnectionInfo) DeepCopyInto(out *OAuthRemoteConnectionInfo) { + *out = *in + out.CA = in.CA + out.TLSClientCert = in.TLSClientCert + out.TLSClientKey = in.TLSClientKey + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthRemoteConnectionInfo. +func (in *OAuthRemoteConnectionInfo) DeepCopy() *OAuthRemoteConnectionInfo { + if in == nil { + return nil + } + out := new(OAuthRemoteConnectionInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuthSpec) DeepCopyInto(out *OAuthSpec) { + *out = *in + if in.IdentityProviders != nil { + in, out := &in.IdentityProviders, &out.IdentityProviders + *out = make([]IdentityProvider, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.TokenConfig.DeepCopyInto(&out.TokenConfig) + out.Templates = in.Templates + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthSpec. +func (in *OAuthSpec) DeepCopy() *OAuthSpec { + if in == nil { + return nil + } + out := new(OAuthSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuthStatus) DeepCopyInto(out *OAuthStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthStatus. +func (in *OAuthStatus) DeepCopy() *OAuthStatus { + if in == nil { + return nil + } + out := new(OAuthStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OAuthTemplates) DeepCopyInto(out *OAuthTemplates) { + *out = *in + out.Login = in.Login + out.ProviderSelection = in.ProviderSelection + out.Error = in.Error + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OAuthTemplates. +func (in *OAuthTemplates) DeepCopy() *OAuthTemplates { + if in == nil { + return nil + } + out := new(OAuthTemplates) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCClientConfig) DeepCopyInto(out *OIDCClientConfig) { + *out = *in + out.ClientSecret = in.ClientSecret + if in.ExtraScopes != nil { + in, out := &in.ExtraScopes, &out.ExtraScopes + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientConfig. +func (in *OIDCClientConfig) DeepCopy() *OIDCClientConfig { + if in == nil { + return nil + } + out := new(OIDCClientConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCClientReference) DeepCopyInto(out *OIDCClientReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientReference. +func (in *OIDCClientReference) DeepCopy() *OIDCClientReference { + if in == nil { + return nil + } + out := new(OIDCClientReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCClientStatus) DeepCopyInto(out *OIDCClientStatus) { + *out = *in + if in.CurrentOIDCClients != nil { + in, out := &in.CurrentOIDCClients, &out.CurrentOIDCClients + *out = make([]OIDCClientReference, len(*in)) + copy(*out, *in) + } + if in.ConsumingUsers != nil { + in, out := &in.ConsumingUsers, &out.ConsumingUsers + *out = make([]ConsumingUser, len(*in)) + copy(*out, *in) + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCClientStatus. +func (in *OIDCClientStatus) DeepCopy() *OIDCClientStatus { + if in == nil { + return nil + } + out := new(OIDCClientStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OIDCProvider) DeepCopyInto(out *OIDCProvider) { + *out = *in + in.Issuer.DeepCopyInto(&out.Issuer) + if in.OIDCClients != nil { + in, out := &in.OIDCClients, &out.OIDCClients + *out = make([]OIDCClientConfig, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.ClaimMappings.DeepCopyInto(&out.ClaimMappings) + if in.ClaimValidationRules != nil { + in, out := &in.ClaimValidationRules, &out.ClaimValidationRules + *out = make([]TokenClaimValidationRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProvider. +func (in *OIDCProvider) DeepCopy() *OIDCProvider { + if in == nil { + return nil + } + out := new(OIDCProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObjectReference) DeepCopyInto(out *ObjectReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference. +func (in *ObjectReference) DeepCopy() *ObjectReference { + if in == nil { + return nil + } + out := new(ObjectReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OldTLSProfile) DeepCopyInto(out *OldTLSProfile) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OldTLSProfile. +func (in *OldTLSProfile) DeepCopy() *OldTLSProfile { + if in == nil { + return nil + } + out := new(OldTLSProfile) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenIDClaims) DeepCopyInto(out *OpenIDClaims) { + *out = *in + if in.PreferredUsername != nil { + in, out := &in.PreferredUsername, &out.PreferredUsername + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Email != nil { + in, out := &in.Email, &out.Email + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]OpenIDClaim, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenIDClaims. +func (in *OpenIDClaims) DeepCopy() *OpenIDClaims { + if in == nil { + return nil + } + out := new(OpenIDClaims) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenIDIdentityProvider) DeepCopyInto(out *OpenIDIdentityProvider) { + *out = *in + out.ClientSecret = in.ClientSecret + out.CA = in.CA + if in.ExtraScopes != nil { + in, out := &in.ExtraScopes, &out.ExtraScopes + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ExtraAuthorizeParameters != nil { + in, out := &in.ExtraAuthorizeParameters, &out.ExtraAuthorizeParameters + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + in.Claims.DeepCopyInto(&out.Claims) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenIDIdentityProvider. +func (in *OpenIDIdentityProvider) DeepCopy() *OpenIDIdentityProvider { + if in == nil { + return nil + } + out := new(OpenIDIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenStackPlatformLoadBalancer) DeepCopyInto(out *OpenStackPlatformLoadBalancer) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenStackPlatformLoadBalancer. +func (in *OpenStackPlatformLoadBalancer) DeepCopy() *OpenStackPlatformLoadBalancer { + if in == nil { + return nil + } + out := new(OpenStackPlatformLoadBalancer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenStackPlatformSpec) DeepCopyInto(out *OpenStackPlatformSpec) { + *out = *in + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + if in.MachineNetworks != nil { + in, out := &in.MachineNetworks, &out.MachineNetworks + *out = make([]CIDR, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenStackPlatformSpec. +func (in *OpenStackPlatformSpec) DeepCopy() *OpenStackPlatformSpec { + if in == nil { + return nil + } + out := new(OpenStackPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenStackPlatformStatus) DeepCopyInto(out *OpenStackPlatformStatus) { + *out = *in + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.LoadBalancer != nil { + in, out := &in.LoadBalancer, &out.LoadBalancer + *out = new(OpenStackPlatformLoadBalancer) + **out = **in + } + if in.MachineNetworks != nil { + in, out := &in.MachineNetworks, &out.MachineNetworks + *out = make([]CIDR, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenStackPlatformStatus. +func (in *OpenStackPlatformStatus) DeepCopy() *OpenStackPlatformStatus { + if in == nil { + return nil + } + out := new(OpenStackPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OperandVersion) DeepCopyInto(out *OperandVersion) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperandVersion. +func (in *OperandVersion) DeepCopy() *OperandVersion { + if in == nil { + return nil + } + out := new(OperandVersion) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OperatorHub) DeepCopyInto(out *OperatorHub) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorHub. +func (in *OperatorHub) DeepCopy() *OperatorHub { + if in == nil { + return nil + } + out := new(OperatorHub) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OperatorHub) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OperatorHubList) DeepCopyInto(out *OperatorHubList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]OperatorHub, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorHubList. +func (in *OperatorHubList) DeepCopy() *OperatorHubList { + if in == nil { + return nil + } + out := new(OperatorHubList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OperatorHubList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OperatorHubSpec) DeepCopyInto(out *OperatorHubSpec) { + *out = *in + if in.Sources != nil { + in, out := &in.Sources, &out.Sources + *out = make([]HubSource, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorHubSpec. +func (in *OperatorHubSpec) DeepCopy() *OperatorHubSpec { + if in == nil { + return nil + } + out := new(OperatorHubSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OperatorHubStatus) DeepCopyInto(out *OperatorHubStatus) { + *out = *in + if in.Sources != nil { + in, out := &in.Sources, &out.Sources + *out = make([]HubSourceStatus, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OperatorHubStatus. +func (in *OperatorHubStatus) DeepCopy() *OperatorHubStatus { + if in == nil { + return nil + } + out := new(OperatorHubStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OvirtPlatformLoadBalancer) DeepCopyInto(out *OvirtPlatformLoadBalancer) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OvirtPlatformLoadBalancer. +func (in *OvirtPlatformLoadBalancer) DeepCopy() *OvirtPlatformLoadBalancer { + if in == nil { + return nil + } + out := new(OvirtPlatformLoadBalancer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OvirtPlatformSpec) DeepCopyInto(out *OvirtPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OvirtPlatformSpec. +func (in *OvirtPlatformSpec) DeepCopy() *OvirtPlatformSpec { + if in == nil { + return nil + } + out := new(OvirtPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OvirtPlatformStatus) DeepCopyInto(out *OvirtPlatformStatus) { + *out = *in + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.LoadBalancer != nil { + in, out := &in.LoadBalancer, &out.LoadBalancer + *out = new(OvirtPlatformLoadBalancer) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OvirtPlatformStatus. +func (in *OvirtPlatformStatus) DeepCopy() *OvirtPlatformStatus { + if in == nil { + return nil + } + out := new(OvirtPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlatformSpec) DeepCopyInto(out *PlatformSpec) { + *out = *in + if in.AWS != nil { + in, out := &in.AWS, &out.AWS + *out = new(AWSPlatformSpec) + (*in).DeepCopyInto(*out) + } + if in.Azure != nil { + in, out := &in.Azure, &out.Azure + *out = new(AzurePlatformSpec) + **out = **in + } + if in.GCP != nil { + in, out := &in.GCP, &out.GCP + *out = new(GCPPlatformSpec) + **out = **in + } + if in.BareMetal != nil { + in, out := &in.BareMetal, &out.BareMetal + *out = new(BareMetalPlatformSpec) + (*in).DeepCopyInto(*out) + } + if in.OpenStack != nil { + in, out := &in.OpenStack, &out.OpenStack + *out = new(OpenStackPlatformSpec) + (*in).DeepCopyInto(*out) + } + if in.Ovirt != nil { + in, out := &in.Ovirt, &out.Ovirt + *out = new(OvirtPlatformSpec) + **out = **in + } + if in.VSphere != nil { + in, out := &in.VSphere, &out.VSphere + *out = new(VSpherePlatformSpec) + (*in).DeepCopyInto(*out) + } + if in.IBMCloud != nil { + in, out := &in.IBMCloud, &out.IBMCloud + *out = new(IBMCloudPlatformSpec) + **out = **in + } + if in.Kubevirt != nil { + in, out := &in.Kubevirt, &out.Kubevirt + *out = new(KubevirtPlatformSpec) + **out = **in + } + if in.EquinixMetal != nil { + in, out := &in.EquinixMetal, &out.EquinixMetal + *out = new(EquinixMetalPlatformSpec) + **out = **in + } + if in.PowerVS != nil { + in, out := &in.PowerVS, &out.PowerVS + *out = new(PowerVSPlatformSpec) + (*in).DeepCopyInto(*out) + } + if in.AlibabaCloud != nil { + in, out := &in.AlibabaCloud, &out.AlibabaCloud + *out = new(AlibabaCloudPlatformSpec) + **out = **in + } + if in.Nutanix != nil { + in, out := &in.Nutanix, &out.Nutanix + *out = new(NutanixPlatformSpec) + (*in).DeepCopyInto(*out) + } + if in.External != nil { + in, out := &in.External, &out.External + *out = new(ExternalPlatformSpec) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformSpec. +func (in *PlatformSpec) DeepCopy() *PlatformSpec { + if in == nil { + return nil + } + out := new(PlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { + *out = *in + if in.AWS != nil { + in, out := &in.AWS, &out.AWS + *out = new(AWSPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.Azure != nil { + in, out := &in.Azure, &out.Azure + *out = new(AzurePlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.GCP != nil { + in, out := &in.GCP, &out.GCP + *out = new(GCPPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.BareMetal != nil { + in, out := &in.BareMetal, &out.BareMetal + *out = new(BareMetalPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.OpenStack != nil { + in, out := &in.OpenStack, &out.OpenStack + *out = new(OpenStackPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.Ovirt != nil { + in, out := &in.Ovirt, &out.Ovirt + *out = new(OvirtPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.VSphere != nil { + in, out := &in.VSphere, &out.VSphere + *out = new(VSpherePlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.IBMCloud != nil { + in, out := &in.IBMCloud, &out.IBMCloud + *out = new(IBMCloudPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.Kubevirt != nil { + in, out := &in.Kubevirt, &out.Kubevirt + *out = new(KubevirtPlatformStatus) + **out = **in + } + if in.EquinixMetal != nil { + in, out := &in.EquinixMetal, &out.EquinixMetal + *out = new(EquinixMetalPlatformStatus) + **out = **in + } + if in.PowerVS != nil { + in, out := &in.PowerVS, &out.PowerVS + *out = new(PowerVSPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.AlibabaCloud != nil { + in, out := &in.AlibabaCloud, &out.AlibabaCloud + *out = new(AlibabaCloudPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.Nutanix != nil { + in, out := &in.Nutanix, &out.Nutanix + *out = new(NutanixPlatformStatus) + (*in).DeepCopyInto(*out) + } + if in.External != nil { + in, out := &in.External, &out.External + *out = new(ExternalPlatformStatus) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PlatformStatus. +func (in *PlatformStatus) DeepCopy() *PlatformStatus { + if in == nil { + return nil + } + out := new(PlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PowerVSPlatformSpec) DeepCopyInto(out *PowerVSPlatformSpec) { + *out = *in + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]PowerVSServiceEndpoint, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PowerVSPlatformSpec. +func (in *PowerVSPlatformSpec) DeepCopy() *PowerVSPlatformSpec { + if in == nil { + return nil + } + out := new(PowerVSPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PowerVSPlatformStatus) DeepCopyInto(out *PowerVSPlatformStatus) { + *out = *in + if in.ServiceEndpoints != nil { + in, out := &in.ServiceEndpoints, &out.ServiceEndpoints + *out = make([]PowerVSServiceEndpoint, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PowerVSPlatformStatus. +func (in *PowerVSPlatformStatus) DeepCopy() *PowerVSPlatformStatus { + if in == nil { + return nil + } + out := new(PowerVSPlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PowerVSServiceEndpoint) DeepCopyInto(out *PowerVSServiceEndpoint) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PowerVSServiceEndpoint. +func (in *PowerVSServiceEndpoint) DeepCopy() *PowerVSServiceEndpoint { + if in == nil { + return nil + } + out := new(PowerVSServiceEndpoint) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrefixedClaimMapping) DeepCopyInto(out *PrefixedClaimMapping) { + *out = *in + out.TokenClaimMapping = in.TokenClaimMapping + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefixedClaimMapping. +func (in *PrefixedClaimMapping) DeepCopy() *PrefixedClaimMapping { + if in == nil { + return nil + } + out := new(PrefixedClaimMapping) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProfileCustomizations) DeepCopyInto(out *ProfileCustomizations) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileCustomizations. +func (in *ProfileCustomizations) DeepCopy() *ProfileCustomizations { + if in == nil { + return nil + } + out := new(ProfileCustomizations) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Project) DeepCopyInto(out *Project) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Project. +func (in *Project) DeepCopy() *Project { + if in == nil { + return nil + } + out := new(Project) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Project) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProjectList) DeepCopyInto(out *ProjectList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Project, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectList. +func (in *ProjectList) DeepCopy() *ProjectList { + if in == nil { + return nil + } + out := new(ProjectList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ProjectList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProjectSpec) DeepCopyInto(out *ProjectSpec) { + *out = *in + out.ProjectRequestTemplate = in.ProjectRequestTemplate + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectSpec. +func (in *ProjectSpec) DeepCopy() *ProjectSpec { + if in == nil { + return nil + } + out := new(ProjectSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProjectStatus) DeepCopyInto(out *ProjectStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectStatus. +func (in *ProjectStatus) DeepCopy() *ProjectStatus { + if in == nil { + return nil + } + out := new(ProjectStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PromQLClusterCondition) DeepCopyInto(out *PromQLClusterCondition) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PromQLClusterCondition. +func (in *PromQLClusterCondition) DeepCopy() *PromQLClusterCondition { + if in == nil { + return nil + } + out := new(PromQLClusterCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Proxy) DeepCopyInto(out *Proxy) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Proxy. +func (in *Proxy) DeepCopy() *Proxy { + if in == nil { + return nil + } + out := new(Proxy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Proxy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProxyList) DeepCopyInto(out *ProxyList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Proxy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyList. +func (in *ProxyList) DeepCopy() *ProxyList { + if in == nil { + return nil + } + out := new(ProxyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ProxyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProxySpec) DeepCopyInto(out *ProxySpec) { + *out = *in + if in.ReadinessEndpoints != nil { + in, out := &in.ReadinessEndpoints, &out.ReadinessEndpoints + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.TrustedCA = in.TrustedCA + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxySpec. +func (in *ProxySpec) DeepCopy() *ProxySpec { + if in == nil { + return nil + } + out := new(ProxySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ProxyStatus) DeepCopyInto(out *ProxyStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyStatus. +func (in *ProxyStatus) DeepCopy() *ProxyStatus { + if in == nil { + return nil + } + out := new(ProxyStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegistryLocation) DeepCopyInto(out *RegistryLocation) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistryLocation. +func (in *RegistryLocation) DeepCopy() *RegistryLocation { + if in == nil { + return nil + } + out := new(RegistryLocation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegistrySources) DeepCopyInto(out *RegistrySources) { + *out = *in + if in.InsecureRegistries != nil { + in, out := &in.InsecureRegistries, &out.InsecureRegistries + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.BlockedRegistries != nil { + in, out := &in.BlockedRegistries, &out.BlockedRegistries + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.AllowedRegistries != nil { + in, out := &in.AllowedRegistries, &out.AllowedRegistries + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ContainerRuntimeSearchRegistries != nil { + in, out := &in.ContainerRuntimeSearchRegistries, &out.ContainerRuntimeSearchRegistries + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistrySources. +func (in *RegistrySources) DeepCopy() *RegistrySources { + if in == nil { + return nil + } + out := new(RegistrySources) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Release) DeepCopyInto(out *Release) { + *out = *in + if in.Channels != nil { + in, out := &in.Channels, &out.Channels + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Release. +func (in *Release) DeepCopy() *Release { + if in == nil { + return nil + } + out := new(Release) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RemoteConnectionInfo) DeepCopyInto(out *RemoteConnectionInfo) { + *out = *in + out.CertInfo = in.CertInfo + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RemoteConnectionInfo. +func (in *RemoteConnectionInfo) DeepCopy() *RemoteConnectionInfo { + if in == nil { + return nil + } + out := new(RemoteConnectionInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RepositoryDigestMirrors) DeepCopyInto(out *RepositoryDigestMirrors) { + *out = *in + if in.Mirrors != nil { + in, out := &in.Mirrors, &out.Mirrors + *out = make([]Mirror, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RepositoryDigestMirrors. +func (in *RepositoryDigestMirrors) DeepCopy() *RepositoryDigestMirrors { + if in == nil { + return nil + } + out := new(RepositoryDigestMirrors) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestHeaderIdentityProvider) DeepCopyInto(out *RequestHeaderIdentityProvider) { + *out = *in + out.ClientCA = in.ClientCA + if in.ClientCommonNames != nil { + in, out := &in.ClientCommonNames, &out.ClientCommonNames + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Headers != nil { + in, out := &in.Headers, &out.Headers + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.PreferredUsernameHeaders != nil { + in, out := &in.PreferredUsernameHeaders, &out.PreferredUsernameHeaders + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.NameHeaders != nil { + in, out := &in.NameHeaders, &out.NameHeaders + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.EmailHeaders != nil { + in, out := &in.EmailHeaders, &out.EmailHeaders + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestHeaderIdentityProvider. +func (in *RequestHeaderIdentityProvider) DeepCopy() *RequestHeaderIdentityProvider { + if in == nil { + return nil + } + out := new(RequestHeaderIdentityProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequiredHSTSPolicy) DeepCopyInto(out *RequiredHSTSPolicy) { + *out = *in + if in.NamespaceSelector != nil { + in, out := &in.NamespaceSelector, &out.NamespaceSelector + *out = new(metav1.LabelSelector) + (*in).DeepCopyInto(*out) + } + if in.DomainPatterns != nil { + in, out := &in.DomainPatterns, &out.DomainPatterns + *out = make([]string, len(*in)) + copy(*out, *in) + } + in.MaxAge.DeepCopyInto(&out.MaxAge) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequiredHSTSPolicy. +func (in *RequiredHSTSPolicy) DeepCopy() *RequiredHSTSPolicy { + if in == nil { + return nil + } + out := new(RequiredHSTSPolicy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Scheduler) DeepCopyInto(out *Scheduler) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Scheduler. +func (in *Scheduler) DeepCopy() *Scheduler { + if in == nil { + return nil + } + out := new(Scheduler) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Scheduler) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SchedulerList) DeepCopyInto(out *SchedulerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Scheduler, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SchedulerList. +func (in *SchedulerList) DeepCopy() *SchedulerList { + if in == nil { + return nil + } + out := new(SchedulerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *SchedulerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SchedulerSpec) DeepCopyInto(out *SchedulerSpec) { + *out = *in + out.Policy = in.Policy + out.ProfileCustomizations = in.ProfileCustomizations + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SchedulerSpec. +func (in *SchedulerSpec) DeepCopy() *SchedulerSpec { + if in == nil { + return nil + } + out := new(SchedulerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SchedulerStatus) DeepCopyInto(out *SchedulerStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SchedulerStatus. +func (in *SchedulerStatus) DeepCopy() *SchedulerStatus { + if in == nil { + return nil + } + out := new(SchedulerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretNameReference) DeepCopyInto(out *SecretNameReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretNameReference. +func (in *SecretNameReference) DeepCopy() *SecretNameReference { + if in == nil { + return nil + } + out := new(SecretNameReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServingInfo) DeepCopyInto(out *ServingInfo) { + *out = *in + out.CertInfo = in.CertInfo + if in.NamedCertificates != nil { + in, out := &in.NamedCertificates, &out.NamedCertificates + *out = make([]NamedCertificate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.CipherSuites != nil { + in, out := &in.CipherSuites, &out.CipherSuites + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServingInfo. +func (in *ServingInfo) DeepCopy() *ServingInfo { + if in == nil { + return nil + } + out := new(ServingInfo) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SignatureStore) DeepCopyInto(out *SignatureStore) { + *out = *in + out.CA = in.CA + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SignatureStore. +func (in *SignatureStore) DeepCopy() *SignatureStore { + if in == nil { + return nil + } + out := new(SignatureStore) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StringSource) DeepCopyInto(out *StringSource) { + *out = *in + out.StringSourceSpec = in.StringSourceSpec + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringSource. +func (in *StringSource) DeepCopy() *StringSource { + if in == nil { + return nil + } + out := new(StringSource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StringSourceSpec) DeepCopyInto(out *StringSourceSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringSourceSpec. +func (in *StringSourceSpec) DeepCopy() *StringSourceSpec { + if in == nil { + return nil + } + out := new(StringSourceSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSProfileSpec) DeepCopyInto(out *TLSProfileSpec) { + *out = *in + if in.Ciphers != nil { + in, out := &in.Ciphers, &out.Ciphers + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSProfileSpec. +func (in *TLSProfileSpec) DeepCopy() *TLSProfileSpec { + if in == nil { + return nil + } + out := new(TLSProfileSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSSecurityProfile) DeepCopyInto(out *TLSSecurityProfile) { + *out = *in + if in.Old != nil { + in, out := &in.Old, &out.Old + *out = new(OldTLSProfile) + **out = **in + } + if in.Intermediate != nil { + in, out := &in.Intermediate, &out.Intermediate + *out = new(IntermediateTLSProfile) + **out = **in + } + if in.Modern != nil { + in, out := &in.Modern, &out.Modern + *out = new(ModernTLSProfile) + **out = **in + } + if in.Custom != nil { + in, out := &in.Custom, &out.Custom + *out = new(CustomTLSProfile) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSecurityProfile. +func (in *TLSSecurityProfile) DeepCopy() *TLSSecurityProfile { + if in == nil { + return nil + } + out := new(TLSSecurityProfile) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TemplateReference) DeepCopyInto(out *TemplateReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TemplateReference. +func (in *TemplateReference) DeepCopy() *TemplateReference { + if in == nil { + return nil + } + out := new(TemplateReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenClaimMapping) DeepCopyInto(out *TokenClaimMapping) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenClaimMapping. +func (in *TokenClaimMapping) DeepCopy() *TokenClaimMapping { + if in == nil { + return nil + } + out := new(TokenClaimMapping) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenClaimMappings) DeepCopyInto(out *TokenClaimMappings) { + *out = *in + in.Username.DeepCopyInto(&out.Username) + out.Groups = in.Groups + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenClaimMappings. +func (in *TokenClaimMappings) DeepCopy() *TokenClaimMappings { + if in == nil { + return nil + } + out := new(TokenClaimMappings) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenClaimValidationRule) DeepCopyInto(out *TokenClaimValidationRule) { + *out = *in + if in.RequiredClaim != nil { + in, out := &in.RequiredClaim, &out.RequiredClaim + *out = new(TokenRequiredClaim) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenClaimValidationRule. +func (in *TokenClaimValidationRule) DeepCopy() *TokenClaimValidationRule { + if in == nil { + return nil + } + out := new(TokenClaimValidationRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenConfig) DeepCopyInto(out *TokenConfig) { + *out = *in + if in.AccessTokenInactivityTimeout != nil { + in, out := &in.AccessTokenInactivityTimeout, &out.AccessTokenInactivityTimeout + *out = new(metav1.Duration) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenConfig. +func (in *TokenConfig) DeepCopy() *TokenConfig { + if in == nil { + return nil + } + out := new(TokenConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenIssuer) DeepCopyInto(out *TokenIssuer) { + *out = *in + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]TokenAudience, len(*in)) + copy(*out, *in) + } + out.CertificateAuthority = in.CertificateAuthority + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenIssuer. +func (in *TokenIssuer) DeepCopy() *TokenIssuer { + if in == nil { + return nil + } + out := new(TokenIssuer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TokenRequiredClaim) DeepCopyInto(out *TokenRequiredClaim) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TokenRequiredClaim. +func (in *TokenRequiredClaim) DeepCopy() *TokenRequiredClaim { + if in == nil { + return nil + } + out := new(TokenRequiredClaim) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Update) DeepCopyInto(out *Update) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Update. +func (in *Update) DeepCopy() *Update { + if in == nil { + return nil + } + out := new(Update) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UpdateHistory) DeepCopyInto(out *UpdateHistory) { + *out = *in + in.StartedTime.DeepCopyInto(&out.StartedTime) + if in.CompletionTime != nil { + in, out := &in.CompletionTime, &out.CompletionTime + *out = (*in).DeepCopy() + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UpdateHistory. +func (in *UpdateHistory) DeepCopy() *UpdateHistory { + if in == nil { + return nil + } + out := new(UpdateHistory) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UsernameClaimMapping) DeepCopyInto(out *UsernameClaimMapping) { + *out = *in + out.TokenClaimMapping = in.TokenClaimMapping + if in.Prefix != nil { + in, out := &in.Prefix, &out.Prefix + *out = new(UsernamePrefix) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UsernameClaimMapping. +func (in *UsernameClaimMapping) DeepCopy() *UsernameClaimMapping { + if in == nil { + return nil + } + out := new(UsernameClaimMapping) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UsernamePrefix) DeepCopyInto(out *UsernamePrefix) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UsernamePrefix. +func (in *UsernamePrefix) DeepCopy() *UsernamePrefix { + if in == nil { + return nil + } + out := new(UsernamePrefix) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformFailureDomainSpec) DeepCopyInto(out *VSpherePlatformFailureDomainSpec) { + *out = *in + in.Topology.DeepCopyInto(&out.Topology) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformFailureDomainSpec. +func (in *VSpherePlatformFailureDomainSpec) DeepCopy() *VSpherePlatformFailureDomainSpec { + if in == nil { + return nil + } + out := new(VSpherePlatformFailureDomainSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformLoadBalancer) DeepCopyInto(out *VSpherePlatformLoadBalancer) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformLoadBalancer. +func (in *VSpherePlatformLoadBalancer) DeepCopy() *VSpherePlatformLoadBalancer { + if in == nil { + return nil + } + out := new(VSpherePlatformLoadBalancer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformNodeNetworking) DeepCopyInto(out *VSpherePlatformNodeNetworking) { + *out = *in + in.External.DeepCopyInto(&out.External) + in.Internal.DeepCopyInto(&out.Internal) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformNodeNetworking. +func (in *VSpherePlatformNodeNetworking) DeepCopy() *VSpherePlatformNodeNetworking { + if in == nil { + return nil + } + out := new(VSpherePlatformNodeNetworking) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformNodeNetworkingSpec) DeepCopyInto(out *VSpherePlatformNodeNetworkingSpec) { + *out = *in + if in.NetworkSubnetCIDR != nil { + in, out := &in.NetworkSubnetCIDR, &out.NetworkSubnetCIDR + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ExcludeNetworkSubnetCIDR != nil { + in, out := &in.ExcludeNetworkSubnetCIDR, &out.ExcludeNetworkSubnetCIDR + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformNodeNetworkingSpec. +func (in *VSpherePlatformNodeNetworkingSpec) DeepCopy() *VSpherePlatformNodeNetworkingSpec { + if in == nil { + return nil + } + out := new(VSpherePlatformNodeNetworkingSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformSpec) DeepCopyInto(out *VSpherePlatformSpec) { + *out = *in + if in.VCenters != nil { + in, out := &in.VCenters, &out.VCenters + *out = make([]VSpherePlatformVCenterSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.FailureDomains != nil { + in, out := &in.FailureDomains, &out.FailureDomains + *out = make([]VSpherePlatformFailureDomainSpec, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.NodeNetworking.DeepCopyInto(&out.NodeNetworking) + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]IP, len(*in)) + copy(*out, *in) + } + if in.MachineNetworks != nil { + in, out := &in.MachineNetworks, &out.MachineNetworks + *out = make([]CIDR, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformSpec. +func (in *VSpherePlatformSpec) DeepCopy() *VSpherePlatformSpec { + if in == nil { + return nil + } + out := new(VSpherePlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformStatus) DeepCopyInto(out *VSpherePlatformStatus) { + *out = *in + if in.APIServerInternalIPs != nil { + in, out := &in.APIServerInternalIPs, &out.APIServerInternalIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.IngressIPs != nil { + in, out := &in.IngressIPs, &out.IngressIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.LoadBalancer != nil { + in, out := &in.LoadBalancer, &out.LoadBalancer + *out = new(VSpherePlatformLoadBalancer) + **out = **in + } + if in.MachineNetworks != nil { + in, out := &in.MachineNetworks, &out.MachineNetworks + *out = make([]CIDR, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformStatus. +func (in *VSpherePlatformStatus) DeepCopy() *VSpherePlatformStatus { + if in == nil { + return nil + } + out := new(VSpherePlatformStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformTopology) DeepCopyInto(out *VSpherePlatformTopology) { + *out = *in + if in.Networks != nil { + in, out := &in.Networks, &out.Networks + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformTopology. +func (in *VSpherePlatformTopology) DeepCopy() *VSpherePlatformTopology { + if in == nil { + return nil + } + out := new(VSpherePlatformTopology) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VSpherePlatformVCenterSpec) DeepCopyInto(out *VSpherePlatformVCenterSpec) { + *out = *in + if in.Datacenters != nil { + in, out := &in.Datacenters, &out.Datacenters + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VSpherePlatformVCenterSpec. +func (in *VSpherePlatformVCenterSpec) DeepCopy() *VSpherePlatformVCenterSpec { + if in == nil { + return nil + } + out := new(VSpherePlatformVCenterSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *WebhookTokenAuthenticator) DeepCopyInto(out *WebhookTokenAuthenticator) { + *out = *in + out.KubeConfig = in.KubeConfig + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebhookTokenAuthenticator. +func (in *WebhookTokenAuthenticator) DeepCopy() *WebhookTokenAuthenticator { + if in == nil { + return nil + } + out := new(WebhookTokenAuthenticator) + in.DeepCopyInto(out) + return out +} diff --git a/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 0000000000..286bbbd84e --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,490 @@ +apiservers.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: apiservers.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: APIServer + Labels: {} + PluralName: apiservers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +authentications.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: authentications.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - ExternalOIDC + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Authentication + Labels: {} + PluralName: authentications + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +builds.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: builds.config.openshift.io + Capability: Build + Category: "" + FeatureGates: [] + FilenameOperatorName: openshift-controller-manager + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Build + Labels: {} + PluralName: builds + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +clusteroperators.config.openshift.io: + Annotations: + include.release.openshift.io/self-managed-high-availability: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/497 + CRDName: clusteroperators.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: cluster-version-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_00" + GroupName: config.openshift.io + HasStatus: true + KindName: ClusterOperator + Labels: {} + PluralName: clusteroperators + PrinterColumns: + - description: The version the operator is at. + jsonPath: .status.versions[?(@.name=="operator")].version + name: Version + type: string + - description: Whether the operator is running and stable. + jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available + type: string + - description: Whether the operator is processing changes. + jsonPath: .status.conditions[?(@.type=="Progressing")].status + name: Progressing + type: string + - description: Whether the operator is degraded. + jsonPath: .status.conditions[?(@.type=="Degraded")].status + name: Degraded + type: string + - description: The time the operator's Available status last changed. + jsonPath: .status.conditions[?(@.type=="Available")].lastTransitionTime + name: Since + type: date + Scope: Cluster + ShortNames: + - co + TopLevelFeatureGates: [] + Version: v1 + +clusterversions.config.openshift.io: + Annotations: + include.release.openshift.io/self-managed-high-availability: "true" + ApprovedPRNumber: https://github.com/openshift/api/pull/495 + CRDName: clusterversions.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - SignatureStores + FilenameOperatorName: cluster-version-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_00" + GroupName: config.openshift.io + HasStatus: true + KindName: ClusterVersion + Labels: {} + PluralName: clusterversions + PrinterColumns: + - jsonPath: .status.history[?(@.state=="Completed")].version + name: Version + type: string + - jsonPath: .status.conditions[?(@.type=="Available")].status + name: Available + type: string + - jsonPath: .status.conditions[?(@.type=="Progressing")].status + name: Progressing + type: string + - jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime + name: Since + type: date + - jsonPath: .status.conditions[?(@.type=="Progressing")].message + name: Status + type: string + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +consoles.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: consoles.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Console + Labels: {} + PluralName: consoles + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +dnses.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: dnses.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: DNS + Labels: {} + PluralName: dnses + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +featuregates.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: featuregates.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: FeatureGate + Labels: {} + PluralName: featuregates + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +images.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: images.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Image + Labels: {} + PluralName: images + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +imagecontentpolicies.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/874 + CRDName: imagecontentpolicies.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: ImageContentPolicy + Labels: {} + PluralName: imagecontentpolicies + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +imagedigestmirrorsets.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1126 + CRDName: imagedigestmirrorsets.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: ImageDigestMirrorSet + Labels: {} + PluralName: imagedigestmirrorsets + PrinterColumns: [] + Scope: Cluster + ShortNames: + - idms + TopLevelFeatureGates: [] + Version: v1 + +imagetagmirrorsets.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1126 + CRDName: imagetagmirrorsets.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: ImageTagMirrorSet + Labels: {} + PluralName: imagetagmirrorsets + PrinterColumns: [] + Scope: Cluster + ShortNames: + - itms + TopLevelFeatureGates: [] + Version: v1 + +infrastructures.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: infrastructures.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - BareMetalLoadBalancer + - GCPClusterHostedDNS + - GCPLabelsTags + - VSphereControlPlaneMachineSet + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Infrastructure + Labels: {} + PluralName: infrastructures + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +ingresses.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: ingresses.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Ingress + Labels: {} + PluralName: ingresses + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +networks.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: networks.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - NetworkDiagnosticsConfig + - NetworkLiveMigration + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: false + KindName: Network + Labels: {} + PluralName: networks + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +nodes.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1107 + CRDName: nodes.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Node + Labels: {} + PluralName: nodes + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +oauths.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: oauths.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: OAuth + Labels: {} + PluralName: oauths + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +operatorhubs.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: operatorhubs.config.openshift.io + Capability: marketplace + Category: "" + FeatureGates: [] + FilenameOperatorName: marketplace + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_03" + GroupName: config.openshift.io + HasStatus: true + KindName: OperatorHub + Labels: {} + PluralName: operatorhubs + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +projects.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: projects.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Project + Labels: {} + PluralName: projects + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +proxies.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: proxies.config.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_03" + GroupName: config.openshift.io + HasStatus: true + KindName: Proxy + Labels: {} + PluralName: proxies + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + +schedulers.config.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: schedulers.config.openshift.io + Capability: "" + Category: "" + FeatureGates: + - DynamicResourceAllocation + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: config.openshift.io + HasStatus: true + KindName: Scheduler + Labels: {} + PluralName: schedulers + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1 + diff --git a/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go new file mode 100644 index 0000000000..5a163ebdc8 --- /dev/null +++ b/etcd/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -0,0 +1,2565 @@ +package v1 + +// This file contains a collection of methods that can be used from go-restful to +// generate Swagger API documentation for its models. Please read this PR for more +// information on the implementation: https://github.com/emicklei/go-restful/pull/215 +// +// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if +// they are on one line! For multiple line or blocks that you want to ignore use ---. +// Any context after a --- is ignored. +// +// Those methods can be generated by using hack/update-swagger-docs.sh + +// AUTO-GENERATED FUNCTIONS START HERE +var map_AdmissionConfig = map[string]string{ + "enabledPlugins": "enabledPlugins is a list of admission plugins that must be on in addition to the default list. Some admission plugins are disabled by default, but certain configurations require them. This is fairly uncommon and can result in performance penalties and unexpected behavior.", + "disabledPlugins": "disabledPlugins is a list of admission plugins that must be off. Putting something in this list is almost always a mistake and likely to result in cluster instability.", +} + +func (AdmissionConfig) SwaggerDoc() map[string]string { + return map_AdmissionConfig +} + +var map_AdmissionPluginConfig = map[string]string{ + "": "AdmissionPluginConfig holds the necessary configuration options for admission plugins", + "location": "Location is the path to a configuration file that contains the plugin's configuration", + "configuration": "Configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", +} + +func (AdmissionPluginConfig) SwaggerDoc() map[string]string { + return map_AdmissionPluginConfig +} + +var map_AuditConfig = map[string]string{ + "": "AuditConfig holds configuration for the audit capabilities", + "enabled": "If this flag is set, audit log will be printed in the logs. The logs contains, method, user and a requested URL.", + "auditFilePath": "All requests coming to the apiserver will be logged to this file.", + "maximumFileRetentionDays": "Maximum number of days to retain old log files based on the timestamp encoded in their filename.", + "maximumRetainedFiles": "Maximum number of old log files to retain.", + "maximumFileSizeMegabytes": "Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.", + "policyFile": "PolicyFile is a path to the file that defines the audit policy configuration.", + "policyConfiguration": "PolicyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", + "logFormat": "Format of saved audits (legacy or json).", + "webHookKubeConfig": "Path to a .kubeconfig formatted file that defines the audit webhook configuration.", + "webHookMode": "Strategy for sending audit events (block or batch).", +} + +func (AuditConfig) SwaggerDoc() map[string]string { + return map_AuditConfig +} + +var map_CertInfo = map[string]string{ + "": "CertInfo relates a certificate with a private key", + "certFile": "CertFile is a file containing a PEM-encoded certificate", + "keyFile": "KeyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", +} + +func (CertInfo) SwaggerDoc() map[string]string { + return map_CertInfo +} + +var map_ClientConnectionOverrides = map[string]string{ + "acceptContentTypes": "acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the default value of 'application/json'. This field will control all connections to the server used by a particular client.", + "contentType": "contentType is the content type used when sending data to the server from this client.", + "qps": "qps controls the number of queries per second allowed for this connection.", + "burst": "burst allows extra queries to accumulate when a client is exceeding its rate.", +} + +func (ClientConnectionOverrides) SwaggerDoc() map[string]string { + return map_ClientConnectionOverrides +} + +var map_ConfigMapFileReference = map[string]string{ + "": "ConfigMapFileReference references a config map in a specific namespace. The namespace must be specified at the point of use.", + "key": "Key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.", +} + +func (ConfigMapFileReference) SwaggerDoc() map[string]string { + return map_ConfigMapFileReference +} + +var map_ConfigMapNameReference = map[string]string{ + "": "ConfigMapNameReference references a config map in a specific namespace. The namespace must be specified at the point of use.", + "name": "name is the metadata.name of the referenced config map", +} + +func (ConfigMapNameReference) SwaggerDoc() map[string]string { + return map_ConfigMapNameReference +} + +var map_DelegatedAuthentication = map[string]string{ + "": "DelegatedAuthentication allows authentication to be disabled.", + "disabled": "disabled indicates that authentication should be disabled. By default it will use delegated authentication.", +} + +func (DelegatedAuthentication) SwaggerDoc() map[string]string { + return map_DelegatedAuthentication +} + +var map_DelegatedAuthorization = map[string]string{ + "": "DelegatedAuthorization allows authorization to be disabled.", + "disabled": "disabled indicates that authorization should be disabled. By default it will use delegated authorization.", +} + +func (DelegatedAuthorization) SwaggerDoc() map[string]string { + return map_DelegatedAuthorization +} + +var map_EtcdConnectionInfo = map[string]string{ + "": "EtcdConnectionInfo holds information necessary for connecting to an etcd server", + "urls": "URLs are the URLs for etcd", + "ca": "CA is a file containing trusted roots for the etcd server certificates", +} + +func (EtcdConnectionInfo) SwaggerDoc() map[string]string { + return map_EtcdConnectionInfo +} + +var map_EtcdStorageConfig = map[string]string{ + "storagePrefix": "StoragePrefix is the path within etcd that the OpenShift resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located.", +} + +func (EtcdStorageConfig) SwaggerDoc() map[string]string { + return map_EtcdStorageConfig +} + +var map_GenericAPIServerConfig = map[string]string{ + "": "GenericAPIServerConfig is an inline-able struct for aggregated apiservers that need to store data in etcd", + "servingInfo": "servingInfo describes how to start serving", + "corsAllowedOrigins": "corsAllowedOrigins", + "auditConfig": "auditConfig describes how to configure audit information", + "storageConfig": "storageConfig contains information about how to use", + "admission": "admissionConfig holds information about how to configure admission.", +} + +func (GenericAPIServerConfig) SwaggerDoc() map[string]string { + return map_GenericAPIServerConfig +} + +var map_GenericControllerConfig = map[string]string{ + "": "GenericControllerConfig provides information to configure a controller", + "servingInfo": "ServingInfo is the HTTP serving information for the controller's endpoints", + "leaderElection": "leaderElection provides information to elect a leader. Only override this if you have a specific need", + "authentication": "authentication allows configuration of authentication for the endpoints", + "authorization": "authorization allows configuration of authentication for the endpoints", +} + +func (GenericControllerConfig) SwaggerDoc() map[string]string { + return map_GenericControllerConfig +} + +var map_HTTPServingInfo = map[string]string{ + "": "HTTPServingInfo holds configuration for serving HTTP", + "maxRequestsInFlight": "MaxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.", + "requestTimeoutSeconds": "RequestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if -1 there is no limit on requests.", +} + +func (HTTPServingInfo) SwaggerDoc() map[string]string { + return map_HTTPServingInfo +} + +var map_KubeClientConfig = map[string]string{ + "kubeConfig": "kubeConfig is a .kubeconfig filename for going to the owning kube-apiserver. Empty uses an in-cluster-config", + "connectionOverrides": "connectionOverrides specifies client overrides for system components to loop back to this master.", +} + +func (KubeClientConfig) SwaggerDoc() map[string]string { + return map_KubeClientConfig +} + +var map_LeaderElection = map[string]string{ + "": "LeaderElection provides information to elect a leader", + "disable": "disable allows leader election to be suspended while allowing a fully defaulted \"normal\" startup case.", + "namespace": "namespace indicates which namespace the resource is in", + "name": "name indicates what name to use for the resource", + "leaseDuration": "leaseDuration is the duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled.", + "renewDeadline": "renewDeadline is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled.", + "retryPeriod": "retryPeriod is the duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled.", +} + +func (LeaderElection) SwaggerDoc() map[string]string { + return map_LeaderElection +} + +var map_MaxAgePolicy = map[string]string{ + "": "MaxAgePolicy contains a numeric range for specifying a compliant HSTS max-age for the enclosing RequiredHSTSPolicy", + "largestMaxAge": "The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age This value can be left unspecified, in which case no upper limit is enforced.", + "smallestMaxAge": "The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary tool for administrators to quickly correct mistakes. This value can be left unspecified, in which case no lower limit is enforced.", +} + +func (MaxAgePolicy) SwaggerDoc() map[string]string { + return map_MaxAgePolicy +} + +var map_NamedCertificate = map[string]string{ + "": "NamedCertificate specifies a certificate/key, and the names it should be served for", + "names": "Names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", +} + +func (NamedCertificate) SwaggerDoc() map[string]string { + return map_NamedCertificate +} + +var map_RemoteConnectionInfo = map[string]string{ + "": "RemoteConnectionInfo holds information necessary for establishing a remote connection", + "url": "URL is the remote URL to connect to", + "ca": "CA is the CA for verifying TLS connections", +} + +func (RemoteConnectionInfo) SwaggerDoc() map[string]string { + return map_RemoteConnectionInfo +} + +var map_RequiredHSTSPolicy = map[string]string{ + "namespaceSelector": "namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.", + "domainPatterns": "domainPatterns is a list of domains for which the desired HSTS annotations are required. If domainPatterns is specified and a route is created with a spec.host matching one of the domains, the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy.\n\nThe use of wildcards is allowed like this: *.foo.com matches everything under foo.com. foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*.", + "maxAge": "maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client.", + "preloadPolicy": "preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent).", + "includeSubDomainsPolicy": "includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com", +} + +func (RequiredHSTSPolicy) SwaggerDoc() map[string]string { + return map_RequiredHSTSPolicy +} + +var map_SecretNameReference = map[string]string{ + "": "SecretNameReference references a secret in a specific namespace. The namespace must be specified at the point of use.", + "name": "name is the metadata.name of the referenced secret", +} + +func (SecretNameReference) SwaggerDoc() map[string]string { + return map_SecretNameReference +} + +var map_ServingInfo = map[string]string{ + "": "ServingInfo holds information about serving web pages", + "bindAddress": "BindAddress is the ip:port to serve on", + "bindNetwork": "BindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", + "clientCA": "ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", + "namedCertificates": "NamedCertificates is a list of certificates to use to secure requests to specific hostnames", + "minTLSVersion": "MinTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", + "cipherSuites": "CipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", +} + +func (ServingInfo) SwaggerDoc() map[string]string { + return map_ServingInfo +} + +var map_StringSource = map[string]string{ + "": "StringSource allows specifying a string inline, or externally via env var or file. When it contains only a string value, it marshals to a simple JSON string.", +} + +func (StringSource) SwaggerDoc() map[string]string { + return map_StringSource +} + +var map_StringSourceSpec = map[string]string{ + "": "StringSourceSpec specifies a string value, or external location", + "value": "Value specifies the cleartext value, or an encrypted value if keyFile is specified.", + "env": "Env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", + "file": "File references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", + "keyFile": "KeyFile references a file containing the key to use to decrypt the value.", +} + +func (StringSourceSpec) SwaggerDoc() map[string]string { + return map_StringSourceSpec +} + +var map_APIServer = map[string]string{ + "": "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (APIServer) SwaggerDoc() map[string]string { + return map_APIServer +} + +var map_APIServerEncryption = map[string]string{ + "type": "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices.\n\nWhen encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is:\n\n 1. secrets\n 2. configmaps\n 3. routes.route.openshift.io\n 4. oauthaccesstokens.oauth.openshift.io\n 5. oauthauthorizetokens.oauth.openshift.io", +} + +func (APIServerEncryption) SwaggerDoc() map[string]string { + return map_APIServerEncryption +} + +var map_APIServerList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (APIServerList) SwaggerDoc() map[string]string { + return map_APIServerList +} + +var map_APIServerNamedServingCert = map[string]string{ + "": "APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.", + "names": "names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.", + "servingCertificate": "servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data[\"tls.key\"] - TLS private key. - Secret.Data[\"tls.crt\"] - TLS certificate.", +} + +func (APIServerNamedServingCert) SwaggerDoc() map[string]string { + return map_APIServerNamedServingCert +} + +var map_APIServerServingCerts = map[string]string{ + "namedCertificates": "namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.", +} + +func (APIServerServingCerts) SwaggerDoc() map[string]string { + return map_APIServerServingCerts +} + +var map_APIServerSpec = map[string]string{ + "servingCerts": "servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.", + "clientCA": "clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data[\"ca-bundle.crt\"] - CA bundle.", + "additionalCORSAllowedOrigins": "additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.", + "encryption": "encryption allows the configuration of encryption of resources at the datastore layer.", + "tlsSecurityProfile": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nIf unset, a default (which may change between releases) is chosen. Note that only Old, Intermediate and Custom profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12.", + "audit": "audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.", +} + +func (APIServerSpec) SwaggerDoc() map[string]string { + return map_APIServerSpec +} + +var map_Audit = map[string]string{ + "profile": "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules.\n\nThe following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events\n (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody\n level).\n- WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nWarning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly.\n\nIf unset, the 'Default' profile is used as the default.", + "customRules": "customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.", +} + +func (Audit) SwaggerDoc() map[string]string { + return map_Audit +} + +var map_AuditCustomRule = map[string]string{ + "": "AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.", + "group": "group is a name of group a request user must be member of in order to this profile to apply.", + "profile": "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster.\n\nThe following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nIf unset, the 'Default' profile is used as the default.", +} + +func (AuditCustomRule) SwaggerDoc() map[string]string { + return map_AuditCustomRule +} + +var map_Authentication = map[string]string{ + "": "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (Authentication) SwaggerDoc() map[string]string { + return map_Authentication +} + +var map_AuthenticationList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (AuthenticationList) SwaggerDoc() map[string]string { + return map_AuthenticationList +} + +var map_AuthenticationSpec = map[string]string{ + "type": "type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.", + "oauthMetadata": "oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key \"oauthMetadata\" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.", + "webhookTokenAuthenticators": "webhookTokenAuthenticators is DEPRECATED, setting it has no effect.", + "webhookTokenAuthenticator": "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service.\n\nCan only be set if \"Type\" is set to \"None\".", + "serviceAccountIssuer": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.", + "oidcProviders": "OIDCProviders are OIDC identity providers that can issue tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\".\n\nAt most one provider can be configured.", +} + +func (AuthenticationSpec) SwaggerDoc() map[string]string { + return map_AuthenticationSpec +} + +var map_AuthenticationStatus = map[string]string{ + "integratedOAuthMetadata": "integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key \"oauthMetadata\" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.", + "oidcClients": "OIDCClients is where participating operators place the current OIDC client status for OIDC clients that can be customized by the cluster-admin.", +} + +func (AuthenticationStatus) SwaggerDoc() map[string]string { + return map_AuthenticationStatus +} + +var map_DeprecatedWebhookTokenAuthenticator = map[string]string{ + "": "deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.", + "kubeConfig": "kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.", +} + +func (DeprecatedWebhookTokenAuthenticator) SwaggerDoc() map[string]string { + return map_DeprecatedWebhookTokenAuthenticator +} + +var map_OIDCClientConfig = map[string]string{ + "componentName": "ComponentName is the name of the component that is supposed to consume this client configuration", + "componentNamespace": "ComponentNamespace is the namespace of the component that is supposed to consume this client configuration", + "clientID": "ClientID is the identifier of the OIDC client from the OIDC provider", + "clientSecret": "ClientSecret refers to a secret in the `openshift-config` namespace that contains the client secret in the `clientSecret` key of the `.data` field", + "extraScopes": "ExtraScopes is an optional set of scopes to request tokens with.", +} + +func (OIDCClientConfig) SwaggerDoc() map[string]string { + return map_OIDCClientConfig +} + +var map_OIDCClientReference = map[string]string{ + "oidcProviderName": "OIDCName refers to the `name` of the provider from `oidcProviders`", + "issuerURL": "URL is the serving URL of the token issuer. Must use the https:// scheme.", + "clientID": "ClientID is the identifier of the OIDC client from the OIDC provider", +} + +func (OIDCClientReference) SwaggerDoc() map[string]string { + return map_OIDCClientReference +} + +var map_OIDCClientStatus = map[string]string{ + "componentName": "ComponentName is the name of the component that will consume a client configuration.", + "componentNamespace": "ComponentNamespace is the namespace of the component that will consume a client configuration.", + "currentOIDCClients": "CurrentOIDCClients is a list of clients that the component is currently using.", + "consumingUsers": "ConsumingUsers is a slice of ServiceAccounts that need to have read permission on the `clientSecret` secret.", + "conditions": "Conditions are used to communicate the state of the `oidcClients` entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf Available is true, the component is successfully using the configured client. If Degraded is true, that means something has gone wrong trying to handle the client configuration. If Progressing is true, that means the component is taking some action related to the `oidcClients` entry.", +} + +func (OIDCClientStatus) SwaggerDoc() map[string]string { + return map_OIDCClientStatus +} + +var map_OIDCProvider = map[string]string{ + "name": "Name of the OIDC provider", + "issuer": "Issuer describes atributes of the OIDC token issuer", + "oidcClients": "OIDCClients contains configuration for the platform's clients that need to request tokens from the issuer", + "claimMappings": "ClaimMappings describes rules on how to transform information from an ID token into a cluster identity", + "claimValidationRules": "ClaimValidationRules are rules that are applied to validate token claims to authenticate users.", +} + +func (OIDCProvider) SwaggerDoc() map[string]string { + return map_OIDCProvider +} + +var map_PrefixedClaimMapping = map[string]string{ + "prefix": "Prefix is a string to prefix the value from the token in the result of the claim mapping.\n\nBy default, no prefixing occurs.\n\nExample: if `prefix` is set to \"myoidc:\"\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", +} + +func (PrefixedClaimMapping) SwaggerDoc() map[string]string { + return map_PrefixedClaimMapping +} + +var map_TokenClaimMapping = map[string]string{ + "claim": "Claim is a JWT token claim to be used in the mapping", +} + +func (TokenClaimMapping) SwaggerDoc() map[string]string { + return map_TokenClaimMapping +} + +var map_TokenClaimMappings = map[string]string{ + "username": "Username is a name of the claim that should be used to construct usernames for the cluster identity.\n\nDefault value: \"sub\"", + "groups": "Groups is a name of the claim that should be used to construct groups for the cluster identity. The referenced claim must use array of strings values.", +} + +func (TokenClaimMappings) SwaggerDoc() map[string]string { + return map_TokenClaimMappings +} + +var map_TokenClaimValidationRule = map[string]string{ + "type": "Type sets the type of the validation rule", + "requiredClaim": "RequiredClaim allows configuring a required claim name and its expected value", +} + +func (TokenClaimValidationRule) SwaggerDoc() map[string]string { + return map_TokenClaimValidationRule +} + +var map_TokenIssuer = map[string]string{ + "issuerURL": "URL is the serving URL of the token issuer. Must use the https:// scheme.", + "audiences": "Audiences is an array of audiences that the token was issued for. Valid tokens must include at least one of these values in their \"aud\" claim. Must be set to exactly one value.", + "issuerCertificateAuthority": "CertificateAuthority is a reference to a config map in the configuration namespace. The .data of the configMap must contain the \"ca-bundle.crt\" key. If unset, system trust is used instead.", +} + +func (TokenIssuer) SwaggerDoc() map[string]string { + return map_TokenIssuer +} + +var map_TokenRequiredClaim = map[string]string{ + "claim": "Claim is a name of a required claim. Only claims with string values are supported.", + "requiredValue": "RequiredValue is the required value for the claim.", +} + +func (TokenRequiredClaim) SwaggerDoc() map[string]string { + return map_TokenRequiredClaim +} + +var map_UsernameClaimMapping = map[string]string{ + "prefixPolicy": "PrefixPolicy specifies how a prefix should apply.\n\nBy default, claims other than `email` will be prefixed with the issuer URL to prevent naming clashes with other plugins.