diff --git a/assets/bindata_timestamp.txt b/assets/bindata_timestamp.txt index bc60abc6f4..8345881ce3 100644 --- a/assets/bindata_timestamp.txt +++ b/assets/bindata_timestamp.txt @@ -1 +1 @@ -1658914160 +1654679854 diff --git a/assets/components/openshift-dns/dns/daemonset.yaml b/assets/components/openshift-dns/dns/daemonset.yaml index 84cd0d8e5d..f229fef9a1 100644 --- a/assets/components/openshift-dns/dns/daemonset.yaml +++ b/assets/components/openshift-dns/dns/daemonset.yaml @@ -1,101 +1,93 @@ kind: DaemonSet apiVersion: apps/v1 -metadata: - labels: - dns.operator.openshift.io/owning-dns: default - name: dns-default - namespace: openshift-dns spec: - selector: - matchLabels: - dns.operator.openshift.io/daemonset-dns: default template: metadata: - labels: - dns.operator.openshift.io/daemonset-dns: default annotations: target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' + labels: + dns.operator.openshift.io/daemonset-dns: default spec: serviceAccountName: dns priorityClassName: system-node-critical containers: - - name: dns - image: {{ .ReleaseImage.coredns }} - imagePullPolicy: IfNotPresent - terminationMessagePolicy: FallbackToLogsOnError - command: [ "coredns" ] - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - readOnly: true - ports: - - containerPort: 5353 - name: dns - protocol: UDP - - containerPort: 5353 - name: dns-tcp - protocol: TCP - readinessProbe: - httpGet: - path: /ready - port: 8181 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 3 - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 3 - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: - requests: - cpu: 50m - memory: 70Mi - - name: kube-rbac-proxy - image: {{ .ReleaseImage.kube_rbac_proxy }} - imagePullPolicy: IfNotPresent - args: - - --secure-listen-address=:9154 - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - - --upstream=http://127.0.0.1:9153/ - - --tls-cert-file=/etc/tls/private/tls.crt - - --tls-private-key-file=/etc/tls/private/tls.key - ports: - - containerPort: 9154 - name: metrics - resources: - requests: - cpu: 10m - memory: 40Mi - volumeMounts: - - mountPath: /etc/tls/private - name: metrics-tls - readOnly: true + - name: dns + imagePullPolicy: IfNotPresent + terminationMessagePolicy: FallbackToLogsOnError + command: ["coredns"] + args: ["-conf", "/etc/coredns/Corefile"] + volumeMounts: + - name: config-volume + mountPath: /etc/coredns + readOnly: true + ports: + - containerPort: 5353 + name: dns + protocol: UDP + - containerPort: 5353 + name: dns-tcp + protocol: TCP + readinessProbe: + httpGet: + path: /ready + port: 8181 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + timeoutSeconds: 3 + livenessProbe: + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + resources: + requests: + cpu: 50m + memory: 70Mi + image: {{ .ReleaseImage.coredns }} + - name: kube-rbac-proxy + args: + - --logtostderr + - --secure-listen-address=:9154 + - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + - --upstream=http://127.0.0.1:9153/ + - --tls-cert-file=/etc/tls/private/tls.crt + - --tls-private-key-file=/etc/tls/private/tls.key + ports: + - containerPort: 9154 + name: metrics + resources: + requests: + cpu: 10m + memory: 40Mi + volumeMounts: + - mountPath: /etc/tls/private + name: metrics-tls + readOnly: true + image: {{ .ReleaseImage.kube_rbac_proxy }} + imagePullPolicy: IfNotPresent dnsPolicy: Default - nodeSelector: - kubernetes.io/os: linux volumes: - - name: config-volume - configMap: - items: - - key: Corefile - path: Corefile - name: dns-default - - name: metrics-tls - secret: - defaultMode: 420 - secretName: dns-default-metrics-tls + - name: config-volume + configMap: + items: + - key: Corefile + path: Corefile + name: dns-default + - name: metrics-tls + secret: + defaultMode: 420 + secretName: dns-default-metrics-tls + nodeSelector: + kubernetes.io/os: linux tolerations: - # DNS needs to run everywhere. Tolerate all taints - - operator: Exists + - operator: Exists updateStrategy: type: RollingUpdate rollingUpdate: @@ -104,3 +96,9 @@ spec: # Note: The daemon controller rounds the percentage up # (unlike the deployment controller, which rounds down). maxUnavailable: 10% + selector: + matchLabels: + dns.operator.openshift.io/daemonset-dns: default +metadata: + name: dns-default + namespace: openshift-dns diff --git a/assets/components/openshift-dns/dns/namespace.yaml b/assets/components/openshift-dns/dns/namespace.yaml index 31719435a8..e886ac0943 100644 --- a/assets/components/openshift-dns/dns/namespace.yaml +++ b/assets/components/openshift-dns/dns/namespace.yaml @@ -10,4 +10,8 @@ metadata: openshift.io/run-level: "0" # allow openshift-monitoring to look for ServiceMonitor objects in this namespace openshift.io/cluster-monitoring: "true" - + # allow node-resolver