\n\nSet to \"NoPrefix\" to disable prefixing.\n\nExample:\n (1) `prefix` is set to \"myoidc:\" and `claim` is set to \"username\".\n If the JWT claim `username` contains value `userA`, the resulting\n mapped value will be \"myoidc:userA\".\n (2) `prefix` is set to \"myoidc:\" and `claim` is set to \"email\". If the\n JWT `email` claim contains value \"userA@myoidc.tld\", the resulting\n mapped value will be \"myoidc:userA@myoidc.tld\".\n (3) `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n (b) \"email\": the mapped value will be \"userA@myoidc.tld\"", +} + +func (UsernameClaimMapping) SwaggerDoc() map[string]string { + return map_UsernameClaimMapping +} + +var map_WebhookTokenAuthenticator = map[string]string{ + "": "webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator", + "kubeConfig": "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config.\n\nFor further details, see:\n\nhttps://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication\n\nThe key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored.", +} + +func (WebhookTokenAuthenticator) SwaggerDoc() map[string]string { + return map_WebhookTokenAuthenticator +} + +var map_Build = map[string]string{ + "": "Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.\n\nThe canonical name is \"cluster\"\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "Spec holds user-settable values for the build controller configuration", +} + +func (Build) SwaggerDoc() map[string]string { + return map_Build +} + +var map_BuildDefaults = map[string]string{ + "defaultProxy": "DefaultProxy contains the default proxy settings for all build operations, including image pull/push and source download.\n\nValues can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build config's strategy.", + "gitProxy": "GitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone.\n\nValues that are not set here will be inherited from DefaultProxy.", + "env": "Env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", + "imageLabels": "ImageLabels is a list of docker labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", + "resources": "Resources defines resource requirements to execute the build.", +} + +func (BuildDefaults) SwaggerDoc() map[string]string { + return map_BuildDefaults +} + +var map_BuildList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (BuildList) SwaggerDoc() map[string]string { + return map_BuildList +} + +var map_BuildOverrides = map[string]string{ + "imageLabels": "ImageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", + "nodeSelector": "NodeSelector is a selector which must be true for the build pod to fit on a node", + "tolerations": "Tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", + "forcePull": "ForcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself", +} + +func (BuildOverrides) SwaggerDoc() map[string]string { + return map_BuildOverrides +} + +var map_BuildSpec = map[string]string{ + "additionalTrustedCA": "AdditionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted for image pushes and pulls during builds. The namespace for this config map is openshift-config.\n\nDEPRECATED: Additional CAs for image pull and push should be set on image.config.openshift.io/cluster instead.", + "buildDefaults": "BuildDefaults controls the default information for Builds", + "buildOverrides": "BuildOverrides controls override settings for builds", +} + +func (BuildSpec) SwaggerDoc() map[string]string { + return map_BuildSpec +} + +var map_ImageLabel = map[string]string{ + "name": "Name defines the name of the label. It must have non-zero length.", + "value": "Value defines the literal value of the label.", +} + +func (ImageLabel) SwaggerDoc() map[string]string { + return map_ImageLabel +} + +var map_ClusterOperator = map[string]string{ + "": "ClusterOperator is the Custom Resource object which holds the current state of an operator. This object is used by operators to convey their state to the rest of the cluster.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds configuration that could apply to any operator.", + "status": "status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem.", +} + +func (ClusterOperator) SwaggerDoc() map[string]string { + return map_ClusterOperator +} + +var map_ClusterOperatorList = map[string]string{ + "": "ClusterOperatorList is a list of OperatorStatus resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (ClusterOperatorList) SwaggerDoc() map[string]string { + return map_ClusterOperatorList +} + +var map_ClusterOperatorSpec = map[string]string{ + "": "ClusterOperatorSpec is empty for now, but you could imagine holding information like \"pause\".", +} + +func (ClusterOperatorSpec) SwaggerDoc() map[string]string { + return map_ClusterOperatorSpec +} + +var map_ClusterOperatorStatus = map[string]string{ + "": "ClusterOperatorStatus provides information about the status of the operator.", + "conditions": "conditions describes the state of the operator's managed and monitored components.", + "versions": "versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple operand entries in the array. Available operators must report the version of the operator itself with the name \"operator\". An operator reports a new \"operator\" version when it has rolled out the new version to all of its operands.", + "relatedObjects": "relatedObjects is a list of objects that are \"interesting\" or related to this operator. Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces", + "extension": "extension contains any additional status information specific to the operator which owns this status object.", +} + +func (ClusterOperatorStatus) SwaggerDoc() map[string]string { + return map_ClusterOperatorStatus +} + +var map_ClusterOperatorStatusCondition = map[string]string{ + "": "ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.", + "type": "type specifies the aspect reported by this condition.", + "status": "status of the condition, one of True, False, Unknown.", + "lastTransitionTime": "lastTransitionTime is the time of the last update to the current status property.", + "reason": "reason is the CamelCase reason for the condition's current status.", + "message": "message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", +} + +func (ClusterOperatorStatusCondition) SwaggerDoc() map[string]string { + return map_ClusterOperatorStatusCondition +} + +var map_ObjectReference = map[string]string{ + "": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "group": "group of the referent.", + "resource": "resource of the referent.", + "namespace": "namespace of the referent.", + "name": "name of the referent.", +} + +func (ObjectReference) SwaggerDoc() map[string]string { + return map_ObjectReference +} + +var map_OperandVersion = map[string]string{ + "name": "name is the name of the particular operand this version is for. It usually matches container images, not operators.", + "version": "version indicates which version of a particular operand is currently being managed. It must always match the Available operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0", +} + +func (OperandVersion) SwaggerDoc() map[string]string { + return map_OperandVersion +} + +var map_ClusterCondition = map[string]string{ + "": "ClusterCondition is a union of typed cluster conditions. The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate.", + "type": "type represents the cluster-condition type. This defines the members and semantics of any additional properties.", + "promql": "promQL represents a cluster condition based on PromQL.", +} + +func (ClusterCondition) SwaggerDoc() map[string]string { + return map_ClusterCondition +} + +var map_ClusterVersion = map[string]string{ + "": "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.", + "status": "status contains information about the available updates and any in-progress updates.", +} + +func (ClusterVersion) SwaggerDoc() map[string]string { + return map_ClusterVersion +} + +var map_ClusterVersionCapabilitiesSpec = map[string]string{ + "": "ClusterVersionCapabilitiesSpec selects the managed set of optional, core cluster components.", + "baselineCapabilitySet": "baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent.", + "additionalEnabledCapabilities": "additionalEnabledCapabilities extends the set of managed capabilities beyond the baseline defined in baselineCapabilitySet. The default is an empty set.", +} + +func (ClusterVersionCapabilitiesSpec) SwaggerDoc() map[string]string { + return map_ClusterVersionCapabilitiesSpec +} + +var map_ClusterVersionCapabilitiesStatus = map[string]string{ + "": "ClusterVersionCapabilitiesStatus describes the state of optional, core cluster components.", + "enabledCapabilities": "enabledCapabilities lists all the capabilities that are currently managed.", + "knownCapabilities": "knownCapabilities lists all the capabilities known to the current cluster.", +} + +func (ClusterVersionCapabilitiesStatus) SwaggerDoc() map[string]string { + return map_ClusterVersionCapabilitiesStatus +} + +var map_ClusterVersionList = map[string]string{ + "": "ClusterVersionList is a list of ClusterVersion resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (ClusterVersionList) SwaggerDoc() map[string]string { + return map_ClusterVersionList +} + +var map_ClusterVersionSpec = map[string]string{ + "": "ClusterVersionSpec is the desired version state of the cluster. It includes the version the cluster should be at, how the cluster is identified, and where the cluster should look for version updates.", + "clusterID": "clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.", + "desiredUpdate": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. You should not do this. version is silently ignored and image is used. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted. Not all rollbacks will succeed.", + "upstream": "upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.", + "channel": "channel is an identifier for explicitly requesting that a non-default set of updates be applied to this cluster. The default channel will be contain stable updates that are appropriate for production clusters.", + "capabilities": "capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.", + "signatureStores": "signatureStores contains the upstream URIs to verify release signatures and optional reference to a config map by name containing the PEM-encoded CA bundle.\n\nBy default, CVO will use existing signature stores if this property is empty. The CVO will check the release signatures in the local ConfigMaps first. It will search for a valid signature in these stores in parallel only when local ConfigMaps did not include a valid signature. Validation will fail if none of the signature stores reply with valid signature before timeout. Setting signatureStores will replace the default signature stores with custom signature stores. Default stores can be used with custom signature stores by adding them manually.\n\nA maximum of 32 signature stores may be configured.", + "overrides": "overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object.", +} + +func (ClusterVersionSpec) SwaggerDoc() map[string]string { + return map_ClusterVersionSpec +} + +var map_ClusterVersionStatus = map[string]string{ + "": "ClusterVersionStatus reports the status of the cluster versioning, including any upgrades that are in progress. The current field will be set to whichever version the cluster is reconciling to, and the conditions array will report whether the update succeeded, is in progress, or is failing.", + "desired": "desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.", + "history": "history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.", + "observedGeneration": "observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version.", + "versionHash": "versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only.", + "capabilities": "capabilities describes the state of optional, core cluster components.", + "conditions": "conditions provides information about the cluster version. The condition \"Available\" is set to true if the desiredUpdate has been reached. The condition \"Progressing\" is set to true if an update is being applied. The condition \"Degraded\" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.", + "availableUpdates": "availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.", + "conditionalUpdates": "conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.", +} + +func (ClusterVersionStatus) SwaggerDoc() map[string]string { + return map_ClusterVersionStatus +} + +var map_ComponentOverride = map[string]string{ + "": "ComponentOverride allows overriding cluster version operator's behavior for a component.", + "kind": "kind indentifies which object to override.", + "group": "group identifies the API group that the kind is in.", + "namespace": "namespace is the component's namespace. If the resource is cluster scoped, the namespace should be empty.", + "name": "name is the component's name.", + "unmanaged": "unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false", +} + +func (ComponentOverride) SwaggerDoc() map[string]string { + return map_ComponentOverride +} + +var map_ConditionalUpdate = map[string]string{ + "": "ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.", + "release": "release is the target of the update.", + "risks": "risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.", + "conditions": "conditions represents the observations of the conditional update's current status. Known types are: * Recommended, for whether the update is recommended for the current cluster.", +} + +func (ConditionalUpdate) SwaggerDoc() map[string]string { + return map_ConditionalUpdate +} + +var map_ConditionalUpdateRisk = map[string]string{ + "": "ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.", + "url": "url contains information about this risk.", + "name": "name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state.", + "message": "message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", + "matchingRules": "matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.", +} + +func (ConditionalUpdateRisk) SwaggerDoc() map[string]string { + return map_ConditionalUpdateRisk +} + +var map_PromQLClusterCondition = map[string]string{ + "": "PromQLClusterCondition represents a cluster condition based on PromQL.", + "promql": "PromQL is a PromQL query classifying clusters. This query query should return a 1 in the match case and a 0 in the does-not-match case. Queries which return no time series, or which return values besides 0 or 1, are evaluation failures.", +} + +func (PromQLClusterCondition) SwaggerDoc() map[string]string { + return map_PromQLClusterCondition +} + +var map_Release = map[string]string{ + "": "Release represents an OpenShift release image and associated metadata.", + "version": "version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.", + "image": "image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.", + "url": "url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.", + "channels": "channels is the set of Cincinnati channels to which the release currently belongs.", +} + +func (Release) SwaggerDoc() map[string]string { + return map_Release +} + +var map_SignatureStore = map[string]string{ + "": "SignatureStore represents the URL of custom Signature Store", + "url": "url contains the upstream custom signature store URL. url should be a valid absolute http/https URI of an upstream signature store as per rfc1738. This must be provided and cannot be empty.", + "ca": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the signature store is not honored. If the specified ca data is not valid, the signature store is not honored. If empty, we fall back to the CA configured via Proxy, which is appended to the default system roots. The namespace for this config map is openshift-config.", +} + +func (SignatureStore) SwaggerDoc() map[string]string { + return map_SignatureStore +} + +var map_Update = map[string]string{ + "": "Update represents an administrator update request.", + "architecture": "architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.", + "version": "version is a semantic version identifying the update version. version is ignored if image is specified and required if architecture is specified.", + "image": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, version is ignored. When image is set, version should be empty. When image is set, architecture cannot be specified.", + "force": "force allows an administrator to update to an image that has failed verification or upgradeable checks. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.", +} + +func (Update) SwaggerDoc() map[string]string { + return map_Update +} + +var map_UpdateHistory = map[string]string{ + "": "UpdateHistory is a single attempted update to the cluster.", + "state": "state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied).", + "startedTime": "startedTime is the time at which the update was started.", + "completionTime": "completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).", + "version": "version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.", + "image": "image is a container image location that contains the update. This value is always populated.", + "verified": "verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted.", + "acceptedRisks": "acceptedRisks records risks which were accepted to initiate the update. For example, it may menition an Upgradeable=False or missing signature that was overriden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.", +} + +func (UpdateHistory) SwaggerDoc() map[string]string { + return map_UpdateHistory +} + +var map_Console = map[string]string{ + "": "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (Console) SwaggerDoc() map[string]string { + return map_Console +} + +var map_ConsoleAuthentication = map[string]string{ + "": "ConsoleAuthentication defines a list of optional configuration for console authentication.", + "logoutRedirect": "An optional, absolute URL to redirect web browsers to after logging out of the console. If not specified, it will redirect to the default login page. This is required when using an identity provider that supports single sign-on (SSO) such as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console will destroy the user's token. The logoutRedirect provides the user the option to perform single logout (SLO) through the identity provider to destroy their single sign-on session.", +} + +func (ConsoleAuthentication) SwaggerDoc() map[string]string { + return map_ConsoleAuthentication +} + +var map_ConsoleList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (ConsoleList) SwaggerDoc() map[string]string { + return map_ConsoleList +} + +var map_ConsoleSpec = map[string]string{ + "": "ConsoleSpec is the specification of the desired behavior of the Console.", +} + +func (ConsoleSpec) SwaggerDoc() map[string]string { + return map_ConsoleSpec +} + +var map_ConsoleStatus = map[string]string{ + "": "ConsoleStatus defines the observed status of the Console.", + "consoleURL": "The URL for the console. This will be derived from the host for the route that is created for the console.", +} + +func (ConsoleStatus) SwaggerDoc() map[string]string { + return map_ConsoleStatus +} + +var map_AWSDNSSpec = map[string]string{ + "": "AWSDNSSpec contains DNS configuration specific to the Amazon Web Services cloud provider.", + "privateZoneIAMRole": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.", +} + +func (AWSDNSSpec) SwaggerDoc() map[string]string { + return map_AWSDNSSpec +} + +var map_DNS = map[string]string{ + "": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (DNS) SwaggerDoc() map[string]string { + return map_DNS +} + +var map_DNSList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (DNSList) SwaggerDoc() map[string]string { + return map_DNSList +} + +var map_DNSPlatformSpec = map[string]string{ + "": "DNSPlatformSpec holds cloud-provider-specific configuration for DNS administration.", + "type": "type is the underlying infrastructure provider for the cluster. Allowed values: \"\", \"AWS\".\n\nIndividual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults.", + "aws": "aws contains DNS configuration specific to the Amazon Web Services cloud provider.", +} + +func (DNSPlatformSpec) SwaggerDoc() map[string]string { + return map_DNSPlatformSpec +} + +var map_DNSSpec = map[string]string{ + "baseDomain": "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base.\n\nFor example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`.\n\nOnce set, this field cannot be changed.", + "publicZone": "publicZone is the location where all the DNS records that are publicly accessible to the internet exist.\n\nIf this field is nil, no public records should be created.\n\nOnce set, this field cannot be changed.", + "privateZone": "privateZone is the location where all the DNS records that are only available internally to the cluster exist.\n\nIf this field is nil, no private records should be created.\n\nOnce set, this field cannot be changed.", + "platform": "platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", +} + +func (DNSSpec) SwaggerDoc() map[string]string { + return map_DNSSpec +} + +var map_DNSZone = map[string]string{ + "": "DNSZone is used to define a DNS hosted zone. A zone can be identified by an ID or tags.", + "id": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", + "tags": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", +} + +func (DNSZone) SwaggerDoc() map[string]string { + return map_DNSZone +} + +var map_CustomFeatureGates = map[string]string{ + "enabled": "enabled is a list of all feature gates that you want to force on", + "disabled": "disabled is a list of all feature gates that you want to force off", +} + +func (CustomFeatureGates) SwaggerDoc() map[string]string { + return map_CustomFeatureGates +} + +var map_FeatureGate = map[string]string{ + "": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (FeatureGate) SwaggerDoc() map[string]string { + return map_FeatureGate +} + +var map_FeatureGateAttributes = map[string]string{ + "name": "name is the name of the FeatureGate.", +} + +func (FeatureGateAttributes) SwaggerDoc() map[string]string { + return map_FeatureGateAttributes +} + +var map_FeatureGateDetails = map[string]string{ + "version": "version matches the version provided by the ClusterVersion and in the ClusterOperator.Status.Versions field.", + "enabled": "enabled is a list of all feature gates that are enabled in the cluster for the named version.", + "disabled": "disabled is a list of all feature gates that are disabled in the cluster for the named version.", +} + +func (FeatureGateDetails) SwaggerDoc() map[string]string { + return map_FeatureGateDetails +} + +var map_FeatureGateList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (FeatureGateList) SwaggerDoc() map[string]string { + return map_FeatureGateList +} + +var map_FeatureGateSelection = map[string]string{ + "featureSet": "featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.", + "customNoUpgrade": "customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal \"CustomNoUpgrade\" must be set to use this field.", +} + +func (FeatureGateSelection) SwaggerDoc() map[string]string { + return map_FeatureGateSelection +} + +var map_FeatureGateStatus = map[string]string{ + "conditions": "conditions represent the observations of the current state. Known .status.conditions.type are: \"DeterminationDegraded\"", + "featureGates": "featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate the version they are managing, find the enabled/disabled featuregates and make the operand and operator match. The enabled/disabled values for a particular version may change during the life of the cluster as various .spec.featureSet values are selected. Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable lists is beyond the scope of this API and is the responsibility of individual operators. Only featureGates with .version in the ClusterVersion.status will be present in this list.", +} + +func (FeatureGateStatus) SwaggerDoc() map[string]string { + return map_FeatureGateStatus +} + +var map_Image = map[string]string{ + "": "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (Image) SwaggerDoc() map[string]string { + return map_Image +} + +var map_ImageList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (ImageList) SwaggerDoc() map[string]string { + return map_ImageList +} + +var map_ImageSpec = map[string]string{ + "allowedRegistriesForImport": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", + "externalRegistryHostnames": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", + "additionalTrustedCA": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config.", + "registrySources": "registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry.", +} + +func (ImageSpec) SwaggerDoc() map[string]string { + return map_ImageSpec +} + +var map_ImageStatus = map[string]string{ + "internalRegistryHostname": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format. This value is set by the image registry operator which controls the internal registry hostname.", + "externalRegistryHostnames": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", +} + +func (ImageStatus) SwaggerDoc() map[string]string { + return map_ImageStatus +} + +var map_RegistryLocation = map[string]string{ + "": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", + "domainName": "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", + "insecure": "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", +} + +func (RegistryLocation) SwaggerDoc() map[string]string { + return map_RegistryLocation +} + +var map_RegistrySources = map[string]string{ + "": "RegistrySources holds cluster-wide information about how to handle the registries config.", + "insecureRegistries": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", + "blockedRegistries": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "allowedRegistries": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "containerRuntimeSearchRegistries": "containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.", +} + +func (RegistrySources) SwaggerDoc() map[string]string { + return map_RegistrySources +} + +var map_ImageContentPolicy = map[string]string{ + "": "ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", +} + +func (ImageContentPolicy) SwaggerDoc() map[string]string { + return map_ImageContentPolicy +} + +var map_ImageContentPolicyList = map[string]string{ + "": "ImageContentPolicyList lists the items in the ImageContentPolicy CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (ImageContentPolicyList) SwaggerDoc() map[string]string { + return map_ImageContentPolicyList +} + +var map_ImageContentPolicySpec = map[string]string{ + "": "ImageContentPolicySpec is the specification of the ImageContentPolicy CRD.", + "repositoryDigestMirrors": "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To pull image from mirrors by tags, should set the \"allowMirrorByTags\".\n\nEach “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", +} + +func (ImageContentPolicySpec) SwaggerDoc() map[string]string { + return map_ImageContentPolicySpec +} + +var map_RepositoryDigestMirrors = map[string]string{ + "": "RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", + "source": "source is the repository that users refer to, e.g. in image pull specifications.", + "allowMirrorByTags": "allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Forcing digest-pulls for mirrors avoids that issue.", + "mirrors": "mirrors is zero or more repositories that may also contain the same images. If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. No mirror will be configured. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.", +} + +func (RepositoryDigestMirrors) SwaggerDoc() map[string]string { + return map_RepositoryDigestMirrors +} + +var map_ImageDigestMirrorSet = map[string]string{ + "": "ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status contains the observed state of the resource.", +} + +func (ImageDigestMirrorSet) SwaggerDoc() map[string]string { + return map_ImageDigestMirrorSet +} + +var map_ImageDigestMirrorSetList = map[string]string{ + "": "ImageDigestMirrorSetList lists the items in the ImageDigestMirrorSet CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (ImageDigestMirrorSetList) SwaggerDoc() map[string]string { + return map_ImageDigestMirrorSetList +} + +var map_ImageDigestMirrorSetSpec = map[string]string{ + "": "ImageDigestMirrorSetSpec is the specification of the ImageDigestMirrorSet CRD.", + "imageDigestMirrors": "imageDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using tag specification, users should configure a list of mirrors using \"ImageTagMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagedigestmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order.", +} + +func (ImageDigestMirrorSetSpec) SwaggerDoc() map[string]string { + return map_ImageDigestMirrorSetSpec +} + +var map_ImageDigestMirrors = map[string]string{ + "": "ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", + "source": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. \"source\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "mirrors": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their digests. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\" Other cluster configuration, including (but not limited to) other imageDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. \"mirrors\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "mirrorSourcePolicy": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", +} + +func (ImageDigestMirrors) SwaggerDoc() map[string]string { + return map_ImageDigestMirrors +} + +var map_ImageTagMirrorSet = map[string]string{ + "": "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status contains the observed state of the resource.", +} + +func (ImageTagMirrorSet) SwaggerDoc() map[string]string { + return map_ImageTagMirrorSet +} + +var map_ImageTagMirrorSetList = map[string]string{ + "": "ImageTagMirrorSetList lists the items in the ImageTagMirrorSet CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (ImageTagMirrorSetList) SwaggerDoc() map[string]string { + return map_ImageTagMirrorSetList +} + +var map_ImageTagMirrorSetSpec = map[string]string{ + "": "ImageTagMirrorSetSpec is the specification of the ImageTagMirrorSet CRD.", + "imageTagMirrors": "imageTagMirrors allows images referenced by image tags in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageTagMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using digest specification only, users should configure a list of mirrors using \"ImageDigestMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagetagmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order.", +} + +func (ImageTagMirrorSetSpec) SwaggerDoc() map[string]string { + return map_ImageTagMirrorSetSpec +} + +var map_ImageTagMirrors = map[string]string{ + "": "ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config.", + "source": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. \"source\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "mirrors": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their tags. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Configuring a list of mirrors using \"ImageDigestMirrorSet\" CRD and forcing digest-pulls for mirrors avoids that issue. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\". Other cluster configuration, including (but not limited to) other imageTagMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. \"mirrors\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "mirrorSourcePolicy": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", +} + +func (ImageTagMirrors) SwaggerDoc() map[string]string { + return map_ImageTagMirrors +} + +var map_AWSPlatformSpec = map[string]string{ + "": "AWSPlatformSpec holds the desired state of the Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", + "serviceEndpoints": "serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", +} + +func (AWSPlatformSpec) SwaggerDoc() map[string]string { + return map_AWSPlatformSpec +} + +var map_AWSPlatformStatus = map[string]string{ + "": "AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.", + "region": "region holds the default AWS region for new AWS resources created by the cluster.", + "serviceEndpoints": "ServiceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", + "resourceTags": "resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user.", +} + +func (AWSPlatformStatus) SwaggerDoc() map[string]string { + return map_AWSPlatformStatus +} + +var map_AWSResourceTag = map[string]string{ + "": "AWSResourceTag is a tag to apply to AWS resources created for the cluster.", + "key": "key is the key of the tag", + "value": "value is the value of the tag. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services.", +} + +func (AWSResourceTag) SwaggerDoc() map[string]string { + return map_AWSResourceTag +} + +var map_AWSServiceEndpoint = map[string]string{ + "": "AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.", + "name": "name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.", + "url": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", +} + +func (AWSServiceEndpoint) SwaggerDoc() map[string]string { + return map_AWSServiceEndpoint +} + +var map_AlibabaCloudPlatformSpec = map[string]string{ + "": "AlibabaCloudPlatformSpec holds the desired state of the Alibaba Cloud infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (AlibabaCloudPlatformSpec) SwaggerDoc() map[string]string { + return map_AlibabaCloudPlatformSpec +} + +var map_AlibabaCloudPlatformStatus = map[string]string{ + "": "AlibabaCloudPlatformStatus holds the current status of the Alibaba Cloud infrastructure provider.", + "region": "region specifies the region for Alibaba Cloud resources created for the cluster.", + "resourceGroupID": "resourceGroupID is the ID of the resource group for the cluster.", + "resourceTags": "resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster.", +} + +func (AlibabaCloudPlatformStatus) SwaggerDoc() map[string]string { + return map_AlibabaCloudPlatformStatus +} + +var map_AlibabaCloudResourceTag = map[string]string{ + "": "AlibabaCloudResourceTag is the set of tags to add to apply to resources.", + "key": "key is the key of the tag.", + "value": "value is the value of the tag.", +} + +func (AlibabaCloudResourceTag) SwaggerDoc() map[string]string { + return map_AlibabaCloudResourceTag +} + +var map_AzurePlatformSpec = map[string]string{ + "": "AzurePlatformSpec holds the desired state of the Azure infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (AzurePlatformSpec) SwaggerDoc() map[string]string { + return map_AzurePlatformSpec +} + +var map_AzurePlatformStatus = map[string]string{ + "": "AzurePlatformStatus holds the current status of the Azure infrastructure provider.", + "resourceGroupName": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", + "networkResourceGroupName": "networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName.", + "cloudName": "cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`.", + "armEndpoint": "armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.", + "resourceTags": "resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.", +} + +func (AzurePlatformStatus) SwaggerDoc() map[string]string { + return map_AzurePlatformStatus +} + +var map_AzureResourceTag = map[string]string{ + "": "AzureResourceTag is a tag to apply to Azure resources created for the cluster.", + "key": "key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`.", + "value": "value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.", +} + +func (AzureResourceTag) SwaggerDoc() map[string]string { + return map_AzureResourceTag +} + +var map_BareMetalPlatformLoadBalancer = map[string]string{ + "": "BareMetalPlatformLoadBalancer defines the load balancer used by the cluster on BareMetal platform.", + "type": "type defines the type of load balancer used by the cluster on BareMetal platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", +} + +func (BareMetalPlatformLoadBalancer) SwaggerDoc() map[string]string { + return map_BareMetalPlatformLoadBalancer +} + +var map_BareMetalPlatformSpec = map[string]string{ + "": "BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. This only includes fields that can be modified in the cluster.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", +} + +func (BareMetalPlatformSpec) SwaggerDoc() map[string]string { + return map_BareMetalPlatformSpec +} + +var map_BareMetalPlatformStatus = map[string]string{ + "": "BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. For more information about the network architecture used with the BareMetal platform type, see: https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", + "loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.", + "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", +} + +func (BareMetalPlatformStatus) SwaggerDoc() map[string]string { + return map_BareMetalPlatformStatus +} + +var map_CloudControllerManagerStatus = map[string]string{ + "": "CloudControllerManagerStatus holds the state of Cloud Controller Manager (a.k.a. CCM or CPI) related settings", + "state": "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager\n\nValid values are \"External\", \"None\" and omitted. When set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.", +} + +func (CloudControllerManagerStatus) SwaggerDoc() map[string]string { + return map_CloudControllerManagerStatus +} + +var map_CloudLoadBalancerConfig = map[string]string{ + "": "CloudLoadBalancerConfig contains an union discriminator indicating the type of DNS solution in use within the cluster. When the DNSType is `ClusterHosted`, the cloud's Load Balancer configuration needs to be provided so that the DNS solution hosted within the cluster can be configured with those values.", + "dnsType": "dnsType indicates the type of DNS solution in use within the cluster. Its default value of `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform. It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode, the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed. The cluster's use of the cloud's Load Balancers is unaffected by this setting. The value is immutable after it has been set at install time. Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS. Enabling this functionality allows the user to start their own DNS solution outside the cluster after installation is complete. The customer would be responsible for configuring this custom DNS solution, and it can be run in addition to the in-cluster DNS solution.", + "clusterHosted": "clusterHosted holds the IP addresses of API, API-Int and Ingress Load Balancers on Cloud Platforms. The DNS solution hosted within the cluster use these IP addresses to provide resolution for API, API-Int and Ingress services.", +} + +func (CloudLoadBalancerConfig) SwaggerDoc() map[string]string { + return map_CloudLoadBalancerConfig +} + +var map_CloudLoadBalancerIPs = map[string]string{ + "": "CloudLoadBalancerIPs contains the Load Balancer IPs for the cloud's API, API-Int and Ingress Load balancers. They will be populated as soon as the respective Load Balancers have been configured. These values are utilized to configure the DNS solution hosted within the cluster.", + "apiIntLoadBalancerIPs": "apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Entries in the apiIntLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", + "apiLoadBalancerIPs": "apiLoadBalancerIPs holds Load Balancer IPs for the API service. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Could be empty for private clusters. Entries in the apiLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", + "ingressLoadBalancerIPs": "ingressLoadBalancerIPs holds IPs for Ingress Load Balancers. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Entries in the ingressLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", +} + +func (CloudLoadBalancerIPs) SwaggerDoc() map[string]string { + return map_CloudLoadBalancerIPs +} + +var map_EquinixMetalPlatformSpec = map[string]string{ + "": "EquinixMetalPlatformSpec holds the desired state of the Equinix Metal infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (EquinixMetalPlatformSpec) SwaggerDoc() map[string]string { + return map_EquinixMetalPlatformSpec +} + +var map_EquinixMetalPlatformStatus = map[string]string{ + "": "EquinixMetalPlatformStatus holds the current status of the Equinix Metal infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", +} + +func (EquinixMetalPlatformStatus) SwaggerDoc() map[string]string { + return map_EquinixMetalPlatformStatus +} + +var map_ExternalPlatformSpec = map[string]string{ + "": "ExternalPlatformSpec holds the desired state for the generic External infrastructure provider.", + "platformName": "PlatformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. This field is solely for informational and reporting purposes and is not expected to be used for decision-making.", +} + +func (ExternalPlatformSpec) SwaggerDoc() map[string]string { + return map_ExternalPlatformSpec +} + +var map_ExternalPlatformStatus = map[string]string{ + "": "ExternalPlatformStatus holds the current status of the generic External infrastructure provider.", + "cloudControllerManager": "cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.", +} + +func (ExternalPlatformStatus) SwaggerDoc() map[string]string { + return map_ExternalPlatformStatus +} + +var map_GCPPlatformSpec = map[string]string{ + "": "GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (GCPPlatformSpec) SwaggerDoc() map[string]string { + return map_GCPPlatformSpec +} + +var map_GCPPlatformStatus = map[string]string{ + "": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", + "projectID": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", + "region": "region holds the region for new GCP resources created for the cluster.", + "resourceLabels": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", + "resourceTags": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", + "cloudLoadBalancerConfig": "cloudLoadBalancerConfig is a union that contains the IP addresses of API, API-Int and Ingress Load Balancers created on the cloud platform. These values would not be populated on on-prem platforms. These Load Balancer IPs are used to configure the in-cluster DNS instances for API, API-Int and Ingress services. `dnsType` is expected to be set to `ClusterHosted` when these Load Balancer IP addresses are populated and used.", +} + +func (GCPPlatformStatus) SwaggerDoc() map[string]string { + return map_GCPPlatformStatus +} + +var map_GCPResourceLabel = map[string]string{ + "": "GCPResourceLabel is a label to apply to GCP resources created for the cluster.", + "key": "key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`.", + "value": "value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.", +} + +func (GCPResourceLabel) SwaggerDoc() map[string]string { + return map_GCPResourceLabel +} + +var map_GCPResourceTag = map[string]string{ + "": "GCPResourceTag is a tag to apply to GCP resources created for the cluster.", + "parentID": "parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", + "key": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", + "value": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", +} + +func (GCPResourceTag) SwaggerDoc() map[string]string { + return map_GCPResourceTag +} + +var map_IBMCloudPlatformSpec = map[string]string{ + "": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (IBMCloudPlatformSpec) SwaggerDoc() map[string]string { + return map_IBMCloudPlatformSpec +} + +var map_IBMCloudPlatformStatus = map[string]string{ + "": "IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider.", + "location": "Location is where the cluster has been deployed", + "resourceGroupName": "ResourceGroupName is the Resource Group for new IBMCloud resources created for the cluster.", + "providerType": "ProviderType indicates the type of cluster that was created", + "cisInstanceCRN": "CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", + "dnsInstanceCRN": "DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain", + "serviceEndpoints": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM Cloud service. These endpoints are consumed by components within the cluster to reach the respective IBM Cloud Services.", +} + +func (IBMCloudPlatformStatus) SwaggerDoc() map[string]string { + return map_IBMCloudPlatformStatus +} + +var map_IBMCloudServiceEndpoint = map[string]string{ + "": "IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services.", + "name": "name is the name of the IBM Cloud service. Possible values are: CIS, COS, DNSServices, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`", + "url": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", +} + +func (IBMCloudServiceEndpoint) SwaggerDoc() map[string]string { + return map_IBMCloudServiceEndpoint +} + +var map_Infrastructure = map[string]string{ + "": "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (Infrastructure) SwaggerDoc() map[string]string { + return map_Infrastructure +} + +var map_InfrastructureList = map[string]string{ + "": "InfrastructureList is\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (InfrastructureList) SwaggerDoc() map[string]string { + return map_InfrastructureList +} + +var map_InfrastructureSpec = map[string]string{ + "": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", + "cloudConfig": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.\n\ncloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only.", + "platformSpec": "platformSpec holds desired information specific to the underlying infrastructure provider.", +} + +func (InfrastructureSpec) SwaggerDoc() map[string]string { + return map_InfrastructureSpec +} + +var map_InfrastructureStatus = map[string]string{ + "": "InfrastructureStatus describes the infrastructure the cluster is leveraging.", + "infrastructureName": "infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters.", + "platform": "platform is the underlying infrastructure provider for the cluster.\n\nDeprecated: Use platformStatus.type instead.", + "platformStatus": "platformStatus holds status information specific to the underlying infrastructure provider.", + "etcdDiscoveryDomain": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.", + "apiServerURL": "apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.", + "apiServerInternalURI": "apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.", + "controlPlaneTopology": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster.", + "infrastructureTopology": "infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.", + "cpuPartitioning": "cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are \"None\" and \"AllNodes\". When omitted, the default value is \"None\". The default value of \"None\" indicates that no nodes will be setup with CPU partitioning. The \"AllNodes\" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API.", +} + +func (InfrastructureStatus) SwaggerDoc() map[string]string { + return map_InfrastructureStatus +} + +var map_KubevirtPlatformSpec = map[string]string{ + "": "KubevirtPlatformSpec holds the desired state of the kubevirt infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (KubevirtPlatformSpec) SwaggerDoc() map[string]string { + return map_KubevirtPlatformSpec +} + +var map_KubevirtPlatformStatus = map[string]string{ + "": "KubevirtPlatformStatus holds the current status of the kubevirt infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", +} + +func (KubevirtPlatformStatus) SwaggerDoc() map[string]string { + return map_KubevirtPlatformStatus +} + +var map_NutanixFailureDomain = map[string]string{ + "": "NutanixFailureDomain configures failure domain information for the Nutanix platform.", + "name": "name defines the unique name of a failure domain. Name is required and must be at most 64 characters in length. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. This value is arbitrary and is used to identify the failure domain within the platform.", + "cluster": "cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + "subnets": "subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", +} + +func (NutanixFailureDomain) SwaggerDoc() map[string]string { + return map_NutanixFailureDomain +} + +var map_NutanixPlatformLoadBalancer = map[string]string{ + "": "NutanixPlatformLoadBalancer defines the load balancer used by the cluster on Nutanix platform.", + "type": "type defines the type of load balancer used by the cluster on Nutanix platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", +} + +func (NutanixPlatformLoadBalancer) SwaggerDoc() map[string]string { + return map_NutanixPlatformLoadBalancer +} + +var map_NutanixPlatformSpec = map[string]string{ + "": "NutanixPlatformSpec holds the desired state of the Nutanix infrastructure provider. This only includes fields that can be modified in the cluster.", + "prismCentral": "prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.", + "prismElements": "prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central.", + "failureDomains": "failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster.", +} + +func (NutanixPlatformSpec) SwaggerDoc() map[string]string { + return map_NutanixPlatformSpec +} + +var map_NutanixPlatformStatus = map[string]string{ + "": "NutanixPlatformStatus holds the current status of the Nutanix infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.", +} + +func (NutanixPlatformStatus) SwaggerDoc() map[string]string { + return map_NutanixPlatformStatus +} + +var map_NutanixPrismElementEndpoint = map[string]string{ + "": "NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster)", + "name": "name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc).", + "endpoint": "endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.", +} + +func (NutanixPrismElementEndpoint) SwaggerDoc() map[string]string { + return map_NutanixPrismElementEndpoint +} + +var map_NutanixPrismEndpoint = map[string]string{ + "": "NutanixPrismEndpoint holds the endpoint address and port to access the Nutanix Prism Central or Element (cluster)", + "address": "address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)", + "port": "port is the port number to access the Nutanix Prism Central or Element (cluster)", +} + +func (NutanixPrismEndpoint) SwaggerDoc() map[string]string { + return map_NutanixPrismEndpoint +} + +var map_NutanixResourceIdentifier = map[string]string{ + "": "NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)", + "type": "type is the identifier type to use for this resource.", + "uuid": "uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID.", + "name": "name is the resource name in the PC. It cannot be empty if the type is Name.", +} + +func (NutanixResourceIdentifier) SwaggerDoc() map[string]string { + return map_NutanixResourceIdentifier +} + +var map_OpenStackPlatformLoadBalancer = map[string]string{ + "": "OpenStackPlatformLoadBalancer defines the load balancer used by the cluster on OpenStack platform.", + "type": "type defines the type of load balancer used by the cluster on OpenStack platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", +} + +func (OpenStackPlatformLoadBalancer) SwaggerDoc() map[string]string { + return map_OpenStackPlatformLoadBalancer +} + +var map_OpenStackPlatformSpec = map[string]string{ + "": "OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. This only includes fields that can be modified in the cluster.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", +} + +func (OpenStackPlatformSpec) SwaggerDoc() map[string]string { + return map_OpenStackPlatformSpec +} + +var map_OpenStackPlatformStatus = map[string]string{ + "": "OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "cloudName": "cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`).", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", + "loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.", + "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", +} + +func (OpenStackPlatformStatus) SwaggerDoc() map[string]string { + return map_OpenStackPlatformStatus +} + +var map_OvirtPlatformLoadBalancer = map[string]string{ + "": "OvirtPlatformLoadBalancer defines the load balancer used by the cluster on Ovirt platform.", + "type": "type defines the type of load balancer used by the cluster on Ovirt platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", +} + +func (OvirtPlatformLoadBalancer) SwaggerDoc() map[string]string { + return map_OvirtPlatformLoadBalancer +} + +var map_OvirtPlatformSpec = map[string]string{ + "": "OvirtPlatformSpec holds the desired state of the oVirt infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (OvirtPlatformSpec) SwaggerDoc() map[string]string { + return map_OvirtPlatformSpec +} + +var map_OvirtPlatformStatus = map[string]string{ + "": "OvirtPlatformStatus holds the current status of the oVirt infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "nodeDNSIP": "deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.", + "loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.", +} + +func (OvirtPlatformStatus) SwaggerDoc() map[string]string { + return map_OvirtPlatformStatus +} + +var map_PlatformSpec = map[string]string{ + "": "PlatformSpec holds the desired state specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", + "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", + "azure": "Azure contains settings specific to the Azure infrastructure provider.", + "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", + "baremetal": "BareMetal contains settings specific to the BareMetal platform.", + "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", + "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", + "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", + "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", + "kubevirt": "Kubevirt contains settings specific to the kubevirt infrastructure provider.", + "equinixMetal": "EquinixMetal contains settings specific to the Equinix Metal infrastructure provider.", + "powervs": "PowerVS contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider.", + "alibabaCloud": "AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", + "nutanix": "Nutanix contains settings specific to the Nutanix infrastructure provider.", + "external": "ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately.", +} + +func (PlatformSpec) SwaggerDoc() map[string]string { + return map_PlatformSpec +} + +var map_PlatformStatus = map[string]string{ + "": "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.", + "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.\n\nThis value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set.", + "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", + "azure": "Azure contains settings specific to the Azure infrastructure provider.", + "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", + "baremetal": "BareMetal contains settings specific to the BareMetal platform.", + "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", + "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", + "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", + "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", + "kubevirt": "Kubevirt contains settings specific to the kubevirt infrastructure provider.", + "equinixMetal": "EquinixMetal contains settings specific to the Equinix Metal infrastructure provider.", + "powervs": "PowerVS contains settings specific to the Power Systems Virtual Servers infrastructure provider.", + "alibabaCloud": "AlibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", + "nutanix": "Nutanix contains settings specific to the Nutanix infrastructure provider.", + "external": "External contains settings specific to the generic External infrastructure provider.", +} + +func (PlatformStatus) SwaggerDoc() map[string]string { + return map_PlatformStatus +} + +var map_PowerVSPlatformSpec = map[string]string{ + "": "PowerVSPlatformSpec holds the desired state of the IBM Power Systems Virtual Servers infrastructure provider. This only includes fields that can be modified in the cluster.", + "serviceEndpoints": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.", +} + +func (PowerVSPlatformSpec) SwaggerDoc() map[string]string { + return map_PowerVSPlatformSpec +} + +var map_PowerVSPlatformStatus = map[string]string{ + "": "PowerVSPlatformStatus holds the current status of the IBM Power Systems Virtual Servers infrastrucutre provider.", + "region": "region holds the default Power VS region for new Power VS resources created by the cluster.", + "zone": "zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported", + "resourceGroup": "resourceGroup is the resource group name for new IBMCloud resources created for a cluster. The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry. More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. When omitted, the image registry operator won't be able to configure storage, which results in the image registry cluster operator not being in an available state.", + "serviceEndpoints": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.", + "cisInstanceCRN": "CISInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", + "dnsInstanceCRN": "DNSInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain", +} + +func (PowerVSPlatformStatus) SwaggerDoc() map[string]string { + return map_PowerVSPlatformStatus +} + +var map_PowerVSServiceEndpoint = map[string]string{ + "": "PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.", + "name": "name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud", + "url": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", +} + +func (PowerVSServiceEndpoint) SwaggerDoc() map[string]string { + return map_PowerVSServiceEndpoint +} + +var map_VSpherePlatformFailureDomainSpec = map[string]string{ + "": "VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain.", + "name": "name defines the arbitrary but unique name of a failure domain.", + "region": "region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region.", + "zone": "zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone.", + "server": "server is the fully-qualified domain name or the IP address of the vCenter server.", + "topology": "Topology describes a given failure domain using vSphere constructs", +} + +func (VSpherePlatformFailureDomainSpec) SwaggerDoc() map[string]string { + return map_VSpherePlatformFailureDomainSpec +} + +var map_VSpherePlatformLoadBalancer = map[string]string{ + "": "VSpherePlatformLoadBalancer defines the load balancer used by the cluster on VSphere platform.", + "type": "type defines the type of load balancer used by the cluster on VSphere platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", +} + +func (VSpherePlatformLoadBalancer) SwaggerDoc() map[string]string { + return map_VSpherePlatformLoadBalancer +} + +var map_VSpherePlatformNodeNetworking = map[string]string{ + "": "VSpherePlatformNodeNetworking holds the external and internal node networking spec.", + "external": "external represents the network configuration of the node that is externally routable.", + "internal": "internal represents the network configuration of the node that is routable only within the cluster.", +} + +func (VSpherePlatformNodeNetworking) SwaggerDoc() map[string]string { + return map_VSpherePlatformNodeNetworking +} + +var map_VSpherePlatformNodeNetworkingSpec = map[string]string{ + "": "VSpherePlatformNodeNetworkingSpec holds the network CIDR(s) and port group name for including and excluding IP ranges in the cloud provider. This would be used for example when multiple network adapters are attached to a guest to help determine which IP address the cloud config manager should use for the external and internal node networking.", + "networkSubnetCidr": "networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields.", + "network": "network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`", + "excludeNetworkSubnetCidr": "excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields.", +} + +func (VSpherePlatformNodeNetworkingSpec) SwaggerDoc() map[string]string { + return map_VSpherePlatformNodeNetworkingSpec +} + +var map_VSpherePlatformSpec = map[string]string{ + "": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. In the future the cloud provider operator, storage operator and machine operator will use these fields for configuration.", + "vcenters": "vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported.", + "failureDomains": "failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.", + "nodeNetworking": "nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", +} + +func (VSpherePlatformSpec) SwaggerDoc() map[string]string { + return map_VSpherePlatformSpec +} + +var map_VSpherePlatformStatus = map[string]string{ + "": "VSpherePlatformStatus holds the current status of the vSphere infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", + "loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.", + "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", +} + +func (VSpherePlatformStatus) SwaggerDoc() map[string]string { + return map_VSpherePlatformStatus +} + +var map_VSpherePlatformTopology = map[string]string{ + "": "VSpherePlatformTopology holds the required and optional vCenter objects - datacenter, computeCluster, networks, datastore and resourcePool - to provision virtual machines.", + "datacenter": "datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters.", + "computeCluster": "computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form //host/. The maximum length of the path is 2048 characters.", + "networks": "networks is the list of port group network names within this failure domain. Currently, we only support a single interface per RHCOS virtual machine. The available networks (port groups) can be listed using `govc ls 'network/*'` The single interface should be the absolute path of the form //network/.", + "datastore": "datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form //datastore/ The maximum length of the path is 2048 characters.", + "resourcePool": "resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form //host//Resources/. The maximum length of the path is 2048 characters.", + "folder": "folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form //vm/. The maximum length of the path is 2048 characters.", + "template": "template is the full inventory path of the virtual machine or template that will be cloned when creating new machines in this failure domain. The maximum length of the path is 2048 characters.\n\nWhen omitted, the template will be calculated by the control plane machineset operator based on the region and zone defined in VSpherePlatformFailureDomainSpec. For example, for zone=zonea, region=region1, and infrastructure name=test, the template path would be calculated as //vm/test-rhcos-region1-zonea.", +} + +func (VSpherePlatformTopology) SwaggerDoc() map[string]string { + return map_VSpherePlatformTopology +} + +var map_VSpherePlatformVCenterSpec = map[string]string{ + "": "VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM.", + "server": "server is the fully-qualified domain name or the IP address of the vCenter server.", + "port": "port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time.", + "datacenters": "The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology.", +} + +func (VSpherePlatformVCenterSpec) SwaggerDoc() map[string]string { + return map_VSpherePlatformVCenterSpec +} + +var map_AWSIngressSpec = map[string]string{ + "": "AWSIngressSpec holds the desired state of the Ingress for Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "type allows user to set a load balancer type. When this field is set the default ingresscontroller will get created using the specified LBType. If this field is not set then the default ingress controller of LBType Classic will be created. Valid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", +} + +func (AWSIngressSpec) SwaggerDoc() map[string]string { + return map_AWSIngressSpec +} + +var map_ComponentRouteSpec = map[string]string{ + "": "ComponentRouteSpec allows for configuration of a route's hostname and serving certificate.", + "namespace": "namespace is the namespace of the route to customize.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.", + "name": "name is the logical name of the route to customize.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.", + "hostname": "hostname is the hostname that should be used by the route.", + "servingCertKeyPairSecret": "servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", +} + +func (ComponentRouteSpec) SwaggerDoc() map[string]string { + return map_ComponentRouteSpec +} + +var map_ComponentRouteStatus = map[string]string{ + "": "ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate.", + "namespace": "namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace ensures that no two components will conflict and the same component can be installed multiple times.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.", + "name": "name is the logical name of the route to customize. It does not have to be the actual name of a route resource but it cannot be renamed.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.", + "defaultHostname": "defaultHostname is the hostname of this route prior to customization.", + "consumingUsers": "consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret.", + "currentHostnames": "currentHostnames is the list of current names used by the route. Typically, this list should consist of a single hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list.", + "conditions": "conditions are used to communicate the state of the componentRoutes entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured.\n\nIf Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect.\n\nIf Progressing is true, that means the component is taking some action related to the componentRoutes entry.", + "relatedObjects": "relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied.", +} + +func (ComponentRouteStatus) SwaggerDoc() map[string]string { + return map_ComponentRouteStatus +} + +var map_Ingress = map[string]string{ + "": "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (Ingress) SwaggerDoc() map[string]string { + return map_Ingress +} + +var map_IngressList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (IngressList) SwaggerDoc() map[string]string { + return map_IngressList +} + +var map_IngressPlatformSpec = map[string]string{ + "": "IngressPlatformSpec holds the desired state of Ingress specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", + "type": "type is the underlying infrastructure provider for the cluster. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "aws": "aws contains settings specific to the Amazon Web Services infrastructure provider.", +} + +func (IngressPlatformSpec) SwaggerDoc() map[string]string { + return map_IngressPlatformSpec +} + +var map_IngressSpec = map[string]string{ + "domain": "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\".\n\nIt is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\".\n\nOnce set, changing domain is not currently supported.", + "appsDomain": "appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate.", + "componentRoutes": "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list.\n\nTo determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes.", + "requiredHSTSPolicies": "requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission.\n\nA candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains\n\n- For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation.\n\nThe HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working.\n\nNote that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.", + "loadBalancer": "loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure provider of the current cluster and are required for Ingress Controller to work on OpenShift.", +} + +func (IngressSpec) SwaggerDoc() map[string]string { + return map_IngressSpec +} + +var map_IngressStatus = map[string]string{ + "componentRoutes": "componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.", + "defaultPlacement": "defaultPlacement is set at installation time to control which nodes will host the ingress router pods by default. The options are control-plane nodes or worker nodes.\n\nThis field works by dictating how the Cluster Ingress Operator will consider unset replicas and nodePlacement fields in IngressController resources when creating the corresponding Deployments.\n\nSee the documentation for the IngressController replicas and nodePlacement fields for more information.\n\nWhen omitted, the default value is Workers", +} + +func (IngressStatus) SwaggerDoc() map[string]string { + return map_IngressStatus +} + +var map_LoadBalancer = map[string]string{ + "platform": "platform holds configuration specific to the underlying infrastructure provider for the ingress load balancers. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", +} + +func (LoadBalancer) SwaggerDoc() map[string]string { + return map_LoadBalancer +} + +var map_ClusterNetworkEntry = map[string]string{ + "": "ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.", + "cidr": "The complete block for pod IPs.", + "hostPrefix": "The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.", +} + +func (ClusterNetworkEntry) SwaggerDoc() map[string]string { + return map_ClusterNetworkEntry +} + +var map_ExternalIPConfig = map[string]string{ + "": "ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field of a Service resource.", + "policy": "policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set.", + "autoAssignCIDRs": "autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called \"IngressIPs\". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided.", +} + +func (ExternalIPConfig) SwaggerDoc() map[string]string { + return map_ExternalIPConfig +} + +var map_ExternalIPPolicy = map[string]string{ + "": "ExternalIPPolicy configures exactly which IPs are allowed for the ExternalIP field in a Service. If the zero struct is supplied, then none are permitted. The policy controller always allows automatically assigned external IPs.", + "allowedCIDRs": "allowedCIDRs is the list of allowed CIDRs.", + "rejectedCIDRs": "rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs.", +} + +func (ExternalIPPolicy) SwaggerDoc() map[string]string { + return map_ExternalIPPolicy +} + +var map_MTUMigration = map[string]string{ + "": "MTUMigration contains infomation about MTU migration.", + "network": "Network contains MTU migration configuration for the default network.", + "machine": "Machine contains MTU migration configuration for the machine's uplink.", +} + +func (MTUMigration) SwaggerDoc() map[string]string { + return map_MTUMigration +} + +var map_MTUMigrationValues = map[string]string{ + "": "MTUMigrationValues contains the values for a MTU migration.", + "to": "To is the MTU to migrate to.", + "from": "From is the MTU to migrate from.", +} + +func (MTUMigrationValues) SwaggerDoc() map[string]string { + return map_MTUMigrationValues +} + +var map_Network = map[string]string{ + "": "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (Network) SwaggerDoc() map[string]string { + return map_Network +} + +var map_NetworkDiagnostics = map[string]string{ + "mode": "mode controls the network diagnostics mode\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is All.", + "sourcePlacement": "sourcePlacement controls the scheduling of network diagnostics source deployment\n\nSee NetworkDiagnosticsSourcePlacement for more details about default values.", + "targetPlacement": "targetPlacement controls the scheduling of network diagnostics target daemonset\n\nSee NetworkDiagnosticsTargetPlacement for more details about default values.", +} + +func (NetworkDiagnostics) SwaggerDoc() map[string]string { + return map_NetworkDiagnostics +} + +var map_NetworkDiagnosticsSourcePlacement = map[string]string{ + "": "NetworkDiagnosticsSourcePlacement defines node scheduling configuration network diagnostics source components", + "nodeSelector": "nodeSelector is the node selector applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.", + "tolerations": "tolerations is a list of tolerations applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is an empty list.", +} + +func (NetworkDiagnosticsSourcePlacement) SwaggerDoc() map[string]string { + return map_NetworkDiagnosticsSourcePlacement +} + +var map_NetworkDiagnosticsTargetPlacement = map[string]string{ + "": "NetworkDiagnosticsTargetPlacement defines node scheduling configuration network diagnostics target components", + "nodeSelector": "nodeSelector is the node selector applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.", + "tolerations": "tolerations is a list of tolerations applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `- operator: \"Exists\"` which means that all taints are tolerated.", +} + +func (NetworkDiagnosticsTargetPlacement) SwaggerDoc() map[string]string { + return map_NetworkDiagnosticsTargetPlacement +} + +var map_NetworkList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (NetworkList) SwaggerDoc() map[string]string { + return map_NetworkList +} + +var map_NetworkMigration = map[string]string{ + "": "NetworkMigration represents the cluster network configuration.", + "networkType": "NetworkType is the target plugin that is to be deployed. Currently supported values are: OpenShiftSDN, OVNKubernetes", + "mtu": "MTU contains the MTU migration configuration.", +} + +func (NetworkMigration) SwaggerDoc() map[string]string { + return map_NetworkMigration +} + +var map_NetworkSpec = map[string]string{ + "": "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", + "clusterNetwork": "IP address pool to use for pod IPs. This field is immutable after installation.", + "serviceNetwork": "IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.", + "networkType": "NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN This field is immutable after installation.", + "externalIP": "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.", + "serviceNodePortRange": "The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.", + "networkDiagnostics": "networkDiagnostics defines network diagnostics configuration.\n\nTakes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.", +} + +func (NetworkSpec) SwaggerDoc() map[string]string { + return map_NetworkSpec +} + +var map_NetworkStatus = map[string]string{ + "": "NetworkStatus is the current network configuration.", + "clusterNetwork": "IP address pool to use for pod IPs.", + "serviceNetwork": "IP address pool for services. Currently, we only support a single entry here.", + "networkType": "NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).", + "clusterNetworkMTU": "ClusterNetworkMTU is the MTU for inter-pod networking.", + "migration": "Migration contains the cluster network migration configuration.", + "conditions": "conditions represents the observations of a network.config current state. Known .status.conditions.type are: \"NetworkTypeMigrationInProgress\", \"NetworkTypeMigrationMTUReady\", \"NetworkTypeMigrationTargetCNIAvailable\", \"NetworkTypeMigrationTargetCNIInUse\", \"NetworkTypeMigrationOriginalCNIPurged\" and \"NetworkDiagnosticsAvailable\"", +} + +func (NetworkStatus) SwaggerDoc() map[string]string { + return map_NetworkStatus +} + +var map_Node = map[string]string{ + "": "Node holds cluster-wide information about node specific features.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values.", +} + +func (Node) SwaggerDoc() map[string]string { + return map_Node +} + +var map_NodeList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (NodeList) SwaggerDoc() map[string]string { + return map_NodeList +} + +var map_NodeSpec = map[string]string{ + "cgroupMode": "CgroupMode determines the cgroups version on the node", + "workerLatencyProfile": "WorkerLatencyProfile determins the how fast the kubelet is updating the status and corresponding reaction of the cluster", +} + +func (NodeSpec) SwaggerDoc() map[string]string { + return map_NodeSpec +} + +var map_BasicAuthIdentityProvider = map[string]string{ + "": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials", +} + +func (BasicAuthIdentityProvider) SwaggerDoc() map[string]string { + return map_BasicAuthIdentityProvider +} + +var map_GitHubIdentityProvider = map[string]string{ + "": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials", + "clientID": "clientID is the oauth client ID", + "clientSecret": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", + "organizations": "organizations optionally restricts which organizations are allowed to log in", + "teams": "teams optionally restricts which teams are allowed to log in. Format is /.", + "hostname": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value configured at /setup/settings#hostname.", + "ca": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value. The namespace for this config map is openshift-config.", +} + +func (GitHubIdentityProvider) SwaggerDoc() map[string]string { + return map_GitHubIdentityProvider +} + +var map_GitLabIdentityProvider = map[string]string{ + "": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials", + "clientID": "clientID is the oauth client ID", + "clientSecret": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", + "url": "url is the oauth server base URL", + "ca": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", +} + +func (GitLabIdentityProvider) SwaggerDoc() map[string]string { + return map_GitLabIdentityProvider +} + +var map_GoogleIdentityProvider = map[string]string{ + "": "GoogleIdentityProvider provides identities for users authenticating using Google credentials", + "clientID": "clientID is the oauth client ID", + "clientSecret": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", + "hostedDomain": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", +} + +func (GoogleIdentityProvider) SwaggerDoc() map[string]string { + return map_GoogleIdentityProvider +} + +var map_HTPasswdIdentityProvider = map[string]string{ + "": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials", + "fileData": "fileData is a required reference to a secret by name containing the data to use as the htpasswd file. The key \"htpasswd\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. If the specified htpasswd data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", +} + +func (HTPasswdIdentityProvider) SwaggerDoc() map[string]string { + return map_HTPasswdIdentityProvider +} + +var map_IdentityProvider = map[string]string{ + "": "IdentityProvider provides identities for users authenticating using credentials", + "name": "name is used to qualify the identities returned by this provider. - It MUST be unique and not shared by any other identity provider used - It MUST be a valid path segment: name cannot equal \".\" or \"..\" or contain \"/\" or \"%\" or \":\"\n Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName", + "mappingMethod": "mappingMethod determines how identities from this provider are mapped to users Defaults to \"claim\"", +} + +func (IdentityProvider) SwaggerDoc() map[string]string { + return map_IdentityProvider +} + +var map_IdentityProviderConfig = map[string]string{ + "": "IdentityProviderConfig contains configuration for using a specific identity provider", + "type": "type identifies the identity provider type for this entry.", + "basicAuth": "basicAuth contains configuration options for the BasicAuth IdP", + "github": "github enables user authentication using GitHub credentials", + "gitlab": "gitlab enables user authentication using GitLab credentials", + "google": "google enables user authentication using Google credentials", + "htpasswd": "htpasswd enables user authentication using an HTPasswd file to validate credentials", + "keystone": "keystone enables user authentication using keystone password credentials", + "ldap": "ldap enables user authentication using LDAP credentials", + "openID": "openID enables user authentication using OpenID credentials", + "requestHeader": "requestHeader enables user authentication using request header credentials", +} + +func (IdentityProviderConfig) SwaggerDoc() map[string]string { + return map_IdentityProviderConfig +} + +var map_KeystoneIdentityProvider = map[string]string{ + "": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials", + "domainName": "domainName is required for keystone v3", +} + +func (KeystoneIdentityProvider) SwaggerDoc() map[string]string { + return map_KeystoneIdentityProvider +} + +var map_LDAPAttributeMapping = map[string]string{ + "": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", + "id": "id is the list of attributes whose values should be used as the user ID. Required. First non-empty attribute is used. At least one attribute is required. If none of the listed attribute have a value, authentication fails. LDAP standard identity attribute is \"dn\"", + "preferredUsername": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", + "name": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", + "email": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", +} + +func (LDAPAttributeMapping) SwaggerDoc() map[string]string { + return map_LDAPAttributeMapping +} + +var map_LDAPIdentityProvider = map[string]string{ + "": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials", + "url": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter", + "bindDN": "bindDN is an optional DN to bind with during the search phase.", + "bindPassword": "bindPassword is an optional reference to a secret by name containing a password to bind with during the search phase. The key \"bindPassword\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", + "insecure": "insecure, if true, indicates the connection should not use TLS WARNING: Should not be set to `true` with the URL scheme \"ldaps://\" as \"ldaps://\" URLs always\n attempt to connect using TLS, even when `insecure` is set to `true`\nWhen `true`, \"ldap://\" URLS connect insecurely. When `false`, \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.", + "ca": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + "attributes": "attributes maps LDAP attributes to identities", +} + +func (LDAPIdentityProvider) SwaggerDoc() map[string]string { + return map_LDAPIdentityProvider +} + +var map_OAuth = map[string]string{ + "": "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (OAuth) SwaggerDoc() map[string]string { + return map_OAuth +} + +var map_OAuthList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (OAuthList) SwaggerDoc() map[string]string { + return map_OAuthList +} + +var map_OAuthRemoteConnectionInfo = map[string]string{ + "": "OAuthRemoteConnectionInfo holds information necessary for establishing a remote connection", + "url": "url is the remote URL to connect to", + "ca": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + "tlsClientCert": "tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key \"tls.crt\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", + "tlsClientKey": "tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key \"tls.key\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", +} + +func (OAuthRemoteConnectionInfo) SwaggerDoc() map[string]string { + return map_OAuthRemoteConnectionInfo +} + +var map_OAuthSpec = map[string]string{ + "": "OAuthSpec contains desired cluster auth configuration", + "identityProviders": "identityProviders is an ordered list of ways for a user to identify themselves. When this list is empty, no identities are provisioned for users.", + "tokenConfig": "tokenConfig contains options for authorization and access tokens", + "templates": "templates allow you to customize pages like the login page.", +} + +func (OAuthSpec) SwaggerDoc() map[string]string { + return map_OAuthSpec +} + +var map_OAuthStatus = map[string]string{ + "": "OAuthStatus shows current known state of OAuth server in the cluster", +} + +func (OAuthStatus) SwaggerDoc() map[string]string { + return map_OAuthStatus +} + +var map_OAuthTemplates = map[string]string{ + "": "OAuthTemplates allow for customization of pages like the login page", + "login": "login is the name of a secret that specifies a go template to use to render the login page. The key \"login.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default login page is used. If the specified template is not valid, the default login page is used. If unspecified, the default login page is used. The namespace for this secret is openshift-config.", + "providerSelection": "providerSelection is the name of a secret that specifies a go template to use to render the provider selection page. The key \"providers.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default provider selection page is used. If the specified template is not valid, the default provider selection page is used. If unspecified, the default provider selection page is used. The namespace for this secret is openshift-config.", + "error": "error is the name of a secret that specifies a go template to use to render error pages during the authentication or grant flow. The key \"errors.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default error page is used. If the specified template is not valid, the default error page is used. If unspecified, the default error page is used. The namespace for this secret is openshift-config.", +} + +func (OAuthTemplates) SwaggerDoc() map[string]string { + return map_OAuthTemplates +} + +var map_OpenIDClaims = map[string]string{ + "": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", + "preferredUsername": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the sub claim", + "name": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", + "email": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", + "groups": "groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user. If multiple claims are specified, the first one with a non-empty value is used.", +} + +func (OpenIDClaims) SwaggerDoc() map[string]string { + return map_OpenIDClaims +} + +var map_OpenIDIdentityProvider = map[string]string{ + "": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials", + "clientID": "clientID is the oauth client ID", + "clientSecret": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", + "ca": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + "extraScopes": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", + "extraAuthorizeParameters": "extraAuthorizeParameters are any custom parameters to add to the authorize request.", + "issuer": "issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. It must use the https scheme with no query or fragment component.", + "claims": "claims mappings", +} + +func (OpenIDIdentityProvider) SwaggerDoc() map[string]string { + return map_OpenIDIdentityProvider +} + +var map_RequestHeaderIdentityProvider = map[string]string{ + "": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials", + "loginURL": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}\nRequired when login is set to true.", + "challengeURL": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here. ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}\nRequired when challenge is set to true.", + "ca": "ca is a required reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. Specifically, it allows verification of incoming requests to prevent header spoofing. The key \"ca.crt\" is used to locate the data. If the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. The namespace for this config map is openshift-config.", + "clientCommonNames": "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.", + "headers": "headers is the set of headers to check for identity information", + "preferredUsernameHeaders": "preferredUsernameHeaders is the set of headers to check for the preferred username", + "nameHeaders": "nameHeaders is the set of headers to check for the display name", + "emailHeaders": "emailHeaders is the set of headers to check for the email address", +} + +func (RequestHeaderIdentityProvider) SwaggerDoc() map[string]string { + return map_RequestHeaderIdentityProvider +} + +var map_TokenConfig = map[string]string{ + "": "TokenConfig holds the necessary configuration options for authorization and access tokens", + "accessTokenMaxAgeSeconds": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", + "accessTokenInactivityTimeoutSeconds": "accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.", + "accessTokenInactivityTimeout": "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", +} + +func (TokenConfig) SwaggerDoc() map[string]string { + return map_TokenConfig +} + +var map_HubSource = map[string]string{ + "": "HubSource is used to specify the hub source and its configuration", + "name": "name is the name of one of the default hub sources", + "disabled": "disabled is used to disable a default hub source on cluster", +} + +func (HubSource) SwaggerDoc() map[string]string { + return map_HubSource +} + +var map_HubSourceStatus = map[string]string{ + "": "HubSourceStatus is used to reflect the current state of applying the configuration to a default source", + "status": "status indicates success or failure in applying the configuration", + "message": "message provides more information regarding failures", +} + +func (HubSourceStatus) SwaggerDoc() map[string]string { + return map_HubSourceStatus +} + +var map_OperatorHub = map[string]string{ + "": "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (OperatorHub) SwaggerDoc() map[string]string { + return map_OperatorHub +} + +var map_OperatorHubList = map[string]string{ + "": "OperatorHubList contains a list of OperatorHub\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (OperatorHubList) SwaggerDoc() map[string]string { + return map_OperatorHubList +} + +var map_OperatorHubSpec = map[string]string{ + "": "OperatorHubSpec defines the desired state of OperatorHub", + "disableAllDefaultSources": "disableAllDefaultSources allows you to disable all the default hub sources. If this is true, a specific entry in sources can be used to enable a default source. If this is false, a specific entry in sources can be used to disable or enable a default source.", + "sources": "sources is the list of default hub sources and their configuration. If the list is empty, it implies that the default hub sources are enabled on the cluster unless disableAllDefaultSources is true. If disableAllDefaultSources is true and sources is not empty, the configuration present in sources will take precedence. The list of default hub sources and their current state will always be reflected in the status block.", +} + +func (OperatorHubSpec) SwaggerDoc() map[string]string { + return map_OperatorHubSpec +} + +var map_OperatorHubStatus = map[string]string{ + "": "OperatorHubStatus defines the observed state of OperatorHub. The current state of the default hub sources will always be reflected here.", + "sources": "sources encapsulates the result of applying the configuration for each hub source", +} + +func (OperatorHubStatus) SwaggerDoc() map[string]string { + return map_OperatorHubStatus +} + +var map_Project = map[string]string{ + "": "Project holds cluster-wide information about Project. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (Project) SwaggerDoc() map[string]string { + return map_Project +} + +var map_ProjectList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (ProjectList) SwaggerDoc() map[string]string { + return map_ProjectList +} + +var map_ProjectSpec = map[string]string{ + "": "ProjectSpec holds the project creation configuration.", + "projectRequestMessage": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", + "projectRequestTemplate": "projectRequestTemplate is the template to use for creating projects in response to projectrequest. This must point to a template in 'openshift-config' namespace. It is optional. If it is not specified, a default template is used.", +} + +func (ProjectSpec) SwaggerDoc() map[string]string { + return map_ProjectSpec +} + +var map_TemplateReference = map[string]string{ + "": "TemplateReference references a template in a specific namespace. The namespace must be specified at the point of use.", + "name": "name is the metadata.name of the referenced project request template", +} + +func (TemplateReference) SwaggerDoc() map[string]string { + return map_TemplateReference +} + +var map_Proxy = map[string]string{ + "": "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "Spec holds user-settable values for the proxy configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (Proxy) SwaggerDoc() map[string]string { + return map_Proxy +} + +var map_ProxyList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (ProxyList) SwaggerDoc() map[string]string { + return map_ProxyList +} + +var map_ProxySpec = map[string]string{ + "": "ProxySpec contains cluster proxy creation configuration.", + "httpProxy": "httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.", + "httpsProxy": "httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.", + "noProxy": "noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var.", + "readinessEndpoints": "readinessEndpoints is a list of endpoints used to verify readiness of the proxy.", + "trustedCA": "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well.\n\nThe namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml):\n\napiVersion: v1 kind: ConfigMap metadata:\n name: user-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |", +} + +func (ProxySpec) SwaggerDoc() map[string]string { + return map_ProxySpec +} + +var map_ProxyStatus = map[string]string{ + "": "ProxyStatus shows current known state of the cluster proxy.", + "httpProxy": "httpProxy is the URL of the proxy for HTTP requests.", + "httpsProxy": "httpsProxy is the URL of the proxy for HTTPS requests.", + "noProxy": "noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.", +} + +func (ProxyStatus) SwaggerDoc() map[string]string { + return map_ProxyStatus +} + +var map_ProfileCustomizations = map[string]string{ + "": "ProfileCustomizations contains various parameters for modifying the default behavior of certain profiles", + "dynamicResourceAllocation": "dynamicResourceAllocation allows to enable or disable dynamic resource allocation within the scheduler. Dynamic resource allocation is an API for requesting and sharing resources between pods and containers inside a pod. Third-party resource drivers are responsible for tracking and allocating resources. Different kinds of resources support arbitrary parameters for defining requirements and initialization. Valid values are Enabled, Disabled and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Disabled.", +} + +func (ProfileCustomizations) SwaggerDoc() map[string]string { + return map_ProfileCustomizations +} + +var map_Scheduler = map[string]string{ + "": "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec holds user settable values for configuration", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (Scheduler) SwaggerDoc() map[string]string { + return map_Scheduler +} + +var map_SchedulerList = map[string]string{ + "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (SchedulerList) SwaggerDoc() map[string]string { + return map_SchedulerList +} + +var map_SchedulerSpec = map[string]string{ + "policy": "DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", + "profile": "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods.\n\nValid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"", + "profileCustomizations": "profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles.", + "defaultNodeSelector": "defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod's selector. For example, defaultNodeSelector: \"type=user-node,region=east\" would set nodeSelector field in pod spec to \"type=user-node,region=east\" to all pods created in all namespaces. Namespaces having project-wide node selectors won't be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector='type=user-node,region=east', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: \"type=user-node,region=west\" means that the default of \"type=user-node,region=east\" set in defaultNodeSelector would not be applied.", + "mastersSchedulable": "MastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.", +} + +func (SchedulerSpec) SwaggerDoc() map[string]string { + return map_SchedulerSpec +} + +var map_CustomTLSProfile = map[string]string{ + "": "CustomTLSProfile is a user-defined TLS security profile. Be extremely careful using a custom TLS profile as invalid configurations can be catastrophic.", +} + +func (CustomTLSProfile) SwaggerDoc() map[string]string { + return map_CustomTLSProfile +} + +var map_IntermediateTLSProfile = map[string]string{ + "": "IntermediateTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29", +} + +func (IntermediateTLSProfile) SwaggerDoc() map[string]string { + return map_IntermediateTLSProfile +} + +var map_ModernTLSProfile = map[string]string{ + "": "ModernTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility", +} + +func (ModernTLSProfile) SwaggerDoc() map[string]string { + return map_ModernTLSProfile +} + +var map_OldTLSProfile = map[string]string{ + "": "OldTLSProfile is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility", +} + +func (OldTLSProfile) SwaggerDoc() map[string]string { + return map_OldTLSProfile +} + +var map_TLSProfileSpec = map[string]string{ + "": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", + "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11\n\nNOTE: currently the highest minTLSVersion allowed is VersionTLS12", +} + +func (TLSProfileSpec) SwaggerDoc() map[string]string { + return map_TLSProfileSpec +} + +var map_TLSSecurityProfile = map[string]string{ + "": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", + "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.\n\nNote that the Modern profile is currently not supported because it is not yet well adopted by common software libraries.", + "old": "old is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n - DHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-ECDSA-AES128-SHA256\n\n - ECDHE-RSA-AES128-SHA256\n\n - ECDHE-ECDSA-AES128-SHA\n\n - ECDHE-RSA-AES128-SHA\n\n - ECDHE-ECDSA-AES256-SHA384\n\n - ECDHE-RSA-AES256-SHA384\n\n - ECDHE-ECDSA-AES256-SHA\n\n - ECDHE-RSA-AES256-SHA\n\n - DHE-RSA-AES128-SHA256\n\n - DHE-RSA-AES256-SHA256\n\n - AES128-GCM-SHA256\n\n - AES256-GCM-SHA384\n\n - AES128-SHA256\n\n - AES256-SHA256\n\n - AES128-SHA\n\n - AES256-SHA\n\n - DES-CBC3-SHA\n\n minTLSVersion: VersionTLS10", + "intermediate": "intermediate is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES256-GCM-SHA384\n\n - ECDHE-RSA-AES256-GCM-SHA384\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - DHE-RSA-AES128-GCM-SHA256\n\n - DHE-RSA-AES256-GCM-SHA384\n\n minTLSVersion: VersionTLS12", + "modern": "modern is a TLS security profile based on:\n\nhttps://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility\n\nand looks like this (yaml):\n\n ciphers:\n\n - TLS_AES_128_GCM_SHA256\n\n - TLS_AES_256_GCM_SHA384\n\n - TLS_CHACHA20_POLY1305_SHA256\n\n minTLSVersion: VersionTLS13", + "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n ciphers:\n\n - ECDHE-ECDSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-CHACHA20-POLY1305\n\n - ECDHE-RSA-AES128-GCM-SHA256\n\n - ECDHE-ECDSA-AES128-GCM-SHA256\n\n minTLSVersion: VersionTLS11", +} + +func (TLSSecurityProfile) SwaggerDoc() map[string]string { + return map_TLSSecurityProfile +} + +// AUTO-GENERATED FUNCTIONS END HERE diff --git a/etcd/vendor/github.com/openshift/library-go/LICENSE b/etcd/vendor/github.com/openshift/library-go/LICENSE new file mode 100644 index 0000000000..261eeb9e9f --- /dev/null +++ b/etcd/vendor/github.com/openshift/library-go/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/audit_policies.go b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/audit_policies.go new file mode 100644 index 0000000000..bc0e7d712b --- /dev/null +++ b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/audit_policies.go @@ -0,0 +1,119 @@ +package audit + +import ( + "bytes" + "embed" + "fmt" + "path" + "strings" + + configv1 "github.com/openshift/api/config/v1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/serializer" + "k8s.io/apimachinery/pkg/runtime/serializer/json" + auditv1 "k8s.io/apiserver/pkg/apis/audit/v1" + "sigs.k8s.io/yaml" +) + +//go:embed manifests +var assets embed.FS + +var ( + basePolicy auditv1.Policy + profileRules = map[configv1.AuditProfileType][]auditv1.PolicyRule{} + + auditScheme = runtime.NewScheme() + auditCodecs = serializer.NewCodecFactory(auditScheme) + auditYamlSerializer = json.NewYAMLSerializer(json.DefaultMetaFactory, auditScheme, auditScheme) + + coreScheme = runtime.NewScheme() + coreCodecs = serializer.NewCodecFactory(coreScheme) + coreYamlSerializer = json.NewYAMLSerializer(json.DefaultMetaFactory, coreScheme, coreScheme) +) + +func init() { + if err := auditv1.AddToScheme(auditScheme); err != nil { + panic(err) + } + if err := corev1.AddToScheme(coreScheme); err != nil { + panic(err) + } + + bs, err := assets.ReadFile("manifests/base-policy.yaml") + if err != nil { + panic(err) + } + if err := runtime.DecodeInto(coreCodecs.UniversalDecoder(auditv1.SchemeGroupVersion), bs, &basePolicy); err != nil { + panic(err) + } + + for _, profile := range []configv1.AuditProfileType{ + configv1.NoneAuditProfileType, + configv1.DefaultAuditProfileType, + configv1.WriteRequestBodiesAuditProfileType, + configv1.AllRequestBodiesAuditProfileType, + } { + manifestName := fmt.Sprintf("%s-rules.yaml", strings.ToLower(string(profile))) + bs, err := assets.ReadFile(path.Join("manifests", manifestName)) + if err != nil { + panic(err) + } + var rules []auditv1.PolicyRule + if err := yaml.Unmarshal(bs, &rules); err != nil { + panic(err) + } + profileRules[profile] = rules + } +} + +// DefaultPolicy brings back the default.yaml audit policy to init the api +func DefaultPolicy() ([]byte, error) { + policy, err := GetAuditPolicy(configv1.Audit{Profile: configv1.DefaultAuditProfileType}) + if err != nil { + return nil, fmt.Errorf("failed to retreive default audit policy: %v", err) + } + + policy.Kind = "Policy" + policy.APIVersion = auditv1.SchemeGroupVersion.String() + + var buf bytes.Buffer + if err := auditYamlSerializer.Encode(policy, &buf); err != nil { + return nil, err + } + return buf.Bytes(), nil +} + +// GetAuditPolicy computes the audit policy for the given audit config. +// Note: the returned policy has Kind and APIVersion not set. This is responsibility of the caller +// +// when serializing it. +// +// Note: the returned policy must not be modifed by the caller prior to a deepcopy. +func GetAuditPolicy(audit configv1.Audit) (*auditv1.Policy, error) { + p := basePolicy.DeepCopy() + p.Name = "policy" + + for _, cr := range audit.CustomRules { + rules, ok := profileRules[cr.Profile] + if !ok { + return nil, fmt.Errorf("unknown audit profile %q in customRules for group %q", cr.Profile, cr.Group) + } + + groupRules := make([]auditv1.PolicyRule, len(rules)) + for i, r := range rules { + r.DeepCopyInto(&groupRules[i]) + groupRules[i].UserGroups = []string{cr.Group} + } + + p.Rules = append(p.Rules, groupRules...) + } + + globalRules, ok := profileRules[audit.Profile] + if !ok { + return nil, fmt.Errorf("unknown audit profile %q", audit.Profile) + } + p.Rules = append(p.Rules, globalRules...) + + return p, nil +} diff --git a/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/allrequestbodies-rules.yaml b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/allrequestbodies-rules.yaml new file mode 100644 index 0000000000..bcb0a30de2 --- /dev/null +++ b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/allrequestbodies-rules.yaml @@ -0,0 +1,12 @@ +# exclude resources where the body is security-sensitive +- level: Metadata + resources: + - group: "route.openshift.io" + resources: ["routes", "routes/status"] + - resources: ["secrets", "serviceaccounts/token"] + - group: "authentication.k8s.io" + resources: ["tokenreviews", "tokenrequests"] + - group: "oauth.openshift.io" + resources: ["oauthclients", "tokenreviews"] +# catch-all rule to log all other requests with request and response payloads +- level: RequestResponse diff --git a/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/base-policy.yaml b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/base-policy.yaml new file mode 100644 index 0000000000..e7edd25863 --- /dev/null +++ b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/base-policy.yaml @@ -0,0 +1,28 @@ + apiVersion: audit.k8s.io/v1 + kind: Policy + # drop managed fields from audit, this is at global scope. + omitManagedFields: true + # Don't generate audit events for all requests in RequestReceived stage. + omitStages: + - "RequestReceived" + rules: + # Don't log requests for events + - level: None + resources: + - group: "" + resources: ["events"] + # Don't log authenticated requests to certain non-resource URL paths. + - level: None + userGroups: ["system:authenticated", "system:unauthenticated"] + nonResourceURLs: + - "/api*" # Wildcard matching. + - "/version" + - "/healthz" + - "/readyz" + # Don't log requests by "system:apiserver" on apirequestcounts + - level: None + users: ["system:apiserver"] + resources: + - group: "apiserver.openshift.io" + resources: ["apirequestcounts", "apirequestcounts/*"] + namespaces: [""] diff --git a/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/default-rules.yaml b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/default-rules.yaml new file mode 100644 index 0000000000..fff216c345 --- /dev/null +++ b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/default-rules.yaml @@ -0,0 +1,15 @@ +# Log the full Identity API resource object so that the audit trail +# allows us to match the username with the IDP identity. +- level: RequestResponse + verbs: ["create", "update", "patch", "delete"] + resources: + - group: "user.openshift.io" + resources: ["identities"] + - group: "oauth.openshift.io" + resources: ["oauthaccesstokens", "oauthauthorizetokens"] +# A catch-all rule to log all other requests at the Metadata level. +- level: Metadata + # Long-running requests like watches that fall under this rule will not + # generate an audit event in RequestReceived. + omitStages: + - "RequestReceived" \ No newline at end of file diff --git a/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/none-rules.yaml b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/none-rules.yaml new file mode 100644 index 0000000000..538e48d30d --- /dev/null +++ b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/none-rules.yaml @@ -0,0 +1 @@ +- level: None diff --git a/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/writerequestbodies-rules.yaml b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/writerequestbodies-rules.yaml new file mode 100644 index 0000000000..68389fe30f --- /dev/null +++ b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/writerequestbodies-rules.yaml @@ -0,0 +1,24 @@ +# exclude resources where the body is security-sensitive +- level: Metadata + resources: + - group: "route.openshift.io" + resources: ["routes", "routes/status"] + - resources: ["secrets", "serviceaccounts/token"] + - group: "authentication.k8s.io" + resources: ["tokenreviews", "tokenrequests"] + - group: "oauth.openshift.io" + resources: ["oauthclients", "tokenreviews"] +# log request and response payloads for all write requests +- level: RequestResponse + verbs: + - update + - patch + - create + - delete + - deletecollection +# catch-all rule to log all other requests at the Metadata level. +- level: Metadata + # Long-running requests like watches that fall under this rule will not + # generate an audit event in RequestReceived. + omitStages: + - RequestReceived diff --git a/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml new file mode 100644 index 0000000000..78036a99b9 --- /dev/null +++ b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml @@ -0,0 +1,42 @@ +apiVersion: audit.k8s.io/v1 +kind: Policy +metadata: + name: policy +# drop managed fields from audit, this is at global scope. +omitManagedFields: true +# Don't generate audit events for all requests in RequestReceived stage. +omitStages: +- "RequestReceived" +rules: +# Don't log requests for events +- level: None + resources: + - group: "" + resources: ["events"] +# Don't log authenticated requests to certain non-resource URL paths. +- level: None + userGroups: ["system:authenticated", "system:unauthenticated"] + nonResourceURLs: + - "/api*" # Wildcard matching. + - "/version" + - "/healthz" + - "/readyz" +# Don't log requests by "system:apiserver" on apirequestcounts +- level: None + users: ["system:apiserver"] + resources: + - group: "apiserver.openshift.io" + resources: ["apirequestcounts", "apirequestcounts/*"] + namespaces: [""] +# exclude resources where the body is security-sensitive +- level: Metadata + resources: + - group: "route.openshift.io" + resources: ["routes","routes/status"] + - resources: ["secrets", "serviceaccounts/token"] + - group: "authentication.k8s.io" + resources: ["tokenreviews", "tokenrequests"] + - group: "oauth.openshift.io" + resources: ["oauthclients", "tokenreviews"] +# catch-all rule to log all other requests with request and response payloads +- level: RequestResponse diff --git a/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/audit-policies-cm-scenario-1.yaml b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/audit-policies-cm-scenario-1.yaml new file mode 100644 index 0000000000..34b94c15e9 --- /dev/null +++ b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/audit-policies-cm-scenario-1.yaml @@ -0,0 +1,131 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: audit + namespace: ScenarioOne +data: + default.yaml: | + apiVersion: audit.k8s.io/v1 + kind: Policy + metadata: + name: policy + # drop managed fields from audit, this is at global scope. + omitManagedFields: true + # Don't generate audit events for all requests in RequestReceived stage. + omitStages: + - "RequestReceived" + rules: + # Don't log requests for events + - level: None + resources: + - group: "" + resources: ["events"] + # Don't log authenticated requests to certain non-resource URL paths. + - level: None + userGroups: ["system:authenticated", "system:unauthenticated"] + nonResourceURLs: + - "/api*" # Wildcard matching. + - "/version" + - "/healthz" + - "/readyz" + # Log the full Identity API resource object so that the audit trail + # allows us to match the username with the IDP identity. + - level: RequestResponse + verbs: ["create", "update", "patch", "delete"] + resources: + - group: "user.openshift.io" + resources: ["identities"] + - group: "oauth.openshift.io" + resources: ["oauthaccesstokens", "oauthauthorizetokens"] + # A catch-all rule to log all other requests at the Metadata level. + - level: Metadata + # Long-running requests like watches that fall under this rule will not + # generate an audit event in RequestReceived. + omitStages: + - "RequestReceived" + + writerequestbodies.yaml: | + apiVersion: audit.k8s.io/v1 + kind: Policy + metadata: + name: policy + # drop managed fields from audit, this is at global scope. + omitManagedFields: true + # Don't generate audit events for all requests in RequestReceived stage. + omitStages: + - "RequestReceived" + rules: + # Don't log requests for events + - level: None + resources: + - group: "" + resources: ["events"] + # Don't log authenticated requests to certain non-resource URL paths. + - level: None + userGroups: ["system:authenticated", "system:unauthenticated"] + nonResourceURLs: + - "/api*" # Wildcard matching. + - "/version" + - "/healthz" + - "/readyz" + # exclude resources where the body is security-sensitive + - level: Metadata + resources: + - group: "route.openshift.io" + resources: ["routes", "routes/status"] + - resources: ["secrets"] + - level: Metadata + resources: + - group: "oauth.openshift.io" + resources: ["oauthclients"] + # log request and response payloads for all write requests + - level: RequestResponse + verbs: + - update + - patch + - create + - delete + - deletecollection + # catch-all rule to log all other requests at the Metadata level. + - level: Metadata + # Long-running requests like watches that fall under this rule will not + # generate an audit event in RequestReceived. + omitStages: + - RequestReceived + + allrequestbodies.yaml: | + apiVersion: audit.k8s.io/v1 + kind: Policy + metadata: + name: policy + # drop managed fields from audit, this is at global scope. + omitManagedFields: true + # Don't generate audit events for all requests in RequestReceived stage. + omitStages: + - "RequestReceived" + rules: + # Don't log requests for events + - level: None + resources: + - group: "" + resources: ["events"] + # Don't log authenticated requests to certain non-resource URL paths. + - level: None + userGroups: ["system:authenticated", "system:unauthenticated"] + nonResourceURLs: + - "/api*" # Wildcard matching. + - "/version" + - "/healthz" + - "/readyz" + # exclude resources where the body is security-sensitive + - level: Metadata + resources: + - group: "route.openshift.io" + resources: ["routes", "routes/status"] + - resources: ["secrets"] + - level: Metadata + resources: + - group: "oauth.openshift.io" + resources: ["oauthclients"] + # catch-all rule to log all other requests with request and response payloads + - level: RequestResponse diff --git a/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/default.yaml b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/default.yaml new file mode 100644 index 0000000000..0e7d9aa34b --- /dev/null +++ b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/default.yaml @@ -0,0 +1,45 @@ + apiVersion: audit.k8s.io/v1 + kind: Policy + metadata: + name: policy + # drop managed fields from audit, this is at global scope. + omitManagedFields: true + # Don't generate audit events for all requests in RequestReceived stage. + omitStages: + - "RequestReceived" + rules: + # Don't log requests for events + - level: None + resources: + - group: "" + resources: ["events"] + # Don't log authenticated requests to certain non-resource URL paths. + - level: None + userGroups: ["system:authenticated", "system:unauthenticated"] + nonResourceURLs: + - "/api*" # Wildcard matching. + - "/version" + - "/healthz" + - "/readyz" + # Don't log requests by "system:apiserver" on apirequestcounts + - level: None + users: ["system:apiserver"] + resources: + - group: "apiserver.openshift.io" + resources: ["apirequestcounts", "apirequestcounts/*"] + namespaces: [""] + # Log the full Identity API resource object so that the audit trail + # allows us to match the username with the IDP identity. + - level: RequestResponse + verbs: ["create", "update", "patch", "delete"] + resources: + - group: "user.openshift.io" + resources: ["identities"] + - group: "oauth.openshift.io" + resources: ["oauthaccesstokens", "oauthauthorizetokens"] + # A catch-all rule to log all other requests at the Metadata level. + - level: Metadata + # Long-running requests like watches that fall under this rule will not + # generate an audit event in RequestReceived. + omitStages: + - "RequestReceived" diff --git a/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/multipleCr.yaml b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/multipleCr.yaml new file mode 100644 index 0000000000..0c91cfe2a4 --- /dev/null +++ b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/multipleCr.yaml @@ -0,0 +1,76 @@ +apiVersion: audit.k8s.io/v1 +kind: Policy +metadata: + name: policy +# drop managed fields from audit, this is at global scope. +omitManagedFields: true +# Don't generate audit events for all requests in RequestReceived stage. +omitStages: + - "RequestReceived" +rules: +# Don't log requests for events +- level: None + resources: + - group: "" + resources: ["events"] +# Don't log authenticated requests to certain non-resource URL paths. +- level: None + userGroups: ["system:authenticated", "system:unauthenticated"] + nonResourceURLs: + - "/api*" # Wildcard matching. + - "/version" + - "/healthz" + - "/readyz" +# Don't log requests by "system:apiserver" on apirequestcounts +- level: None + users: ["system:apiserver"] + resources: + - group: "apiserver.openshift.io" + resources: ["apirequestcounts", "apirequestcounts/*"] + namespaces: [""] +# exclude resources where the body is security-sensitive +- level: Metadata + resources: + - group: "route.openshift.io" + resources: ["routes", "routes/status"] + - resources: ["secrets", "serviceaccounts/token"] + - group: "authentication.k8s.io" + resources: ["tokenreviews", "tokenrequests"] + - group: "oauth.openshift.io" + resources: ["oauthclients", "tokenreviews"] + userGroups: + - system:authenticated:oauth +# log request and response payloads for all write requests +- level: RequestResponse + verbs: + - update + - patch + - create + - delete + - deletecollection + userGroups: + - system:authenticated:oauth +# catch-all rule to log all other requests at the Metadata level. +- level: Metadata +# Long-running requests like watches that fall under this rule will not +# generate an audit event in RequestReceived. + omitStages: + - RequestReceived + userGroups: + - system:authenticated:oauth +#- level: None +- level: Metadata + resources: + - group: "route.openshift.io" + resources: ["routes", "routes/status"] + - resources: ["secrets", serviceaccounts/token] + - group: "authentication.k8s.io" + resources: ["tokenreviews", "tokenrequests"] + - group: "oauth.openshift.io" + resources: ["oauthclients", "tokenreviews"] + userGroups: + - system:authenticated +- level: RequestResponse + userGroups: + - system:authenticated +- level: None diff --git a/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/none.yaml b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/none.yaml new file mode 100644 index 0000000000..762da0a5f8 --- /dev/null +++ b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/none.yaml @@ -0,0 +1,31 @@ +apiVersion: audit.k8s.io/v1 +kind: Policy +metadata: + name: policy +# drop managed fields from audit, this is at global scope. +omitManagedFields: true +# Don't generate audit events for all requests in RequestReceived stage. +omitStages: +- "RequestReceived" +rules: +# Don't log requests for events +- level: None + resources: + - group: "" + resources: ["events"] +# Don't log authenticated requests to certain non-resource URL paths. +- level: None + userGroups: ["system:authenticated", "system:unauthenticated"] + nonResourceURLs: + - "/api*" # Wildcard matching. + - "/version" + - "/healthz" + - "/readyz" +# Don't log requests by "system:apiserver" on apirequestcounts +- level: None + users: ["system:apiserver"] + resources: + - group: "apiserver.openshift.io" + resources: ["apirequestcounts", "apirequestcounts/*"] + namespaces: [""] +- level: None diff --git a/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/oauth.yaml b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/oauth.yaml new file mode 100644 index 0000000000..2172fc263f --- /dev/null +++ b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/oauth.yaml @@ -0,0 +1,61 @@ +apiVersion: audit.k8s.io/v1 +kind: Policy +metadata: + name: policy +# drop managed fields from audit, this is at global scope. +omitManagedFields: true +# Don't generate audit events for all requests in RequestReceived stage. +omitStages: +- "RequestReceived" +rules: +# Don't log requests for events +- level: None + resources: + - group: "" + resources: ["events"] +# Don't log authenticated requests to certain non-resource URL paths. +- level: None + userGroups: ["system:authenticated", "system:unauthenticated"] + nonResourceURLs: + - "/api*" # Wildcard matching. + - "/version" + - "/healthz" + - "/readyz" +# Don't log requests by "system:apiserver" on apirequestcounts +- level: None + users: ["system:apiserver"] + resources: + - group: "apiserver.openshift.io" + resources: ["apirequestcounts", "apirequestcounts/*"] + namespaces: [""] +# exclude resources where the body is security-sensitive +- level: Metadata + resources: + - group: "route.openshift.io" + resources: ["routes", "routes/status"] + - resources: ["secrets", "serviceaccounts/token"] + - group: "authentication.k8s.io" + resources: ["tokenreviews", "tokenrequests"] + - group: "oauth.openshift.io" + resources: ["oauthclients", "tokenreviews"] + userGroups: + - system:authenticated:oauth +# log request and response payloads for all write requests +- level: RequestResponse + verbs: + - update + - patch + - create + - delete + - deletecollection + userGroups: + - system:authenticated:oauth +# catch-all rule to log all other requests at the Metadata level. +- level: Metadata + # Long-running requests like watches that fall under this rule will not + # generate an audit event in RequestReceived. + omitStages: + - RequestReceived + userGroups: + - system:authenticated:oauth +- level: None diff --git a/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml new file mode 100644 index 0000000000..84083f9cfd --- /dev/null +++ b/etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml @@ -0,0 +1,54 @@ +apiVersion: audit.k8s.io/v1 +kind: Policy +metadata: + name: policy +# drop managed fields from audit, this is at global scope. +omitManagedFields: true +# Don't generate audit events for all requests in RequestReceived stage. +omitStages: +- "RequestReceived" +rules: +# Don't log requests for events +- level: None + resources: + - group: "" + resources: ["events"] +# Don't log authenticated requests to certain non-resource URL paths. +- level: None + userGroups: ["system:authenticated", "system:unauthenticated"] + nonResourceURLs: + - "/api*" # Wildcard matching. + - "/version" + - "/healthz" + - "/readyz" +# Don't log requests by "system:apiserver" on apirequestcounts +- level: None + users: ["system:apiserver"] + resources: + - group: "apiserver.openshift.io" + resources: ["apirequestcounts", "apirequestcounts/*"] + namespaces: [""] +# exclude resources where the body is security-sensitive +- level: Metadata + resources: + - group: "route.openshift.io" + resources: ["routes", "routes/status"] + - resources: ["secrets", "serviceaccounts/token"] + - group: "authentication.k8s.io" + resources: ["tokenreviews", "tokenrequests"] + - group: "oauth.openshift.io" + resources: ["oauthclients", "tokenreviews"] +# log request and response payloads for all write requests +- level: RequestResponse + verbs: + - update + - patch + - create + - delete + - deletecollection +# catch-all rule to log all other requests at the Metadata level. +- level: Metadata + # Long-running requests like watches that fall under this rule will not + # generate an audit event in RequestReceived. + omitStages: + - RequestReceived diff --git a/etcd/vendor/github.com/openshift/microshift/pkg/config/apiserver.go b/etcd/vendor/github.com/openshift/microshift/pkg/config/apiserver.go index 56751fe7f3..5b3b84abf9 100644 --- a/etcd/vendor/github.com/openshift/microshift/pkg/config/apiserver.go +++ b/etcd/vendor/github.com/openshift/microshift/pkg/config/apiserver.go @@ -15,6 +15,8 @@ type ApiServer struct { // AdvertiseAddress in the loopback interface. Automatically computed. SkipInterface bool `json:"-"` + AuditLog AuditLog `json:"auditLog"` + // The URL and Port of the API server cannot be changed by the user. URL string `json:"-"` Port int `json:"-"` @@ -26,3 +28,18 @@ type NamedCertificateEntry struct { CertPath string `json:"certPath"` KeyPath string `json:"keyPath"` } + +type AuditLog struct { + // maxFileAge is the maximum number of days to retain old audit log files + // +kubebuilder:default=10 + MaxFileAge int `json:"maxFileAge"` + // maxFiles is the maximum number of rotated audit log files to retain + // +kubebuilder:default=10 + MaxFiles int `json:"maxFiles"` + // maxFileSize is the maximum size in megabytes of the audit log file before it gets rotated + // +kubebuilder:default=200 + MaxFileSize int `json:"maxFileSize"` + // profile is the OpenShift profile specifying a specific logging policy + // +kubebuilder:default=Default + Profile string `json:"profile"` +} diff --git a/etcd/vendor/github.com/openshift/microshift/pkg/config/apiserver/audit.go b/etcd/vendor/github.com/openshift/microshift/pkg/config/apiserver/audit.go new file mode 100644 index 0000000000..d6f7c8379f --- /dev/null +++ b/etcd/vendor/github.com/openshift/microshift/pkg/config/apiserver/audit.go @@ -0,0 +1,21 @@ +package apiserver + +import ( + auditV1 "k8s.io/apiserver/pkg/apis/audit/v1" + + configV1 "github.com/openshift/api/config/v1" + "github.com/openshift/library-go/pkg/operator/apiserver/audit" +) + +func GetPolicy(forProfile string) (*auditV1.Policy, error) { + ac := configV1.Audit{ + Profile: configV1.AuditProfileType(forProfile), + CustomRules: nil, + } + + ap, err := audit.GetAuditPolicy(ac) + if err != nil { + return nil, err + } + return ap.DeepCopy(), nil +} diff --git a/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go b/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go index 2f62f6d76f..f529fcc4a0 100644 --- a/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go +++ b/etcd/vendor/github.com/openshift/microshift/pkg/config/config.go @@ -4,7 +4,9 @@ package config import ( "bytes" + "errors" "fmt" + "github.com/openshift/microshift/pkg/config/apiserver" "math" "net" "net/url" @@ -95,6 +97,7 @@ func (c *Config) fillDefaults() error { URL: "https://localhost:6443", Port: 6443, } + c.ApiServer.AuditLog.Profile = "Default" c.Node = Node{ HostnameOverride: hostname, NodeIP: nodeIP, @@ -194,6 +197,18 @@ func (c *Config) incorporateUserSettings(u *Config) { if u.ApiServer.URL != "" { c.ApiServer.URL = u.ApiServer.URL } + if u.ApiServer.AuditLog.Profile != "" { + c.ApiServer.AuditLog.Profile = u.ApiServer.AuditLog.Profile + } + if u.ApiServer.AuditLog.MaxFiles != 0 { + c.ApiServer.AuditLog.MaxFiles = u.ApiServer.AuditLog.MaxFiles + } + if u.ApiServer.AuditLog.MaxFileAge != 0 { + c.ApiServer.AuditLog.MaxFileAge = u.ApiServer.AuditLog.MaxFileAge + } + if u.ApiServer.AuditLog.MaxFileSize != 0 { + c.ApiServer.AuditLog.MaxFileSize = u.ApiServer.AuditLog.MaxFileSize + } if u.Debugging.LogLevel != "" { c.Debugging.LogLevel = u.Debugging.LogLevel @@ -370,6 +385,9 @@ func (c *Config) validate() error { return fmt.Errorf("error validating ingress.listenAddress: %w", err) } } + if err := validateAuditLogConfig(c.ApiServer.AuditLog); err != nil { + return fmt.Errorf("error validating apiserver.auditLog:\n%w", err) + } return nil } @@ -531,3 +549,23 @@ func AllowedNICNames() ([]string, error) { } return names, nil } + +func validateAuditLogConfig(cfg AuditLog) error { + // compose a list of errors so that multiple executions are not required to detect each invalid value individually + errs := make([]error, 0) + if cfg.Profile != "" { + if _, err := apiserver.GetPolicy(cfg.Profile); err != nil { + errs = append(errs, fmt.Errorf("invalid value for apiserver.auditlog.profile: %v", err)) + } + } + if cfg.MaxFiles < 0 { + errs = append(errs, fmt.Errorf("invalid value for apiserver.auditlog.maxFiles, expected value >=0")) + } + if cfg.MaxFileAge < 0 { + errs = append(errs, fmt.Errorf("invalid value for apiserver.auditlog.maxFileAge, expected value >=0")) + } + if cfg.MaxFileSize < 0 { + errs = append(errs, fmt.Errorf("invalid value for apiserver.auditlog.maxFileSize, expected value >=0")) + } + return errors.Join(errs...) // Join returns nil if len(errs) == 0 +} diff --git a/etcd/vendor/golang.org/x/net/html/token.go b/etcd/vendor/golang.org/x/net/html/token.go index de67f938a1..3c57880d69 100644 --- a/etcd/vendor/golang.org/x/net/html/token.go +++ b/etcd/vendor/golang.org/x/net/html/token.go @@ -910,9 +910,6 @@ func (z *Tokenizer) readTagAttrKey() { return } switch c { - case ' ', '\n', '\r', '\t', '\f', '/': - z.pendingAttr[0].end = z.raw.end - 1 - return case '=': if z.pendingAttr[0].start+1 == z.raw.end { // WHATWG 13.2.5.32, if we see an equals sign before the attribute name @@ -920,7 +917,9 @@ func (z *Tokenizer) readTagAttrKey() { continue } fallthrough - case '>': + case ' ', '\n', '\r', '\t', '\f', '/', '>': + // WHATWG 13.2.5.33 Attribute name state + // We need to reconsume the char in the after attribute name state to support the / character z.raw.end-- z.pendingAttr[0].end = z.raw.end return @@ -939,6 +938,11 @@ func (z *Tokenizer) readTagAttrVal() { if z.err != nil { return } + if c == '/' { + // WHATWG 13.2.5.34 After attribute name state + // U+002F SOLIDUS (/) - Switch to the self-closing start tag state. + return + } if c != '=' { z.raw.end-- return diff --git a/etcd/vendor/golang.org/x/net/http2/frame.go b/etcd/vendor/golang.org/x/net/http2/frame.go index c1f6b90dc3..43557ab7e9 100644 --- a/etcd/vendor/golang.org/x/net/http2/frame.go +++ b/etcd/vendor/golang.org/x/net/http2/frame.go @@ -1510,13 +1510,12 @@ func (mh *MetaHeadersFrame) checkPseudos() error { } func (fr *Framer) maxHeaderStringLen() int { - v := fr.maxHeaderListSize() - if uint32(int(v)) == v { - return int(v) + v := int(fr.maxHeaderListSize()) + if v < 0 { + // If maxHeaderListSize overflows an int, use no limit (0). + return 0 } - // They had a crazy big number for MaxHeaderBytes anyway, - // so give them unlimited header lengths: - return 0 + return v } // readMetaFrame returns 0 or more CONTINUATION frames from fr and @@ -1565,6 +1564,7 @@ func (fr *Framer) readMetaFrame(hf *HeadersFrame) (*MetaHeadersFrame, error) { if size > remainSize { hdec.SetEmitEnabled(false) mh.Truncated = true + remainSize = 0 return } remainSize -= size @@ -1577,6 +1577,36 @@ func (fr *Framer) readMetaFrame(hf *HeadersFrame) (*MetaHeadersFrame, error) { var hc headersOrContinuation = hf for { frag := hc.HeaderBlockFragment() + + // Avoid parsing large amounts of headers that we will then discard. + // If the sender exceeds the max header list size by too much, + // skip parsing the fragment and close the connection. + // + // "Too much" is either any CONTINUATION frame after we've already + // exceeded the max header list size (in which case remainSize is 0), + // or a frame whose encoded size is more than twice the remaining + // header list bytes we're willing to accept. + if int64(len(frag)) > int64(2*remainSize) { + if VerboseLogs { + log.Printf("http2: header list too large") + } + // It would be nice to send a RST_STREAM before sending the GOAWAY, + // but the structure of the server's frame writer makes this difficult. + return nil, ConnectionError(ErrCodeProtocol) + } + + // Also close the connection after any CONTINUATION frame following an + // invalid header, since we stop tracking the size of the headers after + // an invalid one. + if invalid != nil { + if VerboseLogs { + log.Printf("http2: invalid header: %v", invalid) + } + // It would be nice to send a RST_STREAM before sending the GOAWAY, + // but the structure of the server's frame writer makes this difficult. + return nil, ConnectionError(ErrCodeProtocol) + } + if _, err := hdec.Write(frag); err != nil { return nil, ConnectionError(ErrCodeCompression) } diff --git a/etcd/vendor/golang.org/x/net/http2/pipe.go b/etcd/vendor/golang.org/x/net/http2/pipe.go index 684d984fd9..3b9f06b962 100644 --- a/etcd/vendor/golang.org/x/net/http2/pipe.go +++ b/etcd/vendor/golang.org/x/net/http2/pipe.go @@ -77,7 +77,10 @@ func (p *pipe) Read(d []byte) (n int, err error) { } } -var errClosedPipeWrite = errors.New("write on closed buffer") +var ( + errClosedPipeWrite = errors.New("write on closed buffer") + errUninitializedPipeWrite = errors.New("write on uninitialized buffer") +) // Write copies bytes from p into the buffer and wakes a reader. // It is an error to write more data than the buffer can hold. @@ -91,6 +94,12 @@ func (p *pipe) Write(d []byte) (n int, err error) { if p.err != nil || p.breakErr != nil { return 0, errClosedPipeWrite } + // pipe.setBuffer is never invoked, leaving the buffer uninitialized. + // We shouldn't try to write to an uninitialized pipe, + // but returning an error is better than panicking. + if p.b == nil { + return 0, errUninitializedPipeWrite + } return p.b.Write(d) } diff --git a/etcd/vendor/golang.org/x/net/http2/server.go b/etcd/vendor/golang.org/x/net/http2/server.go index ae94c6408d..ce2e8b40ee 100644 --- a/etcd/vendor/golang.org/x/net/http2/server.go +++ b/etcd/vendor/golang.org/x/net/http2/server.go @@ -124,6 +124,7 @@ type Server struct { // IdleTimeout specifies how long until idle clients should be // closed with a GOAWAY frame. PING frames are not considered // activity for the purposes of IdleTimeout. + // If zero or negative, there is no timeout. IdleTimeout time.Duration // MaxUploadBufferPerConnection is the size of the initial flow @@ -434,7 +435,7 @@ func (s *Server) ServeConn(c net.Conn, opts *ServeConnOpts) { // passes the connection off to us with the deadline already set. // Write deadlines are set per stream in serverConn.newStream. // Disarm the net.Conn write deadline here. - if sc.hs.WriteTimeout != 0 { + if sc.hs.WriteTimeout > 0 { sc.conn.SetWriteDeadline(time.Time{}) } @@ -924,7 +925,7 @@ func (sc *serverConn) serve() { sc.setConnState(http.StateActive) sc.setConnState(http.StateIdle) - if sc.srv.IdleTimeout != 0 { + if sc.srv.IdleTimeout > 0 { sc.idleTimer = time.AfterFunc(sc.srv.IdleTimeout, sc.onIdleTimer) defer sc.idleTimer.Stop() } @@ -1637,7 +1638,7 @@ func (sc *serverConn) closeStream(st *stream, err error) { delete(sc.streams, st.id) if len(sc.streams) == 0 { sc.setConnState(http.StateIdle) - if sc.srv.IdleTimeout != 0 { + if sc.srv.IdleTimeout > 0 { sc.idleTimer.Reset(sc.srv.IdleTimeout) } if h1ServerKeepAlivesDisabled(sc.hs) { @@ -2017,7 +2018,7 @@ func (sc *serverConn) processHeaders(f *MetaHeadersFrame) error { // similar to how the http1 server works. Here it's // technically more like the http1 Server's ReadHeaderTimeout // (in Go 1.8), though. That's a more sane option anyway. - if sc.hs.ReadTimeout != 0 { + if sc.hs.ReadTimeout > 0 { sc.conn.SetReadDeadline(time.Time{}) st.readDeadline = time.AfterFunc(sc.hs.ReadTimeout, st.onReadTimeout) } @@ -2038,7 +2039,7 @@ func (sc *serverConn) upgradeRequest(req *http.Request) { // Disable any read deadline set by the net/http package // prior to the upgrade. - if sc.hs.ReadTimeout != 0 { + if sc.hs.ReadTimeout > 0 { sc.conn.SetReadDeadline(time.Time{}) } @@ -2116,7 +2117,7 @@ func (sc *serverConn) newStream(id, pusherID uint32, state streamState) *stream st.flow.conn = &sc.flow // link to conn-level counter st.flow.add(sc.initialStreamSendWindowSize) st.inflow.init(sc.srv.initialStreamRecvWindowSize()) - if sc.hs.WriteTimeout != 0 { + if sc.hs.WriteTimeout > 0 { st.writeDeadline = time.AfterFunc(sc.hs.WriteTimeout, st.onWriteTimeout) } diff --git a/etcd/vendor/golang.org/x/net/http2/testsync.go b/etcd/vendor/golang.org/x/net/http2/testsync.go new file mode 100644 index 0000000000..61075bd16d --- /dev/null +++ b/etcd/vendor/golang.org/x/net/http2/testsync.go @@ -0,0 +1,331 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. +package http2 + +import ( + "context" + "sync" + "time" +) + +// testSyncHooks coordinates goroutines in tests. +// +// For example, a call to ClientConn.RoundTrip involves several goroutines, including: +// - the goroutine running RoundTrip; +// - the clientStream.doRequest goroutine, which writes the request; and +// - the clientStream.readLoop goroutine, which reads the response. +// +// Using testSyncHooks, a test can start a RoundTrip and identify when all these goroutines +// are blocked waiting for some condition such as reading the Request.Body or waiting for +// flow control to become available. +// +// The testSyncHooks also manage timers and synthetic time in tests. +// This permits us to, for example, start a request and cause it to time out waiting for +// response headers without resorting to time.Sleep calls. +type testSyncHooks struct { + // active/inactive act as a mutex and condition variable. + // + // - neither chan contains a value: testSyncHooks is locked. + // - active contains a value: unlocked, and at least one goroutine is not blocked + // - inactive contains a value: unlocked, and all goroutines are blocked + active chan struct{} + inactive chan struct{} + + // goroutine counts + total int // total goroutines + condwait map[*sync.Cond]int // blocked in sync.Cond.Wait + blocked []*testBlockedGoroutine // otherwise blocked + + // fake time + now time.Time + timers []*fakeTimer + + // Transport testing: Report various events. + newclientconn func(*ClientConn) + newstream func(*clientStream) +} + +// testBlockedGoroutine is a blocked goroutine. +type testBlockedGoroutine struct { + f func() bool // blocked until f returns true + ch chan struct{} // closed when unblocked +} + +func newTestSyncHooks() *testSyncHooks { + h := &testSyncHooks{ + active: make(chan struct{}, 1), + inactive: make(chan struct{}, 1), + condwait: map[*sync.Cond]int{}, + } + h.inactive <- struct{}{} + h.now = time.Date(2000, 1, 1, 0, 0, 0, 0, time.UTC) + return h +} + +// lock acquires the testSyncHooks mutex. +func (h *testSyncHooks) lock() { + select { + case <-h.active: + case <-h.inactive: + } +} + +// waitInactive waits for all goroutines to become inactive. +func (h *testSyncHooks) waitInactive() { + for { + <-h.inactive + if !h.unlock() { + break + } + } +} + +// unlock releases the testSyncHooks mutex. +// It reports whether any goroutines are active. +func (h *testSyncHooks) unlock() (active bool) { + // Look for a blocked goroutine which can be unblocked. + blocked := h.blocked[:0] + unblocked := false + for _, b := range h.blocked { + if !unblocked && b.f() { + unblocked = true + close(b.ch) + } else { + blocked = append(blocked, b) + } + } + h.blocked = blocked + + // Count goroutines blocked on condition variables. + condwait := 0 + for _, count := range h.condwait { + condwait += count + } + + if h.total > condwait+len(blocked) { + h.active <- struct{}{} + return true + } else { + h.inactive <- struct{}{} + return false + } +} + +// goRun starts a new goroutine. +func (h *testSyncHooks) goRun(f func()) { + h.lock() + h.total++ + h.unlock() + go func() { + defer func() { + h.lock() + h.total-- + h.unlock() + }() + f() + }() +} + +// blockUntil indicates that a goroutine is blocked waiting for some condition to become true. +// It waits until f returns true before proceeding. +// +// Example usage: +// +// h.blockUntil(func() bool { +// // Is the context done yet? +// select { +// case <-ctx.Done(): +// default: +// return false +// } +// return true +// }) +// // Wait for the context to become done. +// <-ctx.Done() +// +// The function f passed to blockUntil must be non-blocking and idempotent. +func (h *testSyncHooks) blockUntil(f func() bool) { + if f() { + return + } + ch := make(chan struct{}) + h.lock() + h.blocked = append(h.blocked, &testBlockedGoroutine{ + f: f, + ch: ch, + }) + h.unlock() + <-ch +} + +// broadcast is sync.Cond.Broadcast. +func (h *testSyncHooks) condBroadcast(cond *sync.Cond) { + h.lock() + delete(h.condwait, cond) + h.unlock() + cond.Broadcast() +} + +// broadcast is sync.Cond.Wait. +func (h *testSyncHooks) condWait(cond *sync.Cond) { + h.lock() + h.condwait[cond]++ + h.unlock() +} + +// newTimer creates a new fake timer. +func (h *testSyncHooks) newTimer(d time.Duration) timer { + h.lock() + defer h.unlock() + t := &fakeTimer{ + hooks: h, + when: h.now.Add(d), + c: make(chan time.Time), + } + h.timers = append(h.timers, t) + return t +} + +// afterFunc creates a new fake AfterFunc timer. +func (h *testSyncHooks) afterFunc(d time.Duration, f func()) timer { + h.lock() + defer h.unlock() + t := &fakeTimer{ + hooks: h, + when: h.now.Add(d), + f: f, + } + h.timers = append(h.timers, t) + return t +} + +func (h *testSyncHooks) contextWithTimeout(ctx context.Context, d time.Duration) (context.Context, context.CancelFunc) { + ctx, cancel := context.WithCancel(ctx) + t := h.afterFunc(d, cancel) + return ctx, func() { + t.Stop() + cancel() + } +} + +func (h *testSyncHooks) timeUntilEvent() time.Duration { + h.lock() + defer h.unlock() + var next time.Time + for _, t := range h.timers { + if next.IsZero() || t.when.Before(next) { + next = t.when + } + } + if d := next.Sub(h.now); d > 0 { + return d + } + return 0 +} + +// advance advances time and causes synthetic timers to fire. +func (h *testSyncHooks) advance(d time.Duration) { + h.lock() + defer h.unlock() + h.now = h.now.Add(d) + timers := h.timers[:0] + for _, t := range h.timers { + t := t // remove after go.mod depends on go1.22 + t.mu.Lock() + switch { + case t.when.After(h.now): + timers = append(timers, t) + case t.when.IsZero(): + // stopped timer + default: + t.when = time.Time{} + if t.c != nil { + close(t.c) + } + if t.f != nil { + h.total++ + go func() { + defer func() { + h.lock() + h.total-- + h.unlock() + }() + t.f() + }() + } + } + t.mu.Unlock() + } + h.timers = timers +} + +// A timer wraps a time.Timer, or a synthetic equivalent in tests. +// Unlike time.Timer, timer is single-use: The timer channel is closed when the timer expires. +type timer interface { + C() <-chan time.Time + Stop() bool + Reset(d time.Duration) bool +} + +// timeTimer implements timer using real time. +type timeTimer struct { + t *time.Timer + c chan time.Time +} + +// newTimeTimer creates a new timer using real time. +func newTimeTimer(d time.Duration) timer { + ch := make(chan time.Time) + t := time.AfterFunc(d, func() { + close(ch) + }) + return &timeTimer{t, ch} +} + +// newTimeAfterFunc creates an AfterFunc timer using real time. +func newTimeAfterFunc(d time.Duration, f func()) timer { + return &timeTimer{ + t: time.AfterFunc(d, f), + } +} + +func (t timeTimer) C() <-chan time.Time { return t.c } +func (t timeTimer) Stop() bool { return t.t.Stop() } +func (t timeTimer) Reset(d time.Duration) bool { return t.t.Reset(d) } + +// fakeTimer implements timer using fake time. +type fakeTimer struct { + hooks *testSyncHooks + + mu sync.Mutex + when time.Time // when the timer will fire + c chan time.Time // closed when the timer fires; mutually exclusive with f + f func() // called when the timer fires; mutually exclusive with c +} + +func (t *fakeTimer) C() <-chan time.Time { return t.c } + +func (t *fakeTimer) Stop() bool { + t.mu.Lock() + defer t.mu.Unlock() + stopped := t.when.IsZero() + t.when = time.Time{} + return stopped +} + +func (t *fakeTimer) Reset(d time.Duration) bool { + if t.c != nil || t.f == nil { + panic("fakeTimer only supports Reset on AfterFunc timers") + } + t.mu.Lock() + defer t.mu.Unlock() + t.hooks.lock() + defer t.hooks.unlock() + active := !t.when.IsZero() + t.when = t.hooks.now.Add(d) + if !active { + t.hooks.timers = append(t.hooks.timers, t) + } + return active +} diff --git a/etcd/vendor/golang.org/x/net/http2/transport.go b/etcd/vendor/golang.org/x/net/http2/transport.go index df578b86c6..ce375c8c75 100644 --- a/etcd/vendor/golang.org/x/net/http2/transport.go +++ b/etcd/vendor/golang.org/x/net/http2/transport.go @@ -147,6 +147,12 @@ type Transport struct { // waiting for their turn. StrictMaxConcurrentStreams bool + // IdleConnTimeout is the maximum amount of time an idle + // (keep-alive) connection will remain idle before closing + // itself. + // Zero means no limit. + IdleConnTimeout time.Duration + // ReadIdleTimeout is the timeout after which a health check using ping // frame will be carried out if no frame is received on the connection. // Note that a ping response will is considered a received frame, so if @@ -178,6 +184,8 @@ type Transport struct { connPoolOnce sync.Once connPoolOrDef ClientConnPool // non-nil version of ConnPool + + syncHooks *testSyncHooks } func (t *Transport) maxHeaderListSize() uint32 { @@ -302,7 +310,7 @@ type ClientConn struct { readerErr error // set before readerDone is closed idleTimeout time.Duration // or 0 for never - idleTimer *time.Timer + idleTimer timer mu sync.Mutex // guards following cond *sync.Cond // hold mu; broadcast on flow/closed changes @@ -344,6 +352,60 @@ type ClientConn struct { werr error // first write error that has occurred hbuf bytes.Buffer // HPACK encoder writes into this henc *hpack.Encoder + + syncHooks *testSyncHooks // can be nil +} + +// Hook points used for testing. +// Outside of tests, cc.syncHooks is nil and these all have minimal implementations. +// Inside tests, see the testSyncHooks function docs. + +// goRun starts a new goroutine. +func (cc *ClientConn) goRun(f func()) { + if cc.syncHooks != nil { + cc.syncHooks.goRun(f) + return + } + go f() +} + +// condBroadcast is cc.cond.Broadcast. +func (cc *ClientConn) condBroadcast() { + if cc.syncHooks != nil { + cc.syncHooks.condBroadcast(cc.cond) + } + cc.cond.Broadcast() +} + +// condWait is cc.cond.Wait. +func (cc *ClientConn) condWait() { + if cc.syncHooks != nil { + cc.syncHooks.condWait(cc.cond) + } + cc.cond.Wait() +} + +// newTimer creates a new time.Timer, or a synthetic timer in tests. +func (cc *ClientConn) newTimer(d time.Duration) timer { + if cc.syncHooks != nil { + return cc.syncHooks.newTimer(d) + } + return newTimeTimer(d) +} + +// afterFunc creates a new time.AfterFunc timer, or a synthetic timer in tests. +func (cc *ClientConn) afterFunc(d time.Duration, f func()) timer { + if cc.syncHooks != nil { + return cc.syncHooks.afterFunc(d, f) + } + return newTimeAfterFunc(d, f) +} + +func (cc *ClientConn) contextWithTimeout(ctx context.Context, d time.Duration) (context.Context, context.CancelFunc) { + if cc.syncHooks != nil { + return cc.syncHooks.contextWithTimeout(ctx, d) + } + return context.WithTimeout(ctx, d) } // clientStream is the state for a single HTTP/2 stream. One of these @@ -425,7 +487,7 @@ func (cs *clientStream) abortStreamLocked(err error) { // TODO(dneil): Clean up tests where cs.cc.cond is nil. if cs.cc.cond != nil { // Wake up writeRequestBody if it is waiting on flow control. - cs.cc.cond.Broadcast() + cs.cc.condBroadcast() } } @@ -435,7 +497,7 @@ func (cs *clientStream) abortRequestBodyWrite() { defer cc.mu.Unlock() if cs.reqBody != nil && cs.reqBodyClosed == nil { cs.closeReqBodyLocked() - cc.cond.Broadcast() + cc.condBroadcast() } } @@ -445,10 +507,10 @@ func (cs *clientStream) closeReqBodyLocked() { } cs.reqBodyClosed = make(chan struct{}) reqBodyClosed := cs.reqBodyClosed - go func() { + cs.cc.goRun(func() { cs.reqBody.Close() close(reqBodyClosed) - }() + }) } type stickyErrWriter struct { @@ -537,15 +599,6 @@ func authorityAddr(scheme string, authority string) (addr string) { return net.JoinHostPort(host, port) } -var retryBackoffHook func(time.Duration) *time.Timer - -func backoffNewTimer(d time.Duration) *time.Timer { - if retryBackoffHook != nil { - return retryBackoffHook(d) - } - return time.NewTimer(d) -} - // RoundTripOpt is like RoundTrip, but takes options. func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Response, error) { if !(req.URL.Scheme == "https" || (req.URL.Scheme == "http" && t.AllowHTTP)) { @@ -573,13 +626,27 @@ func (t *Transport) RoundTripOpt(req *http.Request, opt RoundTripOpt) (*http.Res backoff := float64(uint(1) << (uint(retry) - 1)) backoff += backoff * (0.1 * mathrand.Float64()) d := time.Second * time.Duration(backoff) - timer := backoffNewTimer(d) + var tm timer + if t.syncHooks != nil { + tm = t.syncHooks.newTimer(d) + t.syncHooks.blockUntil(func() bool { + select { + case <-tm.C(): + case <-req.Context().Done(): + default: + return false + } + return true + }) + } else { + tm = newTimeTimer(d) + } select { - case <-timer.C: + case <-tm.C(): t.vlogf("RoundTrip retrying after failure: %v", roundTripErr) continue case <-req.Context().Done(): - timer.Stop() + tm.Stop() err = req.Context().Err() } } @@ -658,6 +725,9 @@ func canRetryError(err error) bool { } func (t *Transport) dialClientConn(ctx context.Context, addr string, singleUse bool) (*ClientConn, error) { + if t.syncHooks != nil { + return t.newClientConn(nil, singleUse, t.syncHooks) + } host, _, err := net.SplitHostPort(addr) if err != nil { return nil, err @@ -666,7 +736,7 @@ func (t *Transport) dialClientConn(ctx context.Context, addr string, singleUse b if err != nil { return nil, err } - return t.newClientConn(tconn, singleUse) + return t.newClientConn(tconn, singleUse, nil) } func (t *Transport) newTLSConfig(host string) *tls.Config { @@ -732,10 +802,10 @@ func (t *Transport) maxEncoderHeaderTableSize() uint32 { } func (t *Transport) NewClientConn(c net.Conn) (*ClientConn, error) { - return t.newClientConn(c, t.disableKeepAlives()) + return t.newClientConn(c, t.disableKeepAlives(), nil) } -func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, error) { +func (t *Transport) newClientConn(c net.Conn, singleUse bool, hooks *testSyncHooks) (*ClientConn, error) { cc := &ClientConn{ t: t, tconn: c, @@ -750,10 +820,15 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro wantSettingsAck: true, pings: make(map[[8]byte]chan struct{}), reqHeaderMu: make(chan struct{}, 1), + syncHooks: hooks, + } + if hooks != nil { + hooks.newclientconn(cc) + c = cc.tconn } if d := t.idleConnTimeout(); d != 0 { cc.idleTimeout = d - cc.idleTimer = time.AfterFunc(d, cc.onIdleTimeout) + cc.idleTimer = cc.afterFunc(d, cc.onIdleTimeout) } if VerboseLogs { t.vlogf("http2: Transport creating client conn %p to %v", cc, c.RemoteAddr()) @@ -818,7 +893,7 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro return nil, cc.werr } - go cc.readLoop() + cc.goRun(cc.readLoop) return cc, nil } @@ -826,7 +901,7 @@ func (cc *ClientConn) healthCheck() { pingTimeout := cc.t.pingTimeout() // We don't need to periodically ping in the health check, because the readLoop of ClientConn will // trigger the healthCheck again if there is no frame received. - ctx, cancel := context.WithTimeout(context.Background(), pingTimeout) + ctx, cancel := cc.contextWithTimeout(context.Background(), pingTimeout) defer cancel() cc.vlogf("http2: Transport sending health check") err := cc.Ping(ctx) @@ -1056,7 +1131,7 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error { // Wait for all in-flight streams to complete or connection to close done := make(chan struct{}) cancelled := false // guarded by cc.mu - go func() { + cc.goRun(func() { cc.mu.Lock() defer cc.mu.Unlock() for { @@ -1068,9 +1143,9 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error { if cancelled { break } - cc.cond.Wait() + cc.condWait() } - }() + }) shutdownEnterWaitStateHook() select { case <-done: @@ -1080,7 +1155,7 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error { cc.mu.Lock() // Free the goroutine above cancelled = true - cc.cond.Broadcast() + cc.condBroadcast() cc.mu.Unlock() return ctx.Err() } @@ -1118,7 +1193,7 @@ func (cc *ClientConn) closeForError(err error) { for _, cs := range cc.streams { cs.abortStreamLocked(err) } - cc.cond.Broadcast() + cc.condBroadcast() cc.mu.Unlock() cc.closeConn() } @@ -1215,6 +1290,10 @@ func (cc *ClientConn) decrStreamReservationsLocked() { } func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) { + return cc.roundTrip(req, nil) +} + +func (cc *ClientConn) roundTrip(req *http.Request, streamf func(*clientStream)) (*http.Response, error) { ctx := req.Context() cs := &clientStream{ cc: cc, @@ -1229,9 +1308,23 @@ func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) { respHeaderRecv: make(chan struct{}), donec: make(chan struct{}), } - go cs.doRequest(req) + cc.goRun(func() { + cs.doRequest(req) + }) waitDone := func() error { + if cc.syncHooks != nil { + cc.syncHooks.blockUntil(func() bool { + select { + case <-cs.donec: + case <-ctx.Done(): + case <-cs.reqCancel: + default: + return false + } + return true + }) + } select { case <-cs.donec: return nil @@ -1292,7 +1385,24 @@ func (cc *ClientConn) RoundTrip(req *http.Request) (*http.Response, error) { return err } + if streamf != nil { + streamf(cs) + } + for { + if cc.syncHooks != nil { + cc.syncHooks.blockUntil(func() bool { + select { + case <-cs.respHeaderRecv: + case <-cs.abort: + case <-ctx.Done(): + case <-cs.reqCancel: + default: + return false + } + return true + }) + } select { case <-cs.respHeaderRecv: return handleResponseHeaders() @@ -1348,6 +1458,21 @@ func (cs *clientStream) writeRequest(req *http.Request) (err error) { if cc.reqHeaderMu == nil { panic("RoundTrip on uninitialized ClientConn") // for tests } + var newStreamHook func(*clientStream) + if cc.syncHooks != nil { + newStreamHook = cc.syncHooks.newstream + cc.syncHooks.blockUntil(func() bool { + select { + case cc.reqHeaderMu <- struct{}{}: + <-cc.reqHeaderMu + case <-cs.reqCancel: + case <-ctx.Done(): + default: + return false + } + return true + }) + } select { case cc.reqHeaderMu <- struct{}{}: case <-cs.reqCancel: @@ -1372,6 +1497,10 @@ func (cs *clientStream) writeRequest(req *http.Request) (err error) { } cc.mu.Unlock() + if newStreamHook != nil { + newStreamHook(cs) + } + // TODO(bradfitz): this is a copy of the logic in net/http. Unify somewhere? if !cc.t.disableCompression() && req.Header.Get("Accept-Encoding") == "" && @@ -1452,15 +1581,30 @@ func (cs *clientStream) writeRequest(req *http.Request) (err error) { var respHeaderTimer <-chan time.Time var respHeaderRecv chan struct{} if d := cc.responseHeaderTimeout(); d != 0 { - timer := time.NewTimer(d) + timer := cc.newTimer(d) defer timer.Stop() - respHeaderTimer = timer.C + respHeaderTimer = timer.C() respHeaderRecv = cs.respHeaderRecv } // Wait until the peer half-closes its end of the stream, // or until the request is aborted (via context, error, or otherwise), // whichever comes first. for { + if cc.syncHooks != nil { + cc.syncHooks.blockUntil(func() bool { + select { + case <-cs.peerClosed: + case <-respHeaderTimer: + case <-respHeaderRecv: + case <-cs.abort: + case <-ctx.Done(): + case <-cs.reqCancel: + default: + return false + } + return true + }) + } select { case <-cs.peerClosed: return nil @@ -1609,7 +1753,7 @@ func (cc *ClientConn) awaitOpenSlotForStreamLocked(cs *clientStream) error { return nil } cc.pendingRequests++ - cc.cond.Wait() + cc.condWait() cc.pendingRequests-- select { case <-cs.abort: @@ -1871,8 +2015,24 @@ func (cs *clientStream) awaitFlowControl(maxBytes int) (taken int32, err error) cs.flow.take(take) return take, nil } - cc.cond.Wait() + cc.condWait() + } +} + +func validateHeaders(hdrs http.Header) string { + for k, vv := range hdrs { + if !httpguts.ValidHeaderFieldName(k) { + return fmt.Sprintf("name %q", k) + } + for _, v := range vv { + if !httpguts.ValidHeaderFieldValue(v) { + // Don't include the value in the error, + // because it may be sensitive. + return fmt.Sprintf("value for header %q", k) + } + } } + return "" } var errNilRequestURL = errors.New("http2: Request.URI is nil") @@ -1912,19 +2072,14 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail } } - // Check for any invalid headers and return an error before we + // Check for any invalid headers+trailers and return an error before we // potentially pollute our hpack state. (We want to be able to // continue to reuse the hpack encoder for future requests) - for k, vv := range req.Header { - if !httpguts.ValidHeaderFieldName(k) { - return nil, fmt.Errorf("invalid HTTP header name %q", k) - } - for _, v := range vv { - if !httpguts.ValidHeaderFieldValue(v) { - // Don't include the value in the error, because it may be sensitive. - return nil, fmt.Errorf("invalid HTTP header value for header %q", k) - } - } + if err := validateHeaders(req.Header); err != "" { + return nil, fmt.Errorf("invalid HTTP header %s", err) + } + if err := validateHeaders(req.Trailer); err != "" { + return nil, fmt.Errorf("invalid HTTP trailer %s", err) } enumerateHeaders := func(f func(name, value string)) { @@ -2143,7 +2298,7 @@ func (cc *ClientConn) forgetStreamID(id uint32) { } // Wake up writeRequestBody via clientStream.awaitFlowControl and // wake up RoundTrip if there is a pending request. - cc.cond.Broadcast() + cc.condBroadcast() closeOnIdle := cc.singleUse || cc.doNotReuse || cc.t.disableKeepAlives() || cc.goAway != nil if closeOnIdle && cc.streamsReserved == 0 && len(cc.streams) == 0 { @@ -2231,7 +2386,7 @@ func (rl *clientConnReadLoop) cleanup() { cs.abortStreamLocked(err) } } - cc.cond.Broadcast() + cc.condBroadcast() cc.mu.Unlock() } @@ -2266,10 +2421,9 @@ func (rl *clientConnReadLoop) run() error { cc := rl.cc gotSettings := false readIdleTimeout := cc.t.ReadIdleTimeout - var t *time.Timer + var t timer if readIdleTimeout != 0 { - t = time.AfterFunc(readIdleTimeout, cc.healthCheck) - defer t.Stop() + t = cc.afterFunc(readIdleTimeout, cc.healthCheck) } for { f, err := cc.fr.ReadFrame() @@ -2684,7 +2838,7 @@ func (rl *clientConnReadLoop) processData(f *DataFrame) error { }) return nil } - if !cs.firstByte { + if !cs.pastHeaders { cc.logf("protocol error: received DATA before a HEADERS frame") rl.endStreamError(cs, StreamError{ StreamID: f.StreamID, @@ -2867,7 +3021,7 @@ func (rl *clientConnReadLoop) processSettingsNoWrite(f *SettingsFrame) error { for _, cs := range cc.streams { cs.flow.add(delta) } - cc.cond.Broadcast() + cc.condBroadcast() cc.initialWindowSize = s.Val case SettingHeaderTableSize: @@ -2911,9 +3065,18 @@ func (rl *clientConnReadLoop) processWindowUpdate(f *WindowUpdateFrame) error { fl = &cs.flow } if !fl.add(int32(f.Increment)) { + // For stream, the sender sends RST_STREAM with an error code of FLOW_CONTROL_ERROR + if cs != nil { + rl.endStreamError(cs, StreamError{ + StreamID: f.StreamID, + Code: ErrCodeFlowControl, + }) + return nil + } + return ConnectionError(ErrCodeFlowControl) } - cc.cond.Broadcast() + cc.condBroadcast() return nil } @@ -2955,24 +3118,38 @@ func (cc *ClientConn) Ping(ctx context.Context) error { } cc.mu.Unlock() } - errc := make(chan error, 1) - go func() { + var pingError error + errc := make(chan struct{}) + cc.goRun(func() { cc.wmu.Lock() defer cc.wmu.Unlock() - if err := cc.fr.WritePing(false, p); err != nil { - errc <- err + if pingError = cc.fr.WritePing(false, p); pingError != nil { + close(errc) return } - if err := cc.bw.Flush(); err != nil { - errc <- err + if pingError = cc.bw.Flush(); pingError != nil { + close(errc) return } - }() + }) + if cc.syncHooks != nil { + cc.syncHooks.blockUntil(func() bool { + select { + case <-c: + case <-errc: + case <-ctx.Done(): + case <-cc.readerDone: + default: + return false + } + return true + }) + } select { case <-c: return nil - case err := <-errc: - return err + case <-errc: + return pingError case <-ctx.Done(): return ctx.Err() case <-cc.readerDone: @@ -3141,9 +3318,17 @@ func (rt noDialH2RoundTripper) RoundTrip(req *http.Request) (*http.Response, err } func (t *Transport) idleConnTimeout() time.Duration { + // to keep things backwards compatible, we use non-zero values of + // IdleConnTimeout, followed by using the IdleConnTimeout on the underlying + // http1 transport, followed by 0 + if t.IdleConnTimeout != 0 { + return t.IdleConnTimeout + } + if t.t1 != nil { return t.t1.IdleConnTimeout } + return 0 } diff --git a/etcd/vendor/golang.org/x/sys/unix/aliases.go b/etcd/vendor/golang.org/x/sys/unix/aliases.go index e7d3df4bd3..b0e4198575 100644 --- a/etcd/vendor/golang.org/x/sys/unix/aliases.go +++ b/etcd/vendor/golang.org/x/sys/unix/aliases.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9 +//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos package unix diff --git a/etcd/vendor/golang.org/x/sys/unix/mkerrors.sh b/etcd/vendor/golang.org/x/sys/unix/mkerrors.sh index c6492020ec..fdcaa974d2 100644 --- a/etcd/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/etcd/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -584,7 +584,7 @@ ccflags="$@" $2 ~ /^KEY_(SPEC|REQKEY_DEFL)_/ || $2 ~ /^KEYCTL_/ || $2 ~ /^PERF_/ || - $2 ~ /^SECCOMP_MODE_/ || + $2 ~ /^SECCOMP_/ || $2 ~ /^SEEK_/ || $2 ~ /^SCHED_/ || $2 ~ /^SPLICE_/ || diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go index 16dc699379..2f0fa76e4f 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -//go:build darwin && go1.12 +//go:build darwin package unix diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go index 64d1bb4dba..2b57e0f73b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_freebsd.go @@ -13,6 +13,7 @@ package unix import ( + "errors" "sync" "unsafe" ) @@ -169,25 +170,26 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) { func Uname(uname *Utsname) error { mib := []_C_int{CTL_KERN, KERN_OSTYPE} n := unsafe.Sizeof(uname.Sysname) - if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil { + // Suppress ENOMEM errors to be compatible with the C library __xuname() implementation. + if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } mib = []_C_int{CTL_KERN, KERN_HOSTNAME} n = unsafe.Sizeof(uname.Nodename) - if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil { + if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } mib = []_C_int{CTL_KERN, KERN_OSRELEASE} n = unsafe.Sizeof(uname.Release) - if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil { + if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } mib = []_C_int{CTL_KERN, KERN_VERSION} n = unsafe.Sizeof(uname.Version) - if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil { + if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } @@ -205,7 +207,7 @@ func Uname(uname *Utsname) error { mib = []_C_int{CTL_HW, HW_MACHINE} n = unsafe.Sizeof(uname.Machine) - if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil { + if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) { return err } diff --git a/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go b/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go index 0f85e29e62..5682e2628a 100644 --- a/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1849,6 +1849,105 @@ func Dup2(oldfd, newfd int) error { //sys Fsmount(fd int, flags int, mountAttrs int) (fsfd int, err error) //sys Fsopen(fsName string, flags int) (fd int, err error) //sys Fspick(dirfd int, pathName string, flags int) (fd int, err error) + +//sys fsconfig(fd int, cmd uint, key *byte, value *byte, aux int) (err error) + +func fsconfigCommon(fd int, cmd uint, key string, value *byte, aux int) (err error) { + var keyp *byte + if keyp, err = BytePtrFromString(key); err != nil { + return + } + return fsconfig(fd, cmd, keyp, value, aux) +} + +// FsconfigSetFlag is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_FLAG. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +func FsconfigSetFlag(fd int, key string) (err error) { + return fsconfigCommon(fd, FSCONFIG_SET_FLAG, key, nil, 0) +} + +// FsconfigSetString is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_STRING. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +// value is the parameter value to set. +func FsconfigSetString(fd int, key string, value string) (err error) { + var valuep *byte + if valuep, err = BytePtrFromString(value); err != nil { + return + } + return fsconfigCommon(fd, FSCONFIG_SET_STRING, key, valuep, 0) +} + +// FsconfigSetBinary is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_BINARY. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +// value is the parameter value to set. +func FsconfigSetBinary(fd int, key string, value []byte) (err error) { + if len(value) == 0 { + return EINVAL + } + return fsconfigCommon(fd, FSCONFIG_SET_BINARY, key, &value[0], len(value)) +} + +// FsconfigSetPath is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_PATH. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +// path is a non-empty path for specified key. +// atfd is a file descriptor at which to start lookup from or AT_FDCWD. +func FsconfigSetPath(fd int, key string, path string, atfd int) (err error) { + var valuep *byte + if valuep, err = BytePtrFromString(path); err != nil { + return + } + return fsconfigCommon(fd, FSCONFIG_SET_PATH, key, valuep, atfd) +} + +// FsconfigSetPathEmpty is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_PATH_EMPTY. The same as +// FconfigSetPath but with AT_PATH_EMPTY implied. +func FsconfigSetPathEmpty(fd int, key string, path string, atfd int) (err error) { + var valuep *byte + if valuep, err = BytePtrFromString(path); err != nil { + return + } + return fsconfigCommon(fd, FSCONFIG_SET_PATH_EMPTY, key, valuep, atfd) +} + +// FsconfigSetFd is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_SET_FD. +// +// fd is the filesystem context to act upon. +// key the parameter key to set. +// value is a file descriptor to be assigned to specified key. +func FsconfigSetFd(fd int, key string, value int) (err error) { + return fsconfigCommon(fd, FSCONFIG_SET_FD, key, nil, value) +} + +// FsconfigCreate is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_CMD_CREATE. +// +// fd is the filesystem context to act upon. +func FsconfigCreate(fd int) (err error) { + return fsconfig(fd, FSCONFIG_CMD_CREATE, nil, nil, 0) +} + +// FsconfigReconfigure is equivalent to fsconfig(2) called +// with cmd == FSCONFIG_CMD_RECONFIGURE. +// +// fd is the filesystem context to act upon. +func FsconfigReconfigure(fd int) (err error) { + return fsconfig(fd, FSCONFIG_CMD_RECONFIGURE, nil, nil, 0) +} + //sys Getdents(fd int, buf []byte) (n int, err error) = SYS_GETDENTS64 //sysnb Getpgid(pid int) (pgid int, err error) diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux.go index a5d3ff8df9..36bf8399f4 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -1785,6 +1785,8 @@ const ( LANDLOCK_ACCESS_FS_REMOVE_FILE = 0x20 LANDLOCK_ACCESS_FS_TRUNCATE = 0x4000 LANDLOCK_ACCESS_FS_WRITE_FILE = 0x2 + LANDLOCK_ACCESS_NET_BIND_TCP = 0x1 + LANDLOCK_ACCESS_NET_CONNECT_TCP = 0x2 LANDLOCK_CREATE_RULESET_VERSION = 0x1 LINUX_REBOOT_CMD_CAD_OFF = 0x0 LINUX_REBOOT_CMD_CAD_ON = 0x89abcdef @@ -2465,6 +2467,7 @@ const ( PR_MCE_KILL_GET = 0x22 PR_MCE_KILL_LATE = 0x0 PR_MCE_KILL_SET = 0x1 + PR_MDWE_NO_INHERIT = 0x2 PR_MDWE_REFUSE_EXEC_GAIN = 0x1 PR_MPX_DISABLE_MANAGEMENT = 0x2c PR_MPX_ENABLE_MANAGEMENT = 0x2b @@ -2669,8 +2672,9 @@ const ( RTAX_FEATURES = 0xc RTAX_FEATURE_ALLFRAG = 0x8 RTAX_FEATURE_ECN = 0x1 - RTAX_FEATURE_MASK = 0xf + RTAX_FEATURE_MASK = 0x1f RTAX_FEATURE_SACK = 0x2 + RTAX_FEATURE_TCP_USEC_TS = 0x10 RTAX_FEATURE_TIMESTAMP = 0x4 RTAX_HOPLIMIT = 0xa RTAX_INITCWND = 0xb @@ -2913,9 +2917,38 @@ const ( SCM_RIGHTS = 0x1 SCM_TIMESTAMP = 0x1d SC_LOG_FLUSH = 0x100000 + SECCOMP_ADDFD_FLAG_SEND = 0x2 + SECCOMP_ADDFD_FLAG_SETFD = 0x1 + SECCOMP_FILTER_FLAG_LOG = 0x2 + SECCOMP_FILTER_FLAG_NEW_LISTENER = 0x8 + SECCOMP_FILTER_FLAG_SPEC_ALLOW = 0x4 + SECCOMP_FILTER_FLAG_TSYNC = 0x1 + SECCOMP_FILTER_FLAG_TSYNC_ESRCH = 0x10 + SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV = 0x20 + SECCOMP_GET_ACTION_AVAIL = 0x2 + SECCOMP_GET_NOTIF_SIZES = 0x3 + SECCOMP_IOCTL_NOTIF_RECV = 0xc0502100 + SECCOMP_IOCTL_NOTIF_SEND = 0xc0182101 + SECCOMP_IOC_MAGIC = '!' SECCOMP_MODE_DISABLED = 0x0 SECCOMP_MODE_FILTER = 0x2 SECCOMP_MODE_STRICT = 0x1 + SECCOMP_RET_ACTION = 0x7fff0000 + SECCOMP_RET_ACTION_FULL = 0xffff0000 + SECCOMP_RET_ALLOW = 0x7fff0000 + SECCOMP_RET_DATA = 0xffff + SECCOMP_RET_ERRNO = 0x50000 + SECCOMP_RET_KILL = 0x0 + SECCOMP_RET_KILL_PROCESS = 0x80000000 + SECCOMP_RET_KILL_THREAD = 0x0 + SECCOMP_RET_LOG = 0x7ffc0000 + SECCOMP_RET_TRACE = 0x7ff00000 + SECCOMP_RET_TRAP = 0x30000 + SECCOMP_RET_USER_NOTIF = 0x7fc00000 + SECCOMP_SET_MODE_FILTER = 0x1 + SECCOMP_SET_MODE_STRICT = 0x0 + SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP = 0x1 + SECCOMP_USER_NOTIF_FLAG_CONTINUE = 0x1 SECRETMEM_MAGIC = 0x5345434d SECURITYFS_MAGIC = 0x73636673 SEEK_CUR = 0x1 @@ -3075,6 +3108,7 @@ const ( SOL_TIPC = 0x10f SOL_TLS = 0x11a SOL_UDP = 0x11 + SOL_VSOCK = 0x11f SOL_X25 = 0x106 SOL_XDP = 0x11b SOMAXCONN = 0x1000 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 4920821cf3..42ff8c3c1b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index a0c1e41127..dca436004f 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -282,6 +282,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index c63985560f..5cca668ac3 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -288,6 +288,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index 47cc62e25c..d8cae6d153 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -278,6 +278,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 27ac4a09e2..28e39afdcb 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -275,6 +275,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 54694642a5..cd66e92cb4 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 3adb81d758..c1595eba78 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index 2dfe98f0d1..ee9456b0da 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index f5398f84f0..8cfca81e1b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -281,6 +281,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x80 SIOCATMARK = 0x40047307 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index c54f152d68..60b0deb3af 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -336,6 +336,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 76057dc72f..f90aa7281b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -340,6 +340,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index e0c3725e2b..ba9e015033 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -340,6 +340,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index 18f2813ed5..07cdfd6e9f 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -272,6 +272,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 11619d4ec8..2f1dd214a7 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -344,6 +344,9 @@ const ( SCM_TIMESTAMPNS = 0x23 SCM_TXTIME = 0x3d SCM_WIFI_STATUS = 0x29 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104 SFD_CLOEXEC = 0x80000 SFD_NONBLOCK = 0x800 SIOCATMARK = 0x8905 diff --git a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index 396d994da7..f40519d901 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -335,6 +335,9 @@ const ( SCM_TIMESTAMPNS = 0x21 SCM_TXTIME = 0x3f SCM_WIFI_STATUS = 0x25 + SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103 + SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102 + SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104 SFD_CLOEXEC = 0x400000 SFD_NONBLOCK = 0x4000 SF_FP = 0x38 diff --git a/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 1488d27128..87d8612a1d 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -906,6 +906,16 @@ func Fspick(dirfd int, pathName string, flags int) (fd int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func fsconfig(fd int, cmd uint, key *byte, value *byte, aux int) (err error) { + _, _, e1 := Syscall6(SYS_FSCONFIG, uintptr(fd), uintptr(cmd), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(value)), uintptr(aux), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Getdents(fd int, buf []byte) (n int, err error) { var _p0 unsafe.Pointer if len(buf) > 0 { diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go index fcf3ecbdde..0cc3ce496e 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go @@ -448,4 +448,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go index f56dc2504a..856d92d69e 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go @@ -371,4 +371,7 @@ const ( SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go index 974bf24676..8d467094cf 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go @@ -412,4 +412,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go index 39a2739e23..edc173244d 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go @@ -315,4 +315,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go index cf9c9d77e1..445eba2061 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go @@ -309,4 +309,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go index 10b7362ef4..adba01bca7 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go @@ -432,4 +432,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 4450 SYS_CACHESTAT = 4451 SYS_FCHMODAT2 = 4452 + SYS_MAP_SHADOW_STACK = 4453 + SYS_FUTEX_WAKE = 4454 + SYS_FUTEX_WAIT = 4455 + SYS_FUTEX_REQUEUE = 4456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go index cd4d8b4fd3..014c4e9c7a 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go @@ -362,4 +362,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 5450 SYS_CACHESTAT = 5451 SYS_FCHMODAT2 = 5452 + SYS_MAP_SHADOW_STACK = 5453 + SYS_FUTEX_WAKE = 5454 + SYS_FUTEX_WAIT = 5455 + SYS_FUTEX_REQUEUE = 5456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go index 2c0efca818..ccc97d74d0 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go @@ -362,4 +362,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 5450 SYS_CACHESTAT = 5451 SYS_FCHMODAT2 = 5452 + SYS_MAP_SHADOW_STACK = 5453 + SYS_FUTEX_WAKE = 5454 + SYS_FUTEX_WAIT = 5455 + SYS_FUTEX_REQUEUE = 5456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go index a72e31d391..ec2b64a95d 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go @@ -432,4 +432,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 4450 SYS_CACHESTAT = 4451 SYS_FCHMODAT2 = 4452 + SYS_MAP_SHADOW_STACK = 4453 + SYS_FUTEX_WAKE = 4454 + SYS_FUTEX_WAIT = 4455 + SYS_FUTEX_REQUEUE = 4456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go index c7d1e37471..21a839e338 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go @@ -439,4 +439,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go index f4d4838c87..c11121ec3b 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go @@ -411,4 +411,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go index b64f0e5911..909b631fcb 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go @@ -411,4 +411,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go index 95711195a0..e49bed16ea 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go @@ -316,4 +316,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go index f94e943bc4..66017d2d32 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go @@ -377,4 +377,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go index ba0c2bc515..47bab18dce 100644 --- a/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go +++ b/etcd/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go @@ -390,4 +390,8 @@ const ( SYS_SET_MEMPOLICY_HOME_NODE = 450 SYS_CACHESTAT = 451 SYS_FCHMODAT2 = 452 + SYS_MAP_SHADOW_STACK = 453 + SYS_FUTEX_WAKE = 454 + SYS_FUTEX_WAIT = 455 + SYS_FUTEX_REQUEUE = 456 ) diff --git a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go index bbf8399ff5..eff6bcdef8 100644 --- a/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/etcd/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -174,7 +174,8 @@ type FscryptPolicyV2 struct { Contents_encryption_mode uint8 Filenames_encryption_mode uint8 Flags uint8 - _ [4]uint8 + Log2_data_unit_size uint8 + _ [3]uint8 Master_key_identifier [16]uint8 } @@ -455,60 +456,63 @@ type Ucred struct { } type TCPInfo struct { - State uint8 - Ca_state uint8 - Retransmits uint8 - Probes uint8 - Backoff uint8 - Options uint8 - Rto uint32 - Ato uint32 - Snd_mss uint32 - Rcv_mss uint32 - Unacked uint32 - Sacked uint32 - Lost uint32 - Retrans uint32 - Fackets uint32 - Last_data_sent uint32 - Last_ack_sent uint32 - Last_data_recv uint32 - Last_ack_recv uint32 - Pmtu uint32 - Rcv_ssthresh uint32 - Rtt uint32 - Rttvar uint32 - Snd_ssthresh uint32 - Snd_cwnd uint32 - Advmss uint32 - Reordering uint32 - Rcv_rtt uint32 - Rcv_space uint32 - Total_retrans uint32 - Pacing_rate uint64 - Max_pacing_rate uint64 - Bytes_acked uint64 - Bytes_received uint64 - Segs_out uint32 - Segs_in uint32 - Notsent_bytes uint32 - Min_rtt uint32 - Data_segs_in uint32 - Data_segs_out uint32 - Delivery_rate uint64 - Busy_time uint64 - Rwnd_limited uint64 - Sndbuf_limited uint64 - Delivered uint32 - Delivered_ce uint32 - Bytes_sent uint64 - Bytes_retrans uint64 - Dsack_dups uint32 - Reord_seen uint32 - Rcv_ooopack uint32 - Snd_wnd uint32 - Rcv_wnd uint32 - Rehash uint32 + State uint8 + Ca_state uint8 + Retransmits uint8 + Probes uint8 + Backoff uint8 + Options uint8 + Rto uint32 + Ato uint32 + Snd_mss uint32 + Rcv_mss uint32 + Unacked uint32 + Sacked uint32 + Lost uint32 + Retrans uint32 + Fackets uint32 + Last_data_sent uint32 + Last_ack_sent uint32 + Last_data_recv uint32 + Last_ack_recv uint32 + Pmtu uint32 + Rcv_ssthresh uint32 + Rtt uint32 + Rttvar uint32 + Snd_ssthresh uint32 + Snd_cwnd uint32 + Advmss uint32 + Reordering uint32 + Rcv_rtt uint32 + Rcv_space uint32 + Total_retrans uint32 + Pacing_rate uint64 + Max_pacing_rate uint64 + Bytes_acked uint64 + Bytes_received uint64 + Segs_out uint32 + Segs_in uint32 + Notsent_bytes uint32 + Min_rtt uint32 + Data_segs_in uint32 + Data_segs_out uint32 + Delivery_rate uint64 + Busy_time uint64 + Rwnd_limited uint64 + Sndbuf_limited uint64 + Delivered uint32 + Delivered_ce uint32 + Bytes_sent uint64 + Bytes_retrans uint64 + Dsack_dups uint32 + Reord_seen uint32 + Rcv_ooopack uint32 + Snd_wnd uint32 + Rcv_wnd uint32 + Rehash uint32 + Total_rto uint16 + Total_rto_recoveries uint16 + Total_rto_time uint32 } type CanFilter struct { @@ -551,7 +555,7 @@ const ( SizeofIPv6MTUInfo = 0x20 SizeofICMPv6Filter = 0x20 SizeofUcred = 0xc - SizeofTCPInfo = 0xf0 + SizeofTCPInfo = 0xf8 SizeofCanFilter = 0x8 SizeofTCPRepairOpt = 0x8 ) @@ -832,6 +836,15 @@ const ( FSPICK_EMPTY_PATH = 0x8 FSMOUNT_CLOEXEC = 0x1 + + FSCONFIG_SET_FLAG = 0x0 + FSCONFIG_SET_STRING = 0x1 + FSCONFIG_SET_BINARY = 0x2 + FSCONFIG_SET_PATH = 0x3 + FSCONFIG_SET_PATH_EMPTY = 0x4 + FSCONFIG_SET_FD = 0x5 + FSCONFIG_CMD_CREATE = 0x6 + FSCONFIG_CMD_RECONFIGURE = 0x7 ) type OpenHow struct { @@ -1546,6 +1559,7 @@ const ( IFLA_DEVLINK_PORT = 0x3e IFLA_GSO_IPV4_MAX_SIZE = 0x3f IFLA_GRO_IPV4_MAX_SIZE = 0x40 + IFLA_DPLL_PIN = 0x41 IFLA_PROTO_DOWN_REASON_UNSPEC = 0x0 IFLA_PROTO_DOWN_REASON_MASK = 0x1 IFLA_PROTO_DOWN_REASON_VALUE = 0x2 @@ -1561,6 +1575,7 @@ const ( IFLA_INET6_ICMP6STATS = 0x6 IFLA_INET6_TOKEN = 0x7 IFLA_INET6_ADDR_GEN_MODE = 0x8 + IFLA_INET6_RA_MTU = 0x9 IFLA_BR_UNSPEC = 0x0 IFLA_BR_FORWARD_DELAY = 0x1 IFLA_BR_HELLO_TIME = 0x2 @@ -1608,6 +1623,9 @@ const ( IFLA_BR_MCAST_MLD_VERSION = 0x2c IFLA_BR_VLAN_STATS_PER_PORT = 0x2d IFLA_BR_MULTI_BOOLOPT = 0x2e + IFLA_BR_MCAST_QUERIER_STATE = 0x2f + IFLA_BR_FDB_N_LEARNED = 0x30 + IFLA_BR_FDB_MAX_LEARNED = 0x31 IFLA_BRPORT_UNSPEC = 0x0 IFLA_BRPORT_STATE = 0x1 IFLA_BRPORT_PRIORITY = 0x2 @@ -1645,6 +1663,14 @@ const ( IFLA_BRPORT_BACKUP_PORT = 0x22 IFLA_BRPORT_MRP_RING_OPEN = 0x23 IFLA_BRPORT_MRP_IN_OPEN = 0x24 + IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT = 0x25 + IFLA_BRPORT_MCAST_EHT_HOSTS_CNT = 0x26 + IFLA_BRPORT_LOCKED = 0x27 + IFLA_BRPORT_MAB = 0x28 + IFLA_BRPORT_MCAST_N_GROUPS = 0x29 + IFLA_BRPORT_MCAST_MAX_GROUPS = 0x2a + IFLA_BRPORT_NEIGH_VLAN_SUPPRESS = 0x2b + IFLA_BRPORT_BACKUP_NHID = 0x2c IFLA_INFO_UNSPEC = 0x0 IFLA_INFO_KIND = 0x1 IFLA_INFO_DATA = 0x2 @@ -1666,6 +1692,9 @@ const ( IFLA_MACVLAN_MACADDR = 0x4 IFLA_MACVLAN_MACADDR_DATA = 0x5 IFLA_MACVLAN_MACADDR_COUNT = 0x6 + IFLA_MACVLAN_BC_QUEUE_LEN = 0x7 + IFLA_MACVLAN_BC_QUEUE_LEN_USED = 0x8 + IFLA_MACVLAN_BC_CUTOFF = 0x9 IFLA_VRF_UNSPEC = 0x0 IFLA_VRF_TABLE = 0x1 IFLA_VRF_PORT_UNSPEC = 0x0 @@ -1689,9 +1718,22 @@ const ( IFLA_XFRM_UNSPEC = 0x0 IFLA_XFRM_LINK = 0x1 IFLA_XFRM_IF_ID = 0x2 + IFLA_XFRM_COLLECT_METADATA = 0x3 IFLA_IPVLAN_UNSPEC = 0x0 IFLA_IPVLAN_MODE = 0x1 IFLA_IPVLAN_FLAGS = 0x2 + NETKIT_NEXT = -0x1 + NETKIT_PASS = 0x0 + NETKIT_DROP = 0x2 + NETKIT_REDIRECT = 0x7 + NETKIT_L2 = 0x0 + NETKIT_L3 = 0x1 + IFLA_NETKIT_UNSPEC = 0x0 + IFLA_NETKIT_PEER_INFO = 0x1 + IFLA_NETKIT_PRIMARY = 0x2 + IFLA_NETKIT_POLICY = 0x3 + IFLA_NETKIT_PEER_POLICY = 0x4 + IFLA_NETKIT_MODE = 0x5 IFLA_VXLAN_UNSPEC = 0x0 IFLA_VXLAN_ID = 0x1 IFLA_VXLAN_GROUP = 0x2 @@ -1722,6 +1764,8 @@ const ( IFLA_VXLAN_GPE = 0x1b IFLA_VXLAN_TTL_INHERIT = 0x1c IFLA_VXLAN_DF = 0x1d + IFLA_VXLAN_VNIFILTER = 0x1e + IFLA_VXLAN_LOCALBYPASS = 0x1f IFLA_GENEVE_UNSPEC = 0x0 IFLA_GENEVE_ID = 0x1 IFLA_GENEVE_REMOTE = 0x2 @@ -1736,6 +1780,7 @@ const ( IFLA_GENEVE_LABEL = 0xb IFLA_GENEVE_TTL_INHERIT = 0xc IFLA_GENEVE_DF = 0xd + IFLA_GENEVE_INNER_PROTO_INHERIT = 0xe IFLA_BAREUDP_UNSPEC = 0x0 IFLA_BAREUDP_PORT = 0x1 IFLA_BAREUDP_ETHERTYPE = 0x2 @@ -1748,6 +1793,8 @@ const ( IFLA_GTP_FD1 = 0x2 IFLA_GTP_PDP_HASHSIZE = 0x3 IFLA_GTP_ROLE = 0x4 + IFLA_GTP_CREATE_SOCKETS = 0x5 + IFLA_GTP_RESTART_COUNT = 0x6 IFLA_BOND_UNSPEC = 0x0 IFLA_BOND_MODE = 0x1 IFLA_BOND_ACTIVE_SLAVE = 0x2 @@ -1777,6 +1824,9 @@ const ( IFLA_BOND_AD_ACTOR_SYSTEM = 0x1a IFLA_BOND_TLB_DYNAMIC_LB = 0x1b IFLA_BOND_PEER_NOTIF_DELAY = 0x1c + IFLA_BOND_AD_LACP_ACTIVE = 0x1d + IFLA_BOND_MISSED_MAX = 0x1e + IFLA_BOND_NS_IP6_TARGET = 0x1f IFLA_BOND_AD_INFO_UNSPEC = 0x0 IFLA_BOND_AD_INFO_AGGREGATOR = 0x1 IFLA_BOND_AD_INFO_NUM_PORTS = 0x2 @@ -1792,6 +1842,7 @@ const ( IFLA_BOND_SLAVE_AD_AGGREGATOR_ID = 0x6 IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE = 0x7 IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE = 0x8 + IFLA_BOND_SLAVE_PRIO = 0x9 IFLA_VF_INFO_UNSPEC = 0x0 IFLA_VF_INFO = 0x1 IFLA_VF_UNSPEC = 0x0 @@ -1850,8 +1901,16 @@ const ( IFLA_STATS_LINK_XSTATS_SLAVE = 0x3 IFLA_STATS_LINK_OFFLOAD_XSTATS = 0x4 IFLA_STATS_AF_SPEC = 0x5 + IFLA_STATS_GETSET_UNSPEC = 0x0 + IFLA_STATS_GET_FILTERS = 0x1 + IFLA_STATS_SET_OFFLOAD_XSTATS_L3_STATS = 0x2 IFLA_OFFLOAD_XSTATS_UNSPEC = 0x0 IFLA_OFFLOAD_XSTATS_CPU_HIT = 0x1 + IFLA_OFFLOAD_XSTATS_HW_S_INFO = 0x2 + IFLA_OFFLOAD_XSTATS_L3_STATS = 0x3 + IFLA_OFFLOAD_XSTATS_HW_S_INFO_UNSPEC = 0x0 + IFLA_OFFLOAD_XSTATS_HW_S_INFO_REQUEST = 0x1 + IFLA_OFFLOAD_XSTATS_HW_S_INFO_USED = 0x2 IFLA_XDP_UNSPEC = 0x0 IFLA_XDP_FD = 0x1 IFLA_XDP_ATTACHED = 0x2 @@ -1881,6 +1940,11 @@ const ( IFLA_RMNET_UNSPEC = 0x0 IFLA_RMNET_MUX_ID = 0x1 IFLA_RMNET_FLAGS = 0x2 + IFLA_MCTP_UNSPEC = 0x0 + IFLA_MCTP_NET = 0x1 + IFLA_DSA_UNSPEC = 0x0 + IFLA_DSA_CONDUIT = 0x1 + IFLA_DSA_MASTER = 0x1 ) const ( @@ -3399,7 +3463,7 @@ const ( DEVLINK_PORT_FN_ATTR_STATE = 0x2 DEVLINK_PORT_FN_ATTR_OPSTATE = 0x3 DEVLINK_PORT_FN_ATTR_CAPS = 0x4 - DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x4 + DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x5 ) type FsverityDigest struct { @@ -4183,7 +4247,8 @@ const ( ) type LandlockRulesetAttr struct { - Access_fs uint64 + Access_fs uint64 + Access_net uint64 } type LandlockPathBeneathAttr struct { @@ -5134,7 +5199,7 @@ const ( NL80211_FREQUENCY_ATTR_GO_CONCURRENT = 0xf NL80211_FREQUENCY_ATTR_INDOOR_ONLY = 0xe NL80211_FREQUENCY_ATTR_IR_CONCURRENT = 0xf - NL80211_FREQUENCY_ATTR_MAX = 0x1b + NL80211_FREQUENCY_ATTR_MAX = 0x1c NL80211_FREQUENCY_ATTR_MAX_TX_POWER = 0x6 NL80211_FREQUENCY_ATTR_NO_10MHZ = 0x11 NL80211_FREQUENCY_ATTR_NO_160MHZ = 0xc @@ -5547,7 +5612,7 @@ const ( NL80211_REGDOM_TYPE_CUSTOM_WORLD = 0x2 NL80211_REGDOM_TYPE_INTERSECTION = 0x3 NL80211_REGDOM_TYPE_WORLD = 0x1 - NL80211_REG_RULE_ATTR_MAX = 0x7 + NL80211_REG_RULE_ATTR_MAX = 0x8 NL80211_REKEY_DATA_AKM = 0x4 NL80211_REKEY_DATA_KCK = 0x2 NL80211_REKEY_DATA_KEK = 0x1 diff --git a/etcd/vendor/golang.org/x/sys/windows/env_windows.go b/etcd/vendor/golang.org/x/sys/windows/env_windows.go index b8ad192506..d4577a4238 100644 --- a/etcd/vendor/golang.org/x/sys/windows/env_windows.go +++ b/etcd/vendor/golang.org/x/sys/windows/env_windows.go @@ -37,14 +37,17 @@ func (token Token) Environ(inheritExisting bool) (env []string, err error) { return nil, err } defer DestroyEnvironmentBlock(block) - blockp := unsafe.Pointer(block) - for { - entry := UTF16PtrToString((*uint16)(blockp)) - if len(entry) == 0 { - break + size := unsafe.Sizeof(*block) + for *block != 0 { + // find NUL terminator + end := unsafe.Pointer(block) + for *(*uint16)(end) != 0 { + end = unsafe.Add(end, size) } - env = append(env, entry) - blockp = unsafe.Add(blockp, 2*(len(entry)+1)) + + entry := unsafe.Slice(block, (uintptr(end)-uintptr(unsafe.Pointer(block)))/size) + env = append(env, UTF16ToString(entry)) + block = (*uint16)(unsafe.Add(end, size)) } return env, nil } diff --git a/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go b/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go index ffb8708ccf..6395a031d4 100644 --- a/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/etcd/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -125,8 +125,7 @@ func UTF16PtrToString(p *uint16) string { for ptr := unsafe.Pointer(p); *(*uint16)(ptr) != 0; n++ { ptr = unsafe.Pointer(uintptr(ptr) + unsafe.Sizeof(*p)) } - - return string(utf16.Decode(unsafe.Slice(p, n))) + return UTF16ToString(unsafe.Slice(p, n)) } func Getpagesize() int { return 4096 } diff --git a/etcd/vendor/k8s.io/apiserver/LICENSE b/etcd/vendor/k8s.io/apiserver/LICENSE new file mode 100644 index 0000000000..d645695673 --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/OWNERS b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/OWNERS new file mode 100644 index 0000000000..72f9f9c690 --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/OWNERS @@ -0,0 +1,8 @@ +# See the OWNERS docs at https://go.k8s.io/owners + +# approval on api packages bubbles to api-approvers +reviewers: + - sig-auth-audit-approvers + - sig-auth-audit-reviewers +labels: + - sig/auth diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/doc.go new file mode 100644 index 0000000000..deda9cbd63 --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:deepcopy-gen=package +// +groupName=audit.k8s.io + +package audit // import "k8s.io/apiserver/pkg/apis/audit" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/helpers.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/helpers.go new file mode 100644 index 0000000000..05fe72c0ff --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/helpers.go @@ -0,0 +1,38 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package audit + +func ordLevel(l Level) int { + switch l { + case LevelMetadata: + return 1 + case LevelRequest: + return 2 + case LevelRequestResponse: + return 3 + default: + return 0 + } +} + +func (a Level) Less(b Level) bool { + return ordLevel(a) < ordLevel(b) +} + +func (a Level) GreaterOrEqual(b Level) bool { + return ordLevel(a) >= ordLevel(b) +} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/register.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/register.go new file mode 100644 index 0000000000..9abf739ae0 --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/register.go @@ -0,0 +1,53 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package audit + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName is the group name use in this package +const GroupName = "audit.k8s.io" + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal} + +// Kind takes an unqualified kind and returns a Group qualified GroupKind +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme +) + +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &Event{}, + &EventList{}, + &Policy{}, + &PolicyList{}, + ) + return nil +} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/types.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/types.go new file mode 100644 index 0000000000..17a398ed8a --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/types.go @@ -0,0 +1,312 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package audit + +import ( + authnv1 "k8s.io/api/authentication/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" +) + +// Header keys used by the audit system. +const ( + // Header to hold the audit ID as the request is propagated through the serving hierarchy. The + // Audit-ID header should be set by the first server to receive the request (e.g. the federation + // server or kube-aggregator). + // + // Audit ID is also returned to client by http response header. + // It's not guaranteed Audit-Id http header is sent for all requests. When kube-apiserver didn't + // audit the events according to the audit policy, no Audit-ID is returned. Also, for request to + // pods/exec, pods/attach, pods/proxy, kube-apiserver works like a proxy and redirect the request + // to kubelet node, users will only get http headers sent from kubelet node, so no Audit-ID is + // sent when users run command like "kubectl exec" or "kubectl attach". + HeaderAuditID = "Audit-ID" +) + +// Level defines the amount of information logged during auditing +type Level string + +// Valid audit levels +const ( + // LevelNone disables auditing + LevelNone Level = "None" + // LevelMetadata provides the basic level of auditing. + LevelMetadata Level = "Metadata" + // LevelRequest provides Metadata level of auditing, and additionally + // logs the request object (does not apply for non-resource requests). + LevelRequest Level = "Request" + // LevelRequestResponse provides Request level of auditing, and additionally + // logs the response object (does not apply for non-resource requests). + LevelRequestResponse Level = "RequestResponse" +) + +// Stage defines the stages in request handling that audit events may be generated. +type Stage string + +// Valid audit stages. +const ( + // The stage for events generated as soon as the audit handler receives the request, and before it + // is delegated down the handler chain. + StageRequestReceived Stage = "RequestReceived" + // The stage for events generated once the response headers are sent, but before the response body + // is sent. This stage is only generated for long-running requests (e.g. watch). + StageResponseStarted Stage = "ResponseStarted" + // The stage for events generated once the response body has been completed, and no more bytes + // will be sent. + StageResponseComplete Stage = "ResponseComplete" + // The stage for events generated when a panic occurred. + StagePanic Stage = "Panic" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Event captures all the information that can be included in an API audit log. +type Event struct { + metav1.TypeMeta + + // AuditLevel at which event was generated + Level Level + + // Unique audit ID, generated for each request. + AuditID types.UID + // Stage of the request handling when this event instance was generated. + Stage Stage + + // RequestURI is the request URI as sent by the client to a server. + RequestURI string + // Verb is the kubernetes verb associated with the request. + // For non-resource requests, this is the lower-cased HTTP method. + Verb string + // Authenticated user information. + User authnv1.UserInfo + // Impersonated user information. + // +optional + ImpersonatedUser *authnv1.UserInfo + // Source IPs, from where the request originated and intermediate proxies. + // The source IPs are listed from (in order): + // 1. X-Forwarded-For request header IPs + // 2. X-Real-Ip header, if not present in the X-Forwarded-For list + // 3. The remote address for the connection, if it doesn't match the last + // IP in the list up to here (X-Forwarded-For or X-Real-Ip). + // Note: All but the last IP can be arbitrarily set by the client. + // +optional + SourceIPs []string + // UserAgent records the user agent string reported by the client. + // Note that the UserAgent is provided by the client, and must not be trusted. + // +optional + UserAgent string + // Object reference this request is targeted at. + // Does not apply for List-type requests, or non-resource requests. + // +optional + ObjectRef *ObjectReference + // The response status, populated even when the ResponseObject is not a Status type. + // For successful responses, this will only include the Code. For non-status type + // error responses, this will be auto-populated with the error Message. + // +optional + ResponseStatus *metav1.Status + + // API object from the request, in JSON format. The RequestObject is recorded as-is in the request + // (possibly re-encoded as JSON), prior to version conversion, defaulting, admission or + // merging. It is an external versioned object type, and may not be a valid object on its own. + // Omitted for non-resource requests. Only logged at Request Level and higher. + // +optional + RequestObject *runtime.Unknown + // API object returned in the response, in JSON. The ResponseObject is recorded after conversion + // to the external type, and serialized as JSON. Omitted for non-resource requests. Only logged + // at Response Level. + // +optional + ResponseObject *runtime.Unknown + + // Time the request reached the apiserver. + RequestReceivedTimestamp metav1.MicroTime + // Time the request reached current audit stage. + StageTimestamp metav1.MicroTime + + // Annotations is an unstructured key value map stored with an audit event that may be set by + // plugins invoked in the request serving chain, including authentication, authorization and + // admission plugins. Note that these annotations are for the audit event, and do not correspond + // to the metadata.annotations of the submitted object. Keys should uniquely identify the informing + // component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values + // should be short. Annotations are included in the Metadata level. + // +optional + Annotations map[string]string +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// EventList is a list of audit Events. +type EventList struct { + metav1.TypeMeta + // +optional + metav1.ListMeta + + Items []Event +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Policy defines the configuration of audit logging, and the rules for how different request +// categories are logged. +type Policy struct { + metav1.TypeMeta + // ObjectMeta is included for interoperability with API infrastructure. + // +optional + metav1.ObjectMeta + + // Rules specify the audit Level a request should be recorded at. + // A request may match multiple rules, in which case the FIRST matching rule is used. + // The default audit level is None, but can be overridden by a catch-all rule at the end of the list. + // PolicyRules are strictly ordered. + Rules []PolicyRule + + // OmitStages is a list of stages for which no events are created. Note that this can also + // be specified per rule in which case the union of both are omitted. + // +optional + OmitStages []Stage + + // OmitManagedFields indicates whether to omit the managed fields of the request + // and response bodies from being written to the API audit log. + // This is used as a global default - a value of 'true' will omit the managed fileds, + // otherwise the managed fields will be included in the API audit log. + // Note that this can also be specified per rule in which case the value specified + // in a rule will override the global default. + // +optional + OmitManagedFields bool +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// PolicyList is a list of audit Policies. +type PolicyList struct { + metav1.TypeMeta + // +optional + metav1.ListMeta + + Items []Policy +} + +// PolicyRule maps requests based off metadata to an audit Level. +// Requests must match the rules of every field (an intersection of rules). +type PolicyRule struct { + // The Level that requests matching this rule are recorded at. + Level Level + + // The users (by authenticated user name) this rule applies to. + // An empty list implies every user. + // +optional + Users []string + // The user groups this rule applies to. A user is considered matching + // if it is a member of any of the UserGroups. + // An empty list implies every user group. + // +optional + UserGroups []string + + // The verbs that match this rule. + // An empty list implies every verb. + // +optional + Verbs []string + + // Rules can apply to API resources (such as "pods" or "secrets"), + // non-resource URL paths (such as "/api"), or neither, but not both. + // If neither is specified, the rule is treated as a default for all URLs. + + // Resources that this rule matches. An empty list implies all kinds in all API groups. + // +optional + Resources []GroupResources + // Namespaces that this rule matches. + // The empty string "" matches non-namespaced resources. + // An empty list implies every namespace. + // +optional + Namespaces []string + + // NonResourceURLs is a set of URL paths that should be audited. + // `*`s are allowed, but only as the full, final step in the path. + // Examples: + // `/metrics` - Log requests for apiserver metrics + // `/healthz*` - Log all health checks + // +optional + NonResourceURLs []string + + // OmitStages is a list of stages for which no events are created. Note that this can also + // be specified policy wide in which case the union of both are omitted. + // An empty list means no restrictions will apply. + // +optional + OmitStages []Stage + + // OmitManagedFields indicates whether to omit the managed fields of the request + // and response bodies from being written to the API audit log. + // - a value of 'true' will drop the managed fields from the API audit log + // - a value of 'false' indicates that the managed fileds should be included + // in the API audit log + // Note that the value, if specified, in this rule will override the global default + // If a value is not specified then the global default specified in + // Policy.OmitManagedFields will stand. + // +optional + OmitManagedFields *bool +} + +// GroupResources represents resource kinds in an API group. +type GroupResources struct { + // Group is the name of the API group that contains the resources. + // The empty string represents the core API group. + // +optional + Group string + // Resources is a list of resources this rule applies to. + // + // For example: + // - `pods` matches pods. + // - `pods/log` matches the log subresource of pods. + // - `*` matches all resources and their subresources. + // - `pods/*` matches all subresources of pods. + // - `*/scale` matches all scale subresources. + // + // If wildcard is present, the validation rule will ensure resources do not + // overlap with each other. + // + // An empty list implies all resources and subresources in this API groups apply. + // +optional + Resources []string + // ResourceNames is a list of resource instance names that the policy matches. + // Using this field requires Resources to be specified. + // An empty list implies that every instance of the resource is matched. + // +optional + ResourceNames []string +} + +// ObjectReference contains enough information to let you inspect or modify the referred object. +type ObjectReference struct { + // +optional + Resource string + // +optional + Namespace string + // +optional + Name string + // +optional + UID types.UID + // APIGroup is the name of the API group that contains the referred object. + // The empty string represents the core API group. + // +optional + APIGroup string + // APIVersion is the version of the API group that contains the referred object. + // +optional + APIVersion string + // +optional + ResourceVersion string + // +optional + Subresource string +} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/doc.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/doc.go new file mode 100644 index 0000000000..d1f180c942 --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/doc.go @@ -0,0 +1,25 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:deepcopy-gen=package +// +k8s:protobuf-gen=package +// +k8s:conversion-gen=k8s.io/apiserver/pkg/apis/audit +// +k8s:openapi-gen=true +// +k8s:defaulter-gen=TypeMeta + +// +groupName=audit.k8s.io + +package v1 // import "k8s.io/apiserver/pkg/apis/audit/v1" diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.pb.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.pb.go new file mode 100644 index 0000000000..d7454c7a55 --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.pb.go @@ -0,0 +1,3231 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto + +package v1 + +import ( + fmt "fmt" + + io "io" + + proto "github.com/gogo/protobuf/proto" + github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys" + v1 "k8s.io/api/authentication/v1" + v11 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + + math "math" + math_bits "math/bits" + reflect "reflect" + strings "strings" + + k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types" +) + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package + +func (m *Event) Reset() { *m = Event{} } +func (*Event) ProtoMessage() {} +func (*Event) Descriptor() ([]byte, []int) { + return fileDescriptor_4982ac40a460d730, []int{0} +} +func (m *Event) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *Event) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *Event) XXX_Merge(src proto.Message) { + xxx_messageInfo_Event.Merge(m, src) +} +func (m *Event) XXX_Size() int { + return m.Size() +} +func (m *Event) XXX_DiscardUnknown() { + xxx_messageInfo_Event.DiscardUnknown(m) +} + +var xxx_messageInfo_Event proto.InternalMessageInfo + +func (m *EventList) Reset() { *m = EventList{} } +func (*EventList) ProtoMessage() {} +func (*EventList) Descriptor() ([]byte, []int) { + return fileDescriptor_4982ac40a460d730, []int{1} +} +func (m *EventList) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *EventList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *EventList) XXX_Merge(src proto.Message) { + xxx_messageInfo_EventList.Merge(m, src) +} +func (m *EventList) XXX_Size() int { + return m.Size() +} +func (m *EventList) XXX_DiscardUnknown() { + xxx_messageInfo_EventList.DiscardUnknown(m) +} + +var xxx_messageInfo_EventList proto.InternalMessageInfo + +func (m *GroupResources) Reset() { *m = GroupResources{} } +func (*GroupResources) ProtoMessage() {} +func (*GroupResources) Descriptor() ([]byte, []int) { + return fileDescriptor_4982ac40a460d730, []int{2} +} +func (m *GroupResources) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *GroupResources) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *GroupResources) XXX_Merge(src proto.Message) { + xxx_messageInfo_GroupResources.Merge(m, src) +} +func (m *GroupResources) XXX_Size() int { + return m.Size() +} +func (m *GroupResources) XXX_DiscardUnknown() { + xxx_messageInfo_GroupResources.DiscardUnknown(m) +} + +var xxx_messageInfo_GroupResources proto.InternalMessageInfo + +func (m *ObjectReference) Reset() { *m = ObjectReference{} } +func (*ObjectReference) ProtoMessage() {} +func (*ObjectReference) Descriptor() ([]byte, []int) { + return fileDescriptor_4982ac40a460d730, []int{3} +} +func (m *ObjectReference) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ObjectReference) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *ObjectReference) XXX_Merge(src proto.Message) { + xxx_messageInfo_ObjectReference.Merge(m, src) +} +func (m *ObjectReference) XXX_Size() int { + return m.Size() +} +func (m *ObjectReference) XXX_DiscardUnknown() { + xxx_messageInfo_ObjectReference.DiscardUnknown(m) +} + +var xxx_messageInfo_ObjectReference proto.InternalMessageInfo + +func (m *Policy) Reset() { *m = Policy{} } +func (*Policy) ProtoMessage() {} +func (*Policy) Descriptor() ([]byte, []int) { + return fileDescriptor_4982ac40a460d730, []int{4} +} +func (m *Policy) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *Policy) XXX_Merge(src proto.Message) { + xxx_messageInfo_Policy.Merge(m, src) +} +func (m *Policy) XXX_Size() int { + return m.Size() +} +func (m *Policy) XXX_DiscardUnknown() { + xxx_messageInfo_Policy.DiscardUnknown(m) +} + +var xxx_messageInfo_Policy proto.InternalMessageInfo + +func (m *PolicyList) Reset() { *m = PolicyList{} } +func (*PolicyList) ProtoMessage() {} +func (*PolicyList) Descriptor() ([]byte, []int) { + return fileDescriptor_4982ac40a460d730, []int{5} +} +func (m *PolicyList) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PolicyList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *PolicyList) XXX_Merge(src proto.Message) { + xxx_messageInfo_PolicyList.Merge(m, src) +} +func (m *PolicyList) XXX_Size() int { + return m.Size() +} +func (m *PolicyList) XXX_DiscardUnknown() { + xxx_messageInfo_PolicyList.DiscardUnknown(m) +} + +var xxx_messageInfo_PolicyList proto.InternalMessageInfo + +func (m *PolicyRule) Reset() { *m = PolicyRule{} } +func (*PolicyRule) ProtoMessage() {} +func (*PolicyRule) Descriptor() ([]byte, []int) { + return fileDescriptor_4982ac40a460d730, []int{6} +} +func (m *PolicyRule) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *PolicyRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil +} +func (m *PolicyRule) XXX_Merge(src proto.Message) { + xxx_messageInfo_PolicyRule.Merge(m, src) +} +func (m *PolicyRule) XXX_Size() int { + return m.Size() +} +func (m *PolicyRule) XXX_DiscardUnknown() { + xxx_messageInfo_PolicyRule.DiscardUnknown(m) +} + +var xxx_messageInfo_PolicyRule proto.InternalMessageInfo + +func init() { + proto.RegisterType((*Event)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.Event") + proto.RegisterMapType((map[string]string)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.Event.AnnotationsEntry") + proto.RegisterType((*EventList)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.EventList") + proto.RegisterType((*GroupResources)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.GroupResources") + proto.RegisterType((*ObjectReference)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.ObjectReference") + proto.RegisterType((*Policy)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.Policy") + proto.RegisterType((*PolicyList)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.PolicyList") + proto.RegisterType((*PolicyRule)(nil), "k8s.io.apiserver.pkg.apis.audit.v1.PolicyRule") +} + +func init() { + proto.RegisterFile("k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto", fileDescriptor_4982ac40a460d730) +} + +var fileDescriptor_4982ac40a460d730 = []byte{ + // 1288 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x57, 0x4f, 0x6f, 0x1b, 0x45, + 0x14, 0xcf, 0xc6, 0x71, 0x63, 0x8f, 0x1b, 0xc7, 0x99, 0x16, 0xba, 0xe4, 0x60, 0x1b, 0x23, 0xa1, + 0x00, 0x61, 0xb7, 0x0d, 0x85, 0x56, 0x95, 0x40, 0xb2, 0x69, 0x69, 0x2d, 0x9a, 0x3f, 0x1a, 0xe3, + 0x1e, 0x10, 0x87, 0xae, 0xd7, 0x2f, 0xf6, 0x62, 0x7b, 0x76, 0xbb, 0x33, 0x6b, 0x94, 0x1b, 0x5f, + 0x00, 0x89, 0x3b, 0xdf, 0x82, 0x1b, 0xe2, 0xc4, 0x2d, 0xc7, 0x1e, 0x7b, 0xb2, 0x88, 0xe1, 0x53, + 0xe4, 0x80, 0xd0, 0xcc, 0xce, 0xfe, 0xb1, 0x13, 0x2b, 0x0e, 0x07, 0x6e, 0x9e, 0xf7, 0x7e, 0xbf, + 0xdf, 0x7b, 0xfb, 0xf6, 0xbd, 0x37, 0x6b, 0xf4, 0xf5, 0xe0, 0x21, 0x33, 0x1c, 0xd7, 0x1c, 0x04, + 0x1d, 0xf0, 0x29, 0x70, 0x60, 0xe6, 0x18, 0x68, 0xd7, 0xf5, 0x4d, 0xe5, 0xb0, 0x3c, 0x87, 0x81, + 0x3f, 0x06, 0xdf, 0xf4, 0x06, 0x3d, 0x79, 0x32, 0xad, 0xa0, 0xeb, 0x70, 0x73, 0x7c, 0xcf, 0xec, + 0x01, 0x05, 0xdf, 0xe2, 0xd0, 0x35, 0x3c, 0xdf, 0xe5, 0x2e, 0xae, 0x85, 0x1c, 0x23, 0xe6, 0x18, + 0xde, 0xa0, 0x27, 0x4f, 0x86, 0xe4, 0x18, 0xe3, 0x7b, 0xdb, 0x1f, 0xf7, 0x1c, 0xde, 0x0f, 0x3a, + 0x86, 0xed, 0x8e, 0xcc, 0x9e, 0xdb, 0x73, 0x4d, 0x49, 0xed, 0x04, 0xc7, 0xf2, 0x24, 0x0f, 0xf2, + 0x57, 0x28, 0xb9, 0xbd, 0x9b, 0xa4, 0x61, 0x5a, 0x01, 0xef, 0x03, 0xe5, 0x8e, 0x6d, 0x71, 0xc7, + 0xa5, 0x97, 0x24, 0xb0, 0x7d, 0x3f, 0x41, 0x8f, 0x2c, 0xbb, 0xef, 0x50, 0xf0, 0x4f, 0x92, 0xbc, + 0x47, 0xc0, 0xad, 0xcb, 0x58, 0xe6, 0x22, 0x96, 0x1f, 0x50, 0xee, 0x8c, 0xe0, 0x02, 0xe1, 0xb3, + 0xab, 0x08, 0xcc, 0xee, 0xc3, 0xc8, 0x9a, 0xe7, 0xd5, 0xfe, 0x46, 0x28, 0xfb, 0x64, 0x0c, 0x94, + 0xe3, 0x5d, 0x94, 0x1d, 0xc2, 0x18, 0x86, 0xba, 0x56, 0xd5, 0x76, 0xf2, 0x8d, 0xb7, 0x4f, 0x27, + 0x95, 0x95, 0xe9, 0xa4, 0x92, 0x7d, 0x2e, 0x8c, 0xe7, 0xd1, 0x0f, 0x12, 0x82, 0xf0, 0x01, 0x5a, + 0x97, 0xf5, 0x6b, 0x3e, 0xd6, 0x57, 0x25, 0xfe, 0xbe, 0xc2, 0xaf, 0xd7, 0x43, 0xf3, 0xf9, 0xa4, + 0xf2, 0xee, 0xa2, 0x9c, 0xf8, 0x89, 0x07, 0xcc, 0x68, 0x37, 0x1f, 0x93, 0x48, 0x44, 0x44, 0x67, + 0xdc, 0xea, 0x81, 0x9e, 0x99, 0x8d, 0xde, 0x12, 0xc6, 0xf3, 0xe8, 0x07, 0x09, 0x41, 0x78, 0x0f, + 0x21, 0x1f, 0x5e, 0x05, 0xc0, 0x78, 0x9b, 0x34, 0xf5, 0x35, 0x49, 0xc1, 0x8a, 0x82, 0x48, 0xec, + 0x21, 0x29, 0x14, 0xae, 0xa2, 0xb5, 0x31, 0xf8, 0x1d, 0x3d, 0x2b, 0xd1, 0x37, 0x15, 0x7a, 0xed, + 0x05, 0xf8, 0x1d, 0x22, 0x3d, 0xf8, 0x19, 0x5a, 0x0b, 0x18, 0xf8, 0xfa, 0x8d, 0xaa, 0xb6, 0x53, + 0xd8, 0x7b, 0xdf, 0x48, 0x5a, 0xc7, 0x98, 0x7d, 0xcf, 0xc6, 0xf8, 0x9e, 0xd1, 0x66, 0xe0, 0x37, + 0xe9, 0xb1, 0x9b, 0x28, 0x09, 0x0b, 0x91, 0x0a, 0xb8, 0x8f, 0x4a, 0xce, 0xc8, 0x03, 0x9f, 0xb9, + 0x54, 0xd4, 0x5a, 0x78, 0xf4, 0xf5, 0x6b, 0xa9, 0xde, 0x9e, 0x4e, 0x2a, 0xa5, 0xe6, 0x9c, 0x06, + 0xb9, 0xa0, 0x8a, 0x3f, 0x42, 0x79, 0xe6, 0x06, 0xbe, 0x0d, 0xcd, 0x23, 0xa6, 0xe7, 0xaa, 0x99, + 0x9d, 0x7c, 0x63, 0x63, 0x3a, 0xa9, 0xe4, 0x5b, 0x91, 0x91, 0x24, 0x7e, 0x6c, 0xa2, 0xbc, 0x48, + 0xaf, 0xde, 0x03, 0xca, 0xf5, 0x92, 0xac, 0xc3, 0x96, 0xca, 0x3e, 0xdf, 0x8e, 0x1c, 0x24, 0xc1, + 0xe0, 0x97, 0x28, 0xef, 0x76, 0xbe, 0x07, 0x9b, 0x13, 0x38, 0xd6, 0xf3, 0xf2, 0x01, 0x3e, 0x31, + 0xae, 0x9e, 0x28, 0xe3, 0x30, 0x22, 0x81, 0x0f, 0xd4, 0x86, 0x30, 0xa5, 0xd8, 0x48, 0x12, 0x51, + 0xdc, 0x47, 0x45, 0x1f, 0x98, 0xe7, 0x52, 0x06, 0x2d, 0x6e, 0xf1, 0x80, 0xe9, 0x48, 0x86, 0xd9, + 0x4d, 0x85, 0x89, 0x9b, 0x27, 0x89, 0x24, 0xe6, 0x46, 0x04, 0x0a, 0x39, 0x0d, 0x3c, 0x9d, 0x54, + 0x8a, 0x64, 0x46, 0x87, 0xcc, 0xe9, 0x62, 0x0b, 0x6d, 0xa8, 0x6e, 0x08, 0x13, 0xd1, 0x0b, 0x32, + 0xd0, 0xce, 0xc2, 0x40, 0x6a, 0x72, 0x8c, 0x36, 0x1d, 0x50, 0xf7, 0x07, 0xda, 0xd8, 0x9a, 0x4e, + 0x2a, 0x1b, 0x24, 0x2d, 0x41, 0x66, 0x15, 0x71, 0x37, 0x79, 0x18, 0x15, 0xe3, 0xe6, 0x35, 0x63, + 0xcc, 0x3c, 0x88, 0x0a, 0x32, 0xa7, 0x89, 0x7f, 0xd2, 0x90, 0xae, 0xe2, 0x12, 0xb0, 0xc1, 0x19, + 0x43, 0xf7, 0x1b, 0x67, 0x04, 0x8c, 0x5b, 0x23, 0x4f, 0xdf, 0x90, 0x01, 0xcd, 0xe5, 0xaa, 0xb7, + 0xef, 0xd8, 0xbe, 0x2b, 0xb8, 0x8d, 0xaa, 0x6a, 0x03, 0x9d, 0x2c, 0x10, 0x26, 0x0b, 0x43, 0x62, + 0x17, 0x15, 0xe5, 0x54, 0x26, 0x49, 0x14, 0xff, 0x5b, 0x12, 0xd1, 0xd0, 0x17, 0x5b, 0x33, 0x72, + 0x64, 0x4e, 0x1e, 0xbf, 0x42, 0x05, 0x8b, 0x52, 0x97, 0xcb, 0xa9, 0x61, 0xfa, 0x66, 0x35, 0xb3, + 0x53, 0xd8, 0x7b, 0xb4, 0x4c, 0x5f, 0xca, 0x4d, 0x67, 0xd4, 0x13, 0xf2, 0x13, 0xca, 0xfd, 0x93, + 0xc6, 0x2d, 0x15, 0xb8, 0x90, 0xf2, 0x90, 0x74, 0x8c, 0xed, 0x2f, 0x50, 0x69, 0x9e, 0x85, 0x4b, + 0x28, 0x33, 0x80, 0x93, 0x70, 0x5d, 0x12, 0xf1, 0x13, 0xdf, 0x46, 0xd9, 0xb1, 0x35, 0x0c, 0x20, + 0x5c, 0x89, 0x24, 0x3c, 0x3c, 0x5a, 0x7d, 0xa8, 0xd5, 0x7e, 0xd3, 0x50, 0x5e, 0x06, 0x7f, 0xee, + 0x30, 0x8e, 0xbf, 0x43, 0x39, 0xf1, 0xf4, 0x5d, 0x8b, 0x5b, 0x92, 0x5e, 0xd8, 0x33, 0x96, 0xab, + 0x95, 0x60, 0xef, 0x03, 0xb7, 0x1a, 0x25, 0x95, 0x71, 0x2e, 0xb2, 0x90, 0x58, 0x11, 0x1f, 0xa0, + 0xac, 0xc3, 0x61, 0xc4, 0xf4, 0x55, 0x59, 0x98, 0x0f, 0x96, 0x2e, 0x4c, 0x63, 0x23, 0xda, 0xba, + 0x4d, 0xc1, 0x27, 0xa1, 0x4c, 0xed, 0x17, 0x0d, 0x15, 0x9f, 0xfa, 0x6e, 0xe0, 0x11, 0x08, 0x57, + 0x09, 0xc3, 0xef, 0xa1, 0x6c, 0x4f, 0x58, 0xd4, 0x5d, 0x11, 0xf3, 0x42, 0x58, 0xe8, 0x13, 0xab, + 0xc9, 0x8f, 0x18, 0x32, 0x17, 0xb5, 0x9a, 0x62, 0x19, 0x92, 0xf8, 0xf1, 0x03, 0x31, 0x9d, 0xe1, + 0xe1, 0xc0, 0x1a, 0x01, 0xd3, 0x33, 0x92, 0xa0, 0x66, 0x2e, 0xe5, 0x20, 0xb3, 0xb8, 0xda, 0xaf, + 0x19, 0xb4, 0x39, 0xb7, 0x6e, 0xf0, 0x2e, 0xca, 0x45, 0x20, 0x95, 0x61, 0x5c, 0xaf, 0x48, 0x8b, + 0xc4, 0x08, 0xb1, 0x15, 0xa9, 0x90, 0xf2, 0x2c, 0x5b, 0xbd, 0xb9, 0x64, 0x2b, 0x1e, 0x44, 0x0e, + 0x92, 0x60, 0xc4, 0x4d, 0x22, 0x0e, 0xea, 0xaa, 0x8a, 0xf7, 0xbf, 0xc0, 0x12, 0xe9, 0xc1, 0x0d, + 0x94, 0x09, 0x9c, 0xae, 0xba, 0x98, 0xee, 0x2a, 0x40, 0xa6, 0xbd, 0xec, 0xad, 0x28, 0xc8, 0xe2, + 0x21, 0x2c, 0xcf, 0x91, 0x15, 0x55, 0x77, 0x56, 0xfc, 0x10, 0xf5, 0xa3, 0x66, 0x58, 0xe9, 0x18, + 0x21, 0x6e, 0x44, 0xcb, 0x73, 0x5e, 0x80, 0xcf, 0x1c, 0x97, 0xca, 0x1b, 0x2c, 0x75, 0x23, 0xd6, + 0x8f, 0x9a, 0xca, 0x43, 0x52, 0x28, 0x5c, 0x47, 0x9b, 0x51, 0x11, 0x22, 0xe2, 0xba, 0x24, 0xde, + 0x51, 0xc4, 0x4d, 0x32, 0xeb, 0x26, 0xf3, 0x78, 0xfc, 0x29, 0x2a, 0xb0, 0xa0, 0x13, 0x17, 0x3b, + 0x27, 0xe9, 0xf1, 0x38, 0xb5, 0x12, 0x17, 0x49, 0xe3, 0x6a, 0x7f, 0xac, 0xa2, 0x1b, 0x47, 0xee, + 0xd0, 0xb1, 0x4f, 0xf0, 0xcb, 0x0b, 0xb3, 0x70, 0x77, 0xb9, 0x59, 0x08, 0x5f, 0xba, 0x9c, 0x86, + 0xf8, 0x41, 0x13, 0x5b, 0x6a, 0x1e, 0x5a, 0x28, 0xeb, 0x07, 0x43, 0x88, 0xe6, 0xc1, 0x58, 0x66, + 0x1e, 0xc2, 0xe4, 0x48, 0x30, 0x84, 0xa4, 0xb9, 0xc5, 0x89, 0x91, 0x50, 0x0b, 0x3f, 0x40, 0xc8, + 0x1d, 0x39, 0x5c, 0x6e, 0xaa, 0xa8, 0x59, 0xef, 0xc8, 0x14, 0x62, 0x6b, 0xf2, 0xd5, 0x92, 0x82, + 0xe2, 0xa7, 0x68, 0x4b, 0x9c, 0xf6, 0x2d, 0x6a, 0xf5, 0xa0, 0xfb, 0x95, 0x03, 0xc3, 0x2e, 0x93, + 0x8d, 0x92, 0x6b, 0xbc, 0xa3, 0x22, 0x6d, 0x1d, 0xce, 0x03, 0xc8, 0x45, 0x4e, 0xed, 0x77, 0x0d, + 0xa1, 0x30, 0xcd, 0xff, 0x61, 0xa7, 0x1c, 0xce, 0xee, 0x94, 0x0f, 0x97, 0xaf, 0xe1, 0x82, 0xa5, + 0xf2, 0x4f, 0x26, 0xca, 0x5e, 0x94, 0xf5, 0x9a, 0x1f, 0x9f, 0x15, 0x94, 0x15, 0xdf, 0x28, 0xd1, + 0x56, 0xc9, 0x0b, 0xa4, 0xf8, 0x7e, 0x61, 0x24, 0xb4, 0x63, 0x03, 0x21, 0xf1, 0x43, 0x8e, 0x46, + 0xf4, 0x76, 0x8a, 0xe2, 0xed, 0xb4, 0x63, 0x2b, 0x49, 0x21, 0x84, 0xa0, 0xf8, 0x02, 0x14, 0x2f, + 0x22, 0x16, 0x14, 0x1f, 0x86, 0x8c, 0x84, 0x76, 0x6c, 0xa7, 0x77, 0x59, 0x56, 0xd6, 0x60, 0x6f, + 0x99, 0x1a, 0xcc, 0xee, 0xcd, 0x64, 0xaf, 0x5c, 0xba, 0x03, 0x0d, 0x84, 0xe2, 0x25, 0xc3, 0xf4, + 0x1b, 0x49, 0xd6, 0xf1, 0x16, 0x62, 0x24, 0x85, 0xc0, 0x9f, 0xa3, 0x4d, 0xea, 0xd2, 0x48, 0xaa, + 0x4d, 0x9e, 0x33, 0x7d, 0x5d, 0x92, 0x6e, 0x89, 0xd9, 0x3d, 0x98, 0x75, 0x91, 0x79, 0xec, 0x5c, + 0x0b, 0xe7, 0x96, 0x6f, 0xe1, 0x2f, 0x2f, 0x6b, 0xe1, 0xbc, 0x6c, 0xe1, 0xb7, 0x96, 0x6d, 0xdf, + 0xc6, 0xb3, 0xd3, 0xb3, 0xf2, 0xca, 0xeb, 0xb3, 0xf2, 0xca, 0x9b, 0xb3, 0xf2, 0xca, 0x8f, 0xd3, + 0xb2, 0x76, 0x3a, 0x2d, 0x6b, 0xaf, 0xa7, 0x65, 0xed, 0xcd, 0xb4, 0xac, 0xfd, 0x39, 0x2d, 0x6b, + 0x3f, 0xff, 0x55, 0x5e, 0xf9, 0xb6, 0x76, 0xf5, 0x5f, 0xbe, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff, + 0xef, 0x9b, 0x7d, 0x75, 0x30, 0x0e, 0x00, 0x00, +} + +func (m *Event) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *Event) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *Event) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.UserAgent) + copy(dAtA[i:], m.UserAgent) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.UserAgent))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x82 + if len(m.Annotations) > 0 { + keysForAnnotations := make([]string, 0, len(m.Annotations)) + for k := range m.Annotations { + keysForAnnotations = append(keysForAnnotations, string(k)) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForAnnotations) + for iNdEx := len(keysForAnnotations) - 1; iNdEx >= 0; iNdEx-- { + v := m.Annotations[string(keysForAnnotations[iNdEx])] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = encodeVarintGenerated(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(keysForAnnotations[iNdEx]) + copy(dAtA[i:], keysForAnnotations[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(keysForAnnotations[iNdEx]))) + i-- + dAtA[i] = 0xa + i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x7a + } + } + { + size, err := m.StageTimestamp.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x72 + { + size, err := m.RequestReceivedTimestamp.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x6a + if m.ResponseObject != nil { + { + size, err := m.ResponseObject.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x62 + } + if m.RequestObject != nil { + { + size, err := m.RequestObject.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x5a + } + if m.ResponseStatus != nil { + { + size, err := m.ResponseStatus.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x52 + } + if m.ObjectRef != nil { + { + size, err := m.ObjectRef.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x4a + } + if len(m.SourceIPs) > 0 { + for iNdEx := len(m.SourceIPs) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.SourceIPs[iNdEx]) + copy(dAtA[i:], m.SourceIPs[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.SourceIPs[iNdEx]))) + i-- + dAtA[i] = 0x42 + } + } + if m.ImpersonatedUser != nil { + { + size, err := m.ImpersonatedUser.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x3a + } + { + size, err := m.User.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x32 + i -= len(m.Verb) + copy(dAtA[i:], m.Verb) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Verb))) + i-- + dAtA[i] = 0x2a + i -= len(m.RequestURI) + copy(dAtA[i:], m.RequestURI) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.RequestURI))) + i-- + dAtA[i] = 0x22 + i -= len(m.Stage) + copy(dAtA[i:], m.Stage) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Stage))) + i-- + dAtA[i] = 0x1a + i -= len(m.AuditID) + copy(dAtA[i:], m.AuditID) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.AuditID))) + i-- + dAtA[i] = 0x12 + i -= len(m.Level) + copy(dAtA[i:], m.Level) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Level))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *EventList) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *EventList) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *EventList) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Items) > 0 { + for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + { + size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *GroupResources) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *GroupResources) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *GroupResources) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.ResourceNames) > 0 { + for iNdEx := len(m.ResourceNames) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.ResourceNames[iNdEx]) + copy(dAtA[i:], m.ResourceNames[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.ResourceNames[iNdEx]))) + i-- + dAtA[i] = 0x1a + } + } + if len(m.Resources) > 0 { + for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Resources[iNdEx]) + copy(dAtA[i:], m.Resources[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Resources[iNdEx]))) + i-- + dAtA[i] = 0x12 + } + } + i -= len(m.Group) + copy(dAtA[i:], m.Group) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Group))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *ObjectReference) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ObjectReference) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ObjectReference) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i -= len(m.Subresource) + copy(dAtA[i:], m.Subresource) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Subresource))) + i-- + dAtA[i] = 0x42 + i -= len(m.ResourceVersion) + copy(dAtA[i:], m.ResourceVersion) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.ResourceVersion))) + i-- + dAtA[i] = 0x3a + i -= len(m.APIVersion) + copy(dAtA[i:], m.APIVersion) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.APIVersion))) + i-- + dAtA[i] = 0x32 + i -= len(m.APIGroup) + copy(dAtA[i:], m.APIGroup) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.APIGroup))) + i-- + dAtA[i] = 0x2a + i -= len(m.UID) + copy(dAtA[i:], m.UID) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.UID))) + i-- + dAtA[i] = 0x22 + i -= len(m.Name) + copy(dAtA[i:], m.Name) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) + i-- + dAtA[i] = 0x1a + i -= len(m.Namespace) + copy(dAtA[i:], m.Namespace) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace))) + i-- + dAtA[i] = 0x12 + i -= len(m.Resource) + copy(dAtA[i:], m.Resource) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Resource))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *Policy) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *Policy) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *Policy) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + i-- + if m.OmitManagedFields { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x20 + if len(m.OmitStages) > 0 { + for iNdEx := len(m.OmitStages) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.OmitStages[iNdEx]) + copy(dAtA[i:], m.OmitStages[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.OmitStages[iNdEx]))) + i-- + dAtA[i] = 0x1a + } + } + if len(m.Rules) > 0 { + for iNdEx := len(m.Rules) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Rules[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *PolicyList) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PolicyList) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PolicyList) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if len(m.Items) > 0 { + for iNdEx := len(m.Items) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Items[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + { + size, err := m.ListMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func (m *PolicyRule) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *PolicyRule) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *PolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.OmitManagedFields != nil { + i-- + if *m.OmitManagedFields { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x48 + } + if len(m.OmitStages) > 0 { + for iNdEx := len(m.OmitStages) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.OmitStages[iNdEx]) + copy(dAtA[i:], m.OmitStages[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.OmitStages[iNdEx]))) + i-- + dAtA[i] = 0x42 + } + } + if len(m.NonResourceURLs) > 0 { + for iNdEx := len(m.NonResourceURLs) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.NonResourceURLs[iNdEx]) + copy(dAtA[i:], m.NonResourceURLs[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.NonResourceURLs[iNdEx]))) + i-- + dAtA[i] = 0x3a + } + } + if len(m.Namespaces) > 0 { + for iNdEx := len(m.Namespaces) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Namespaces[iNdEx]) + copy(dAtA[i:], m.Namespaces[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespaces[iNdEx]))) + i-- + dAtA[i] = 0x32 + } + } + if len(m.Resources) > 0 { + for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Resources[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a + } + } + if len(m.Verbs) > 0 { + for iNdEx := len(m.Verbs) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Verbs[iNdEx]) + copy(dAtA[i:], m.Verbs[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Verbs[iNdEx]))) + i-- + dAtA[i] = 0x22 + } + } + if len(m.UserGroups) > 0 { + for iNdEx := len(m.UserGroups) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.UserGroups[iNdEx]) + copy(dAtA[i:], m.UserGroups[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.UserGroups[iNdEx]))) + i-- + dAtA[i] = 0x1a + } + } + if len(m.Users) > 0 { + for iNdEx := len(m.Users) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Users[iNdEx]) + copy(dAtA[i:], m.Users[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Users[iNdEx]))) + i-- + dAtA[i] = 0x12 + } + } + i -= len(m.Level) + copy(dAtA[i:], m.Level) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.Level))) + i-- + dAtA[i] = 0xa + return len(dAtA) - i, nil +} + +func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int { + offset -= sovGenerated(v) + base := offset + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return base +} +func (m *Event) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Level) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.AuditID) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Stage) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.RequestURI) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Verb) + n += 1 + l + sovGenerated(uint64(l)) + l = m.User.Size() + n += 1 + l + sovGenerated(uint64(l)) + if m.ImpersonatedUser != nil { + l = m.ImpersonatedUser.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + if len(m.SourceIPs) > 0 { + for _, s := range m.SourceIPs { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + if m.ObjectRef != nil { + l = m.ObjectRef.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + if m.ResponseStatus != nil { + l = m.ResponseStatus.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + if m.RequestObject != nil { + l = m.RequestObject.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + if m.ResponseObject != nil { + l = m.ResponseObject.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + l = m.RequestReceivedTimestamp.Size() + n += 1 + l + sovGenerated(uint64(l)) + l = m.StageTimestamp.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Annotations) > 0 { + for k, v := range m.Annotations { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v))) + n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) + } + } + l = len(m.UserAgent) + n += 2 + l + sovGenerated(uint64(l)) + return n +} + +func (m *EventList) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ListMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Items) > 0 { + for _, e := range m.Items { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *GroupResources) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Group) + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Resources) > 0 { + for _, s := range m.Resources { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.ResourceNames) > 0 { + for _, s := range m.ResourceNames { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *ObjectReference) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Resource) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Namespace) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Name) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.UID) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.APIGroup) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.APIVersion) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.ResourceVersion) + n += 1 + l + sovGenerated(uint64(l)) + l = len(m.Subresource) + n += 1 + l + sovGenerated(uint64(l)) + return n +} + +func (m *Policy) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Rules) > 0 { + for _, e := range m.Rules { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.OmitStages) > 0 { + for _, s := range m.OmitStages { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + n += 2 + return n +} + +func (m *PolicyList) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = m.ListMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Items) > 0 { + for _, e := range m.Items { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + return n +} + +func (m *PolicyRule) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Level) + n += 1 + l + sovGenerated(uint64(l)) + if len(m.Users) > 0 { + for _, s := range m.Users { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.UserGroups) > 0 { + for _, s := range m.UserGroups { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.Verbs) > 0 { + for _, s := range m.Verbs { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.Resources) > 0 { + for _, e := range m.Resources { + l = e.Size() + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.Namespaces) > 0 { + for _, s := range m.Namespaces { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.NonResourceURLs) > 0 { + for _, s := range m.NonResourceURLs { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + if len(m.OmitStages) > 0 { + for _, s := range m.OmitStages { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } + if m.OmitManagedFields != nil { + n += 2 + } + return n +} + +func sovGenerated(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} +func sozGenerated(x uint64) (n int) { + return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (this *Event) String() string { + if this == nil { + return "nil" + } + keysForAnnotations := make([]string, 0, len(this.Annotations)) + for k := range this.Annotations { + keysForAnnotations = append(keysForAnnotations, k) + } + github_com_gogo_protobuf_sortkeys.Strings(keysForAnnotations) + mapStringForAnnotations := "map[string]string{" + for _, k := range keysForAnnotations { + mapStringForAnnotations += fmt.Sprintf("%v: %v,", k, this.Annotations[k]) + } + mapStringForAnnotations += "}" + s := strings.Join([]string{`&Event{`, + `Level:` + fmt.Sprintf("%v", this.Level) + `,`, + `AuditID:` + fmt.Sprintf("%v", this.AuditID) + `,`, + `Stage:` + fmt.Sprintf("%v", this.Stage) + `,`, + `RequestURI:` + fmt.Sprintf("%v", this.RequestURI) + `,`, + `Verb:` + fmt.Sprintf("%v", this.Verb) + `,`, + `User:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.User), "UserInfo", "v1.UserInfo", 1), `&`, ``, 1) + `,`, + `ImpersonatedUser:` + strings.Replace(fmt.Sprintf("%v", this.ImpersonatedUser), "UserInfo", "v1.UserInfo", 1) + `,`, + `SourceIPs:` + fmt.Sprintf("%v", this.SourceIPs) + `,`, + `ObjectRef:` + strings.Replace(this.ObjectRef.String(), "ObjectReference", "ObjectReference", 1) + `,`, + `ResponseStatus:` + strings.Replace(fmt.Sprintf("%v", this.ResponseStatus), "Status", "v11.Status", 1) + `,`, + `RequestObject:` + strings.Replace(fmt.Sprintf("%v", this.RequestObject), "Unknown", "runtime.Unknown", 1) + `,`, + `ResponseObject:` + strings.Replace(fmt.Sprintf("%v", this.ResponseObject), "Unknown", "runtime.Unknown", 1) + `,`, + `RequestReceivedTimestamp:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.RequestReceivedTimestamp), "MicroTime", "v11.MicroTime", 1), `&`, ``, 1) + `,`, + `StageTimestamp:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.StageTimestamp), "MicroTime", "v11.MicroTime", 1), `&`, ``, 1) + `,`, + `Annotations:` + mapStringForAnnotations + `,`, + `UserAgent:` + fmt.Sprintf("%v", this.UserAgent) + `,`, + `}`, + }, "") + return s +} +func (this *EventList) String() string { + if this == nil { + return "nil" + } + repeatedStringForItems := "[]Event{" + for _, f := range this.Items { + repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "Event", "Event", 1), `&`, ``, 1) + "," + } + repeatedStringForItems += "}" + s := strings.Join([]string{`&EventList{`, + `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v11.ListMeta", 1), `&`, ``, 1) + `,`, + `Items:` + repeatedStringForItems + `,`, + `}`, + }, "") + return s +} +func (this *GroupResources) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&GroupResources{`, + `Group:` + fmt.Sprintf("%v", this.Group) + `,`, + `Resources:` + fmt.Sprintf("%v", this.Resources) + `,`, + `ResourceNames:` + fmt.Sprintf("%v", this.ResourceNames) + `,`, + `}`, + }, "") + return s +} +func (this *ObjectReference) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&ObjectReference{`, + `Resource:` + fmt.Sprintf("%v", this.Resource) + `,`, + `Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`, + `Name:` + fmt.Sprintf("%v", this.Name) + `,`, + `UID:` + fmt.Sprintf("%v", this.UID) + `,`, + `APIGroup:` + fmt.Sprintf("%v", this.APIGroup) + `,`, + `APIVersion:` + fmt.Sprintf("%v", this.APIVersion) + `,`, + `ResourceVersion:` + fmt.Sprintf("%v", this.ResourceVersion) + `,`, + `Subresource:` + fmt.Sprintf("%v", this.Subresource) + `,`, + `}`, + }, "") + return s +} +func (this *Policy) String() string { + if this == nil { + return "nil" + } + repeatedStringForRules := "[]PolicyRule{" + for _, f := range this.Rules { + repeatedStringForRules += strings.Replace(strings.Replace(f.String(), "PolicyRule", "PolicyRule", 1), `&`, ``, 1) + "," + } + repeatedStringForRules += "}" + s := strings.Join([]string{`&Policy{`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v11.ObjectMeta", 1), `&`, ``, 1) + `,`, + `Rules:` + repeatedStringForRules + `,`, + `OmitStages:` + fmt.Sprintf("%v", this.OmitStages) + `,`, + `OmitManagedFields:` + fmt.Sprintf("%v", this.OmitManagedFields) + `,`, + `}`, + }, "") + return s +} +func (this *PolicyList) String() string { + if this == nil { + return "nil" + } + repeatedStringForItems := "[]Policy{" + for _, f := range this.Items { + repeatedStringForItems += strings.Replace(strings.Replace(f.String(), "Policy", "Policy", 1), `&`, ``, 1) + "," + } + repeatedStringForItems += "}" + s := strings.Join([]string{`&PolicyList{`, + `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v11.ListMeta", 1), `&`, ``, 1) + `,`, + `Items:` + repeatedStringForItems + `,`, + `}`, + }, "") + return s +} +func (this *PolicyRule) String() string { + if this == nil { + return "nil" + } + repeatedStringForResources := "[]GroupResources{" + for _, f := range this.Resources { + repeatedStringForResources += strings.Replace(strings.Replace(f.String(), "GroupResources", "GroupResources", 1), `&`, ``, 1) + "," + } + repeatedStringForResources += "}" + s := strings.Join([]string{`&PolicyRule{`, + `Level:` + fmt.Sprintf("%v", this.Level) + `,`, + `Users:` + fmt.Sprintf("%v", this.Users) + `,`, + `UserGroups:` + fmt.Sprintf("%v", this.UserGroups) + `,`, + `Verbs:` + fmt.Sprintf("%v", this.Verbs) + `,`, + `Resources:` + repeatedStringForResources + `,`, + `Namespaces:` + fmt.Sprintf("%v", this.Namespaces) + `,`, + `NonResourceURLs:` + fmt.Sprintf("%v", this.NonResourceURLs) + `,`, + `OmitStages:` + fmt.Sprintf("%v", this.OmitStages) + `,`, + `OmitManagedFields:` + valueToStringGenerated(this.OmitManagedFields) + `,`, + `}`, + }, "") + return s +} +func valueToStringGenerated(v interface{}) string { + rv := reflect.ValueOf(v) + if rv.IsNil() { + return "nil" + } + pv := reflect.Indirect(rv).Interface() + return fmt.Sprintf("*%v", pv) +} +func (m *Event) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Event: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Event: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Level", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Level = Level(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AuditID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AuditID = k8s_io_apimachinery_pkg_types.UID(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Stage", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Stage = Stage(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RequestURI", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RequestURI = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Verb", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Verb = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field User", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.User.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ImpersonatedUser", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ImpersonatedUser == nil { + m.ImpersonatedUser = &v1.UserInfo{} + } + if err := m.ImpersonatedUser.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SourceIPs", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SourceIPs = append(m.SourceIPs, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 9: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectRef", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ObjectRef == nil { + m.ObjectRef = &ObjectReference{} + } + if err := m.ObjectRef.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ResponseStatus", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ResponseStatus == nil { + m.ResponseStatus = &v11.Status{} + } + if err := m.ResponseStatus.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 11: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RequestObject", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.RequestObject == nil { + m.RequestObject = &runtime.Unknown{} + } + if err := m.RequestObject.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 12: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ResponseObject", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.ResponseObject == nil { + m.ResponseObject = &runtime.Unknown{} + } + if err := m.ResponseObject.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 13: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RequestReceivedTimestamp", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.RequestReceivedTimestamp.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 14: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field StageTimestamp", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.StageTimestamp.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 15: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Annotations", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Annotations == nil { + m.Annotations = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthGenerated + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue < 0 { + return ErrInvalidLengthGenerated + } + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Annotations[mapkey] = mapvalue + iNdEx = postIndex + case 16: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserAgent", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.UserAgent = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *EventList) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: EventList: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: EventList: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Items = append(m.Items, Event{}) + if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *GroupResources) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: GroupResources: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: GroupResources: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Group", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Group = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Resources", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Resources = append(m.Resources, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ResourceNames", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ResourceNames = append(m.ResourceNames, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *ObjectReference) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ObjectReference: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ObjectReference: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Resource", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Resource = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Namespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Name = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UID", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.UID = k8s_io_apimachinery_pkg_types.UID(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field APIGroup", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.APIGroup = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field APIVersion", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.APIVersion = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ResourceVersion", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ResourceVersion = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Subresource", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Subresource = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *Policy) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Policy: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Policy: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Rules", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Rules = append(m.Rules, PolicyRule{}) + if err := m.Rules[len(m.Rules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field OmitStages", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.OmitStages = append(m.OmitStages, Stage(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field OmitManagedFields", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.OmitManagedFields = bool(v != 0) + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PolicyList) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PolicyList: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PolicyList: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ListMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ListMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Items", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Items = append(m.Items, Policy{}) + if err := m.Items[len(m.Items)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *PolicyRule) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: PolicyRule: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: PolicyRule: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Level", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Level = Level(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Users", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Users = append(m.Users, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserGroups", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.UserGroups = append(m.UserGroups, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Verbs", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Verbs = append(m.Verbs, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Resources", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Resources = append(m.Resources, GroupResources{}) + if err := m.Resources[len(m.Resources)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Namespaces", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Namespaces = append(m.Namespaces, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field NonResourceURLs", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.NonResourceURLs = append(m.NonResourceURLs, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field OmitStages", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.OmitStages = append(m.OmitStages, Stage(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 9: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field OmitManagedFields", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + b := bool(v != 0) + m.OmitManagedFields = &b + default: + iNdEx = preIndex + skippy, err := skipGenerated(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthGenerated + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func skipGenerated(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + depth := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowGenerated + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowGenerated + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break + } + } + case 1: + iNdEx += 8 + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowGenerated + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if length < 0 { + return 0, ErrInvalidLengthGenerated + } + iNdEx += length + case 3: + depth++ + case 4: + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupGenerated + } + depth-- + case 5: + iNdEx += 4 + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) + } + if iNdEx < 0 { + return 0, ErrInvalidLengthGenerated + } + if depth == 0 { + return iNdEx, nil + } + } + return 0, io.ErrUnexpectedEOF +} + +var ( + ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") +) diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto new file mode 100644 index 0000000000..13c41e54ce --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto @@ -0,0 +1,275 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + + +// This file was autogenerated by go-to-protobuf. Do not edit it manually! + +syntax = "proto2"; + +package k8s.io.apiserver.pkg.apis.audit.v1; + +import "k8s.io/api/authentication/v1/generated.proto"; +import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; +import "k8s.io/apimachinery/pkg/runtime/generated.proto"; +import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; + +// Package-wide variables from generator "generated". +option go_package = "k8s.io/apiserver/pkg/apis/audit/v1"; + +// Event captures all the information that can be included in an API audit log. +message Event { + // AuditLevel at which event was generated + optional string level = 1; + + // Unique audit ID, generated for each request. + optional string auditID = 2; + + // Stage of the request handling when this event instance was generated. + optional string stage = 3; + + // RequestURI is the request URI as sent by the client to a server. + optional string requestURI = 4; + + // Verb is the kubernetes verb associated with the request. + // For non-resource requests, this is the lower-cased HTTP method. + optional string verb = 5; + + // Authenticated user information. + optional k8s.io.api.authentication.v1.UserInfo user = 6; + + // Impersonated user information. + // +optional + optional k8s.io.api.authentication.v1.UserInfo impersonatedUser = 7; + + // Source IPs, from where the request originated and intermediate proxies. + // The source IPs are listed from (in order): + // 1. X-Forwarded-For request header IPs + // 2. X-Real-Ip header, if not present in the X-Forwarded-For list + // 3. The remote address for the connection, if it doesn't match the last + // IP in the list up to here (X-Forwarded-For or X-Real-Ip). + // Note: All but the last IP can be arbitrarily set by the client. + // +optional + repeated string sourceIPs = 8; + + // UserAgent records the user agent string reported by the client. + // Note that the UserAgent is provided by the client, and must not be trusted. + // +optional + optional string userAgent = 16; + + // Object reference this request is targeted at. + // Does not apply for List-type requests, or non-resource requests. + // +optional + optional ObjectReference objectRef = 9; + + // The response status, populated even when the ResponseObject is not a Status type. + // For successful responses, this will only include the Code and StatusSuccess. + // For non-status type error responses, this will be auto-populated with the error Message. + // +optional + optional k8s.io.apimachinery.pkg.apis.meta.v1.Status responseStatus = 10; + + // API object from the request, in JSON format. The RequestObject is recorded as-is in the request + // (possibly re-encoded as JSON), prior to version conversion, defaulting, admission or + // merging. It is an external versioned object type, and may not be a valid object on its own. + // Omitted for non-resource requests. Only logged at Request Level and higher. + // +optional + optional k8s.io.apimachinery.pkg.runtime.Unknown requestObject = 11; + + // API object returned in the response, in JSON. The ResponseObject is recorded after conversion + // to the external type, and serialized as JSON. Omitted for non-resource requests. Only logged + // at Response Level. + // +optional + optional k8s.io.apimachinery.pkg.runtime.Unknown responseObject = 12; + + // Time the request reached the apiserver. + // +optional + optional k8s.io.apimachinery.pkg.apis.meta.v1.MicroTime requestReceivedTimestamp = 13; + + // Time the request reached current audit stage. + // +optional + optional k8s.io.apimachinery.pkg.apis.meta.v1.MicroTime stageTimestamp = 14; + + // Annotations is an unstructured key value map stored with an audit event that may be set by + // plugins invoked in the request serving chain, including authentication, authorization and + // admission plugins. Note that these annotations are for the audit event, and do not correspond + // to the metadata.annotations of the submitted object. Keys should uniquely identify the informing + // component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values + // should be short. Annotations are included in the Metadata level. + // +optional + map annotations = 15; +} + +// EventList is a list of audit Events. +message EventList { + // +optional + optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + + repeated Event items = 2; +} + +// GroupResources represents resource kinds in an API group. +message GroupResources { + // Group is the name of the API group that contains the resources. + // The empty string represents the core API group. + // +optional + optional string group = 1; + + // Resources is a list of resources this rule applies to. + // + // For example: + // - `pods` matches pods. + // - `pods/log` matches the log subresource of pods. + // - `*` matches all resources and their subresources. + // - `pods/*` matches all subresources of pods. + // - `*/scale` matches all scale subresources. + // + // If wildcard is present, the validation rule will ensure resources do not + // overlap with each other. + // + // An empty list implies all resources and subresources in this API groups apply. + // +optional + repeated string resources = 2; + + // ResourceNames is a list of resource instance names that the policy matches. + // Using this field requires Resources to be specified. + // An empty list implies that every instance of the resource is matched. + // +optional + repeated string resourceNames = 3; +} + +// ObjectReference contains enough information to let you inspect or modify the referred object. +message ObjectReference { + // +optional + optional string resource = 1; + + // +optional + optional string namespace = 2; + + // +optional + optional string name = 3; + + // +optional + optional string uid = 4; + + // APIGroup is the name of the API group that contains the referred object. + // The empty string represents the core API group. + // +optional + optional string apiGroup = 5; + + // APIVersion is the version of the API group that contains the referred object. + // +optional + optional string apiVersion = 6; + + // +optional + optional string resourceVersion = 7; + + // +optional + optional string subresource = 8; +} + +// Policy defines the configuration of audit logging, and the rules for how different request +// categories are logged. +message Policy { + // ObjectMeta is included for interoperability with API infrastructure. + // +optional + optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + + // Rules specify the audit Level a request should be recorded at. + // A request may match multiple rules, in which case the FIRST matching rule is used. + // The default audit level is None, but can be overridden by a catch-all rule at the end of the list. + // PolicyRules are strictly ordered. + repeated PolicyRule rules = 2; + + // OmitStages is a list of stages for which no events are created. Note that this can also + // be specified per rule in which case the union of both are omitted. + // +optional + repeated string omitStages = 3; + + // OmitManagedFields indicates whether to omit the managed fields of the request + // and response bodies from being written to the API audit log. + // This is used as a global default - a value of 'true' will omit the managed fileds, + // otherwise the managed fields will be included in the API audit log. + // Note that this can also be specified per rule in which case the value specified + // in a rule will override the global default. + // +optional + optional bool omitManagedFields = 4; +} + +// PolicyList is a list of audit Policies. +message PolicyList { + // +optional + optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + + repeated Policy items = 2; +} + +// PolicyRule maps requests based off metadata to an audit Level. +// Requests must match the rules of every field (an intersection of rules). +message PolicyRule { + // The Level that requests matching this rule are recorded at. + optional string level = 1; + + // The users (by authenticated user name) this rule applies to. + // An empty list implies every user. + // +optional + repeated string users = 2; + + // The user groups this rule applies to. A user is considered matching + // if it is a member of any of the UserGroups. + // An empty list implies every user group. + // +optional + repeated string userGroups = 3; + + // The verbs that match this rule. + // An empty list implies every verb. + // +optional + repeated string verbs = 4; + + // Resources that this rule matches. An empty list implies all kinds in all API groups. + // +optional + repeated GroupResources resources = 5; + + // Namespaces that this rule matches. + // The empty string "" matches non-namespaced resources. + // An empty list implies every namespace. + // +optional + repeated string namespaces = 6; + + // NonResourceURLs is a set of URL paths that should be audited. + // `*`s are allowed, but only as the full, final step in the path. + // Examples: + // - `/metrics` - Log requests for apiserver metrics + // - `/healthz*` - Log all health checks + // +optional + repeated string nonResourceURLs = 7; + + // OmitStages is a list of stages for which no events are created. Note that this can also + // be specified policy wide in which case the union of both are omitted. + // An empty list means no restrictions will apply. + // +optional + repeated string omitStages = 8; + + // OmitManagedFields indicates whether to omit the managed fields of the request + // and response bodies from being written to the API audit log. + // - a value of 'true' will drop the managed fields from the API audit log + // - a value of 'false' indicates that the managed fileds should be included + // in the API audit log + // Note that the value, if specified, in this rule will override the global default + // If a value is not specified then the global default specified in + // Policy.OmitManagedFields will stand. + // +optional + optional bool omitManagedFields = 9; +} + diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/register.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/register.go new file mode 100644 index 0000000000..46e3e47bc6 --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/register.go @@ -0,0 +1,58 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// GroupName is the group name use in this package +const GroupName = "audit.k8s.io" + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder runtime.SchemeBuilder + localSchemeBuilder = &SchemeBuilder + AddToScheme = localSchemeBuilder.AddToScheme +) + +func init() { + // We only register manually written functions here. The registration of the + // generated functions takes place in the generated files. The separation + // makes the code compile even when the generated files are missing. + localSchemeBuilder.Register(addKnownTypes) +} + +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &Event{}, + &EventList{}, + &Policy{}, + &PolicyList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/types.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/types.go new file mode 100644 index 0000000000..151c56c689 --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/types.go @@ -0,0 +1,306 @@ +/* +Copyright 2018 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + authnv1 "k8s.io/api/authentication/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" +) + +// Header keys used by the audit system. +const ( + // Header to hold the audit ID as the request is propagated through the serving hierarchy. The + // Audit-ID header should be set by the first server to receive the request (e.g. the federation + // server or kube-aggregator). + HeaderAuditID = "Audit-ID" +) + +// Level defines the amount of information logged during auditing +type Level string + +// Valid audit levels +const ( + // LevelNone disables auditing + LevelNone Level = "None" + // LevelMetadata provides the basic level of auditing. + LevelMetadata Level = "Metadata" + // LevelRequest provides Metadata level of auditing, and additionally + // logs the request object (does not apply for non-resource requests). + LevelRequest Level = "Request" + // LevelRequestResponse provides Request level of auditing, and additionally + // logs the response object (does not apply for non-resource requests). + LevelRequestResponse Level = "RequestResponse" +) + +// Stage defines the stages in request handling that audit events may be generated. +type Stage string + +// Valid audit stages. +const ( + // The stage for events generated as soon as the audit handler receives the request, and before it + // is delegated down the handler chain. + StageRequestReceived Stage = "RequestReceived" + // The stage for events generated once the response headers are sent, but before the response body + // is sent. This stage is only generated for long-running requests (e.g. watch). + StageResponseStarted Stage = "ResponseStarted" + // The stage for events generated once the response body has been completed, and no more bytes + // will be sent. + StageResponseComplete Stage = "ResponseComplete" + // The stage for events generated when a panic occurred. + StagePanic Stage = "Panic" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Event captures all the information that can be included in an API audit log. +type Event struct { + metav1.TypeMeta `json:",inline"` + + // AuditLevel at which event was generated + Level Level `json:"level" protobuf:"bytes,1,opt,name=level,casttype=Level"` + + // Unique audit ID, generated for each request. + AuditID types.UID `json:"auditID" protobuf:"bytes,2,opt,name=auditID,casttype=k8s.io/apimachinery/pkg/types.UID"` + // Stage of the request handling when this event instance was generated. + Stage Stage `json:"stage" protobuf:"bytes,3,opt,name=stage,casttype=Stage"` + + // RequestURI is the request URI as sent by the client to a server. + RequestURI string `json:"requestURI" protobuf:"bytes,4,opt,name=requestURI"` + // Verb is the kubernetes verb associated with the request. + // For non-resource requests, this is the lower-cased HTTP method. + Verb string `json:"verb" protobuf:"bytes,5,opt,name=verb"` + // Authenticated user information. + User authnv1.UserInfo `json:"user" protobuf:"bytes,6,opt,name=user"` + // Impersonated user information. + // +optional + ImpersonatedUser *authnv1.UserInfo `json:"impersonatedUser,omitempty" protobuf:"bytes,7,opt,name=impersonatedUser"` + // Source IPs, from where the request originated and intermediate proxies. + // The source IPs are listed from (in order): + // 1. X-Forwarded-For request header IPs + // 2. X-Real-Ip header, if not present in the X-Forwarded-For list + // 3. The remote address for the connection, if it doesn't match the last + // IP in the list up to here (X-Forwarded-For or X-Real-Ip). + // Note: All but the last IP can be arbitrarily set by the client. + // +optional + SourceIPs []string `json:"sourceIPs,omitempty" protobuf:"bytes,8,rep,name=sourceIPs"` + // UserAgent records the user agent string reported by the client. + // Note that the UserAgent is provided by the client, and must not be trusted. + // +optional + UserAgent string `json:"userAgent,omitempty" protobuf:"bytes,16,opt,name=userAgent"` + // Object reference this request is targeted at. + // Does not apply for List-type requests, or non-resource requests. + // +optional + ObjectRef *ObjectReference `json:"objectRef,omitempty" protobuf:"bytes,9,opt,name=objectRef"` + // The response status, populated even when the ResponseObject is not a Status type. + // For successful responses, this will only include the Code and StatusSuccess. + // For non-status type error responses, this will be auto-populated with the error Message. + // +optional + ResponseStatus *metav1.Status `json:"responseStatus,omitempty" protobuf:"bytes,10,opt,name=responseStatus"` + + // API object from the request, in JSON format. The RequestObject is recorded as-is in the request + // (possibly re-encoded as JSON), prior to version conversion, defaulting, admission or + // merging. It is an external versioned object type, and may not be a valid object on its own. + // Omitted for non-resource requests. Only logged at Request Level and higher. + // +optional + RequestObject *runtime.Unknown `json:"requestObject,omitempty" protobuf:"bytes,11,opt,name=requestObject"` + // API object returned in the response, in JSON. The ResponseObject is recorded after conversion + // to the external type, and serialized as JSON. Omitted for non-resource requests. Only logged + // at Response Level. + // +optional + ResponseObject *runtime.Unknown `json:"responseObject,omitempty" protobuf:"bytes,12,opt,name=responseObject"` + // Time the request reached the apiserver. + // +optional + RequestReceivedTimestamp metav1.MicroTime `json:"requestReceivedTimestamp" protobuf:"bytes,13,opt,name=requestReceivedTimestamp"` + // Time the request reached current audit stage. + // +optional + StageTimestamp metav1.MicroTime `json:"stageTimestamp" protobuf:"bytes,14,opt,name=stageTimestamp"` + + // Annotations is an unstructured key value map stored with an audit event that may be set by + // plugins invoked in the request serving chain, including authentication, authorization and + // admission plugins. Note that these annotations are for the audit event, and do not correspond + // to the metadata.annotations of the submitted object. Keys should uniquely identify the informing + // component to avoid name collisions (e.g. podsecuritypolicy.admission.k8s.io/policy). Values + // should be short. Annotations are included in the Metadata level. + // +optional + Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,15,rep,name=annotations"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// EventList is a list of audit Events. +type EventList struct { + metav1.TypeMeta `json:",inline"` + // +optional + metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + + Items []Event `json:"items" protobuf:"bytes,2,rep,name=items"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Policy defines the configuration of audit logging, and the rules for how different request +// categories are logged. +type Policy struct { + metav1.TypeMeta `json:",inline"` + // ObjectMeta is included for interoperability with API infrastructure. + // +optional + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + + // Rules specify the audit Level a request should be recorded at. + // A request may match multiple rules, in which case the FIRST matching rule is used. + // The default audit level is None, but can be overridden by a catch-all rule at the end of the list. + // PolicyRules are strictly ordered. + Rules []PolicyRule `json:"rules" protobuf:"bytes,2,rep,name=rules"` + + // OmitStages is a list of stages for which no events are created. Note that this can also + // be specified per rule in which case the union of both are omitted. + // +optional + OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,3,rep,name=omitStages"` + + // OmitManagedFields indicates whether to omit the managed fields of the request + // and response bodies from being written to the API audit log. + // This is used as a global default - a value of 'true' will omit the managed fileds, + // otherwise the managed fields will be included in the API audit log. + // Note that this can also be specified per rule in which case the value specified + // in a rule will override the global default. + // +optional + OmitManagedFields bool `json:"omitManagedFields,omitempty" protobuf:"varint,4,opt,name=omitManagedFields"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// PolicyList is a list of audit Policies. +type PolicyList struct { + metav1.TypeMeta `json:",inline"` + // +optional + metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` + + Items []Policy `json:"items" protobuf:"bytes,2,rep,name=items"` +} + +// PolicyRule maps requests based off metadata to an audit Level. +// Requests must match the rules of every field (an intersection of rules). +type PolicyRule struct { + // The Level that requests matching this rule are recorded at. + Level Level `json:"level" protobuf:"bytes,1,opt,name=level,casttype=Level"` + + // The users (by authenticated user name) this rule applies to. + // An empty list implies every user. + // +optional + Users []string `json:"users,omitempty" protobuf:"bytes,2,rep,name=users"` + // The user groups this rule applies to. A user is considered matching + // if it is a member of any of the UserGroups. + // An empty list implies every user group. + // +optional + UserGroups []string `json:"userGroups,omitempty" protobuf:"bytes,3,rep,name=userGroups"` + + // The verbs that match this rule. + // An empty list implies every verb. + // +optional + Verbs []string `json:"verbs,omitempty" protobuf:"bytes,4,rep,name=verbs"` + + // Rules can apply to API resources (such as "pods" or "secrets"), + // non-resource URL paths (such as "/api"), or neither, but not both. + // If neither is specified, the rule is treated as a default for all URLs. + + // Resources that this rule matches. An empty list implies all kinds in all API groups. + // +optional + Resources []GroupResources `json:"resources,omitempty" protobuf:"bytes,5,rep,name=resources"` + // Namespaces that this rule matches. + // The empty string "" matches non-namespaced resources. + // An empty list implies every namespace. + // +optional + Namespaces []string `json:"namespaces,omitempty" protobuf:"bytes,6,rep,name=namespaces"` + + // NonResourceURLs is a set of URL paths that should be audited. + // `*`s are allowed, but only as the full, final step in the path. + // Examples: + // - `/metrics` - Log requests for apiserver metrics + // - `/healthz*` - Log all health checks + // +optional + NonResourceURLs []string `json:"nonResourceURLs,omitempty" protobuf:"bytes,7,rep,name=nonResourceURLs"` + + // OmitStages is a list of stages for which no events are created. Note that this can also + // be specified policy wide in which case the union of both are omitted. + // An empty list means no restrictions will apply. + // +optional + OmitStages []Stage `json:"omitStages,omitempty" protobuf:"bytes,8,rep,name=omitStages"` + + // OmitManagedFields indicates whether to omit the managed fields of the request + // and response bodies from being written to the API audit log. + // - a value of 'true' will drop the managed fields from the API audit log + // - a value of 'false' indicates that the managed fileds should be included + // in the API audit log + // Note that the value, if specified, in this rule will override the global default + // If a value is not specified then the global default specified in + // Policy.OmitManagedFields will stand. + // +optional + OmitManagedFields *bool `json:"omitManagedFields,omitempty" protobuf:"varint,9,opt,name=omitManagedFields"` +} + +// GroupResources represents resource kinds in an API group. +type GroupResources struct { + // Group is the name of the API group that contains the resources. + // The empty string represents the core API group. + // +optional + Group string `json:"group,omitempty" protobuf:"bytes,1,opt,name=group"` + // Resources is a list of resources this rule applies to. + // + // For example: + // - `pods` matches pods. + // - `pods/log` matches the log subresource of pods. + // - `*` matches all resources and their subresources. + // - `pods/*` matches all subresources of pods. + // - `*/scale` matches all scale subresources. + // + // If wildcard is present, the validation rule will ensure resources do not + // overlap with each other. + // + // An empty list implies all resources and subresources in this API groups apply. + // +optional + Resources []string `json:"resources,omitempty" protobuf:"bytes,2,rep,name=resources"` + // ResourceNames is a list of resource instance names that the policy matches. + // Using this field requires Resources to be specified. + // An empty list implies that every instance of the resource is matched. + // +optional + ResourceNames []string `json:"resourceNames,omitempty" protobuf:"bytes,3,rep,name=resourceNames"` +} + +// ObjectReference contains enough information to let you inspect or modify the referred object. +type ObjectReference struct { + // +optional + Resource string `json:"resource,omitempty" protobuf:"bytes,1,opt,name=resource"` + // +optional + Namespace string `json:"namespace,omitempty" protobuf:"bytes,2,opt,name=namespace"` + // +optional + Name string `json:"name,omitempty" protobuf:"bytes,3,opt,name=name"` + // +optional + UID types.UID `json:"uid,omitempty" protobuf:"bytes,4,opt,name=uid,casttype=k8s.io/apimachinery/pkg/types.UID"` + // APIGroup is the name of the API group that contains the referred object. + // The empty string represents the core API group. + // +optional + APIGroup string `json:"apiGroup,omitempty" protobuf:"bytes,5,opt,name=apiGroup"` + // APIVersion is the version of the API group that contains the referred object. + // +optional + APIVersion string `json:"apiVersion,omitempty" protobuf:"bytes,6,opt,name=apiVersion"` + // +optional + ResourceVersion string `json:"resourceVersion,omitempty" protobuf:"bytes,7,opt,name=resourceVersion"` + // +optional + Subresource string `json:"subresource,omitempty" protobuf:"bytes,8,opt,name=subresource"` +} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.conversion.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.conversion.go new file mode 100644 index 0000000000..53cbb02084 --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.conversion.go @@ -0,0 +1,327 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1 + +import ( + unsafe "unsafe" + + authenticationv1 "k8s.io/api/authentication/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" + types "k8s.io/apimachinery/pkg/types" + audit "k8s.io/apiserver/pkg/apis/audit" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*Event)(nil), (*audit.Event)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_Event_To_audit_Event(a.(*Event), b.(*audit.Event), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*audit.Event)(nil), (*Event)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_audit_Event_To_v1_Event(a.(*audit.Event), b.(*Event), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*EventList)(nil), (*audit.EventList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_EventList_To_audit_EventList(a.(*EventList), b.(*audit.EventList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*audit.EventList)(nil), (*EventList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_audit_EventList_To_v1_EventList(a.(*audit.EventList), b.(*EventList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*GroupResources)(nil), (*audit.GroupResources)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_GroupResources_To_audit_GroupResources(a.(*GroupResources), b.(*audit.GroupResources), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*audit.GroupResources)(nil), (*GroupResources)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_audit_GroupResources_To_v1_GroupResources(a.(*audit.GroupResources), b.(*GroupResources), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*ObjectReference)(nil), (*audit.ObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_ObjectReference_To_audit_ObjectReference(a.(*ObjectReference), b.(*audit.ObjectReference), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*audit.ObjectReference)(nil), (*ObjectReference)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_audit_ObjectReference_To_v1_ObjectReference(a.(*audit.ObjectReference), b.(*ObjectReference), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*Policy)(nil), (*audit.Policy)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_Policy_To_audit_Policy(a.(*Policy), b.(*audit.Policy), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*audit.Policy)(nil), (*Policy)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_audit_Policy_To_v1_Policy(a.(*audit.Policy), b.(*Policy), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*PolicyList)(nil), (*audit.PolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_PolicyList_To_audit_PolicyList(a.(*PolicyList), b.(*audit.PolicyList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*audit.PolicyList)(nil), (*PolicyList)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_audit_PolicyList_To_v1_PolicyList(a.(*audit.PolicyList), b.(*PolicyList), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*PolicyRule)(nil), (*audit.PolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_PolicyRule_To_audit_PolicyRule(a.(*PolicyRule), b.(*audit.PolicyRule), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*audit.PolicyRule)(nil), (*PolicyRule)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_audit_PolicyRule_To_v1_PolicyRule(a.(*audit.PolicyRule), b.(*PolicyRule), scope) + }); err != nil { + return err + } + return nil +} + +func autoConvert_v1_Event_To_audit_Event(in *Event, out *audit.Event, s conversion.Scope) error { + out.Level = audit.Level(in.Level) + out.AuditID = types.UID(in.AuditID) + out.Stage = audit.Stage(in.Stage) + out.RequestURI = in.RequestURI + out.Verb = in.Verb + out.User = in.User + out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser)) + out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs)) + out.UserAgent = in.UserAgent + out.ObjectRef = (*audit.ObjectReference)(unsafe.Pointer(in.ObjectRef)) + out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus)) + out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject)) + out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject)) + out.RequestReceivedTimestamp = in.RequestReceivedTimestamp + out.StageTimestamp = in.StageTimestamp + out.Annotations = *(*map[string]string)(unsafe.Pointer(&in.Annotations)) + return nil +} + +// Convert_v1_Event_To_audit_Event is an autogenerated conversion function. +func Convert_v1_Event_To_audit_Event(in *Event, out *audit.Event, s conversion.Scope) error { + return autoConvert_v1_Event_To_audit_Event(in, out, s) +} + +func autoConvert_audit_Event_To_v1_Event(in *audit.Event, out *Event, s conversion.Scope) error { + out.Level = Level(in.Level) + out.AuditID = types.UID(in.AuditID) + out.Stage = Stage(in.Stage) + out.RequestURI = in.RequestURI + out.Verb = in.Verb + out.User = in.User + out.ImpersonatedUser = (*authenticationv1.UserInfo)(unsafe.Pointer(in.ImpersonatedUser)) + out.SourceIPs = *(*[]string)(unsafe.Pointer(&in.SourceIPs)) + out.UserAgent = in.UserAgent + out.ObjectRef = (*ObjectReference)(unsafe.Pointer(in.ObjectRef)) + out.ResponseStatus = (*metav1.Status)(unsafe.Pointer(in.ResponseStatus)) + out.RequestObject = (*runtime.Unknown)(unsafe.Pointer(in.RequestObject)) + out.ResponseObject = (*runtime.Unknown)(unsafe.Pointer(in.ResponseObject)) + out.RequestReceivedTimestamp = in.RequestReceivedTimestamp + out.StageTimestamp = in.StageTimestamp + out.Annotations = *(*map[string]string)(unsafe.Pointer(&in.Annotations)) + return nil +} + +// Convert_audit_Event_To_v1_Event is an autogenerated conversion function. +func Convert_audit_Event_To_v1_Event(in *audit.Event, out *Event, s conversion.Scope) error { + return autoConvert_audit_Event_To_v1_Event(in, out, s) +} + +func autoConvert_v1_EventList_To_audit_EventList(in *EventList, out *audit.EventList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]audit.Event)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_v1_EventList_To_audit_EventList is an autogenerated conversion function. +func Convert_v1_EventList_To_audit_EventList(in *EventList, out *audit.EventList, s conversion.Scope) error { + return autoConvert_v1_EventList_To_audit_EventList(in, out, s) +} + +func autoConvert_audit_EventList_To_v1_EventList(in *audit.EventList, out *EventList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]Event)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_audit_EventList_To_v1_EventList is an autogenerated conversion function. +func Convert_audit_EventList_To_v1_EventList(in *audit.EventList, out *EventList, s conversion.Scope) error { + return autoConvert_audit_EventList_To_v1_EventList(in, out, s) +} + +func autoConvert_v1_GroupResources_To_audit_GroupResources(in *GroupResources, out *audit.GroupResources, s conversion.Scope) error { + out.Group = in.Group + out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) + out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) + return nil +} + +// Convert_v1_GroupResources_To_audit_GroupResources is an autogenerated conversion function. +func Convert_v1_GroupResources_To_audit_GroupResources(in *GroupResources, out *audit.GroupResources, s conversion.Scope) error { + return autoConvert_v1_GroupResources_To_audit_GroupResources(in, out, s) +} + +func autoConvert_audit_GroupResources_To_v1_GroupResources(in *audit.GroupResources, out *GroupResources, s conversion.Scope) error { + out.Group = in.Group + out.Resources = *(*[]string)(unsafe.Pointer(&in.Resources)) + out.ResourceNames = *(*[]string)(unsafe.Pointer(&in.ResourceNames)) + return nil +} + +// Convert_audit_GroupResources_To_v1_GroupResources is an autogenerated conversion function. +func Convert_audit_GroupResources_To_v1_GroupResources(in *audit.GroupResources, out *GroupResources, s conversion.Scope) error { + return autoConvert_audit_GroupResources_To_v1_GroupResources(in, out, s) +} + +func autoConvert_v1_ObjectReference_To_audit_ObjectReference(in *ObjectReference, out *audit.ObjectReference, s conversion.Scope) error { + out.Resource = in.Resource + out.Namespace = in.Namespace + out.Name = in.Name + out.UID = types.UID(in.UID) + out.APIGroup = in.APIGroup + out.APIVersion = in.APIVersion + out.ResourceVersion = in.ResourceVersion + out.Subresource = in.Subresource + return nil +} + +// Convert_v1_ObjectReference_To_audit_ObjectReference is an autogenerated conversion function. +func Convert_v1_ObjectReference_To_audit_ObjectReference(in *ObjectReference, out *audit.ObjectReference, s conversion.Scope) error { + return autoConvert_v1_ObjectReference_To_audit_ObjectReference(in, out, s) +} + +func autoConvert_audit_ObjectReference_To_v1_ObjectReference(in *audit.ObjectReference, out *ObjectReference, s conversion.Scope) error { + out.Resource = in.Resource + out.Namespace = in.Namespace + out.Name = in.Name + out.UID = types.UID(in.UID) + out.APIGroup = in.APIGroup + out.APIVersion = in.APIVersion + out.ResourceVersion = in.ResourceVersion + out.Subresource = in.Subresource + return nil +} + +// Convert_audit_ObjectReference_To_v1_ObjectReference is an autogenerated conversion function. +func Convert_audit_ObjectReference_To_v1_ObjectReference(in *audit.ObjectReference, out *ObjectReference, s conversion.Scope) error { + return autoConvert_audit_ObjectReference_To_v1_ObjectReference(in, out, s) +} + +func autoConvert_v1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + out.Rules = *(*[]audit.PolicyRule)(unsafe.Pointer(&in.Rules)) + out.OmitStages = *(*[]audit.Stage)(unsafe.Pointer(&in.OmitStages)) + out.OmitManagedFields = in.OmitManagedFields + return nil +} + +// Convert_v1_Policy_To_audit_Policy is an autogenerated conversion function. +func Convert_v1_Policy_To_audit_Policy(in *Policy, out *audit.Policy, s conversion.Scope) error { + return autoConvert_v1_Policy_To_audit_Policy(in, out, s) +} + +func autoConvert_audit_Policy_To_v1_Policy(in *audit.Policy, out *Policy, s conversion.Scope) error { + out.ObjectMeta = in.ObjectMeta + out.Rules = *(*[]PolicyRule)(unsafe.Pointer(&in.Rules)) + out.OmitStages = *(*[]Stage)(unsafe.Pointer(&in.OmitStages)) + out.OmitManagedFields = in.OmitManagedFields + return nil +} + +// Convert_audit_Policy_To_v1_Policy is an autogenerated conversion function. +func Convert_audit_Policy_To_v1_Policy(in *audit.Policy, out *Policy, s conversion.Scope) error { + return autoConvert_audit_Policy_To_v1_Policy(in, out, s) +} + +func autoConvert_v1_PolicyList_To_audit_PolicyList(in *PolicyList, out *audit.PolicyList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]audit.Policy)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_v1_PolicyList_To_audit_PolicyList is an autogenerated conversion function. +func Convert_v1_PolicyList_To_audit_PolicyList(in *PolicyList, out *audit.PolicyList, s conversion.Scope) error { + return autoConvert_v1_PolicyList_To_audit_PolicyList(in, out, s) +} + +func autoConvert_audit_PolicyList_To_v1_PolicyList(in *audit.PolicyList, out *PolicyList, s conversion.Scope) error { + out.ListMeta = in.ListMeta + out.Items = *(*[]Policy)(unsafe.Pointer(&in.Items)) + return nil +} + +// Convert_audit_PolicyList_To_v1_PolicyList is an autogenerated conversion function. +func Convert_audit_PolicyList_To_v1_PolicyList(in *audit.PolicyList, out *PolicyList, s conversion.Scope) error { + return autoConvert_audit_PolicyList_To_v1_PolicyList(in, out, s) +} + +func autoConvert_v1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *audit.PolicyRule, s conversion.Scope) error { + out.Level = audit.Level(in.Level) + out.Users = *(*[]string)(unsafe.Pointer(&in.Users)) + out.UserGroups = *(*[]string)(unsafe.Pointer(&in.UserGroups)) + out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) + out.Resources = *(*[]audit.GroupResources)(unsafe.Pointer(&in.Resources)) + out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) + out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) + out.OmitStages = *(*[]audit.Stage)(unsafe.Pointer(&in.OmitStages)) + out.OmitManagedFields = (*bool)(unsafe.Pointer(in.OmitManagedFields)) + return nil +} + +// Convert_v1_PolicyRule_To_audit_PolicyRule is an autogenerated conversion function. +func Convert_v1_PolicyRule_To_audit_PolicyRule(in *PolicyRule, out *audit.PolicyRule, s conversion.Scope) error { + return autoConvert_v1_PolicyRule_To_audit_PolicyRule(in, out, s) +} + +func autoConvert_audit_PolicyRule_To_v1_PolicyRule(in *audit.PolicyRule, out *PolicyRule, s conversion.Scope) error { + out.Level = Level(in.Level) + out.Users = *(*[]string)(unsafe.Pointer(&in.Users)) + out.UserGroups = *(*[]string)(unsafe.Pointer(&in.UserGroups)) + out.Verbs = *(*[]string)(unsafe.Pointer(&in.Verbs)) + out.Resources = *(*[]GroupResources)(unsafe.Pointer(&in.Resources)) + out.Namespaces = *(*[]string)(unsafe.Pointer(&in.Namespaces)) + out.NonResourceURLs = *(*[]string)(unsafe.Pointer(&in.NonResourceURLs)) + out.OmitStages = *(*[]Stage)(unsafe.Pointer(&in.OmitStages)) + out.OmitManagedFields = (*bool)(unsafe.Pointer(in.OmitManagedFields)) + return nil +} + +// Convert_audit_PolicyRule_To_v1_PolicyRule is an autogenerated conversion function. +func Convert_audit_PolicyRule_To_v1_PolicyRule(in *audit.PolicyRule, out *PolicyRule, s conversion.Scope) error { + return autoConvert_audit_PolicyRule_To_v1_PolicyRule(in, out, s) +} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.deepcopy.go new file mode 100644 index 0000000000..0b1b0052d5 --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.deepcopy.go @@ -0,0 +1,297 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1 + +import ( + authenticationv1 "k8s.io/api/authentication/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Event) DeepCopyInto(out *Event) { + *out = *in + out.TypeMeta = in.TypeMeta + in.User.DeepCopyInto(&out.User) + if in.ImpersonatedUser != nil { + in, out := &in.ImpersonatedUser, &out.ImpersonatedUser + *out = new(authenticationv1.UserInfo) + (*in).DeepCopyInto(*out) + } + if in.SourceIPs != nil { + in, out := &in.SourceIPs, &out.SourceIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ObjectRef != nil { + in, out := &in.ObjectRef, &out.ObjectRef + *out = new(ObjectReference) + **out = **in + } + if in.ResponseStatus != nil { + in, out := &in.ResponseStatus, &out.ResponseStatus + *out = new(metav1.Status) + (*in).DeepCopyInto(*out) + } + if in.RequestObject != nil { + in, out := &in.RequestObject, &out.RequestObject + *out = new(runtime.Unknown) + (*in).DeepCopyInto(*out) + } + if in.ResponseObject != nil { + in, out := &in.ResponseObject, &out.ResponseObject + *out = new(runtime.Unknown) + (*in).DeepCopyInto(*out) + } + in.RequestReceivedTimestamp.DeepCopyInto(&out.RequestReceivedTimestamp) + in.StageTimestamp.DeepCopyInto(&out.StageTimestamp) + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Event. +func (in *Event) DeepCopy() *Event { + if in == nil { + return nil + } + out := new(Event) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Event) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EventList) DeepCopyInto(out *EventList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Event, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventList. +func (in *EventList) DeepCopy() *EventList { + if in == nil { + return nil + } + out := new(EventList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EventList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupResources) DeepCopyInto(out *GroupResources) { + *out = *in + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ResourceNames != nil { + in, out := &in.ResourceNames, &out.ResourceNames + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupResources. +func (in *GroupResources) DeepCopy() *GroupResources { + if in == nil { + return nil + } + out := new(GroupResources) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObjectReference) DeepCopyInto(out *ObjectReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference. +func (in *ObjectReference) DeepCopy() *ObjectReference { + if in == nil { + return nil + } + out := new(ObjectReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Policy) DeepCopyInto(out *Policy) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]PolicyRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OmitStages != nil { + in, out := &in.OmitStages, &out.OmitStages + *out = make([]Stage, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy. +func (in *Policy) DeepCopy() *Policy { + if in == nil { + return nil + } + out := new(Policy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Policy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyList) DeepCopyInto(out *PolicyList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Policy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList. +func (in *PolicyList) DeepCopy() *PolicyList { + if in == nil { + return nil + } + out := new(PolicyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyRule) DeepCopyInto(out *PolicyRule) { + *out = *in + if in.Users != nil { + in, out := &in.Users, &out.Users + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.UserGroups != nil { + in, out := &in.UserGroups, &out.UserGroups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Verbs != nil { + in, out := &in.Verbs, &out.Verbs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]GroupResources, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.NonResourceURLs != nil { + in, out := &in.NonResourceURLs, &out.NonResourceURLs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.OmitStages != nil { + in, out := &in.OmitStages, &out.OmitStages + *out = make([]Stage, len(*in)) + copy(*out, *in) + } + if in.OmitManagedFields != nil { + in, out := &in.OmitManagedFields, &out.OmitManagedFields + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule. +func (in *PolicyRule) DeepCopy() *PolicyRule { + if in == nil { + return nil + } + out := new(PolicyRule) + in.DeepCopyInto(out) + return out +} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.defaults.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.defaults.go new file mode 100644 index 0000000000..dac177e93b --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.defaults.go @@ -0,0 +1,33 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/zz_generated.deepcopy.go b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/zz_generated.deepcopy.go new file mode 100644 index 0000000000..81d5add47d --- /dev/null +++ b/etcd/vendor/k8s.io/apiserver/pkg/apis/audit/zz_generated.deepcopy.go @@ -0,0 +1,297 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package audit + +import ( + v1 "k8s.io/api/authentication/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Event) DeepCopyInto(out *Event) { + *out = *in + out.TypeMeta = in.TypeMeta + in.User.DeepCopyInto(&out.User) + if in.ImpersonatedUser != nil { + in, out := &in.ImpersonatedUser, &out.ImpersonatedUser + *out = new(v1.UserInfo) + (*in).DeepCopyInto(*out) + } + if in.SourceIPs != nil { + in, out := &in.SourceIPs, &out.SourceIPs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ObjectRef != nil { + in, out := &in.ObjectRef, &out.ObjectRef + *out = new(ObjectReference) + **out = **in + } + if in.ResponseStatus != nil { + in, out := &in.ResponseStatus, &out.ResponseStatus + *out = new(metav1.Status) + (*in).DeepCopyInto(*out) + } + if in.RequestObject != nil { + in, out := &in.RequestObject, &out.RequestObject + *out = new(runtime.Unknown) + (*in).DeepCopyInto(*out) + } + if in.ResponseObject != nil { + in, out := &in.ResponseObject, &out.ResponseObject + *out = new(runtime.Unknown) + (*in).DeepCopyInto(*out) + } + in.RequestReceivedTimestamp.DeepCopyInto(&out.RequestReceivedTimestamp) + in.StageTimestamp.DeepCopyInto(&out.StageTimestamp) + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Event. +func (in *Event) DeepCopy() *Event { + if in == nil { + return nil + } + out := new(Event) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Event) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EventList) DeepCopyInto(out *EventList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Event, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventList. +func (in *EventList) DeepCopy() *EventList { + if in == nil { + return nil + } + out := new(EventList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *EventList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GroupResources) DeepCopyInto(out *GroupResources) { + *out = *in + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ResourceNames != nil { + in, out := &in.ResourceNames, &out.ResourceNames + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GroupResources. +func (in *GroupResources) DeepCopy() *GroupResources { + if in == nil { + return nil + } + out := new(GroupResources) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObjectReference) DeepCopyInto(out *ObjectReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference. +func (in *ObjectReference) DeepCopy() *ObjectReference { + if in == nil { + return nil + } + out := new(ObjectReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Policy) DeepCopyInto(out *Policy) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]PolicyRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.OmitStages != nil { + in, out := &in.OmitStages, &out.OmitStages + *out = make([]Stage, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy. +func (in *Policy) DeepCopy() *Policy { + if in == nil { + return nil + } + out := new(Policy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Policy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyList) DeepCopyInto(out *PolicyList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Policy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList. +func (in *PolicyList) DeepCopy() *PolicyList { + if in == nil { + return nil + } + out := new(PolicyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyRule) DeepCopyInto(out *PolicyRule) { + *out = *in + if in.Users != nil { + in, out := &in.Users, &out.Users + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.UserGroups != nil { + in, out := &in.UserGroups, &out.UserGroups + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Verbs != nil { + in, out := &in.Verbs, &out.Verbs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Resources != nil { + in, out := &in.Resources, &out.Resources + *out = make([]GroupResources, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Namespaces != nil { + in, out := &in.Namespaces, &out.Namespaces + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.NonResourceURLs != nil { + in, out := &in.NonResourceURLs, &out.NonResourceURLs + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.OmitStages != nil { + in, out := &in.OmitStages, &out.OmitStages + *out = make([]Stage, len(*in)) + copy(*out, *in) + } + if in.OmitManagedFields != nil { + in, out := &in.OmitManagedFields, &out.OmitManagedFields + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyRule. +func (in *PolicyRule) DeepCopy() *PolicyRule { + if in == nil { + return nil + } + out := new(PolicyRule) + in.DeepCopyInto(out) + return out +} diff --git a/etcd/vendor/k8s.io/client-go/tools/remotecommand/websocket.go b/etcd/vendor/k8s.io/client-go/tools/remotecommand/websocket.go index a60986decc..49ef4717cd 100644 --- a/etcd/vendor/k8s.io/client-go/tools/remotecommand/websocket.go +++ b/etcd/vendor/k8s.io/client-go/tools/remotecommand/websocket.go @@ -187,6 +187,9 @@ type wsStreamCreator struct { // map of stream id to stream; multiple streams read/write the connection streams map[byte]*stream streamsMu sync.Mutex + // setStreamErr holds the error to return to anyone calling setStreams. + // this is populated in closeAllStreamReaders + setStreamErr error } func newWSStreamCreator(conn *gwebsocket.Conn) *wsStreamCreator { @@ -202,10 +205,14 @@ func (c *wsStreamCreator) getStream(id byte) *stream { return c.streams[id] } -func (c *wsStreamCreator) setStream(id byte, s *stream) { +func (c *wsStreamCreator) setStream(id byte, s *stream) error { c.streamsMu.Lock() defer c.streamsMu.Unlock() + if c.setStreamErr != nil { + return c.setStreamErr + } c.streams[id] = s + return nil } // CreateStream uses id from passed headers to create a stream over "c.conn" connection. @@ -228,7 +235,11 @@ func (c *wsStreamCreator) CreateStream(headers http.Header) (httpstream.Stream, connWriteLock: &c.connWriteLock, id: id, } - c.setStream(id, s) + if err := c.setStream(id, s); err != nil { + _ = s.writePipe.Close() + _ = s.readPipe.Close() + return nil, err + } return s, nil } @@ -312,7 +323,7 @@ func (c *wsStreamCreator) readDemuxLoop(bufferSize int, period time.Duration, de } // closeAllStreamReaders closes readers in all streams. -// This unblocks all stream.Read() calls. +// This unblocks all stream.Read() calls, and keeps any future streams from being created. func (c *wsStreamCreator) closeAllStreamReaders(err error) { c.streamsMu.Lock() defer c.streamsMu.Unlock() @@ -320,6 +331,12 @@ func (c *wsStreamCreator) closeAllStreamReaders(err error) { // Closing writePipe unblocks all readPipe.Read() callers and prevents any future writes. _ = s.writePipe.CloseWithError(err) } + // ensure callers to setStreams receive an error after this point + if err != nil { + c.setStreamErr = err + } else { + c.setStreamErr = fmt.Errorf("closed all streams") + } } type stream struct { diff --git a/etcd/vendor/modules.txt b/etcd/vendor/modules.txt index 53016b5bb4..0182325a11 100644 --- a/etcd/vendor/modules.txt +++ b/etcd/vendor/modules.txt @@ -190,6 +190,9 @@ github.com/munnerz/goautoneg # github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f ## explicit github.com/mxk/go-flowrate/flowrate +# github.com/openshift/api v0.0.0-20240405095747-3e50337fcaea +## explicit; go 1.21 +github.com/openshift/api/config/v1 # github.com/openshift/build-machinery-go v0.0.0-20231128094528-1e9b1b0595c8 ## explicit; go 1.13 github.com/openshift/build-machinery-go @@ -200,9 +203,13 @@ github.com/openshift/build-machinery-go/make/targets/golang github.com/openshift/build-machinery-go/make/targets/openshift github.com/openshift/build-machinery-go/make/targets/openshift/operator github.com/openshift/build-machinery-go/scripts +# github.com/openshift/library-go v0.0.0-20240411091851-558ed29cc1dd +## explicit; go 1.21 +github.com/openshift/library-go/pkg/operator/apiserver/audit # github.com/openshift/microshift v0.0.0 => ../ ## explicit; go 1.21 github.com/openshift/microshift/pkg/config +github.com/openshift/microshift/pkg/config/apiserver github.com/openshift/microshift/pkg/util github.com/openshift/microshift/pkg/util/cryptomaterial # github.com/peterbourgon/diskv v2.0.1+incompatible @@ -435,11 +442,11 @@ go.uber.org/zap/internal/color go.uber.org/zap/internal/exit go.uber.org/zap/zapcore go.uber.org/zap/zapgrpc -# golang.org/x/crypto v0.18.0 +# golang.org/x/crypto v0.21.0 ## explicit; go 1.18 golang.org/x/crypto/bcrypt golang.org/x/crypto/blowfish -# golang.org/x/net v0.20.0 +# golang.org/x/net v0.23.0 ## explicit; go 1.18 golang.org/x/net/context golang.org/x/net/html @@ -459,13 +466,13 @@ golang.org/x/oauth2/internal # golang.org/x/sync v0.5.0 ## explicit; go 1.18 golang.org/x/sync/errgroup -# golang.org/x/sys v0.16.0 +# golang.org/x/sys v0.18.0 ## explicit; go 1.18 golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows golang.org/x/sys/windows/registry -# golang.org/x/term v0.16.0 +# golang.org/x/term v0.18.0 ## explicit; go 1.18 golang.org/x/term # golang.org/x/text v0.14.0 @@ -611,7 +618,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# k8s.io/api v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/api v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -668,7 +675,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apimachinery v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/apimachinery v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -722,13 +729,17 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/cli-runtime v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/apiserver v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240420191847-d9d45306df05 +## explicit; go 1.21 +k8s.io/apiserver/pkg/apis/audit +k8s.io/apiserver/pkg/apis/audit/v1 +# k8s.io/cli-runtime v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/genericiooptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/client-go v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1 @@ -875,7 +886,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/component-base v0.29.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/component-base/cli k8s.io/component-base/cli/flag @@ -910,7 +921,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/kubectl v0.0.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240420191847-d9d45306df05 ## explicit; go 1.21 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -1038,33 +1049,33 @@ sigs.k8s.io/yaml # go.etcd.io/etcd/pkg/v3 => github.com/openshift/etcd/pkg/v3 v3.5.1-0.20240408095611-aa0c441f97e0 # go.etcd.io/etcd/raft/v3 => github.com/openshift/etcd/raft/v3 v3.5.1-0.20240408095611-aa0c441f97e0 # go.etcd.io/etcd/server/v3 => github.com/openshift/etcd/server/v3 v3.5.1-0.20240408095611-aa0c441f97e0 -# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20240411182632-6b4d6cb58038 -# k8s.io/endpointslice => github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240411182632-6b4d6cb58038 +# k8s.io/api => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240420191847-d9d45306df05 +# k8s.io/apiextensions-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240420191847-d9d45306df05 +# k8s.io/apimachinery => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240420191847-d9d45306df05 +# k8s.io/apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240420191847-d9d45306df05 +# k8s.io/cli-runtime => github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240420191847-d9d45306df05 +# k8s.io/client-go => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240420191847-d9d45306df05 +# k8s.io/cloud-provider => github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240420191847-d9d45306df05 +# k8s.io/cluster-bootstrap => github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240420191847-d9d45306df05 +# k8s.io/code-generator => github.com/openshift/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20240420191847-d9d45306df05 +# k8s.io/component-base => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240420191847-d9d45306df05 +# k8s.io/component-helpers => github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240420191847-d9d45306df05 +# k8s.io/controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240420191847-d9d45306df05 +# k8s.io/cri-api => github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240420191847-d9d45306df05 +# k8s.io/csi-translation-lib => github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240420191847-d9d45306df05 +# k8s.io/dynamic-resource-allocation => github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kms => github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kube-aggregator => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kube-controller-manager => github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kube-proxy => github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240420191847-d9d45306df05 +# k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240420191847-d9d45306df05 +# k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240420191847-d9d45306df05 +# k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240420191847-d9d45306df05 +# k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240420191847-d9d45306df05 +# k8s.io/pod-security-admission => github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240420191847-d9d45306df05 +# k8s.io/sample-apiserver => github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20240420191847-d9d45306df05 +# k8s.io/sample-cli-plugin => github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin v0.0.0-20240420191847-d9d45306df05 +# k8s.io/sample-controller => github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller v0.0.0-20240420191847-d9d45306df05 +# k8s.io/endpointslice => github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240420191847-d9d45306df05 From 1dbfcf0af9cd2f691b6f377d19a3419df320d9f5 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Fri, 26 Apr 2024 05:35:03 +0000 Subject: [PATCH 7/9] update component images --- packaging/crio.conf.d/10-microshift_amd64.conf | 2 +- packaging/crio.conf.d/10-microshift_arm64.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/crio.conf.d/10-microshift_amd64.conf b/packaging/crio.conf.d/10-microshift_amd64.conf index 06402b1b78..c0c4e9739b 100644 --- a/packaging/crio.conf.d/10-microshift_amd64.conf +++ b/packaging/crio.conf.d/10-microshift_amd64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f9d143d0097222d59b5a12e6a53b57f4395c9a74516754de59987c340557343e" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:60cd022d6b8665acdc4a8ea5fc0693bed67c6803440dbf372a7a2740f1af07e5" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" diff --git a/packaging/crio.conf.d/10-microshift_arm64.conf b/packaging/crio.conf.d/10-microshift_arm64.conf index 86507fe914..ab20e226b8 100644 --- a/packaging/crio.conf.d/10-microshift_arm64.conf +++ b/packaging/crio.conf.d/10-microshift_arm64.conf @@ -25,6 +25,6 @@ plugin_dirs = [ # for community builds on top of OKD, this setting has no effect [crio.image] global_auth_file="/etc/crio/openshift-pull-secret" -pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:da1f6d72a6a851486bc6ac0801742624c71078dec61ff6581222c075b07cd563" +pause_image = "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7697ddbff92ded36e0475400ba9cb32d73b78f21e74c34e8f4947c8c08ae5324" pause_image_auth_file = "/etc/crio/openshift-pull-secret" pause_command = "/usr/bin/pod" From 0590ca14bfe1ae1c1e2e76fb1e21e765a03c1fd2 Mon Sep 17 00:00:00 2001 From: ci-robot Date: Fri, 26 Apr 2024 05:35:05 +0000 Subject: [PATCH 8/9] rebase.sh failure artifacts --- .../05_operand_rbac.yaml | 17 +- .../csi_controller_deployment.yaml | 43 +- .../serviceaccount.yaml | 2 +- .../webhook_config.yaml | 6 +- .../webhook_deployment.yaml | 81 +- .../webhook_service.yaml | 8 +- .../webhook_serviceaccount.yaml | 2 +- .../openshift-dns/dns/daemonset.yaml | 159 +- .../components/openshift-dns/dns/service.yaml | 35 +- .../node-resolver/daemonset.yaml | 140 -- .../openshift-router/deployment.yaml | 122 +- .../openshift-router/service-cloud.yaml | 20 +- .../openshift-router/service-internal.yaml | 32 +- assets/components/service-ca/deployment.yaml | 73 +- assets/components/service-ca/ns.yaml | 2 + .../kube-apiserver/defaultconfig.yaml | 30 +- .../defaultconfig.yaml | 48 +- assets/core/kubelet.yaml | 72 +- ...tor_01_securitycontextconstraints.crd.yaml | 590 ++++---- assets/crd/route.crd.yaml | 655 -------- assets/release/release-aarch64.json | 22 +- assets/release/release-x86_64.json | 22 +- rebase_sh.log | 1320 +++++++++++++++++ 23 files changed, 2019 insertions(+), 1482 deletions(-) delete mode 100644 assets/components/openshift-dns/node-resolver/daemonset.yaml delete mode 100644 assets/crd/route.crd.yaml create mode 100644 rebase_sh.log diff --git a/assets/components/csi-snapshot-controller/05_operand_rbac.yaml b/assets/components/csi-snapshot-controller/05_operand_rbac.yaml index 8dc7de8c1f..b3fe5665bc 100644 --- a/assets/components/csi-snapshot-controller/05_operand_rbac.yaml +++ b/assets/components/csi-snapshot-controller/05_operand_rbac.yaml @@ -51,6 +51,7 @@ rules: - apiGroups: ["groupsnapshot.storage.k8s.io"] resources: ["volumegroupsnapshots/status"] verbs: ["update", "patch"] + --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -65,16 +66,17 @@ metadata: subjects: - kind: ServiceAccount name: csi-snapshot-controller - namespace: kube-system + namespace: openshift-cluster-storage-operator roleRef: kind: ClusterRole name: openshift-csi-snapshot-controller-runner apiGroup: rbac.authorization.k8s.io + --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - namespace: kube-system + namespace: openshift-cluster-storage-operator name: csi-snapshot-controller-leaderelection annotations: include.release.openshift.io/hypershift: "true" @@ -83,15 +85,16 @@ metadata: include.release.openshift.io/single-node-developer: "true" capability.openshift.io/name: CSISnapshot rules: - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "watch", "list", "delete", "update", "create"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-snapshot-controller-leaderelection - namespace: kube-system + namespace: openshift-cluster-storage-operator annotations: include.release.openshift.io/hypershift: "true" include.release.openshift.io/ibm-cloud-managed: "true" @@ -101,7 +104,7 @@ metadata: subjects: - kind: ServiceAccount name: csi-snapshot-controller - namespace: kube-system + namespace: openshift-cluster-storage-operator roleRef: kind: Role name: csi-snapshot-controller-leaderelection diff --git a/assets/components/csi-snapshot-controller/csi_controller_deployment.yaml b/assets/components/csi-snapshot-controller/csi_controller_deployment.yaml index d97d428034..8b05ce5b1b 100644 --- a/assets/components/csi-snapshot-controller/csi_controller_deployment.yaml +++ b/assets/components/csi-snapshot-controller/csi_controller_deployment.yaml @@ -2,7 +2,7 @@ kind: Deployment apiVersion: apps/v1 metadata: name: csi-snapshot-controller - namespace: kube-system + namespace: ${CONTROLPLANE_NAMESPACE} spec: serviceName: "csi-snapshot-controller" # Replicas for HyperShift. On standalone OCP it will be adjusted according to nr. of master nodes. @@ -35,18 +35,26 @@ spec: capabilities: drop: - ALL - runAsUser: 65534 - image: '{{ .ReleaseImage.csi_snapshot_controller }}' + image: ${OPERAND_IMAGE} args: - - --v=2 - - --leader-election=false + - "--v=${LOG_LEVEL}" + - "--leader-election=true" + # Leader election values are from + # https://github.com/openshift/library-go/blob/master/pkg/config/leaderelection/leaderelection.go + - "--leader-election-lease-duration=137s" + - "--leader-election-renew-deadline=107s" + - "--leader-election-retry-period=26s" + # Force the namespace name for HyperShift + - "--leader-election-namespace=openshift-cluster-storage-operator" + # guest --kubeconfig= will be injected by the operator when running on HyperShift imagePullPolicy: IfNotPresent resources: requests: # TODO: measure on a real cluster cpu: 10m memory: 50Mi - # volumeMount with guest Kubeconfig will be added by the operator + terminationMessagePolicy: FallbackToLogsOnError + # volumeMount with guest Kubeconfig will be added by the operator affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -56,18 +64,19 @@ spec: matchLabels: app: csi-snapshot-controller topologyKey: kubernetes.io/hostname + priorityClassName: ${PRIORITY_CLASS} nodeSelector: node-role.kubernetes.io/master: "" tolerations: - - key: "node.kubernetes.io/unreachable" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 120 - - key: "node.kubernetes.io/not-ready" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 120 - - key: node-role.kubernetes.io/master - operator: Exists - effect: "NoSchedule" + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 120 + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 120 + - key: node-role.kubernetes.io/master + operator: Exists + effect: "NoSchedule" # volume with guest Kubeconfig will be added by the operator diff --git a/assets/components/csi-snapshot-controller/serviceaccount.yaml b/assets/components/csi-snapshot-controller/serviceaccount.yaml index 6de8066162..aaa64ce0ce 100644 --- a/assets/components/csi-snapshot-controller/serviceaccount.yaml +++ b/assets/components/csi-snapshot-controller/serviceaccount.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: csi-snapshot-controller - namespace: kube-system + namespace: ${CONTROLPLANE_NAMESPACE} diff --git a/assets/components/csi-snapshot-controller/webhook_config.yaml b/assets/components/csi-snapshot-controller/webhook_config.yaml index 5ffcb799ea..922ad71d64 100644 --- a/assets/components/csi-snapshot-controller/webhook_config.yaml +++ b/assets/components/csi-snapshot-controller/webhook_config.yaml @@ -13,10 +13,10 @@ webhooks: clientConfig: service: name: csi-snapshot-webhook - namespace: kube-system + namespace: openshift-cluster-storage-operator path: /volumesnapshot rules: - - operations: ["CREATE", "UPDATE"] + - operations: [ "CREATE", "UPDATE" ] apiGroups: ["snapshot.storage.k8s.io"] apiVersions: ["v1beta1", "v1"] resources: ["volumesnapshots", "volumesnapshotcontents", "volumesnapshotclasses"] @@ -32,7 +32,7 @@ webhooks: namespace: openshift-cluster-storage-operator path: /volumegroupsnapshot rules: - - operations: ["CREATE", "UPDATE"] + - operations: [ "CREATE", "UPDATE" ] apiGroups: ["groupsnapshot.storage.k8s.io"] apiVersions: ["v1alpha1"] resources: ["volumegroupsnapshots", "volumegroupsnapshotcontents", "volumegroupsnapshotclasses"] diff --git a/assets/components/csi-snapshot-controller/webhook_deployment.yaml b/assets/components/csi-snapshot-controller/webhook_deployment.yaml index 620168af4a..90040aead6 100644 --- a/assets/components/csi-snapshot-controller/webhook_deployment.yaml +++ b/assets/components/csi-snapshot-controller/webhook_deployment.yaml @@ -2,7 +2,7 @@ kind: Deployment apiVersion: apps/v1 metadata: name: csi-snapshot-webhook - namespace: kube-system + namespace: ${CONTROLPLANE_NAMESPACE} spec: serviceName: "csi-snapshot-webhook" selector: @@ -22,31 +22,31 @@ spec: spec: serviceAccount: csi-snapshot-webhook containers: - - name: webhook - image: '{{ .ReleaseImage.csi_snapshot_validation_webhook }}' - args: - - --tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt - - --tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key - - "--v=2" - - --port=8443 - ports: - - containerPort: 8443 - volumeMounts: - - name: certs - mountPath: /etc/snapshot-validation-webhook/certs - readOnly: true - optional: true - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 10m - memory: 20Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsUser: 65534 + - name: webhook + image: ${OPERAND_IMAGE} + args: + - --tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt + - --tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key + - "--v=${LOG_LEVEL}" + - --port=8443 + ports: + - containerPort: 8443 + volumeMounts: + - name: certs + mountPath: /etc/snapshot-validation-webhook/certs + readOnly: true + optional: true + imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 10m + memory: 20Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + terminationMessagePolicy: FallbackToLogsOnError affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -56,6 +56,7 @@ spec: matchLabels: app: csi-snapshot-webhook topologyKey: kubernetes.io/hostname + priorityClassName: ${PRIORITY_CLASS} restartPolicy: Always securityContext: runAsNonRoot: true @@ -64,18 +65,18 @@ spec: nodeSelector: node-role.kubernetes.io/master: "" volumes: - - name: certs - secret: - secretName: csi-snapshot-webhook-secret + - name: certs + secret: + secretName: csi-snapshot-webhook-secret tolerations: - - key: "node.kubernetes.io/unreachable" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 120 - - key: "node.kubernetes.io/not-ready" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 120 - - key: node-role.kubernetes.io/master - operator: Exists - effect: "NoSchedule" + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 120 + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 120 + - key: node-role.kubernetes.io/master + operator: Exists + effect: "NoSchedule" diff --git a/assets/components/csi-snapshot-controller/webhook_service.yaml b/assets/components/csi-snapshot-controller/webhook_service.yaml index ddd576182d..57b0d2f82f 100644 --- a/assets/components/csi-snapshot-controller/webhook_service.yaml +++ b/assets/components/csi-snapshot-controller/webhook_service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: csi-snapshot-webhook - namespace: kube-system + namespace: ${CONTROLPLANE_NAMESPACE} labels: app: csi-snapshot-webhook hypershift.openshift.io/allow-guest-webhooks: "true" @@ -11,8 +11,8 @@ metadata: capability.openshift.io/name: CSISnapshot spec: ports: - - name: webhook - port: 443 - targetPort: 8443 + - name: webhook + port: 443 + targetPort: 8443 selector: app: csi-snapshot-webhook diff --git a/assets/components/csi-snapshot-controller/webhook_serviceaccount.yaml b/assets/components/csi-snapshot-controller/webhook_serviceaccount.yaml index 3d56d25c29..d831850a1f 100644 --- a/assets/components/csi-snapshot-controller/webhook_serviceaccount.yaml +++ b/assets/components/csi-snapshot-controller/webhook_serviceaccount.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: csi-snapshot-webhook - namespace: kube-system + namespace: ${CONTROLPLANE_NAMESPACE} diff --git a/assets/components/openshift-dns/dns/daemonset.yaml b/assets/components/openshift-dns/dns/daemonset.yaml index d6b720767b..ad71b08ce7 100644 --- a/assets/components/openshift-dns/dns/daemonset.yaml +++ b/assets/components/openshift-dns/dns/daemonset.yaml @@ -1,5 +1,6 @@ kind: DaemonSet apiVersion: apps/v1 +# name, namespace and labels are set at runtime spec: # minReadySeconds should be 3x the readiness probe's polling interval (i.e. periodSeconds). minReadySeconds: 9 @@ -7,91 +8,83 @@ spec: metadata: annotations: target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' - labels: - dns.operator.openshift.io/daemonset-dns: default spec: serviceAccountName: dns priorityClassName: system-node-critical containers: - - name: dns - imagePullPolicy: IfNotPresent - terminationMessagePolicy: FallbackToLogsOnError - command: ["coredns"] - args: ["-conf", "/etc/coredns/Corefile"] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - readOnly: true - ports: - - containerPort: 5353 - name: dns - protocol: UDP - - containerPort: 5353 - name: dns-tcp - protocol: TCP - readinessProbe: - httpGet: - path: /ready - port: 8181 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 3 # Update the daemonset's spec.minReadySeconds above if you change this value! - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 3 - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: - requests: - cpu: 50m - memory: 70Mi - image: '{{ .ReleaseImage.coredns }}' - - name: kube-rbac-proxy - args: - - --logtostderr - - --secure-listen-address=:9154 - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - - --upstream=http://127.0.0.1:9153/ - - --tls-cert-file=/etc/tls/private/tls.crt - - --tls-private-key-file=/etc/tls/private/tls.key - ports: - - containerPort: 9154 - name: metrics - resources: - requests: - cpu: 10m - memory: 40Mi - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/tls/private - name: metrics-tls - readOnly: true - image: '{{ .ReleaseImage.kube_rbac_proxy }}' - imagePullPolicy: IfNotPresent + - name: dns + # image is set at runtime + imagePullPolicy: IfNotPresent + terminationMessagePolicy: FallbackToLogsOnError + command: [ "coredns" ] + args: [ "-conf", "/etc/coredns/Corefile" ] + volumeMounts: + - name: config-volume + mountPath: /etc/coredns + readOnly: true + ports: + - containerPort: 5353 + name: dns + protocol: UDP + - containerPort: 5353 + name: dns-tcp + protocol: TCP + readinessProbe: + httpGet: + path: /ready + port: 8181 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 # Update the daemonset's spec.minReadySeconds above if you change this value! + successThreshold: 1 + failureThreshold: 3 + timeoutSeconds: 3 + livenessProbe: + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + resources: + requests: + cpu: 50m + memory: 70Mi + - name: kube-rbac-proxy + # image is set at runtime + args: + - --logtostderr + - --secure-listen-address=:9154 + - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + - --upstream=http://127.0.0.1:9153/ + - --tls-cert-file=/etc/tls/private/tls.crt + - --tls-private-key-file=/etc/tls/private/tls.key + ports: + - containerPort: 9154 + name: metrics + resources: + requests: + cpu: 10m + memory: 40Mi + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /etc/tls/private + name: metrics-tls + readOnly: true dnsPolicy: Default + # nodeSelector is set at runtime. volumes: - - name: config-volume - configMap: - items: - - key: Corefile - path: Corefile - name: dns-default - - name: metrics-tls - secret: - defaultMode: 420 - secretName: dns-default-metrics-tls - nodeSelector: - kubernetes.io/os: linux - tolerations: - - key: node-role.kubernetes.io/master - operator: Exists + - name: config-volume + configMap: + # Name is set at runtime + items: + - key: Corefile + path: Corefile + - name: metrics-tls + # secretName is set at runtime + # tolerations is set at runtime. updateStrategy: type: RollingUpdate rollingUpdate: @@ -103,11 +96,3 @@ spec: maxSurge: 10% # maxUnavailable must be zero when maxSurge is nonzero. maxUnavailable: 0 - selector: - matchLabels: - dns.operator.openshift.io/daemonset-dns: default -metadata: - name: dns-default - namespace: openshift-dns - labels: - dns.operator.openshift.io/owning-dns: default diff --git a/assets/components/openshift-dns/dns/service.yaml b/assets/components/openshift-dns/dns/service.yaml index 3849d98bce..0dca87150b 100644 --- a/assets/components/openshift-dns/dns/service.yaml +++ b/assets/components/openshift-dns/dns/service.yaml @@ -1,24 +1,19 @@ kind: Service apiVersion: v1 +# name, namespace,labels and annotations are set at runtime spec: + # clusterIP will be automatically managed. + # selector is set at runtime ports: - - name: dns - port: 53 - targetPort: dns - protocol: UDP - - name: dns-tcp - port: 53 - targetPort: dns-tcp - protocol: TCP - - name: metrics - port: 9154 - targetPort: metrics - protocol: TCP - clusterIP: '{{.ClusterIP}}' - selector: - dns.operator.openshift.io/daemonset-dns: default -metadata: - annotations: - service.beta.openshift.io/serving-cert-secret-name: dns-default-metrics-tls - name: dns-default - namespace: openshift-dns + - name: dns + port: 53 + targetPort: dns + protocol: UDP + - name: dns-tcp + port: 53 + targetPort: dns-tcp + protocol: TCP + - name: metrics + port: 9154 + targetPort: metrics + protocol: TCP diff --git a/assets/components/openshift-dns/node-resolver/daemonset.yaml b/assets/components/openshift-dns/node-resolver/daemonset.yaml deleted file mode 100644 index 6d8a5fbf32..0000000000 --- a/assets/components/openshift-dns/node-resolver/daemonset.yaml +++ /dev/null @@ -1,140 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: node-resolver - namespace: openshift-dns -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - dns.operator.openshift.io/daemonset-node-resolver: "" - template: - metadata: - annotations: - target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' - labels: - dns.operator.openshift.io/daemonset-node-resolver: "" - spec: - containers: - - command: - - /bin/bash - - -c - - | - #!/bin/bash - set -uo pipefail - - trap 'jobs -p | xargs kill || true; wait; exit 0' TERM - - NAMESERVER=${DNS_DEFAULT_SERVICE_HOST} - OPENSHIFT_MARKER="openshift-generated-node-resolver" - HOSTS_FILE="/etc/hosts" - TEMP_FILE="/etc/hosts.tmp" - - IFS=', ' read -r -a services <<< "${SERVICES}" - - # Make a temporary file with the old hosts file's attributes. - if ! cp -f --attributes-only "${HOSTS_FILE}" "${TEMP_FILE}"; then - echo "Failed to preserve hosts file. Exiting." - exit 1 - fi - - while true; do - declare -A svc_ips - for svc in "${services[@]}"; do - # Fetch service IP from cluster dns if present. We make several tries - # to do it: IPv4, IPv6, IPv4 over TCP and IPv6 over TCP. The two last ones - # are for deployments with Kuryr on older OpenStack (OSP13) - those do not - # support UDP loadbalancers and require reaching DNS through TCP. - cmds=('dig -t A @"${NAMESERVER}" +short "${svc}.${CLUSTER_DOMAIN}"|grep -v "^;"' - 'dig -t AAAA @"${NAMESERVER}" +short "${svc}.${CLUSTER_DOMAIN}"|grep -v "^;"' - 'dig -t A +tcp +retry=0 @"${NAMESERVER}" +short "${svc}.${CLUSTER_DOMAIN}"|grep -v "^;"' - 'dig -t AAAA +tcp +retry=0 @"${NAMESERVER}" +short "${svc}.${CLUSTER_DOMAIN}"|grep -v "^;"') - for i in ${!cmds[*]} - do - ips=($(eval "${cmds[i]}")) - if [[ "$?" -eq 0 && "${#ips[@]}" -ne 0 ]]; then - svc_ips["${svc}"]="${ips[@]}" - break - fi - done - done - - # Update /etc/hosts only if we get valid service IPs - # We will not update /etc/hosts when there is coredns service outage or api unavailability - # Stale entries could exist in /etc/hosts if the service is deleted - if [[ -n "${svc_ips[*]-}" ]]; then - # Build a new hosts file from /etc/hosts with our custom entries filtered out - if ! sed --silent "/# ${OPENSHIFT_MARKER}/d; w ${TEMP_FILE}" "${HOSTS_FILE}"; then - # Only continue rebuilding the hosts entries if its original content is preserved - sleep 60 & wait - continue - fi - - # Append resolver entries for services - rc=0 - for svc in "${!svc_ips[@]}"; do - for ip in ${svc_ips[${svc}]}; do - echo "${ip} ${svc} ${svc}.${CLUSTER_DOMAIN} # ${OPENSHIFT_MARKER}" >> "${TEMP_FILE}" || rc=$? - done - done - if [[ $rc -ne 0 ]]; then - sleep 60 & wait - continue - fi - - - # TODO: Update /etc/hosts atomically to avoid any inconsistent behavior - # Replace /etc/hosts with our modified version if needed - cmp "${TEMP_FILE}" "${HOSTS_FILE}" || cp -f "${TEMP_FILE}" "${HOSTS_FILE}" - # TEMP_FILE is not removed to avoid file create/delete and attributes copy churn - fi - sleep 60 & wait - unset svc_ips - done - env: - - name: SERVICES - # Comma or space separated list of services - # NOTE: For now, ensure these are relative names; for each relative name, - # an alias with the CLUSTER_DOMAIN suffix will also be added. - value: "image-registry.openshift-image-registry.svc" - - name: NAMESERVER - value: 172.30.0.10 - - name: CLUSTER_DOMAIN - value: cluster.local - image: {{ .ReleaseImage.cli }} - imagePullPolicy: IfNotPresent - name: dns-node-resolver - resources: - requests: - cpu: 5m - memory: 21Mi - securityContext: - privileged: true - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/hosts - name: hosts-file - dnsPolicy: ClusterFirst - hostNetwork: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - serviceAccount: node-resolver - serviceAccountName: node-resolver - terminationGracePeriodSeconds: 30 - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /etc/hosts - type: File - name: hosts-file - updateStrategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 33% - type: RollingUpdate diff --git a/assets/components/openshift-router/deployment.yaml b/assets/components/openshift-router/deployment.yaml index ae0279652c..0042633286 100644 --- a/assets/components/openshift-router/deployment.yaml +++ b/assets/components/openshift-router/deployment.yaml @@ -1,68 +1,35 @@ # Deployment with default values +# Ingress Controller specific values are applied at runtime. kind: Deployment apiVersion: apps/v1 +# name and namespace are set at runtime. spec: progressDeadlineSeconds: 600 template: metadata: annotations: target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' - labels: - ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default spec: serviceAccountName: router + # nodeSelector is set at runtime. priorityClassName: system-cluster-critical containers: - name: router + # image is set at runtime. imagePullPolicy: IfNotPresent securityContext: # See https://bugzilla.redhat.com/2007246 allowPrivilegeEscalation: true readOnlyRootFilesystem: false terminationMessagePolicy: FallbackToLogsOnError + # Merged at runtime. env: - - name: ROUTER_SERVICE_NAMESPACE - value: openshift-ingress - - name: DEFAULT_CERTIFICATE_DIR - value: /etc/pki/tls/private - - name: DEFAULT_DESTINATION_CA_PATH - value: /var/run/configmaps/service-ca/service-ca.crt - - name: STATS_PORT - value: "1936" - - name: RELOAD_INTERVAL - value: 5s - - name: ROUTER_ALLOW_WILDCARD_ROUTES - value: "false" - - name: ROUTER_CANONICAL_HOSTNAME - value: router-default.apps.{{ .BaseDomain }} - - name: ROUTER_CIPHERS - value: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - - name: ROUTER_CIPHERSUITES - value: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 - - name: ROUTER_DISABLE_HTTP2 - value: "true" - - name: ROUTER_DISABLE_NAMESPACE_OWNERSHIP_CHECK - value: '{{.RouterNamespaceOwnership}}' - - name: ROUTER_LOAD_BALANCE_ALGORITHM - value: random - - name: ROUTER_METRICS_TYPE - value: haproxy - - name: ROUTER_SERVICE_NAME - value: default - - name: ROUTER_SET_FORWARDED_HEADERS - value: append - - name: ROUTER_TCP_BALANCE_SCHEME - value: source - - name: ROUTER_THREADS - value: "4" - - name: SSL_MIN_VERSION - value: TLSv1.2 - - name: ROUTER_USE_PROXY_PROTOCOL - value: "false" - - name: GRACEFUL_SHUTDOWN_DELAY - value: 1s - - name: ROUTER_DOMAIN - value: apps.{{ .BaseDomain }} + - name: ROUTER_SERVICE_NAMESPACE + value: openshift-ingress + - name: DEFAULT_CERTIFICATE_DIR + value: /etc/pki/tls/private + - name: DEFAULT_DESTINATION_CA_PATH + value: /var/run/configmaps/service-ca/service-ca.crt livenessProbe: httpGet: path: /healthz @@ -83,55 +50,22 @@ spec: cpu: 100m memory: 256Mi volumeMounts: - - mountPath: /etc/pki/tls/private - name: default-certificate - readOnly: true - - mountPath: /var/run/configmaps/service-ca - name: service-ca-bundle - readOnly: true - image: '{{ .ReleaseImage.haproxy_router }}' - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - - name: metrics - containerPort: 1936 - protocol: TCP - args: - - -v=4 - volumes: - - name: default-certificate - secret: - defaultMode: 420 - secretName: router-certs-default - - name: service-ca-bundle - configMap: - items: - - key: service-ca.crt - path: service-ca.crt + - mountPath: /etc/pki/tls/private + name: default-certificate + readOnly: true + - mountPath: /var/run/configmaps/service-ca name: service-ca-bundle - optional: false + readOnly: true + volumes: + - name: default-certificate + secret: defaultMode: 420 - restartPolicy: Always - dnsPolicy: ClusterFirst - nodeSelector: - kubernetes.io/os: linux - node-role.kubernetes.io/worker: "" - serviceAccount: router - securityContext: {} - schedulerName: default-scheduler - minReadySeconds: 30 - selector: - matchLabels: - ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default - replicas: 1 - strategy: - type: Recreate -metadata: - name: router-default - namespace: openshift-ingress - labels: - ingresscontroller.operator.openshift.io/owning-ingresscontroller: default + # SecretName is set at run-time. + - name: service-ca-bundle + configMap: + items: + - key: service-ca.crt + path: service-ca.crt + name: service-ca-bundle + optional: false + defaultMode: 420 diff --git a/assets/components/openshift-router/service-cloud.yaml b/assets/components/openshift-router/service-cloud.yaml index 9cdfb93262..fa618a6170 100644 --- a/assets/components/openshift-router/service-cloud.yaml +++ b/assets/components/openshift-router/service-cloud.yaml @@ -7,22 +7,20 @@ metadata: namespace: openshift-ingress labels: app: router - ingresscontroller.operator.openshift.io/owning-ingresscontroller: default - name: router-default spec: type: LoadBalancer selector: - ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default + app: router # This also has the effect of marking LB pool targets as unhealthy when no # router pods are present on a node behind the service. externalTrafficPolicy: Local internalTrafficPolicy: Cluster ports: - - name: http - protocol: TCP - port: {{ .RouterHttpPort }} - targetPort: http - - name: https - protocol: TCP - port: {{ .RouterHttpsPort }} - targetPort: https + - name: http + protocol: TCP + port: 80 + targetPort: http + - name: https + protocol: TCP + port: 443 + targetPort: https diff --git a/assets/components/openshift-router/service-internal.yaml b/assets/components/openshift-router/service-internal.yaml index daeaeb1ae3..411de483a5 100644 --- a/assets/components/openshift-router/service-internal.yaml +++ b/assets/components/openshift-router/service-internal.yaml @@ -2,26 +2,20 @@ # Ingress Controller specific annotations are applied at runtime. kind: Service apiVersion: v1 +# name, namespace and annotations are set at runtime. spec: type: ClusterIP internalTrafficPolicy: Cluster ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - - name: https - port: 443 - protocol: TCP - targetPort: https - - name: metrics - port: 1936 - protocol: TCP - targetPort: metrics - selector: - ingresscontroller.operator.openshift.io/deployment-ingresscontroller: default -metadata: - labels: - ingresscontroller.operator.openshift.io/owning-ingresscontroller: default - name: router-internal-default - namespace: openshift-ingress + - name: http + port: 80 + protocol: TCP + targetPort: http + - name: https + port: 443 + protocol: TCP + targetPort: https + - name: metrics + port: 1936 + protocol: TCP + targetPort: metrics diff --git a/assets/components/service-ca/deployment.yaml b/assets/components/service-ca/deployment.yaml index fc27a300fb..6b9c679a97 100644 --- a/assets/components/service-ca/deployment.yaml +++ b/assets/components/service-ca/deployment.yaml @@ -25,46 +25,43 @@ spec: spec: serviceAccountName: service-ca containers: - - name: service-ca-controller - image: '{{ .ReleaseImage.service_ca_operator }}' - imagePullPolicy: IfNotPresent - command: ["service-ca-operator", "controller"] - ports: - - containerPort: 8443 - securityContext: - runAsNonRoot: true - resources: - requests: - memory: 120Mi - cpu: 10m - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /var/run/secrets/signing-key - name: signing-key - - mountPath: /var/run/configmaps/signing-cabundle - name: signing-cabundle - args: - - -v=2 + - name: service-ca-controller + image: ${IMAGE} + imagePullPolicy: IfNotPresent + command: ["service-ca-operator", "controller"] + ports: + - containerPort: 8443 + securityContext: + runAsNonRoot: true + resources: + requests: + memory: 120Mi + cpu: 10m + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /var/run/secrets/signing-key + name: signing-key + - mountPath: /var/run/configmaps/signing-cabundle + name: signing-cabundle volumes: - - name: signing-key - secret: - secretName: '{{.TLSSecret}}' - - name: signing-cabundle - configMap: - name: '{{.CAConfigMap}}' + - name: signing-key + secret: + secretName: signing-key + - name: signing-cabundle + configMap: + name: signing-cabundle nodeSelector: node-role.kubernetes.io/master: "" priorityClassName: "system-cluster-critical" tolerations: - - key: node-role.kubernetes.io/master - operator: Exists - effect: "NoSchedule" - - key: "node.kubernetes.io/unreachable" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 120 - - key: "node.kubernetes.io/not-ready" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 120 - replicas: 1 + - key: node-role.kubernetes.io/master + operator: Exists + effect: "NoSchedule" + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 120 + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 120 diff --git a/assets/components/service-ca/ns.yaml b/assets/components/service-ca/ns.yaml index 5826956115..0ba2847ecc 100644 --- a/assets/components/service-ca/ns.yaml +++ b/assets/components/service-ca/ns.yaml @@ -5,3 +5,5 @@ metadata: annotations: openshift.io/node-selector: "" workload.openshift.io/allowed: "management" + labels: + openshift.io/run-level-: "" # remove the label on upgrades diff --git a/assets/controllers/kube-apiserver/defaultconfig.yaml b/assets/controllers/kube-apiserver/defaultconfig.yaml index af45236c52..13e02d8d24 100644 --- a/assets/controllers/kube-apiserver/defaultconfig.yaml +++ b/assets/controllers/kube-apiserver/defaultconfig.yaml @@ -14,21 +14,21 @@ admission: kind: PodSecurityConfiguration apiVersion: pod-security.admission.config.k8s.io/v1 defaults: - enforce: "restricted" - enforce-version: "latest" - audit: "restricted" - audit-version: "latest" - warn: "restricted" - warn-version: "latest" + enforce: "invalid-to-force-substitution" + enforce-version: "invalid-to-force-substitution" + audit: "invalid-to-force-substitution" + audit-version: "invalid-to-force-substitution" + warn: "invalid-to-force-substitution" + warn-version: "invalid-to-force-substitution" exemptions: usernames: - # The build controller creates pods that are likely to be privileged - # based on BuildConfig objects. Access to these build pods is however - # still limited by the SCC exec admission and so we can safely add the - # build-controller SA here. - # This configuration should never be exposed to cluster users as no - # such guarantees are made for any other OpenShift SA/user. - - system:serviceaccount:openshift-infra:build-controller + # The build controller creates pods that are likely to be privileged + # based on BuildConfig objects. Access to these build pods is however + # still limited by the SCC exec admission and so we can safely add the + # build-controller SA here. + # This configuration should never be exposed to cluster users as no + # such guarantees are made for any other OpenShift SA/user. + - system:serviceaccount:openshift-infra:build-controller apiServerArguments: allow-privileged: - "true" @@ -123,7 +123,7 @@ apiServerArguments: goaway-chance: - "0" http2-max-streams-per-connection: - - "2000" # recommended is 1000, but we need to mitigate https://github.com/kubernetes/kubernetes/issues/74412 + - "2000" # recommended is 1000, but we need to mitigate https://github.com/kubernetes/kubernetes/issues/74412 kubelet-certificate-authority: - /etc/kubernetes/static-pod-resources/configmaps/kubelet-serving-ca/ca-bundle.crt kubelet-client-certificate: @@ -168,7 +168,7 @@ apiServerArguments: shutdown-delay-duration: - 70s # give SDN some time to converge: 30s for iptable lock contention, 25s for the second try and some seconds for AWS to update ELBs shutdown-send-retry-after: - - "true" + - "true" storage-backend: - etcd3 storage-media-type: diff --git a/assets/controllers/kube-controller-manager/defaultconfig.yaml b/assets/controllers/kube-controller-manager/defaultconfig.yaml index efceaa3c61..0dc7479099 100644 --- a/assets/controllers/kube-controller-manager/defaultconfig.yaml +++ b/assets/controllers/kube-controller-manager/defaultconfig.yaml @@ -2,41 +2,47 @@ apiVersion: kubecontrolplane.config.openshift.io/v1 kind: KubeControllerManagerConfig extendedArguments: enable-dynamic-provisioning: - - "true" + - "true" allocate-node-cidrs: - - "false" + - "false" configure-cloud-routes: - - "false" + - "false" use-service-account-credentials: - - "true" + - "true" + flex-volume-plugin-dir: + - "/etc/kubernetes/kubelet-plugins/volume/exec" # created by machine-config-operator, owned by storage team/hekumar@redhat.com + pv-recycler-pod-template-filepath-nfs: # owned by storage team/fbertina@redhat.com + - "/etc/kubernetes/static-pod-resources/configmaps/recycler-config/recycler-pod.yaml" + pv-recycler-pod-template-filepath-hostpath: # owned by storage team/fbertina@redhat.com + - "/etc/kubernetes/static-pod-resources/configmaps/recycler-config/recycler-pod.yaml" leader-elect: - - "true" + - "true" leader-elect-retry-period: - - "3s" + - "3s" leader-elect-resource-lock: - - "leases" + - "leases" leader-elect-renew-deadline: - - "12s" # Increase api call timeout value from default 5s to 6s, required in case primary dns server fail. + - "12s" # Increase api call timeout value from default 5s to 6s, required in case primary dns server fail. controllers: - - "*" - - "-ttl" # TODO: this is excluded in kube-core, but not in #21092 - - "-bootstrapsigner" - - "-tokencleaner" + - "*" + - "-ttl" # TODO: this is excluded in kube-core, but not in #21092 + - "-bootstrapsigner" + - "-tokencleaner" cluster-signing-duration: - - "720h" + - "720h" secure-port: - - "10257" + - "10257" cert-dir: - - "/var/run/kubernetes" + - "/var/run/kubernetes" root-ca-file: - - "/etc/kubernetes/static-pod-resources/configmaps/serviceaccount-ca/ca-bundle.crt" + - "/etc/kubernetes/static-pod-resources/configmaps/serviceaccount-ca/ca-bundle.crt" service-account-private-key-file: - - "/etc/kubernetes/static-pod-resources/secrets/service-account-private-key/service-account.key" + - "/etc/kubernetes/static-pod-resources/secrets/service-account-private-key/service-account.key" cluster-signing-cert-file: - - "/etc/kubernetes/static-pod-certs/secrets/csr-signer/tls.crt" + - "/etc/kubernetes/static-pod-certs/secrets/csr-signer/tls.crt" cluster-signing-key-file: - - "/etc/kubernetes/static-pod-certs/secrets/csr-signer/tls.key" + - "/etc/kubernetes/static-pod-certs/secrets/csr-signer/tls.key" kube-api-qps: - - "150" # this is a historical values + - "150" # this is a historical values kube-api-burst: - - "300" # this is a historical values + - "300" # this is a historical values diff --git a/assets/core/kubelet.yaml b/assets/core/kubelet.yaml index e15961b4b9..8861324b22 100644 --- a/assets/core/kubelet.yaml +++ b/assets/core/kubelet.yaml @@ -1,34 +1,38 @@ -kind: KubeletConfiguration -apiVersion: kubelet.config.k8s.io/v1beta1 -authentication: - anonymous: - enabled: false - x509: - clientCAFile: "{{ .clientCAFile }}" -cgroupDriver: systemd -cgroupsPerQOS: true -clusterDNS: - - "{{ .clusterDNSIP }}" -clusterDomain: cluster.local -containerLogMaxSize: 50Mi -containerRuntimeEndpoint: unix:///var/run/crio/crio.sock -enforceNodeAllocatable: [] -failSwapOn: false -featureGates: - APIPriorityAndFairness: true - DownwardAPIHugePages: true - PodSecurity: true - RotateKubeletServerCertificate: false # TODO -kubeAPIBurst: 100 -kubeAPIQPS: 50 -maxPods: 250 -nodeStatusReportFrequency: 5m -rotateCertificates: false # TODO -serializeImagePulls: false -serverTLSBootstrap: false # TODO -tlsCertFile: "{{ .tlsCertFile }}" -tlsPrivateKeyFile: "{{ .tlsPrivateKeyFile }}" -volumePluginDir: "{{ .volumePluginDir }}" -{{- if .resolvConf }} -resolvConf: "{{ .resolvConf }}" -{{- end }} +mode: 0644 +path: "/etc/kubernetes/kubelet.conf" +contents: + inline: | + kind: KubeletConfiguration + apiVersion: kubelet.config.k8s.io/v1beta1 + authentication: + x509: + clientCAFile: /etc/kubernetes/kubelet-ca.crt + anonymous: + enabled: false + cgroupDriver: systemd + cgroupRoot: / + clusterDNS: + - {{.ClusterDNSIP}} + clusterDomain: cluster.local + containerLogMaxSize: 50Mi + enableSystemLogQuery: true + maxPods: 250 + kubeAPIQPS: 50 + kubeAPIBurst: 100 + podPidsLimit: 4096 + protectKernelDefaults: true + rotateCertificates: true + serializeImagePulls: false + staticPodPath: /etc/kubernetes/manifests + systemCgroups: /system.slice + nodeStatusUpdateFrequency: 10s + nodeStatusReportFrequency: 5m + serverTLSBootstrap: true + tlsMinVersion: VersionTLS12 + tlsCipherSuites: + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 diff --git a/assets/crd/0000_03_config-operator_01_securitycontextconstraints.crd.yaml b/assets/crd/0000_03_config-operator_01_securitycontextconstraints.crd.yaml index 56662a44c6..f5e54704de 100644 --- a/assets/crd/0000_03_config-operator_01_securitycontextconstraints.crd.yaml +++ b/assets/crd/0000_03_config-operator_01_securitycontextconstraints.crd.yaml @@ -14,268 +14,352 @@ spec: listKind: SecurityContextConstraintsList plural: securitycontextconstraints singular: securitycontextconstraints - shortNames: - - scc scope: Cluster versions: - - additionalPrinterColumns: - - description: Determines if a container can request to be run as privileged - jsonPath: .allowPrivilegedContainer - name: Priv - type: string - - description: A list of capabilities that can be requested to add to the container - jsonPath: .allowedCapabilities - name: Caps - type: string - - description: Strategy that will dictate what labels will be set in the SecurityContext - jsonPath: .seLinuxContext.type - name: SELinux - type: string - - description: Strategy that will dictate what RunAsUser is used in the SecurityContext - jsonPath: .runAsUser.type - name: RunAsUser - type: string - - description: Strategy that will dictate what fs group is used by the SecurityContext - jsonPath: .fsGroup.type - name: FSGroup - type: string - - description: Strategy that will dictate what supplemental groups are used by the SecurityContext - jsonPath: .supplementalGroups.type - name: SupGroup - type: string - - description: Sort order of SCCs - jsonPath: .priority - name: Priority - type: string - - description: Force containers to run with a read only root file system - jsonPath: .readOnlyRootFilesystem - name: ReadOnlyRootFS - type: string - - description: White list of allowed volume plugins - jsonPath: .volumes - name: Volumes - type: string - name: v1 - schema: - openAPIV3Schema: - description: "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - allowHostDirVolumePlugin: - description: AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin - type: boolean - allowHostIPC: - description: AllowHostIPC determines if the policy allows host ipc in the containers. - type: boolean - allowHostNetwork: - description: AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec. - type: boolean - allowHostPID: - description: AllowHostPID determines if the policy allows host pid in the containers. - type: boolean - allowHostPorts: - description: AllowHostPorts determines if the policy allows host ports in the containers. - type: boolean - allowPrivilegeEscalation: - description: AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true. - nullable: true - type: boolean - allowPrivilegedContainer: - description: AllowPrivilegedContainer determines if a container can request to be run as privileged. - type: boolean - allowedCapabilities: - description: AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'. - items: - description: Capability represent POSIX capabilities type - type: string - nullable: true - type: array - allowedFlexVolumes: - description: AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the "Volumes" field. - items: - description: AllowedFlexVolume represents a single Flexvolume that is allowed to be used. - properties: - driver: - description: Driver is the name of the Flexvolume driver. - type: string - required: - - driver - type: object - nullable: true - type: array - allowedUnsafeSysctls: - description: "AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection. \n Examples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc." - items: - type: string - nullable: true - type: array - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + - additionalPrinterColumns: + - description: Determines if a container can request to be run as privileged + jsonPath: .allowPrivilegedContainer + name: Priv + type: string + - description: A list of capabilities that can be requested to add to the container + jsonPath: .allowedCapabilities + name: Caps + type: string + - description: Strategy that will dictate what labels will be set in the SecurityContext + jsonPath: .seLinuxContext.type + name: SELinux + type: string + - description: Strategy that will dictate what RunAsUser is used in the SecurityContext + jsonPath: .runAsUser.type + name: RunAsUser + type: string + - description: Strategy that will dictate what fs group is used by the SecurityContext + jsonPath: .fsGroup.type + name: FSGroup + type: string + - description: Strategy that will dictate what supplemental groups are used by + the SecurityContext + jsonPath: .supplementalGroups.type + name: SupGroup + type: string + - description: Sort order of SCCs + jsonPath: .priority + name: Priority + type: string + - description: Force containers to run with a read only root file system + jsonPath: .readOnlyRootFilesystem + name: ReadOnlyRootFS + type: string + - description: White list of allowed volume plugins + jsonPath: .volumes + name: Volumes + type: string + name: v1 + schema: + openAPIV3Schema: + description: "SecurityContextConstraints governs the ability to make requests + that affect the SecurityContext that will be applied to a container. For + historical reasons SCC was exposed under the core Kubernetes API group. + That exposure is deprecated and will be removed in a future release - users + should instead use the security.openshift.io group to manage SecurityContextConstraints. + \n Compatibility level 1: Stable within a major release for a minimum of + 12 months or 3 minor releases (whichever is longer)." + properties: + allowHostDirVolumePlugin: + description: AllowHostDirVolumePlugin determines if the policy allow containers + to use the HostDir volume plugin + type: boolean + allowHostIPC: + description: AllowHostIPC determines if the policy allows host ipc in + the containers. + type: boolean + allowHostNetwork: + description: AllowHostNetwork determines if the policy allows the use + of HostNetwork in the pod spec. + type: boolean + allowHostPID: + description: AllowHostPID determines if the policy allows host pid in + the containers. + type: boolean + allowHostPorts: + description: AllowHostPorts determines if the policy allows host ports + in the containers. + type: boolean + allowPrivilegeEscalation: + description: AllowPrivilegeEscalation determines if a pod can request + to allow privilege escalation. If unspecified, defaults to true. + nullable: true + type: boolean + allowPrivilegedContainer: + description: AllowPrivilegedContainer determines if a container can request + to be run as privileged. + type: boolean + allowedCapabilities: + description: AllowedCapabilities is a list of capabilities that can be + requested to add to the container. Capabilities in this field maybe + added at the pod author's discretion. You must not list a capability + in both AllowedCapabilities and RequiredDropCapabilities. To allow all + capabilities you may use '*'. + items: + description: Capability represent POSIX capabilities type type: string - defaultAddCapabilities: - description: DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities. - items: - description: Capability represent POSIX capabilities type - type: string - nullable: true - type: array - defaultAllowPrivilegeEscalation: - description: DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process. - nullable: true - type: boolean - forbiddenSysctls: - description: "ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. \n Examples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc." - items: - type: string - nullable: true - type: array - fsGroup: - description: FSGroup is the strategy that will dictate what fs group is used by the SecurityContext. - nullable: true + nullable: true + type: array + allowedFlexVolumes: + description: AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty + or nil indicates that all Flexvolumes may be used. This parameter is + effective only when the usage of the Flexvolumes is allowed in the "Volumes" + field. + items: + description: AllowedFlexVolume represents a single Flexvolume that is + allowed to be used. properties: - ranges: - description: Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. - items: - description: 'IDRange provides a min/max of an allowed range of IDs. TODO: this could be reused for UIDs.' - properties: - max: - description: Max is the end of the range, inclusive. - format: int64 - type: integer - min: - description: Min is the start of the range, inclusive. - format: int64 - type: integer - type: object - type: array - type: - description: Type is the strategy that will dictate what FSGroup is used in the SecurityContext. + driver: + description: Driver is the name of the Flexvolume driver. type: string + required: + - driver type: object - groups: - description: The groups that have permission to use this security context constraints - items: - type: string - nullable: true - type: array - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + nullable: true + type: array + allowedUnsafeSysctls: + description: "AllowedUnsafeSysctls is a list of explicitly allowed unsafe + sysctls, defaults to none. Each entry is either a plain sysctl name + or ends in \"*\" in which case it is considered as a prefix of allowed + sysctls. Single * means all unsafe sysctls are allowed. Kubelet has + to whitelist all allowed unsafe sysctls explicitly to avoid rejection. + \n Examples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. + \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc." + items: type: string - metadata: - type: object - priority: - description: Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name. - format: int32 - nullable: true - type: integer - readOnlyRootFilesystem: - description: ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to. - type: boolean - requiredDropCapabilities: - description: RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added. - items: - description: Capability represent POSIX capabilities type - type: string - nullable: true - type: array - runAsUser: - description: RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext. - nullable: true - properties: - type: - description: Type is the strategy that will dictate what RunAsUser is used in the SecurityContext. - type: string - uid: - description: UID is the user id that containers must run as. Required for the MustRunAs strategy if not using namespace/service account allocated uids. - format: int64 - type: integer - uidRangeMax: - description: UIDRangeMax defines the max value for a strategy that allocates by range. - format: int64 - type: integer - uidRangeMin: - description: UIDRangeMin defines the min value for a strategy that allocates by range. - format: int64 - type: integer - type: object - seLinuxContext: - description: SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext. - nullable: true - properties: - seLinuxOptions: - description: seLinuxOptions required to run as; required for MustRunAs + nullable: true + type: array + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + defaultAddCapabilities: + description: DefaultAddCapabilities is the default set of capabilities + that will be added to the container unless the pod spec specifically + drops the capability. You may not list a capabiility in both DefaultAddCapabilities + and RequiredDropCapabilities. + items: + description: Capability represent POSIX capabilities type + type: string + nullable: true + type: array + defaultAllowPrivilegeEscalation: + description: DefaultAllowPrivilegeEscalation controls the default setting + for whether a process can gain more privileges than its parent process. + nullable: true + type: boolean + forbiddenSysctls: + description: "ForbiddenSysctls is a list of explicitly forbidden sysctls, + defaults to none. Each entry is either a plain sysctl name or ends in + \"*\" in which case it is considered as a prefix of forbidden sysctls. + Single * means all sysctls are forbidden. \n Examples: e.g. \"foo/*\" + forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", + \"foo.baz\", etc." + items: + type: string + nullable: true + type: array + fsGroup: + description: FSGroup is the strategy that will dictate what fs group is + used by the SecurityContext. + nullable: true + properties: + ranges: + description: Ranges are the allowed ranges of fs groups. If you would + like to force a single fs group then supply a single range with + the same start and end. + items: + description: 'IDRange provides a min/max of an allowed range of + IDs. TODO: this could be reused for UIDs.' properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string + max: + description: Max is the end of the range, inclusive. + format: int64 + type: integer + min: + description: Min is the start of the range, inclusive. + format: int64 + type: integer type: object - type: - description: Type is the strategy that will dictate what SELinux context is used in the SecurityContext. - type: string - type: object - seccompProfiles: - description: "SeccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default." - items: + type: array + type: + description: Type is the strategy that will dictate what FSGroup is + used in the SecurityContext. type: string - nullable: true - type: array - supplementalGroups: - description: SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext. - nullable: true - properties: - ranges: - description: Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. - items: - description: 'IDRange provides a min/max of an allowed range of IDs. TODO: this could be reused for UIDs.' - properties: - max: - description: Max is the end of the range, inclusive. - format: int64 - type: integer - min: - description: Min is the start of the range, inclusive. - format: int64 - type: integer - type: object - type: array - type: - description: Type is the strategy that will dictate what supplemental groups is used in the SecurityContext. - type: string - type: object - users: - description: The users who have permissions to use this security context constraints - items: + type: object + groups: + description: The groups that have permission to use this security context + constraints + items: + type: string + nullable: true + type: array + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + priority: + description: Priority influences the sort order of SCCs when evaluating + which SCCs to try first for a given pod request based on access in the + Users and Groups fields. The higher the int, the higher priority. An + unset value is considered a 0 priority. If scores for multiple SCCs + are equal they will be sorted from most restrictive to least restrictive. + If both priorities and restrictions are equal the SCCs will be sorted + by name. + format: int32 + nullable: true + type: integer + readOnlyRootFilesystem: + description: ReadOnlyRootFilesystem when set to true will force containers + to run with a read only root file system. If the container specifically + requests to run with a non-read only root file system the SCC should + deny the pod. If set to false the container may run with a read only + root file system if it wishes but it will not be forced to. + type: boolean + requiredDropCapabilities: + description: RequiredDropCapabilities are the capabilities that will be + dropped from the container. These are required to be dropped and cannot + be added. + items: + description: Capability represent POSIX capabilities type + type: string + nullable: true + type: array + runAsUser: + description: RunAsUser is the strategy that will dictate what RunAsUser + is used in the SecurityContext. + nullable: true + properties: + type: + description: Type is the strategy that will dictate what RunAsUser + is used in the SecurityContext. type: string - nullable: true - type: array - volumes: - description: Volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use "*". To allow no volumes, set to ["none"]. - items: - description: FS Type gives strong typing to different file systems that are used by volumes. + uid: + description: UID is the user id that containers must run as. Required + for the MustRunAs strategy if not using namespace/service account + allocated uids. + format: int64 + type: integer + uidRangeMax: + description: UIDRangeMax defines the max value for a strategy that + allocates by range. + format: int64 + type: integer + uidRangeMin: + description: UIDRangeMin defines the min value for a strategy that + allocates by range. + format: int64 + type: integer + type: object + seLinuxContext: + description: SELinuxContext is the strategy that will dictate what labels + will be set in the SecurityContext. + nullable: true + properties: + seLinuxOptions: + description: seLinuxOptions required to run as; required for MustRunAs + properties: + level: + description: Level is SELinux level label that applies to the + container. + type: string + role: + description: Role is a SELinux role label that applies to the + container. + type: string + type: + description: Type is a SELinux type label that applies to the + container. + type: string + user: + description: User is a SELinux user label that applies to the + container. + type: string + type: object + type: + description: Type is the strategy that will dictate what SELinux context + is used in the SecurityContext. + type: string + type: object + seccompProfiles: + description: "SeccompProfiles lists the allowed profiles that may be set + for the pod or container's seccomp annotations. An unset (nil) or empty + value means that no profiles may be specifid by the pod or container.\tThe + wildcard '*' may be used to allow all profiles. When used to generate + a value for a pod the first non-wildcard profile will be used as the + default." + items: + type: string + nullable: true + type: array + supplementalGroups: + description: SupplementalGroups is the strategy that will dictate what + supplemental groups are used by the SecurityContext. + nullable: true + properties: + ranges: + description: Ranges are the allowed ranges of supplemental groups. If + you would like to force a single supplemental group then supply + a single range with the same start and end. + items: + description: 'IDRange provides a min/max of an allowed range of + IDs. TODO: this could be reused for UIDs.' + properties: + max: + description: Max is the end of the range, inclusive. + format: int64 + type: integer + min: + description: Min is the start of the range, inclusive. + format: int64 + type: integer + type: object + type: array + type: + description: Type is the strategy that will dictate what supplemental + groups is used in the SecurityContext. type: string - nullable: true - type: array - required: - - allowHostDirVolumePlugin - - allowHostIPC - - allowHostNetwork - - allowHostPID - - allowHostPorts - - allowPrivilegedContainer - - allowedCapabilities - - defaultAddCapabilities - - priority - - readOnlyRootFilesystem - - requiredDropCapabilities - - volumes - type: object - served: true - storage: true + type: object + users: + description: The users who have permissions to use this security context + constraints + items: + type: string + nullable: true + type: array + volumes: + description: Volumes is a white list of allowed volume plugins. FSType + corresponds directly with the field names of a VolumeSource (azureFile, + configMap, emptyDir). To allow all volumes you may use "*". To allow + no volumes, set to ["none"]. + items: + description: FS Type gives strong typing to different file systems that + are used by volumes. + type: string + nullable: true + type: array + required: + - allowHostDirVolumePlugin + - allowHostIPC + - allowHostNetwork + - allowHostPID + - allowHostPorts + - allowPrivilegedContainer + - allowedCapabilities + - defaultAddCapabilities + - priority + - readOnlyRootFilesystem + - requiredDropCapabilities + - volumes + type: object + served: true + storage: true diff --git a/assets/crd/route.crd.yaml b/assets/crd/route.crd.yaml deleted file mode 100644 index 0ec81826ed..0000000000 --- a/assets/crd/route.crd.yaml +++ /dev/null @@ -1,655 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1228 - name: routes.route.openshift.io -spec: - group: route.openshift.io - names: - kind: Route - plural: routes - singular: route - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.ingress[0].host - name: Host - type: string - - jsonPath: .status.ingress[0].conditions[?(@.type=="Admitted")].status - name: Admitted - type: string - - jsonPath: .spec.to.name - name: Service - type: string - - jsonPath: .spec.tls.type - name: TLS - type: string - name: v1 - schema: - openAPIV3Schema: - description: "A route allows developers to expose services through an HTTP(S) - aware load balancing and proxy layer via a public DNS entry. The route may - further specify TLS options and a certificate, or specify a public CNAME - that the router should also accept for HTTP and HTTPS traffic. An administrator - typically configures their router to be visible outside the cluster firewall, - and may also add additional security, caching, or traffic controls on the - service content. Routers usually talk directly to the service endpoints. - \n Once a route is created, the `host` field may not be changed. Generally, - routers use the oldest route with a given host when resolving conflicts. - \n Routers are subject to additional customization and may support additional - controls via the annotations field. \n Because administrators may configure - multiple routers, the route status field is used to return information to - clients about the names and states of the route under each router. If a - client chooses a duplicate name, for instance, the route status conditions - are used to indicate the route cannot be chosen. \n To enable HTTP/2 ALPN - on a route it requires a custom (non-wildcard) certificate. This prevents - connection coalescing by clients, notably web browsers. We do not support - HTTP/2 ALPN on routes that use the default certificate because of the risk - of connection re-use/coalescing. Routes that do not have their own custom - certificate will not be HTTP/2 ALPN-enabled on either the frontend or the - backend. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - allOf: - - anyOf: - - properties: - path: - maxLength: 0 - - properties: - tls: - enum: - - null - - not: - properties: - tls: - properties: - termination: - enum: - - passthrough - - anyOf: - - not: - properties: - host: - maxLength: 0 - - not: - properties: - wildcardPolicy: - enum: - - Subdomain - description: spec is the desired state of the route - properties: - alternateBackends: - description: alternateBackends allows up to 3 additional backends - to be assigned to the route. Only the Service kind is allowed, and - it will be defaulted to Service. Use the weight field in RouteTargetReference - object to specify relative preference. - items: - description: RouteTargetReference specifies the target that resolve - into endpoints. Only the 'Service' kind is allowed. Use 'weight' - field to emphasize one over others. - properties: - kind: - default: Service - description: The kind of target that the route is referring - to. Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default - 100, that specifies the target's relative weight against other - target reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - maxItems: 3 - type: array - host: - description: host is an alias/DNS that points to the service. Optional. - If not specified a route name will typically be automatically chosen. - Must follow DNS952 subdomain conventions. - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - httpHeaders: - description: httpHeaders defines policy for HTTP headers. - properties: - actions: - description: 'actions specifies options for modifying headers - and their values. Note that this option only applies to cleartext - HTTP connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). Headers cannot be modified for TLS - passthrough connections. Setting the HSTS (`Strict-Transport-Security`) - header is not supported via actions. `Strict-Transport-Security` - may only be configured using the "haproxy.router.openshift.io/hsts_header" - route annotation, and only in accordance with the policy specified - in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request - headers, the actions specified in spec.httpHeaders.actions on - the Route will be executed after the actions specified in the - IngressController''s spec.httpHeaders.actions field. In case - of HTTP response headers, the actions specified in spec.httpHeaders.actions - on the IngressController will be executed after the actions - specified in the Route''s spec.httpHeaders.actions field. The - headers set via this API will not appear in access logs. Any - actions defined here are applied after any actions related to - the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, - spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. - The following header names are reserved and may not be modified - via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. - Note that the total size of all net added headers *after* interpolating - dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. Please refer to the documentation - for that API field for more details.' - properties: - request: - description: 'request is a list of HTTP request headers to - modify. Currently, actions may define to either `Set` or - `Delete` headers values. Actions defined here will modify - the request headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Currently, - actions may define to either `Set` or `Delete` headers values. - Route actions will be executed after IngressController actions - for request headers. Actions are applied in sequence as - defined in this list. A maximum of 20 request header actions - may be configured. You can use this field to specify HTTP - request headers that should be set or deleted when forwarding - connections from the client to your application. Sample - fetchers allowed are "req.hdr" and "ssl_c_der". Converters - allowed are "lower" and "base64". Example header values: - "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". - Any request header configuration applied directly via a - Route resource using this API will override header configuration - for a header of the same name applied via spec.httpHeaders.actions - on the IngressController or route annotation. Note: This - field cannot be used if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are req.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - response: - description: 'response is a list of HTTP response headers - to modify. Currently, actions may define to either `Set` - or `Delete` headers values. Actions defined here will modify - the response headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Route actions - will be executed before IngressController actions for response - headers. Actions are applied in sequence as defined in this - list. A maximum of 20 response header actions may be configured. - You can use this field to specify HTTP response headers - that should be set or deleted when forwarding responses - from your application to the client. Sample fetchers allowed - are "res.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[res.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used - if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are res.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - type: object - type: object - path: - description: path that the router watches for, to route traffic for - to the service. Optional - pattern: ^/ - type: string - port: - description: If specified, the port to be used by the router. Most - routers will use all endpoints exposed by the service by default - - set this value to instruct routers which port to use. - properties: - targetPort: - allOf: - - not: - enum: - - 0 - - not: - enum: - - "" - x-kubernetes-int-or-string: true - required: - - targetPort - type: object - subdomain: - description: "subdomain is a DNS subdomain that is requested within - the ingress controller's domain (as a subdomain). If host is set - this field is ignored. An ingress controller may choose to ignore - this suggested name, in which case the controller will report the - assigned name in the status.ingress array or refuse to admit the - route. If this value is set and the server does not support this - field host will be populated automatically. Otherwise host is left - empty. The field may have multiple parts separated by a dot, but - not all ingress controllers may honor the request. This field may - not be changed after creation except by a user with the update routes/custom-host - permission. \n Example: subdomain `frontend` automatically receives - the router subdomain `apps.mycluster.com` to have a full hostname - `frontend.apps.mycluster.com`." - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - tls: - allOf: - - anyOf: - - properties: - caCertificate: - maxLength: 0 - certificate: - maxLength: 0 - destinationCACertificate: - maxLength: 0 - key: - maxLength: 0 - - not: - properties: - termination: - enum: - - passthrough - - anyOf: - - properties: - destinationCACertificate: - maxLength: 0 - - not: - properties: - termination: - enum: - - edge - description: The tls field provides the ability to configure certificates - and termination for the route. - properties: - caCertificate: - description: caCertificate provides the cert authority certificate - contents - type: string - certificate: - description: certificate provides certificate contents. This should - be a single serving certificate, not a certificate chain. Do - not include a CA certificate. - type: string - destinationCACertificate: - description: destinationCACertificate provides the contents of - the ca certificate of the final destination. When using reencrypt - termination this file should be provided in order to have routers - use it for health checks on the secure connection. If this field - is not specified, the router may provide its own destination - CA and perform hostname validation using the short service name - (service.namespace.svc), which allows infrastructure generated - certificates to automatically verify. - type: string - insecureEdgeTerminationPolicy: - description: "insecureEdgeTerminationPolicy indicates the desired - behavior for insecure connections to a route. While each router - may make its own decisions on which ports to expose, this is - normally port 80. \n * Allow - traffic is sent to the server - on the insecure port (edge/reencrypt terminations only) (default). - * None - no traffic is allowed on the insecure port. * Redirect - - clients are redirected to the secure port." - enum: - - Allow - - None - - Redirect - - "" - type: string - key: - description: key provides key file contents - type: string - termination: - description: "termination indicates termination type. \n * edge - - TLS termination is done by the router and http is used to - communicate with the backend (default) * passthrough - Traffic - is sent straight to the destination without the router providing - TLS termination * reencrypt - TLS termination is done by the - router and https is used to communicate with the backend \n - Note: passthrough termination is incompatible with httpHeader - actions" - enum: - - edge - - reencrypt - - passthrough - type: string - required: - - termination - type: object - x-kubernetes-validations: - - message: 'cannot have both spec.tls.termination: passthrough and - spec.tls.insecureEdgeTerminationPolicy: Allow' - rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) - ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) - : true' - to: - description: to is an object the route should use as the primary backend. - Only the Service kind is allowed, and it will be defaulted to Service. - If the weight field (0-256 default 100) is set to zero, no traffic - will be sent to this backend. - properties: - kind: - default: Service - description: The kind of target that the route is referring to. - Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default 100, - that specifies the target's relative weight against other target - reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - wildcardPolicy: - default: None - description: Wildcard policy if any for the route. Currently only - 'Subdomain' or 'None' is allowed. - enum: - - None - - Subdomain - - "" - type: string - required: - - to - type: object - x-kubernetes-validations: - - message: header actions are not permitted when tls termination is passthrough. - rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || - !has(self.httpHeaders)' - status: - description: status is the current state of the route - properties: - ingress: - description: ingress describes the places where the route may be exposed. - The list of ingress points may contain duplicate Host or RouterName - values. Routes are considered live once they are `Ready` - items: - description: RouteIngress holds information about the places where - a route is exposed. - properties: - conditions: - description: Conditions is the state of the route, may be empty. - items: - description: RouteIngressCondition contains details for the - current condition of this route on a particular router. - properties: - lastTransitionTime: - description: RFC 3339 date and time when this condition - last transitioned - format: date-time - type: string - message: - description: Human readable message indicating details - about last transition. - type: string - reason: - description: (brief) reason for the condition's last transition, - and is usually a machine and human readable constant - type: string - status: - description: Status is the status of the condition. Can - be True, False, Unknown. - type: string - type: - description: Type is the type of the condition. Currently - only Admitted or UnservableInFutureVersions. - type: string - required: - - status - - type - type: object - type: array - host: - description: Host is the host string under which the route is - exposed; this value is required - type: string - routerCanonicalHostname: - description: CanonicalHostname is the external host name for - the router that can be used as a CNAME for the host requested - for this route. This value is optional and may not be set - in all cases. - type: string - routerName: - description: Name is a name chosen by the router to identify - itself; this value is required - type: string - wildcardPolicy: - description: Wildcard policy is the wildcard policy that was - allowed where this route is exposed. - type: string - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/assets/release/release-aarch64.json b/assets/release/release-aarch64.json index b557c67b1d..71d2baca9e 100644 --- a/assets/release/release-aarch64.json +++ b/assets/release/release-aarch64.json @@ -1,23 +1,23 @@ { "release": { - "base": "4.16.0-0.nightly-arm64-2024-04-15-184946" + "base": "4.16.0-0.nightly-arm64-2024-04-25-160158" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:89dd44042b35ceab5344c91dee1f86a2b1aa680eeed5c1c9cb6a5de6b2481c88", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:894a8012f1be8e8e92bea6ce44f1629963ae4c83d77c2f5d8a306c912c69ff6b", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:829c8341dae484d41bd64ae8c32ae9933c3034496eebd3d95a5bf4dafdb47b8b", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e8c38572330a24490fdebe2c9d6651998a340355993fedcef8dbfbe2f3e1b416", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:d78a8affe00f07c61d7578053ec0ad542b5a7301447810e4f9c9535bfffd1c15", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:023331f0f8078dbcec22961445fc10b37d1a9b81fb670a6d49ed9a524cdaca83", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:16d2a8c69296e8567db256d3cbcca7f8b7cca1647020547f0507d0877f965397", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:87858c9f28a6b396ba8fbd961b25580565c0d0ea31588594e83fc88850b998c8", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:624711c5143a935d7f7f3593335a222ae0a193dc56eeda2acdfe1a50f360fbdd", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:da1f6d72a6a851486bc6ac0801742624c71078dec61ff6581222c075b07cd563", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:ef9d985d7684b0fa343531ac3266e8b21787c83d79b1d81e7946d51ccc90fe74", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7a25e428b07cf4ed992c21677ec34b9326dcafb5efa9a61cd5c841eb8e1b16ff", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7697ddbff92ded36e0475400ba9cb32d73b78f21e74c34e8f4947c8c08ae5324", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5db9997ceeebd90ab87563ae8887ff12f99fded3ccf54ece6a2e470e37621e84", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel9@sha256:ce0c78c2867fb0b73c4911ae6afd5aaf9a413480cfcf4f31f46f2387c3df97e0", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:95691c21198e20d11777d592806fa00c018c17443d9b3aee853891dac6090470", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:98ad03919da81c910aaa8a4f12fcae3048f2119735aeb7ca5271f7c16cf5e4e6", "topolvm_csi_resizer": "registry.redhat.io/openshift4/ose-csi-external-resizer@sha256:94f4a9ad37891cfbf58ca7db58000e703ff4d9d7a7b207d50ec844c1610e2111", "topolvm_csi_provisioner": "registry.redhat.io/openshift4/ose-csi-external-provisioner@sha256:76a5646d4b8406ae9065a1605644ec641acc97aa471ebae744e8e06487cec765", - "csi-external-snapshotter": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f8c7e1f4ae53d3df33c176f48b41afe800a9ec23af8c786e1b1dfdd127e968da", - "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:471a3d0f2cde5b86938900603ef30d9cf11efe31b3808d9ec356cb75683d1411", - "csi-snapshot-validation-webhook": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3aa206800d88e243c601e6f88abc4a50b66512775c48c295a01817c207487d66" + "csi-external-snapshotter": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:24d6f6b60d8d8045d9a0dcd0d4ec531f4b6c2ba8b352ce5ebf8b4a5da9167bb0", + "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:76d747bdd1dc6e31cef361ace71fe4bdb283601162ecde5ddcd58be88140e969", + "csi-snapshot-validation-webhook": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:82cc03a529bfe58510b9383ee4f4b48a21618b5068a3f09dc1de9a1ce1727d26" } } diff --git a/assets/release/release-x86_64.json b/assets/release/release-x86_64.json index 23a2028c62..02cc500475 100644 --- a/assets/release/release-x86_64.json +++ b/assets/release/release-x86_64.json @@ -1,23 +1,23 @@ { "release": { - "base": "4.16.0-0.nightly-2024-04-15-184947" + "base": "4.16.0-0.nightly-2024-04-23-032717" }, "images": { - "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:baf096ec160bb98fec3ec782633e79b6dff3cdb187043b77bebc70de969843dc", - "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:7092a6cdb5e26d2899453789d0f7ccda238cb4e7cb4c07ddbc296bf906e74192", - "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:824d3879c298b559365c9ca0acc8b2d9d19cbbe242f0fbf5d4c6142bdd99a990", - "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:837abe32cf23d260c8be1032e10b570cae8562da3165336d0fcbea64860591a2", + "cli": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:dc3b5f78df398439f5d03e389f2405223a68245f79f913963746dacb1e1ee88b", + "coredns": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3ef124aec5f3b5e0fa1a4b46ab269c09febe3dde7f1f90fb0943ce1b7ee7e773", + "haproxy-router": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0fb4dc1a0517180ec76f1b41b54f7562eccb475c82f796e0ad0433297c935953", + "kube-rbac-proxy": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:0adb8df5744d085fd93707eef75c97c089d71152d09236b85c304448d4434487", "openssl": "registry.access.redhat.com/ubi8/openssl@sha256:9e743d947be073808f7f1750a791a3dbd81e694e37161e8c6c6057c2c342d671", - "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:02aedc0589854cdefc45a02f16beb7bc0863e78357ab183ac85566e2b792e308", - "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f9d143d0097222d59b5a12e6a53b57f4395c9a74516754de59987c340557343e", - "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:a818beafe48b6c0852df8f96f5b86bbc2b4670c663b342f5ef5590b1171f64b4", + "ovn-kubernetes-microshift": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:f7601d41df4dca97b83c5506b9c4ea2f49c4498de352ff2f04a20bf56be43add", + "pod": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:60cd022d6b8665acdc4a8ea5fc0693bed67c6803440dbf372a7a2740f1af07e5", + "service-ca-operator": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9142a6819adf61bc3998679ab26bedfa044661a0bd0a8cf08af302948ba476b6", "topolvm_csi": "registry.redhat.io/lvms4/topolvm-rhel9@sha256:ce0c78c2867fb0b73c4911ae6afd5aaf9a413480cfcf4f31f46f2387c3df97e0", "topolvm_csi_registrar": "registry.redhat.io/openshift4/ose-csi-node-driver-registrar@sha256:95691c21198e20d11777d592806fa00c018c17443d9b3aee853891dac6090470", "topolvm_csi_livenessprobe": "registry.redhat.io/openshift4/ose-csi-livenessprobe@sha256:98ad03919da81c910aaa8a4f12fcae3048f2119735aeb7ca5271f7c16cf5e4e6", "topolvm_csi_resizer": "registry.redhat.io/openshift4/ose-csi-external-resizer@sha256:94f4a9ad37891cfbf58ca7db58000e703ff4d9d7a7b207d50ec844c1610e2111", "topolvm_csi_provisioner": "registry.redhat.io/openshift4/ose-csi-external-provisioner@sha256:76a5646d4b8406ae9065a1605644ec641acc97aa471ebae744e8e06487cec765", - "csi-external-snapshotter": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:cab791dfbe882890825c27c9e56b4e93193e645684aa45f40ff5399388789164", - "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:98d0091d209d33db2acf9418a0f73823bb9e880e799b79f53c5c37abe0c38e0d", - "csi-snapshot-validation-webhook": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:03f4bfdd2d2c8d02e9e7a5cfddcb7066788be69b11b1342c674bd92d53809559" + "csi-external-snapshotter": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:90b4e92208f7738f383d9f08c04aa37966e111be945fbe9edadb34af9ca198aa", + "csi-snapshot-controller": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:14b3573e254a9e9c628c78eeda1cd3873f1772a5c760aa179460f2ef34b408d7", + "csi-snapshot-validation-webhook": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:3a128d2de78cfc2fc2bd9855abb484d91c12473bc3d48aed191ac4c39b99b655" } } diff --git a/rebase_sh.log b/rebase_sh.log new file mode 100644 index 0000000000..cf99adf75c --- /dev/null +++ b/rebase_sh.log @@ -0,0 +1,1320 @@ +# Rebasing to registry.ci.openshift.org/ocp/release:4.16.0-0.nightly-2024-04-23-032717 and registry.ci.openshift.org/ocp-arm64/release-arm64:4.16.0-0.nightly-arm64-2024-04-25-160158 +# Fetching release info for registry.ci.openshift.org/ocp/release:4.16.0-0.nightly-2024-04-23-032717 (amd64) +# Fetching release info for registry.ci.openshift.org/ocp-arm64/release-arm64:4.16.0-0.nightly-arm64-2024-04-25-160158 (arm64) +# Extracting registry.ci.openshift.org/ocp/release:4.16.0-0.nightly-2024-04-23-032717 manifest content +# Cloning registry.ci.openshift.org/ocp/release:4.16.0-0.nightly-2024-04-23-032717 component repos +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-csi-snapshot-controller-operator/.git/ +HEAD is now at 661409f Merge pull request #193 from deads2k/termination + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-dns-operator/.git/ +HEAD is now at 2d77b09 Merge pull request #393 from arkadeepsen/enable-ocp-dnsnameresolver + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-ingress-operator/.git/ +HEAD is now at bca2dff Merge pull request #950 from alebedev87/ingress-capability + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-kube-apiserver-operator/.git/ +HEAD is now at 65eb450 Merge pull request #1664 from knelasevero/NoExecute-toleration + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-kube-controller-manager-operator/.git/ +HEAD is now at f0f485f Merge pull request #804 from vrutkovs/remove-secretypetls + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-kube-scheduler-operator/.git/ +HEAD is now at 630f63b Merge pull request #539 from knelasevero/NoExecute-toleration + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-network-operator/.git/ +HEAD is now at 6e245a0 Merge pull request #2346 from JoshSalomon/ipsec-metric-2 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-openshift-controller-manager-operator/.git/ +HEAD is now at d291c51 Merge pull request #341 from apoorvajagtap/update-opentelemetry-dependency-master + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/cluster-policy-controller/.git/ +HEAD is now at eaea543 Merge pull request #147 from ingvagabund/bump-protobuf + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/csi-external-snapshotter/.git/ +HEAD is now at 5315d37 Merge pull request #148 from mpatlasov/OCPBUGS-31746-Backport-volumegroupsnapshot-fixes + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/etcd/.git/ +HEAD is now at aa0c441f Merge pull request #259 from Elbehery/rebase-etcd-3.5.13-openshift-4.16 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/kubernetes/.git/ +HEAD is now at d9d45306d Merge pull request #1947 from sairameshv/bump-1.29.4 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/kubernetes-kube-storage-version-migrator/.git/ +HEAD is now at 969a60e Merge pull request #203 from openshift-bot/art-consistency-openshift-4.16-ose-kube-storage-version-migrator + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/machine-config-operator/.git/ +HEAD is now at 52e618e8 Merge pull request #4329 from sinnykumari/machine-os-content-cleanup + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/openshift-controller-manager/.git/ +HEAD is now at 0c7b9d0 Merge pull request #292 from sanchezl/builder-image-pull-secret + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/operator-framework-olm/.git/ +HEAD is now at 773439e5 Merge pull request #737 from openshift-bot/synchronize-upstream + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/route-controller-manager/.git/ +HEAD is now at 3112b45 Merge pull request #41 from candita/OCPBUGS-30048-FixOWNERS + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/service-ca-operator/.git/ +HEAD is now at cb3093f Merge pull request #235 from liouk/required-scc + +# Cloning registry.ci.openshift.org/ocp/release:4.16.0-0.nightly-2024-04-23-032717 image repos +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/oc/.git/ +HEAD is now at 057cfc56 Merge pull request #1652 from soltysh/tools_rhel9 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/coredns/.git/ +HEAD is now at f937ebf Merge pull request #115 from arkadeepsen/ocp-dnsnameresolver + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/csi-external-snapshotter/.git/ +HEAD is now at 5315d37 Merge pull request #148 from mpatlasov/OCPBUGS-31746-Backport-volumegroupsnapshot-fixes + + + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/router/.git/ +HEAD is now at 7ad7ec1 Merge pull request #555 from gcs278/OCPBUGS-26498-upgradeable-status + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/kube-rbac-proxy/.git/ +HEAD is now at 04d0a78 Merge pull request #90 from ibihim/hardcoded-authorizer + +openssl not from release payload, skipping + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/ovn-kubernetes/.git/ +HEAD is now at a7f0909 Merge pull request #1946 from danwinship/nftables-cni + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/kubernetes/.git/ +HEAD is now at d9d45306d Merge pull request #1947 from sairameshv/bump-1.29.4 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/amd64/service-ca-operator/.git/ +HEAD is now at cb3093f Merge pull request #235 from liouk/required-scc + +topolvm_csi not from release payload, skipping + +topolvm_csi_livenessprobe not from release payload, skipping + +topolvm_csi_provisioner not from release payload, skipping + +topolvm_csi_registrar not from release payload, skipping + +topolvm_csi_resizer not from release payload, skipping + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/oc/.git/ +HEAD is now at f55e9201 Merge pull request #1734 from jstuever/OCPBUGS-32080 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/coredns/.git/ +HEAD is now at f937ebf Merge pull request #115 from arkadeepsen/ocp-dnsnameresolver + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/csi-external-snapshotter/.git/ +HEAD is now at 5315d37 Merge pull request #148 from mpatlasov/OCPBUGS-31746-Backport-volumegroupsnapshot-fixes + + + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/router/.git/ +HEAD is now at d2d6892 Merge pull request #575 from gcs278/OCPBUGS-26498-upgradeable-status-E2E-args + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/kube-rbac-proxy/.git/ +HEAD is now at 04d0a78 Merge pull request #90 from ibihim/hardcoded-authorizer + +openssl not from release payload, skipping + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/ovn-kubernetes/.git/ +HEAD is now at a7f0909 Merge pull request #1946 from danwinship/nftables-cni + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/kubernetes/.git/ +HEAD is now at 094c9310a Merge pull request #1954 from soltysh/rhel9 + +Initialized empty Git repository in /go/src/github.com/openshift/microshift/_output/staging/arm64/service-ca-operator/.git/ +HEAD is now at cb3093f Merge pull request #235 from liouk/required-scc + +topolvm_csi not from release payload, skipping + +topolvm_csi_livenessprobe not from release payload, skipping + +topolvm_csi_provisioner not from release payload, skipping + +topolvm_csi_registrar not from release payload, skipping + +topolvm_csi_resizer not from release payload, skipping + +Warning: env var PULL_BASE_REF not found or empty, falling back to local active branch. +error: branch 'rebase-main-4.16.0-0.nightly-2024-04-23-032717_amd64-2024-04-23_arm64-2024-04-25' not found. +Switched to a new branch 'rebase-main-4.16.0-0.nightly-2024-04-23-032717_amd64-2024-04-23_arm64-2024-04-25' +## Updating last_rebase.sh +## Committing changes to last_rebase.sh +[rebase-main-4.16.0-0.nightly-2024-04-23-032717_amd64-2024-04-23_arm64-2024-04-25 4dfa3d06a] update last_rebase.sh + 1 file changed, 1 insertion(+), 1 deletion(-) +cluster-dns-operator embedded-component no change + +cluster-kube-scheduler-operator embedded-component no change + +cluster-openshift-controller-manager-operator embedded-component no change + +cluster-policy-controller embedded-component no change + +csi-external-snapshotter embedded-component no change + +etcd embedded-component no change + +kubernetes-kube-storage-version-migrator embedded-component no change + +openshift-controller-manager embedded-component no change + +route-controller-manager embedded-component no change + +service-ca-operator embedded-component no change + +coredns image-amd64 no change + +csi-external-snapshotter image-amd64 no change + +csi-external-snapshotter image-amd64 no change + +csi-external-snapshotter image-amd64 no change + +kube-rbac-proxy image-amd64 no change + +service-ca-operator image-amd64 no change + +coredns image-arm64 no change + +csi-external-snapshotter image-arm64 no change + +csi-external-snapshotter image-arm64 no change + +csi-external-snapshotter image-arm64 no change + +kube-rbac-proxy image-arm64 no change + +service-ca-operator image-arm64 no change + +## Committing changes to changelog +[rebase-main-4.16.0-0.nightly-2024-04-23-032717_amd64-2024-04-23_arm64-2024-04-25 491f9f38e] update changelog + 2 files changed, 329 insertions(+), 16 deletions(-) +# Updating microshift/go.mod +go mod edit -require github.com/openshift/cluster-policy-controller@eaea543f4c845a7b65705f12e162cc121bb12f88 +go: downloading github.com/openshift/api v0.0.0-20240207185517-ae973131190e +go: downloading github.com/openshift/library-go v0.0.0-20240207105404-126b47137408 +go: downloading github.com/openshift/client-go v0.0.0-20240115204758-e6bf7d631d5e +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240411182632-6b4d6cb58038 +go: downloading k8s.io/klog/v2 v2.110.1 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240411182632-6b4d6cb58038 +go: downloading sigs.k8s.io/yaml v1.3.0 +go: downloading github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e +go: downloading github.com/spf13/cobra v1.7.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/openshift/kubernetes v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/stretchr/testify v1.8.4 +go: downloading github.com/apparentlymart/go-cidr v1.1.0 +go: downloading github.com/spf13/pflag v1.0.5 +go: downloading github.com/vishvananda/netlink v1.1.0 +go: downloading sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/miekg/dns v1.1.35 +go: downloading github.com/openshift/cluster-policy-controller v0.0.0-20240311102810-eaea543f4c84 +go: downloading gopkg.in/yaml.v3 v3.0.1 +go: downloading github.com/openshift/route-controller-manager v0.0.0-20240306200724-3112b458983c +go: downloading github.com/openshift/etcd/client/pkg/v3 v3.5.1-0.20240408095611-aa0c441f97e0 +go: downloading github.com/openshift/etcd/client/v3 v3.5.1-0.20240408095611-aa0c441f97e0 +go: downloading github.com/openshift/kubernetes-kube-storage-version-migrator v0.0.3-0.20240125051406-969a60e9e246 +go: downloading github.com/google/go-cmp v0.6.0 +go: downloading golang.org/x/sys v0.16.0 +go: downloading k8s.io/utils v0.0.0-20240102154912-e7106e64919e +go: downloading k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 +go: downloading sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 +go: downloading github.com/openshift/build-machinery-go v0.0.0-20231128094528-1e9b1b0595c8 +go: downloading github.com/evanphx/json-patch v4.12.0+incompatible +go: downloading github.com/davecgh/go-spew v1.1.1 +go: downloading github.com/gogo/protobuf v1.3.2 +go: downloading github.com/google/gofuzz v1.2.0 +go: downloading sigs.k8s.io/structured-merge-diff/v4 v4.4.1 +go: downloading github.com/imdario/mergo v0.3.11 +go: downloading golang.org/x/term v0.16.0 +go: downloading golang.org/x/net v0.20.0 +go: downloading gopkg.in/yaml.v2 v2.4.0 +go: downloading github.com/go-logr/logr v1.4.1 +go: downloading github.com/inconshreveable/mousetrap v1.1.0 +go: downloading github.com/pmezard/go-difflib v1.0.0 +go: downloading sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd +go: downloading github.com/vishvananda/netns v0.0.4 +go: downloading github.com/google/uuid v1.3.1 +go: downloading golang.org/x/time v0.3.0 +go: downloading golang.org/x/crypto v0.18.0 +go: downloading golang.org/x/sync v0.5.0 +go: downloading github.com/jonboulle/clockwork v0.2.2 +go: downloading github.com/pkg/errors v0.9.1 +go: downloading github.com/MakeNowJust/heredoc v1.0.0 +go: downloading github.com/mitchellh/go-wordwrap v1.0.1 +go: downloading github.com/russross/blackfriday/v2 v2.1.0 +go: downloading go.uber.org/zap v1.19.0 +go: downloading github.com/openshift/etcd/api/v3 v3.5.1-0.20240408095611-aa0c441f97e0 +go: downloading google.golang.org/grpc v1.59.0 +go: downloading go.opentelemetry.io/otel/trace v1.19.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/fsnotify/fsnotify v1.7.0 +go: downloading github.com/coreos/go-systemd/v22 v22.5.0 +go: downloading github.com/google/cadvisor v0.48.1 +go: downloading github.com/opencontainers/runc v1.1.10 +go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 +go: downloading go.opentelemetry.io/otel v1.19.0 +go: downloading go.opentelemetry.io/otel/sdk v1.19.0 +go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da +go: downloading github.com/prometheus/client_golang v1.16.0 +go: downloading github.com/blang/semver/v4 v4.0.0 +go: downloading github.com/blang/semver v3.5.1+incompatible +go: downloading github.com/prometheus/client_model v0.4.0 +go: downloading github.com/prometheus/procfs v0.10.1 +go: downloading github.com/prometheus/common v0.44.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240411182632-6b4d6cb58038 +go: downloading gopkg.in/inf.v0 v0.9.1 +go: downloading github.com/golang/protobuf v1.5.4 +go: downloading github.com/google/gnostic-models v0.6.8 +go: downloading gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c +go: downloading google.golang.org/protobuf v1.33.0 +go: downloading golang.org/x/oauth2 v0.11.0 +go: downloading github.com/json-iterator/go v1.1.12 +go: downloading github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de +go: downloading github.com/moby/term v0.0.0-20221205130635-1aeaba878587 +go: downloading golang.org/x/text v0.14.0 +go: downloading github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 +go: downloading github.com/peterbourgon/diskv v2.0.1+incompatible +go: downloading github.com/pkg/profile v1.3.0 +go: downloading github.com/sirupsen/logrus v1.9.0 +go: downloading github.com/emicklei/go-restful/v3 v3.11.0 +go: downloading go.uber.org/atomic v1.10.0 +go: downloading github.com/chai2010/gettext-go v1.0.2 +go: downloading github.com/openshift/ginkgo/v2 v2.6.1-0.20231031162821-c5e24be53ea7 +go: downloading github.com/onsi/gomega v1.29.0 +go: downloading github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d +go: downloading github.com/go-openapi/jsonreference v0.20.2 +go: downloading github.com/go-openapi/swag v0.22.3 +go: downloading go.uber.org/multierr v1.11.0 +go: downloading go.uber.org/goleak v1.2.1 +go: downloading github.com/benbjohnson/clock v1.1.0 +go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d +go: downloading github.com/coreos/go-semver v0.3.1 +go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d +go: downloading google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d +go: downloading k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 +go: downloading github.com/go-errors/errors v1.4.2 +go: downloading gopkg.in/natefinch/lumberjack.v2 v2.2.1 +go: downloading gopkg.in/square/go-jose.v2 v2.6.0 +go: downloading go.etcd.io/etcd/server/v3 v3.5.10 +go: downloading github.com/onsi/ginkgo v1.16.5 +go: downloading github.com/cyphar/filepath-securejoin v0.2.4 +go: downloading github.com/moby/sys/mountinfo v0.6.2 +go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 +go: downloading go.opentelemetry.io/proto/otlp v1.0.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/Azure/azure-sdk-for-go v68.0.0+incompatible +go: downloading github.com/Azure/go-autorest/autorest/adal v0.9.23 +go: downloading github.com/Azure/go-autorest/autorest v0.11.29 +go: downloading github.com/Azure/go-autorest v14.2.0+incompatible +go: downloading github.com/opencontainers/selinux v1.11.0 +go: downloading github.com/docker/go-units v0.5.0 +go: downloading github.com/golang/mock v1.6.0 +go: downloading go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful v0.42.0 +go: downloading github.com/Microsoft/go-winio v0.6.0 +go: downloading github.com/container-storage-interface/spec v1.8.0 +go: downloading github.com/libopenstorage/openstorage v1.0.0 +go: downloading sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.28.0 +go: downloading github.com/openshift/apiserver-library-go v0.0.0-20240313131158-facc40cc7688 +go: downloading github.com/google/cel-go v0.17.7 +go: downloading github.com/karrick/godirwalk v1.17.0 +go: downloading github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 +go: downloading github.com/containerd/typeurl v1.0.2 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/robfig/cron/v3 v3.0.1 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/robfig/cron v1.2.0 +go: downloading github.com/beorn7/perks v1.0.1 +go: downloading github.com/cespare/xxhash/v2 v2.2.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 +go: downloading github.com/kr/pretty v0.3.1 +go: downloading github.com/matttproud/golang_protobuf_extensions v1.0.4 +go: downloading github.com/go-logr/zapr v1.2.3 +go: downloading github.com/creack/pty v1.1.18 +go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd +go: downloading github.com/modern-go/reflect2 v1.0.2 +go: downloading github.com/google/btree v1.0.1 +go: downloading github.com/NYTimes/gziphandler v1.1.1 +go: downloading github.com/go-openapi/jsonpointer v0.19.6 +go: downloading github.com/fvbommel/sortorder v1.1.0 +go: downloading github.com/gorilla/websocket v1.5.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/mailru/easyjson v0.7.7 +go: downloading golang.org/x/tools v0.16.1 +go: downloading github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 +go: downloading go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.42.0 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240411182632-6b4d6cb58038 +go: downloading github.com/coreos/go-oidc v2.2.1+incompatible +go: downloading github.com/grpc-ecosystem/grpc-gateway v1.16.0 +go: downloading github.com/soheilhy/cmux v0.1.5 +go: downloading github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 +go: downloading go.etcd.io/bbolt v1.3.8 +go: downloading go.etcd.io/etcd/pkg/v3 v3.5.10 +go: downloading github.com/felixge/httpsnoop v1.0.3 +go: downloading go.opentelemetry.io/otel/metric v1.19.0 +go: downloading github.com/go-logr/stdr v1.2.2 +go: downloading github.com/cenkalti/backoff/v4 v4.2.1 +go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 +go: downloading github.com/Azure/go-autorest/logger v0.2.1 +go: downloading github.com/Azure/go-autorest/tracing v0.6.0 +go: downloading github.com/Azure/go-autorest/autorest/mocks v0.4.2 +go: downloading github.com/Azure/go-autorest/autorest/date v0.3.0 +go: downloading github.com/golang-jwt/jwt/v4 v4.5.0 +go: downloading github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible +go: downloading cloud.google.com/go/compute/metadata v0.2.3 +go: downloading github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab +go: downloading github.com/rubiojr/go-vhd v0.0.0-20200706105327-02e210299021 +go: downloading github.com/GoogleCloudPlatform/k8s-cloud-provider v1.18.1-0.20220218231025-f11817397a1b +go: downloading cloud.google.com/go/compute v1.23.0 +go: downloading google.golang.org/api v0.126.0 +go: downloading gopkg.in/gcfg.v1 v1.2.3 +go: downloading github.com/vmware/govmomi v0.30.6 +go: downloading github.com/Microsoft/hcsshim v0.8.25 +go: downloading github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e +go: downloading github.com/containerd/cgroups v1.1.0 +go: downloading github.com/lithammer/dedent v1.1.0 +go: downloading github.com/godbus/dbus/v5 v5.1.0 +go: downloading github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f +go: downloading github.com/moby/spdystream v0.2.0 +go: downloading github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 +go: downloading go.opentelemetry.io/contrib/propagators/b3 v1.17.0 +go: downloading github.com/mohae/deepcopy v0.0.0-20170603005431-491d3605edfb +go: downloading github.com/distribution/reference v0.5.0 +go: downloading github.com/containerd/ttrpc v1.2.2 +go: downloading github.com/opencontainers/go-digest v1.0.0 +go: downloading github.com/euank/go-kmsg-parser v2.0.0+incompatible +go: downloading github.com/stoewer/go-strcase v1.2.0 +go: downloading github.com/kr/text v0.2.0 +go: downloading github.com/rogpeppe/go-internal v1.10.0 +go: downloading google.golang.org/appengine v1.6.7 +go: downloading github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 +go: downloading github.com/sergi/go-diff v1.1.0 +go: downloading github.com/fatih/camelcase v1.0.0 +go: downloading github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a +go: downloading github.com/josharian/intern v1.0.0 +go: downloading github.com/pquerna/cachecontrol v0.1.0 +go: downloading github.com/dustin/go-humanize v1.0.1 +go: downloading go.etcd.io/etcd/raft/v3 v3.5.10 +go: downloading github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 +go: downloading github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 +go: downloading github.com/stretchr/objx v0.5.0 +go: downloading gopkg.in/warnings.v0 v0.1.2 +go: downloading github.com/checkpoint-restore/go-criu/v5 v5.3.0 +go: downloading github.com/containerd/console v1.0.3 +go: downloading github.com/mrunalp/fileutils v0.5.1 +go: downloading github.com/docker/docker v20.10.24+incompatible +go: downloading github.com/docker/go-connections v0.4.0 +go: downloading github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df +go: downloading github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 +go: downloading github.com/xlab/treeprint v1.2.0 +go: downloading github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 +go: downloading github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 +go: downloading golang.org/x/mod v0.14.0 +go: downloading go.etcd.io/etcd/client/v2 v2.305.10 +go: downloading github.com/golang/glog v1.1.2 +go: downloading github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 +go: downloading github.com/google/s2a-go v0.1.7 +go: downloading github.com/googleapis/gax-go/v2 v2.11.0 +go: downloading go.opencensus.io v0.24.0 +go: downloading github.com/cilium/ebpf v0.9.1 +go: downloading github.com/go-ldap/ldap/v3 v3.4.3 +go: downloading github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 +go: downloading github.com/seccomp/libseccomp-golang v0.10.0 +go: downloading github.com/opencontainers/image-spec v1.0.2 +go: downloading github.com/docker/distribution v2.8.2+incompatible +go: downloading golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e +go: downloading github.com/envoyproxy/protoc-gen-validate v1.0.2 +go: downloading github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 +go: downloading github.com/googleapis/enterprise-certificate-proxy v0.2.3 +go: downloading github.com/frankban/quicktest v1.14.0 +go: downloading github.com/Azure/go-ntlmssp v0.0.0-20211209120228-48547f28849e +go: downloading github.com/go-asn1-ber/asn1-ber v1.5.4 +go: downloading go.starlark.net v0.0.0-20230525235612-a134d8f9ddca +go: downloading github.com/Azure/go-autorest/autorest/to v0.4.0 +go: downloading github.com/Azure/go-autorest/autorest/validation v0.3.1 +go: downloading github.com/dnaeon/go-vcr v1.2.0 +go: downloading github.com/gofrs/uuid v4.4.0+incompatible +go mod edit -require github.com/openshift/route-controller-manager@3112b458983c6fca6f77d5a945fb0026186dace6 +go mod edit -replace k8s.io/api=github.com/openshift/kubernetes/staging/src/k8s.io/api@d9d45306df052aa5824fd8b2dab4e61f5ecc481c +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20240420191847-d9d45306df05 +go: downloading golang.org/x/sys v0.18.0 +go: downloading golang.org/x/net v0.23.0 +go: downloading golang.org/x/term v0.18.0 +go: downloading golang.org/x/crypto v0.21.0 +go mod edit -replace k8s.io/apiextensions-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/apimachinery=github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiserver@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cli-runtime=github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/client-go=github.com/openshift/kubernetes/staging/src/k8s.io/client-go@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cloud-provider=github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cluster-bootstrap=github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/code-generator=github.com/openshift/kubernetes/staging/src/k8s.io/code-generator@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/component-base=github.com/openshift/kubernetes/staging/src/k8s.io/component-base@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/component-helpers=github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cri-api=github.com/openshift/kubernetes/staging/src/k8s.io/cri-api@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/csi-translation-lib=github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/dynamic-resource-allocation=github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/endpointslice=github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kms=github.com/openshift/kubernetes/staging/src/k8s.io/kms@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-aggregator=github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-proxy=github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-scheduler=github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kubectl=github.com/openshift/kubernetes/staging/src/k8s.io/kubectl@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kubelet=github.com/openshift/kubernetes/staging/src/k8s.io/kubelet@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/legacy-cloud-providers=github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/metrics=github.com/openshift/kubernetes/staging/src/k8s.io/metrics@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/mount-utils=github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/pod-security-admission=github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/sample-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/sample-cli-plugin=github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/sample-controller=github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace github.com/onsi/ginkgo/v2=github.com/openshift/ginkgo/v2@v2.6.1-0.20231031162821-c5e24be53ea7 +go mod edit -replace k8s.io/api=github.com/openshift/kubernetes/staging/src/k8s.io/api@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/apiextensions-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/apimachinery=github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiserver@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cli-runtime=github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/client-go=github.com/openshift/kubernetes/staging/src/k8s.io/client-go@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cloud-provider=github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cluster-bootstrap=github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/code-generator=github.com/openshift/kubernetes/staging/src/k8s.io/code-generator@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/component-base=github.com/openshift/kubernetes/staging/src/k8s.io/component-base@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/component-helpers=github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cri-api=github.com/openshift/kubernetes/staging/src/k8s.io/cri-api@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/csi-translation-lib=github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/dynamic-resource-allocation=github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kms=github.com/openshift/kubernetes/staging/src/k8s.io/kms@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-aggregator=github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-proxy=github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-scheduler=github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kubectl=github.com/openshift/kubernetes/staging/src/k8s.io/kubectl@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kubelet=github.com/openshift/kubernetes/staging/src/k8s.io/kubelet@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kubernetes=github.com/openshift/kubernetes@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/legacy-cloud-providers=github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/metrics=github.com/openshift/kubernetes/staging/src/k8s.io/metrics@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/mount-utils=github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/pod-security-admission=github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/sample-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/sample-cli-plugin=github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/sample-controller=github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace go.etcd.io/etcd/api/v3=github.com/openshift/etcd/api/v3@aa0c441f97e070fed62cc3e1423537eb42c661a3 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/cri-api v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/kubernetes/staging/src/k8s.io/kms v0.0.0-20240420191847-d9d45306df05 +go: downloading github.com/openshift/library-go v0.0.0-20240411091851-558ed29cc1dd +go: downloading github.com/openshift/api v0.0.0-20240405095747-3e50337fcaea +go: downloading github.com/openshift/client-go v0.0.0-20240405120947-c67c8325cdd8 +go mod edit -replace go.etcd.io/etcd/client/pkg/v3=github.com/openshift/etcd/client/pkg/v3@v3.5.1-0.20240408095611-aa0c441f97e0 +go mod edit -replace go.etcd.io/etcd/client/v3=github.com/openshift/etcd/client/v3@v3.5.1-0.20240408095611-aa0c441f97e0 +go mod edit -replace sigs.k8s.io/kube-storage-version-migrator=github.com/openshift/kubernetes-kube-storage-version-migrator@969a60e9e2466c44f5b3ffd43fe3ecab11bf1e51 +go mod edit -replace k8s.io/endpointslice=github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice@v0.0.0-20240420191847-d9d45306df05 +# Updating etcd/go.mod +go mod edit -require github.com/openshift/cluster-policy-controller@eaea543f4c845a7b65705f12e162cc121bb12f88 +go: downloading github.com/openshift/etcd/server/v3 v3.5.1-0.20240408095611-aa0c441f97e0 +go: downloading go.etcd.io/bbolt v1.3.9 +go: downloading github.com/openshift/etcd/pkg/v3 v3.5.1-0.20240408095611-aa0c441f97e0 +go: downloading go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 +go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.20.0 +go: downloading go.opentelemetry.io/otel v1.20.0 +go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.20.0 +go: downloading go.opentelemetry.io/otel/sdk v1.20.0 +go: downloading go.uber.org/goleak v1.3.0 +go: downloading github.com/sirupsen/logrus v1.9.3 +go: downloading github.com/openshift/etcd/raft/v3 v3.5.1-0.20240408095611-aa0c441f97e0 +go: downloading go.opentelemetry.io/otel/metric v1.20.0 +go: downloading go.opentelemetry.io/otel/trace v1.20.0 +go: downloading go.etcd.io/etcd/client/v2 v2.305.13 +go: downloading cloud.google.com/go v0.110.7 +go: downloading github.com/cockroachdb/datadriven v1.0.2 +go mod edit -require github.com/openshift/route-controller-manager@3112b458983c6fca6f77d5a945fb0026186dace6 +go mod edit -replace k8s.io/api=github.com/openshift/kubernetes/staging/src/k8s.io/api@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/apiextensions-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/apimachinery=github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiserver@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cli-runtime=github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/client-go=github.com/openshift/kubernetes/staging/src/k8s.io/client-go@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cloud-provider=github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cluster-bootstrap=github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/code-generator=github.com/openshift/kubernetes/staging/src/k8s.io/code-generator@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/component-base=github.com/openshift/kubernetes/staging/src/k8s.io/component-base@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/component-helpers=github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cri-api=github.com/openshift/kubernetes/staging/src/k8s.io/cri-api@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/csi-translation-lib=github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/dynamic-resource-allocation=github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/endpointslice=github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kms=github.com/openshift/kubernetes/staging/src/k8s.io/kms@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-aggregator=github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-proxy=github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-scheduler=github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kubectl=github.com/openshift/kubernetes/staging/src/k8s.io/kubectl@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kubelet=github.com/openshift/kubernetes/staging/src/k8s.io/kubelet@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/legacy-cloud-providers=github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/metrics=github.com/openshift/kubernetes/staging/src/k8s.io/metrics@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/mount-utils=github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/pod-security-admission=github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/sample-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/sample-cli-plugin=github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/sample-controller=github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller@v0.0.0-20240420191847-d9d45306df05 +skipping modulepath github.com/openshift/microshift: no or unknown command [] +skipping modulepath github.com/openshift/microshift/pkg/config: no or unknown command [] +skipping modulepath github.com/openshift/microshift/pkg/util/cryptomaterial: no or unknown command [] +go mod edit -replace github.com/onsi/ginkgo/v2=github.com/openshift/ginkgo/v2@v2.6.1-0.20231031162821-c5e24be53ea7 +go mod edit -replace go.etcd.io/etcd/api/v3=github.com/openshift/etcd/api/v3@v3.5.1-0.20240408095611-aa0c441f97e0 +go mod edit -replace go.etcd.io/etcd/client/pkg/v3=github.com/openshift/etcd/client/pkg/v3@v3.5.1-0.20240408095611-aa0c441f97e0 +go mod edit -replace go.etcd.io/etcd/client/v3=github.com/openshift/etcd/client/v3@v3.5.1-0.20240408095611-aa0c441f97e0 +go mod edit -replace go.etcd.io/etcd/pkg/v3=github.com/openshift/etcd/pkg/v3@v3.5.1-0.20240408095611-aa0c441f97e0 +go mod edit -replace go.etcd.io/etcd/raft/v3=github.com/openshift/etcd/raft/v3@v3.5.1-0.20240408095611-aa0c441f97e0 +go mod edit -replace go.etcd.io/etcd/server/v3=github.com/openshift/etcd/server/v3@v3.5.1-0.20240408095611-aa0c441f97e0 +go mod edit -replace k8s.io/api=github.com/openshift/kubernetes/staging/src/k8s.io/api@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/apiextensions-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/apimachinery=github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/apiserver@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cli-runtime=github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/client-go=github.com/openshift/kubernetes/staging/src/k8s.io/client-go@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cloud-provider=github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cluster-bootstrap=github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/code-generator=github.com/openshift/kubernetes/staging/src/k8s.io/code-generator@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/component-base=github.com/openshift/kubernetes/staging/src/k8s.io/component-base@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/component-helpers=github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/cri-api=github.com/openshift/kubernetes/staging/src/k8s.io/cri-api@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/csi-translation-lib=github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/dynamic-resource-allocation=github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kms=github.com/openshift/kubernetes/staging/src/k8s.io/kms@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-aggregator=github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-controller-manager=github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-proxy=github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kube-scheduler=github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kubectl=github.com/openshift/kubernetes/staging/src/k8s.io/kubectl@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/kubelet=github.com/openshift/kubernetes/staging/src/k8s.io/kubelet@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/legacy-cloud-providers=github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/metrics=github.com/openshift/kubernetes/staging/src/k8s.io/metrics@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/mount-utils=github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/pod-security-admission=github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/sample-apiserver=github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/sample-cli-plugin=github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/sample-controller=github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller@v0.0.0-20240420191847-d9d45306df05 +go mod edit -replace k8s.io/endpointslice=github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice@v0.0.0-20240420191847-d9d45306df05 +## Committing changes to microshift/go.mod +[rebase-main-4.16.0-0.nightly-2024-04-23-032717_amd64-2024-04-23_arm64-2024-04-25 e970220e0] update microshift/go.mod + 2 files changed, 105 insertions(+), 108 deletions(-) +## Updating microshift/vendor directory +/go/src/github.com/openshift/microshift /go/src/github.com/openshift/microshift +go: inconsistent vendoring in /go/src/github.com/openshift/microshift: + github.com/openshift/api@v0.0.0-20240405095747-3e50337fcaea: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt + github.com/openshift/client-go@v0.0.0-20240405120947-c67c8325cdd8: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt + github.com/openshift/library-go@v0.0.0-20240411091851-558ed29cc1dd: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt + golang.org/x/sys@v0.18.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt + golang.org/x/crypto@v0.21.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt + golang.org/x/net@v0.23.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt + golang.org/x/term@v0.18.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt + k8s.io/api: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/api@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/api@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/apiextensions-apiserver: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/apimachinery: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/apiserver: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apiserver@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apiserver@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/cli-runtime: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/client-go: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/client-go@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/client-go@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/cloud-provider: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/cluster-bootstrap: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/code-generator: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/code-generator@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/code-generator@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/component-base: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/component-base@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/component-base@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/component-helpers: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/controller-manager: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/cri-api: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cri-api@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cri-api@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/csi-translation-lib: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/dynamic-resource-allocation: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/kms: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kms@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kms@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/kube-aggregator: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/kube-controller-manager: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/kube-proxy: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/kube-scheduler: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/kubectl: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kubectl@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kubectl@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/kubelet: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kubelet@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kubelet@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/kubernetes: is replaced by github.com/openshift/kubernetes@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/legacy-cloud-providers: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/metrics: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/metrics@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/metrics@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/mount-utils: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/pod-security-admission: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/sample-apiserver: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/sample-cli-plugin: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/sample-controller: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + k8s.io/endpointslice: is replaced by github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice@v0.0.0-20240420191847-d9d45306df05 in go.mod, but marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt + github.com/blang/semver@v3.5.1+incompatible: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod + github.com/openshift/api@v0.0.0-20240207185517-ae973131190e: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod + github.com/openshift/client-go@v0.0.0-20240115204758-e6bf7d631d5e: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod + github.com/openshift/library-go@v0.0.0-20240207105404-126b47137408: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod + golang.org/x/crypto@v0.18.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod + golang.org/x/net@v0.20.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod + golang.org/x/sys@v0.16.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod + golang.org/x/term@v0.16.0: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod + k8s.io/api@v0.29.1: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/api@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/api@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/apiextensions-apiserver@v0.29.0: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/apimachinery@v0.29.1: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/apiserver@v0.29.1: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apiserver@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apiserver@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/cli-runtime@v0.0.0: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/client-go@v0.29.1: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/client-go@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/client-go@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/cloud-provider@v0.29.1: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/cluster-bootstrap@v0.0.0: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/component-base@v0.29.1: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/component-base@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/component-base@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/component-helpers@v0.29.1: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/controller-manager@v0.29.1: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/cri-api@v0.0.0: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cri-api@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cri-api@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/csi-translation-lib@v0.0.0: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/dynamic-resource-allocation@v0.0.0: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/endpointslice@v0.0.0: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kms@v0.29.1: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kms@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kms@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kube-aggregator@v0.29.0: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kube-controller-manager@v0.0.0: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kube-scheduler@v0.0.0: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kubectl@v0.0.0: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kubectl@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kubectl@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kubelet@v0.29.1: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kubelet@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kubelet@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kubernetes@v1.29.1: is marked as replaced by github.com/openshift/kubernetes@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/legacy-cloud-providers@v0.0.0: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/metrics@v0.0.0: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/metrics@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/metrics@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/mount-utils@v0.0.0: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/pod-security-admission@v0.29.1: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/api: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/api@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/api@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/apiextensions-apiserver: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/apimachinery: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/apiserver: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apiserver@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/apiserver@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/cli-runtime: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cli-runtime@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/client-go: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/client-go@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/client-go@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/cloud-provider: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cloud-provider@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/cluster-bootstrap: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cluster-bootstrap@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/code-generator: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/code-generator@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/code-generator@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/component-base: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/component-base@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/component-base@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/component-helpers: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/component-helpers@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/controller-manager: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/controller-manager@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/cri-api: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cri-api@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/cri-api@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/csi-translation-lib: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/csi-translation-lib@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/dynamic-resource-allocation: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/dynamic-resource-allocation@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kms: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kms@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kms@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kube-aggregator: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kube-controller-manager: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-controller-manager@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kube-proxy: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-proxy@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kube-scheduler: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kubectl: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kubectl@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kubectl@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kubelet: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kubelet@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/kubelet@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/kubernetes: is marked as replaced by github.com/openshift/kubernetes@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/legacy-cloud-providers: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/metrics: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/metrics@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/metrics@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/mount-utils: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/pod-security-admission: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/pod-security-admission@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/sample-apiserver: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/sample-cli-plugin: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/sample-cli-plugin@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/sample-controller: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/sample-controller@v0.0.0-20240420191847-d9d45306df05 in go.mod + k8s.io/endpointslice: is marked as replaced by github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice@v0.0.0-20240411182632-6b4d6cb58038 in vendor/modules.txt, but replaced by github.com/openshift/kubernetes/staging/src/k8s.io/endpointslice@v0.0.0-20240420191847-d9d45306df05 in go.mod + + To ignore the vendor directory, use -mod=readonly or -mod=mod. + To sync the vendor directory, run: + go mod vendor +panic: runtime error: invalid memory address or nil pointer dereference +[signal SIGSEGV: segmentation violation code=0x1 addr=0x10 pc=0x53c5a4] + +goroutine 1 [running]: +main.findCodeRoots() + cmd/doc/dirs.go:234 +0x7c4 +main.codeRoots.func1() + cmd/doc/dirs.go:175 +0xf +sync.(*Once).doSlow(0x56cd20?, 0x400001?) + sync/once.go:74 +0xbf +sync.(*Once).Do(...) + sync/once.go:65 +main.codeRoots() + cmd/doc/dirs.go:174 +0x2c +main.dirsInit({0x0, 0x0, 0x60?}) + cmd/doc/dirs.go:58 +0x325 +main.main() + cmd/doc/main.go:88 +0x65 +exit status 2 +go mod vendor +for p in scripts/auto-rebase/rebase_patches/0001-Fix-CSI-initialization-conflict.patch scripts/auto-rebase/rebase_patches/0002-disable-APIrequestcount-controller.patch scripts/auto-rebase/rebase_patches/0003-disable-clusterQuotaMapping-controller.patch scripts/auto-rebase/rebase_patches/0004-remove-config-informer-and-cpu-partitioning-admission-plugin.patch scripts/auto-rebase/rebase_patches/0005-remove-user-informer.patch scripts/auto-rebase/rebase_patches/0010-kube-apiserver-command-context.patch scripts/auto-rebase/rebase_patches/0020-klog-component-names.patch scripts/auto-rebase/rebase_patches/0030-kube-controller-manager-command-context.patch; do \ + echo "Applying patch $p"; \ + git mailinfo /dev/null /dev/stderr 2<&1- < $p | git apply --reject || exit 1; \ +done +Applying patch scripts/auto-rebase/rebase_patches/0001-Fix-CSI-initialization-conflict.patch +Checking patch vendor/k8s.io/kubernetes/pkg/volume/csi/csi_plugin.go... +Hunk #1 succeeded at 248 (offset 5 lines). +Applied patch vendor/k8s.io/kubernetes/pkg/volume/csi/csi_plugin.go cleanly. +Applying patch scripts/auto-rebase/rebase_patches/0002-disable-APIrequestcount-controller.patch +Checking patch vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/patch.go... +Hunk #2 succeeded at 33 (offset 1 line). +Hunk #3 succeeded at 86 (offset 2 lines). +Applied patch vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/patch.go cleanly. +Applying patch scripts/auto-rebase/rebase_patches/0003-disable-clusterQuotaMapping-controller.patch +Checking patch vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/patch.go... +Hunk #2 succeeded at 26 (offset 1 line). +Hunk #3 succeeded at 50 (offset 1 line). +Hunk #4 succeeded at 109 (offset 2 lines). +Hunk #5 succeeded at 127 (offset 2 lines). +Hunk #6 succeeded at 141 (offset 2 lines). +Hunk #7 succeeded at 157 (offset 2 lines). +Applied patch vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/patch.go cleanly. +Applying patch scripts/auto-rebase/rebase_patches/0004-remove-config-informer-and-cpu-partitioning-admission-plugin.patch +Checking patch vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/patch.go... +Checking patch vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/admissionenablement/register.go... +Applied patch vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/patch.go cleanly. +Applied patch vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/admissionenablement/register.go cleanly. +Applying patch scripts/auto-rebase/rebase_patches/0005-remove-user-informer.patch +Checking patch vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/patch.go... +Applied patch vendor/k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver/patch.go cleanly. +Applying patch scripts/auto-rebase/rebase_patches/0010-kube-apiserver-command-context.patch +Checking patch vendor/k8s.io/kubernetes/cmd/kube-apiserver/app/server.go... +Hunk #1 succeeded at 156 (offset -14 lines). +Applied patch vendor/k8s.io/kubernetes/cmd/kube-apiserver/app/server.go cleanly. +Applying patch scripts/auto-rebase/rebase_patches/0020-klog-component-names.patch +Checking patch vendor/k8s.io/klog/v2/goroutine_labels.go... +Checking patch vendor/k8s.io/klog/v2/internal/buffer/buffer.go... +Hunk #1 succeeded at 144 (offset -5 lines). +Checking patch vendor/k8s.io/klog/v2/internal/buffer/goroutine_labels.go... +Applied patch vendor/k8s.io/klog/v2/goroutine_labels.go cleanly. +Applied patch vendor/k8s.io/klog/v2/internal/buffer/buffer.go cleanly. +Applied patch vendor/k8s.io/klog/v2/internal/buffer/goroutine_labels.go cleanly. +Applying patch scripts/auto-rebase/rebase_patches/0030-kube-controller-manager-command-context.patch +Checking patch vendor/k8s.io/kubernetes/cmd/kube-controller-manager/app/controllermanager.go... +Applied patch vendor/k8s.io/kubernetes/cmd/kube-controller-manager/app/controllermanager.go cleanly. +/go/src/github.com/openshift/microshift +## Commiting changes to microshift/vendor directory +[rebase-main-4.16.0-0.nightly-2024-04-23-032717_amd64-2024-04-23_arm64-2024-04-25 3c9db8d7a] update microshift/vendor + 500 files changed, 7427 insertions(+), 60577 deletions(-) + delete mode 100644 vendor/github.com/blang/semver/.travis.yml + delete mode 100644 vendor/github.com/blang/semver/LICENSE + delete mode 100644 vendor/github.com/blang/semver/README.md + delete mode 100644 vendor/github.com/blang/semver/json.go + delete mode 100644 vendor/github.com/blang/semver/package.json + delete mode 100644 vendor/github.com/blang/semver/range.go + delete mode 100644 vendor/github.com/blang/semver/semver.go + delete mode 100644 vendor/github.com/blang/semver/sort.go + delete mode 100644 vendor/github.com/blang/semver/sql.go + delete mode 100644 vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml + delete mode 100644 vendor/github.com/openshift/api/apiserver/v1/stable.apirequestcount.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/apiserver/v1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/authorization/v1/stable.rolebindingrestriction.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/authorization/v1/zz_generated.featuregated-crd-manifests.yaml + create mode 100644 vendor/github.com/openshift/api/cloudnetwork/.codegen.yaml + delete mode 100644 vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/cloudnetwork/v1/001-cloudprivateipconfig.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/cloudnetwork/v1/stable.cloudprivateipconfig.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-CustomNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-Default.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-TechPreviewNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-CustomNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-Default.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver-TechPreviewNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-CustomNoUpgrade.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default-Hypershift.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default-Hypershift.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Default.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-TechPreviewNoUpgrade.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-CustomNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-Default.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns-TechPreviewNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-CustomNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-Default.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network-TechPreviewNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.apiserver.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.authentication.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.clusterversion.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.dns.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.network.testsuite.yaml + rewrite vendor/github.com/openshift/api/config/v1/feature_gates.go (93%) + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.hypershift.authentication.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.apiserver.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.authentication.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.clusterversion.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.dns.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.network.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-CustomNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-TechPreviewNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-CustomNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-TechPreviewNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/custom.clusterimagepolicy.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/custom.imagepolicy.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/techpreview.backup.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/techpreview.clusterimagepolicy.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/techpreview.imagepolicy.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/techpreview.insightsdatagather.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/00_consoleclidownload.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/00_consoleexternalloglink.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/00_consolelink.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/00_consolenotification.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/00_consolequickstart.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/00_consolesample.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/00_consoleyamlsample.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/90_consoleplugin.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consoleclidownload.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consoleexternalloglink.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consolelink.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consolenotification.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consoleplugin.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consolequickstart.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consolesample.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1/stable.consoleyamlsample.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1alpha1/90_consoleplugin.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/console/v1alpha1/stable.consoleplugin.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/console/v1alpha1/zz_generated.featuregated-crd-manifests.yaml + create mode 100644 vendor/github.com/openshift/api/features.md + delete mode 100644 vendor/github.com/openshift/api/helm/v1beta1/00_helm-chart-repository.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/helm/v1beta1/00_project-helm-chart-repository.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/helm/v1beta1/stable.helmchartrepository.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/helm/v1beta1/stable.projecthelmchartrepository.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/helm/v1beta1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/imageregistry/v1/00_imageregistry.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/imageregistry/v1/01_imagepruner.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/imageregistry/v1/stable.config.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/imageregistry/v1/stable.imagepruner.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/imageregistry/v1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-CustomNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-Default.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset-TechPreviewNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1/custom.controlplanemachineset.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.aws.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.azure.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.gcp.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1/techpreview.controlplanemachineset.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/0000_10_machine.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/0000_10_machinehealthcheck.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/0000_10_machineset.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/stable.machine.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/stable.machinehealthcheck.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/stable.machineset.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/machine/v1beta1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/monitoring/v1alpha1/0000_50_monitoring_01_alertingrules.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/monitoring/v1alpha1/0000_50_monitoring_02_alertrelabelconfigs.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/monitoring/v1alpha1/techpreview.alertingrule.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/monitoring/v1alpha1/techpreview.alertrelabelconfig.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/monitoring/v1alpha1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/network/v1/001-clusternetwork-crd.yaml + delete mode 100644 vendor/github.com/openshift/api/network/v1/002-hostsubnet-crd.yaml + delete mode 100644 vendor/github.com/openshift/api/network/v1/003-netnamespace-crd.yaml + delete mode 100644 vendor/github.com/openshift/api/network/v1/004-egressnetworkpolicy-crd.yaml + delete mode 100644 vendor/github.com/openshift/api/network/v1/stable.clusternetwork.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/network/v1/stable.egressnetworkpolicy.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/network/v1/stable.hostsubnet.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/network/v1/stable.netnamespace.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/network/v1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-customnoupgrade.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/network/v1alpha1/0000_70_dnsnameresolver_00-techpreview.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/network/v1alpha1/custom.dnsnameresolver.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/network/v1alpha1/techpreview.dnsnameresolver.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/network/v1alpha1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/networkoperator/v1/001-egressrouter.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/networkoperator/v1/stable.egressrouter.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/networkoperator/v1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_insights-operator_00-insightsoperator.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-CustomNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-Default.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01-TechPreviewNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/operator/v1/00_console-operator.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/custom.network.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.authentication.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.cloudcredential.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.clustercsidriver.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.config.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.csisnapshotcontroller.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.dns.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.etcd.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.insightsoperator.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.kubeapiserver.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.kubecontrollermanager.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.kubescheduler.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.kubestorageversionmigrator.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.machineconfiguration.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.openshiftapiserver.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.serviceca.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.storage.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1/techpreview.network.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/custom.olm.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/stable.imagecontentsourcepolicy.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/techpreview.etcdbackup.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/techpreview.olm.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/stable.podnetworkconnectivitycheck.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/quota/v1/stable.clusterresourcequota.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/route/v1/custom.route.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/route/v1/route.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/route/v1/route.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/route/v1/techpreview.route.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/samples/v1/00_samplesconfig.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/samples/v1/stable.config.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/samples/v1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/security/v1/stable.securitycontextconstraints.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/securityinternal/v1/0000_03_securityinternal-openshift_02_rangeallocation.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/securityinternal/v1/0000_03_securityinternal-openshift_02_rangeallocation.crd.yaml-patch + delete mode 100644 vendor/github.com/openshift/api/securityinternal/v1/stable.rangeallocation.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/securityinternal/v1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/api/sharedresource/v1alpha1/0000_10_sharedconfigmap.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/sharedresource/v1alpha1/0000_10_sharedsecret.crd.yaml + delete mode 100644 vendor/github.com/openshift/api/sharedresource/v1alpha1/stable.sharedconfigmap.testsuite.yaml + delete mode 100644 vendor/github.com/openshift/api/sharedresource/v1alpha1/stable.sharedsecret.testsuite.yaml + create mode 100644 vendor/github.com/openshift/api/sharedresource/v1alpha1/zz_generated.featuregated-crd-manifests.yaml + delete mode 100644 vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/localresourceaccessreview.go + delete mode 100644 vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/localsubjectaccessreview.go + delete mode 100644 vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/resourceaccessreview.go + delete mode 100644 vendor/github.com/openshift/client-go/authorization/applyconfigurations/authorization/v1/subjectaccessreview.go + create mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/profilecustomizations.go + rewrite vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/publickey.go (60%) + create mode 100644 vendor/github.com/openshift/library-go/pkg/operator/certrotation/metadata.go + create mode 100644 vendor/github.com/openshift/library-go/pkg/route/OWNERS + create mode 100644 vendor/github.com/openshift/library-go/pkg/route/common.go + create mode 100644 vendor/github.com/openshift/library-go/pkg/route/hostassignment/externalcertificate.go + create mode 100644 vendor/golang.org/x/net/http2/testsync.go + create mode 100644 vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route/validation_opts.go + create mode 100644 vendor/k8s.io/kubernetes/openshift-kube-apiserver/admission/customresourcevalidation/route/validation_wrapper.go +## Committing changes to etcd/go.mod +[rebase-main-4.16.0-0.nightly-2024-04-23-032717_amd64-2024-04-23_arm64-2024-04-25 ceade7266] update etcd/go.mod + 2 files changed, 63 insertions(+), 54 deletions(-) +## Updating etcd/vendor directory +/go/src/github.com/openshift/microshift/etcd /go/src/github.com/openshift/microshift +go mod vendor +/go/src/github.com/openshift/microshift +## Commiting changes to etcd/vendor directory +[rebase-main-4.16.0-0.nightly-2024-04-23-032717_amd64-2024-04-23_arm64-2024-04-25 52839ab75] update etcd/vendor + 112 files changed, 24652 insertions(+), 199 deletions(-) + create mode 100644 etcd/vendor/github.com/openshift/api/LICENSE + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/Makefile + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/doc.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/feature_gates.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/register.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/stringsource.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_apiserver.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_authentication.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_build.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_cluster_version.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_console.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_dns.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_feature.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_image.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_infrastructure.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_ingress.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_network.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_node.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_oauth.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_operatorhub.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_project.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_proxy.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_scheduling.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml + create mode 100644 etcd/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go + create mode 100644 etcd/vendor/github.com/openshift/library-go/LICENSE + create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/audit_policies.go + create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/allrequestbodies-rules.yaml + create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/base-policy.yaml + create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/default-rules.yaml + create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/none-rules.yaml + create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/manifests/writerequestbodies-rules.yaml + create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/allrequestbodies.yaml + create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/audit-policies-cm-scenario-1.yaml + create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/default.yaml + create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/multipleCr.yaml + create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/none.yaml + create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/oauth.yaml + create mode 100644 etcd/vendor/github.com/openshift/library-go/pkg/operator/apiserver/audit/testdata/writerequestbodies.yaml + create mode 100644 etcd/vendor/github.com/openshift/microshift/pkg/config/apiserver/audit.go + create mode 100644 etcd/vendor/golang.org/x/net/http2/testsync.go + create mode 100644 etcd/vendor/k8s.io/apiserver/LICENSE + create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/OWNERS + create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/doc.go + create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/helpers.go + create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/register.go + create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/types.go + create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/doc.go + create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.pb.go + create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/generated.proto + create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/register.go + create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/types.go + create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.conversion.go + create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.deepcopy.go + create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/v1/zz_generated.defaults.go + create mode 100644 etcd/vendor/k8s.io/apiserver/pkg/apis/audit/zz_generated.deepcopy.go +Rebasing release_*.json +## Committing changes to pkg/release +[rebase-main-4.16.0-0.nightly-2024-04-23-032717_amd64-2024-04-23_arm64-2024-04-25 1dbfcf0af] update component images + 2 files changed, 2 insertions(+), 2 deletions(-) +Copying manifests +2024-04-26 05:35:03,128 INFO Clearing directory assets/components/openshift-dns/dns/ +2024-04-26 05:35:03,129 DEBUG Copying assets/components/openshift-dns/dns/cluster-role-binding.yaml <- _output/staging/cluster-dns-operator/pkg/manifests/assets/dns/cluster-role-binding.yaml +2024-04-26 05:35:03,130 DEBUG Copying assets/components/openshift-dns/dns/cluster-role.yaml <- _output/staging/cluster-dns-operator/pkg/manifests/assets/dns/cluster-role.yaml +2024-04-26 05:35:03,130 INFO Restoring assets/components/openshift-dns/dns/configmap.yaml +2024-04-26 05:35:03,130 DEBUG Executing 'git restore assets/components/openshift-dns/dns/configmap.yaml' +2024-04-26 05:35:03,147 DEBUG Copying assets/components/openshift-dns/dns/daemonset.yaml <- _output/staging/cluster-dns-operator/pkg/manifests/assets/dns/daemonset.yaml +2024-04-26 05:35:03,147 DEBUG Copying assets/components/openshift-dns/dns/namespace.yaml <- _output/staging/cluster-dns-operator/pkg/manifests/assets/dns/namespace.yaml +2024-04-26 05:35:03,148 DEBUG Copying assets/components/openshift-dns/dns/service-account.yaml <- _output/staging/cluster-dns-operator/pkg/manifests/assets/dns/service-account.yaml +2024-04-26 05:35:03,148 DEBUG Copying assets/components/openshift-dns/dns/service.yaml <- _output/staging/cluster-dns-operator/pkg/manifests/assets/dns/service.yaml +2024-04-26 05:35:03,149 INFO Clearing directory assets/components/openshift-dns/node-resolver +2024-04-26 05:35:03,149 WARNING Ignoring components/openshift-dns/node-resolver/daemonset.yaml because it's created by processing daemonset.yaml.tmpl +2024-04-26 05:35:03,149 INFO Restoring assets/components/openshift-dns/node-resolver/daemonset.yaml.tmpl +2024-04-26 05:35:03,149 DEBUG Executing 'git restore assets/components/openshift-dns/node-resolver/daemonset.yaml.tmpl' +2024-04-26 05:35:03,166 DEBUG Copying assets/components/openshift-dns/node-resolver/service-account.yaml <- _output/staging/cluster-dns-operator/pkg/manifests/assets/node-resolver/service-account.yaml +2024-04-26 05:35:03,167 DEBUG Copying assets/components/openshift-dns/node-resolver/update-node-resolver.sh <- _output/staging/cluster-dns-operator/pkg/manifests/assets/node-resolver/update-node-resolver.sh +2024-04-26 05:35:03,167 INFO Clearing directory assets/components/openshift-router/ +2024-04-26 05:35:03,168 DEBUG Copying assets/components/openshift-router/cluster-role-binding.yaml <- _output/staging/cluster-ingress-operator/pkg/manifests/assets/router/cluster-role-binding.yaml +2024-04-26 05:35:03,168 DEBUG Copying assets/components/openshift-router/cluster-role.yaml <- _output/staging/cluster-ingress-operator/pkg/manifests/assets/router/cluster-role.yaml +2024-04-26 05:35:03,169 INFO Restoring assets/components/openshift-router/cluster-role-system-router.yaml +2024-04-26 05:35:03,169 DEBUG Executing 'git restore assets/components/openshift-router/cluster-role-system-router.yaml' +2024-04-26 05:35:03,185 INFO Restoring assets/components/openshift-router/configmap.yaml +2024-04-26 05:35:03,186 DEBUG Executing 'git restore assets/components/openshift-router/configmap.yaml' +2024-04-26 05:35:03,201 DEBUG Copying assets/components/openshift-router/deployment.yaml <- _output/staging/cluster-ingress-operator/pkg/manifests/assets/router/deployment.yaml +2024-04-26 05:35:03,201 DEBUG Copying assets/components/openshift-router/namespace.yaml <- _output/staging/cluster-ingress-operator/pkg/manifests/assets/router/namespace.yaml +2024-04-26 05:35:03,202 DEBUG Copying assets/components/openshift-router/service-account.yaml <- _output/staging/cluster-ingress-operator/pkg/manifests/assets/router/service-account.yaml +2024-04-26 05:35:03,202 DEBUG Copying assets/components/openshift-router/service-internal.yaml <- _output/staging/cluster-ingress-operator/pkg/manifests/assets/router/service-internal.yaml +2024-04-26 05:35:03,203 DEBUG Copying assets/components/openshift-router/service-cloud.yaml <- _output/staging/cluster-ingress-operator/pkg/manifests/assets/router/service-cloud.yaml +2024-04-26 05:35:03,203 INFO Restoring assets/components/openshift-router/serving-certificate.yaml +2024-04-26 05:35:03,203 DEBUG Executing 'git restore assets/components/openshift-router/serving-certificate.yaml' +2024-04-26 05:35:03,220 INFO Restoring assets/components/openshift-router/cluster-role-aggregate-route.yaml +2024-04-26 05:35:03,220 DEBUG Executing 'git restore assets/components/openshift-router/cluster-role-aggregate-route.yaml' +2024-04-26 05:35:03,237 WARNING Ignoring components/ovn/ because it's not covered by rebase script yet +2024-04-26 05:35:03,237 INFO Clearing directory assets/components/service-ca/ +2024-04-26 05:35:03,238 DEBUG Copying assets/components/service-ca/clusterrole.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/clusterrole.yaml +2024-04-26 05:35:03,238 DEBUG Copying assets/components/service-ca/clusterrolebinding.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/clusterrolebinding.yaml +2024-04-26 05:35:03,238 DEBUG Copying assets/components/service-ca/deployment.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/deployment.yaml +2024-04-26 05:35:03,238 DEBUG Copying assets/components/service-ca/ns.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/ns.yaml +2024-04-26 05:35:03,238 DEBUG Copying assets/components/service-ca/role.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/role.yaml +2024-04-26 05:35:03,239 DEBUG Copying assets/components/service-ca/rolebinding.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/rolebinding.yaml +2024-04-26 05:35:03,239 DEBUG Copying assets/components/service-ca/sa.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/sa.yaml +2024-04-26 05:35:03,239 DEBUG Copying assets/components/service-ca/signing-cabundle.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/signing-cabundle.yaml +2024-04-26 05:35:03,239 DEBUG Copying assets/components/service-ca/signing-secret.yaml <- _output/staging/service-ca-operator/bindata/v4.0.0/controller/signing-secret.yaml +2024-04-26 05:35:03,239 INFO Not clearing dir components/csi-snapshot-controller/ +2024-04-26 05:35:03,239 DEBUG Copying assets/components/csi-snapshot-controller/csi_controller_deployment.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/csi_controller_deployment.yaml +2024-04-26 05:35:03,240 DEBUG Copying assets/components/csi-snapshot-controller/serviceaccount.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/serviceaccount.yaml +2024-04-26 05:35:03,241 DEBUG Copying assets/components/csi-snapshot-controller/webhook_config.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/webhook_config.yaml +2024-04-26 05:35:03,241 DEBUG Copying assets/components/csi-snapshot-controller/webhook_deployment.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/webhook_deployment.yaml +2024-04-26 05:35:03,242 DEBUG Copying assets/components/csi-snapshot-controller/webhook_service.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/webhook_service.yaml +2024-04-26 05:35:03,242 DEBUG Copying assets/components/csi-snapshot-controller/webhook_serviceaccount.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/webhook_serviceaccount.yaml +2024-04-26 05:35:03,243 DEBUG Copying assets/components/csi-snapshot-controller/volumesnapshotclasses.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/volumesnapshotclasses.yaml +2024-04-26 05:35:03,243 DEBUG Copying assets/components/csi-snapshot-controller/volumesnapshotcontents.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/volumesnapshotcontents.yaml +2024-04-26 05:35:03,244 DEBUG Copying assets/components/csi-snapshot-controller/volumesnapshots.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/volumesnapshots.yaml +2024-04-26 05:35:03,245 DEBUG Copying assets/components/csi-snapshot-controller/05_operand_rbac.yaml <- _output/staging/cluster-csi-snapshot-controller-operator/assets/../manifests/05_operand_rbac.yaml +2024-04-26 05:35:03,245 WARNING Ignoring components/csi-snapshot-controller/clusterrole.yaml because extracted automatically from 05_operand_rbac.yaml +2024-04-26 05:35:03,245 WARNING Ignoring components/csi-snapshot-controller/clusterrolebinding.yaml because extracted automatically from 05_operand_rbac.yaml +2024-04-26 05:35:03,245 INFO Clearing directory assets/controllers/cluster-policy-controller/ +2024-04-26 05:35:03,246 DEBUG Copying assets/controllers/cluster-policy-controller/namespace-security-allocation-controller-clusterrole.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/namespace-security-allocation-controller-clusterrole.yaml +2024-04-26 05:35:03,247 DEBUG Copying assets/controllers/cluster-policy-controller/namespace-security-allocation-controller-clusterrolebinding.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/namespace-security-allocation-controller-clusterrolebinding.yaml +2024-04-26 05:35:03,247 DEBUG Copying assets/controllers/cluster-policy-controller/podsecurity-admission-label-syncer-controller-clusterrole.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/podsecurity-admission-label-syncer-controller-clusterrole.yaml +2024-04-26 05:35:03,248 DEBUG Copying assets/controllers/cluster-policy-controller/podsecurity-admission-label-syncer-controller-clusterrolebinding.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/podsecurity-admission-label-syncer-controller-clusterrolebinding.yaml +2024-04-26 05:35:03,248 DEBUG Copying assets/controllers/cluster-policy-controller/podsecurity-admission-label-privileged-namespaces-syncer-controller-clusterrole.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/podsecurity-admission-label-privileged-namespaces-syncer-controller-clusterrole.yaml +2024-04-26 05:35:03,249 DEBUG Copying assets/controllers/cluster-policy-controller/podsecurity-admission-label-privileged-namespaces-syncer-controller-clusterrolebinding.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/podsecurity-admission-label-privileged-namespaces-syncer-controller-clusterrolebinding.yaml +2024-04-26 05:35:03,249 INFO Clearing directory assets/controllers/kube-apiserver/ +2024-04-26 05:35:03,250 DEBUG Copying assets/controllers/kube-apiserver/config-overrides.yaml <- _output/staging/cluster-kube-apiserver-operator/bindata/assets/config/config-overrides.yaml +2024-04-26 05:35:03,250 DEBUG Copying assets/controllers/kube-apiserver/defaultconfig.yaml <- _output/staging/cluster-kube-apiserver-operator/bindata/assets/config/defaultconfig.yaml +2024-04-26 05:35:03,251 INFO Clearing directory assets/controllers/kube-controller-manager/ +2024-04-26 05:35:03,251 DEBUG Copying assets/controllers/kube-controller-manager/defaultconfig.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/../config/defaultconfig.yaml +2024-04-26 05:35:03,252 DEBUG Copying assets/controllers/kube-controller-manager/csr_approver_clusterrole.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/csr_approver_clusterrole.yaml +2024-04-26 05:35:03,252 DEBUG Copying assets/controllers/kube-controller-manager/csr_approver_clusterrolebinding.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/csr_approver_clusterrolebinding.yaml +2024-04-26 05:35:03,252 DEBUG Copying assets/controllers/kube-controller-manager/namespace-openshift-kube-controller-manager.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/ns.yaml +2024-04-26 05:35:03,253 INFO Clearing directory assets/controllers/openshift-default-scc-manager/ +2024-04-26 05:35:03,254 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-anyuid.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-anyuid.yaml +2024-04-26 05:35:03,255 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-hostaccess.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-hostaccess.yaml +2024-04-26 05:35:03,255 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-hostmount-anyuid.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-hostmount-anyuid.yaml +2024-04-26 05:35:03,256 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-hostnetwork-v2.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-hostnetwork-v2.yaml +2024-04-26 05:35:03,256 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-hostnetwork.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-hostnetwork.yaml +2024-04-26 05:35:03,257 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-nonroot-v2.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-nonroot-v2.yaml +2024-04-26 05:35:03,257 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-nonroot.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-nonroot.yaml +2024-04-26 05:35:03,258 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-privileged.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-privileged.yaml +2024-04-26 05:35:03,258 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-restricted-v2.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-restricted-v2.yaml +2024-04-26 05:35:03,259 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_cr-scc-restricted.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_cr-scc-restricted.yaml +2024-04-26 05:35:03,259 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_crb-systemauthenticated-scc-restricted-v2.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_crb-systemauthenticated-scc-restricted-v2.yaml +2024-04-26 05:35:03,260 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-anyuid.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-anyuid.yaml +2024-04-26 05:35:03,260 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-hostaccess.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-hostaccess.yaml +2024-04-26 05:35:03,261 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-hostmount-anyuid.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-hostmount-anyuid.yaml +2024-04-26 05:35:03,262 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-hostnetwork-v2.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-hostnetwork-v2.yaml +2024-04-26 05:35:03,263 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-hostnetwork.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-hostnetwork.yaml +2024-04-26 05:35:03,263 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-nonroot-v2.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-nonroot-v2.yaml +2024-04-26 05:35:03,264 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-nonroot.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-nonroot.yaml +2024-04-26 05:35:03,264 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-privileged.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-privileged.yaml +2024-04-26 05:35:03,265 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-restricted-v2.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-restricted-v2.yaml +2024-04-26 05:35:03,265 DEBUG Copying assets/controllers/openshift-default-scc-manager/0000_20_kube-apiserver-operator_00_scc-restricted.yaml <- _output/staging/release-manifests/0000_20_kube-apiserver-operator_00_scc-restricted.yaml +2024-04-26 05:35:03,266 INFO Clearing directory assets/controllers/route-controller-manager/ +2024-04-26 05:35:03,267 DEBUG Copying assets/controllers/route-controller-manager/ns.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/ns.yaml +2024-04-26 05:35:03,267 DEBUG Copying assets/controllers/route-controller-manager/sa.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/sa.yaml +2024-04-26 05:35:03,268 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-clusterrole.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-clusterrole.yaml +2024-04-26 05:35:03,268 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-clusterrolebinding.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-clusterrolebinding.yaml +2024-04-26 05:35:03,269 DEBUG Copying assets/controllers/route-controller-manager/informer-clusterrolebinding.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/informer-clusterrolebinding.yaml +2024-04-26 05:35:03,269 DEBUG Copying assets/controllers/route-controller-manager/informer-clusterrole.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/informer-clusterrole.yaml +2024-04-26 05:35:03,270 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-ingress-to-route-controller-clusterrolebinding.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-ingress-to-route-controller-clusterrolebinding.yaml +2024-04-26 05:35:03,270 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-ingress-to-route-controller-clusterrole.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-ingress-to-route-controller-clusterrole.yaml +2024-04-26 05:35:03,271 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-ns.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-ns.yaml +2024-04-26 05:35:03,271 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-sa.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-sa.yaml +2024-04-26 05:35:03,272 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-separate-sa-rolebinding.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-separate-sa-rolebinding.yaml +2024-04-26 05:35:03,272 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-separate-sa-role.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-separate-sa-role.yaml +2024-04-26 05:35:03,272 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-tokenreview-clusterrolebinding.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-tokenreview-clusterrolebinding.yaml +2024-04-26 05:35:03,273 DEBUG Copying assets/controllers/route-controller-manager/route-controller-manager-tokenreview-clusterrole.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/route-controller-manager-tokenreview-clusterrole.yaml +2024-04-26 05:35:03,274 INFO Restoring assets/controllers/route-controller-manager/route-controller-manager-authentication-reader-rolebinding.yaml +2024-04-26 05:35:03,274 DEBUG Executing 'git restore assets/controllers/route-controller-manager/route-controller-manager-authentication-reader-rolebinding.yaml' +2024-04-26 05:35:03,291 INFO Not clearing dir core/ +2024-04-26 05:35:03,291 DEBUG Copying assets/core/0000_50_cluster-openshift-controller-manager_00_namespace.yaml <- _output/staging/cluster-openshift-controller-manager-operator/bindata/assets/openshift-controller-manager/ns.yaml +2024-04-26 05:35:03,291 DEBUG Copying assets/core/namespace-openshift-infra.yaml <- _output/staging/cluster-kube-controller-manager-operator/bindata/assets/kube-controller-manager/namespace-openshift-infra.yaml +2024-04-26 05:35:03,292 WARNING Ignoring core/priority-class-openshift-user-critical.yaml because it's a priority class needed for oc debug node command - not available in any repo that rebase is using +2024-04-26 05:35:03,292 WARNING Ignoring core/securityv1-local-apiservice.yaml because it's a local API service for security API group, needed if OpenShift API server is not present +2024-04-26 05:35:03,292 DEBUG Copying assets/core/kubelet.yaml <- _output/staging/machine-config-operator/templates/master/01-master-kubelet/_base/files/kubelet.yaml +2024-04-26 05:35:03,293 INFO Clearing directory assets/crd/ +2024-04-26 05:35:03,293 DEBUG Copying assets/crd/0000_03_config-operator_01_securitycontextconstraints.crd.yaml <- _output/staging/release-manifests/0000_03_config-operator_01_securitycontextconstraints.crd.yaml +2024-04-26 05:35:03,294 DEBUG Copying assets/crd/0000_03_config-operator_02_rangeallocations.crd.yaml <- _output/staging/release-manifests/0000_03_config-operator_02_rangeallocations.crd.yaml +2024-04-26 05:35:03,295 DEBUG Copying assets/crd/storage_version_migration.crd.yaml <- _output/staging/release-manifests/0000_50_cluster-kube-storage-version-migrator-operator_01_storage_migration_crd.yaml +2024-04-26 05:35:03,295 DEBUG Copying assets/crd/route.crd.yaml <- _output/staging/kubernetes/vendor/github.com/openshift/api/route/v1/route.crd.yaml +Traceback (most recent call last): + File "/go/src/github.com/openshift/microshift/scripts/auto-rebase/handle_assets.py", line 161, in + main() + File "/go/src/github.com/openshift/microshift/scripts/auto-rebase/handle_assets.py", line 154, in main + handle_dir(asset) + File "/go/src/github.com/openshift/microshift/scripts/auto-rebase/handle_assets.py", line 128, in handle_dir + handle_file(file, dst, new_src_prefix) + File "/go/src/github.com/openshift/microshift/scripts/auto-rebase/handle_assets.py", line 111, in handle_file + copy(src, dst) + File "/go/src/github.com/openshift/microshift/scripts/auto-rebase/handle_assets.py", line 71, in copy + shutil.copyfile(src, dst) + File "/usr/lib64/python3.9/shutil.py", line 264, in copyfile + with open(src, 'rb') as fsrc: +FileNotFoundError: [Errno 2] No such file or directory: '_output/staging/kubernetes/vendor/github.com/openshift/api/route/v1/route.crd.yaml' From bcc0e59b6f766c6e51898b49315b7f31f5789532 Mon Sep 17 00:00:00 2001 From: Jon Cope Date: Fri, 26 Apr 2024 12:23:04 -0500 Subject: [PATCH 9/9] correct route crd source path Signed-off-by: Jon Cope --- scripts/auto-rebase/assets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/auto-rebase/assets.yaml b/scripts/auto-rebase/assets.yaml index 1df438749a..93d6a566c5 100644 --- a/scripts/auto-rebase/assets.yaml +++ b/scripts/auto-rebase/assets.yaml @@ -196,7 +196,7 @@ assets: - file: storage_version_migration.crd.yaml src: 0000_50_cluster-kube-storage-version-migrator-operator_01_storage_migration_crd.yaml - file: route.crd.yaml - src: /kubernetes/vendor/github.com/openshift/api/route/v1/ + src: /kubernetes/vendor/github.com/openshift/api/route/v1/zz_generated.crd-manifests/routes-Default.crd.yaml - dir: release/ ignore: "it contains files generated during rebase procedure"