daemonset to pass baseline pod security admission. + # It uses host networking, host path volumes, and is a privileged. + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/warn: privileged diff --git a/assets/components/openshift-dns/dns/service.yaml b/assets/components/openshift-dns/dns/service.yaml index a336172706..44a7f69941 100644 --- a/assets/components/openshift-dns/dns/service.yaml +++ b/assets/components/openshift-dns/dns/service.yaml @@ -1,30 +1,24 @@ kind: Service apiVersion: v1 +spec: + ports: + - name: dns + port: 53 + targetPort: dns + protocol: UDP + - name: dns-tcp + port: 53 + targetPort: dns-tcp + protocol: TCP + - name: metrics + port: 9154 + targetPort: metrics + protocol: TCP + clusterIP: {{.ClusterIP}} + selector: + dns.operator.openshift.io/daemonset-dns: default metadata: annotations: service.beta.openshift.io/serving-cert-secret-name: dns-default-metrics-tls - labels: - dns.operator.openshift.io/owning-dns: default name: dns-default namespace: openshift-dns -spec: - clusterIP: {{.ClusterIP}} - selector: - dns.operator.openshift.io/daemonset-dns: default - ports: - - name: dns - port: 53 - targetPort: dns - protocol: UDP - - name: dns-tcp - port: 53 - targetPort: dns-tcp - protocol: TCP - - name: metrics - port: 9154 - targetPort: metrics - protocol: TCP - # TODO: Uncomment when service topology feature gate is enabled. - #topologyKeys: - # - "kubernetes.io/hostname" - # - "*" diff --git a/pkg/assets/bindata.go b/pkg/assets/bindata.go index 2ee595538d..1e27beccb9 100644 --- a/pkg/assets/bindata.go +++ b/pkg/assets/bindata.go @@ -141,7 +141,7 @@ func (fi bindataFileInfo) Sys() interface{} { return nil } -var _assetsBindata_timestampTxt = []byte(`1658914160 +var _assetsBindata_timestampTxt = []byte(`1654679854 `) func assetsBindata_timestampTxtBytes() ([]byte, error) { @@ -154,7 +154,7 @@ func assetsBindata_timestampTxt() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/bindata_timestamp.txt", size: 11, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/bindata_timestamp.txt", size: 11, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -191,7 +191,7 @@ func assetsComponentsKubeApiserverConfigOverridesYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/kube-apiserver/config-overrides.yaml", size: 988, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/kube-apiserver/config-overrides.yaml", size: 988, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -387,7 +387,7 @@ func assetsComponentsKubeApiserverDefaultconfigYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/kube-apiserver/defaultconfig.yaml", size: 6252, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/kube-apiserver/defaultconfig.yaml", size: 6252, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -415,7 +415,7 @@ func assetsComponentsOdfLvmCsiDriverYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/csi-driver.yaml", size: 247, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/csi-driver.yaml", size: 247, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -574,7 +574,7 @@ func assetsComponentsOdfLvmTopolvmController_deploymentYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-controller_deployment.yaml", size: 4161, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-controller_deployment.yaml", size: 4161, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -647,7 +647,7 @@ func assetsComponentsOdfLvmTopolvmController_rbacAuthorizationK8sIo_v1_clusterro return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-controller_rbac.authorization.k8s.io_v1_clusterrole.yaml", size: 698, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-controller_rbac.authorization.k8s.io_v1_clusterrole.yaml", size: 698, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -676,7 +676,7 @@ func assetsComponentsOdfLvmTopolvmController_rbacAuthorizationK8sIo_v1_clusterro return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-controller_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml", size: 288, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-controller_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml", size: 288, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -709,7 +709,7 @@ func assetsComponentsOdfLvmTopolvmController_rbacAuthorizationK8sIo_v1_roleYaml( return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-controller_rbac.authorization.k8s.io_v1_role.yaml", size: 281, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-controller_rbac.authorization.k8s.io_v1_role.yaml", size: 281, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -738,7 +738,7 @@ func assetsComponentsOdfLvmTopolvmController_rbacAuthorizationK8sIo_v1_rolebindi return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-controller_rbac.authorization.k8s.io_v1_rolebinding.yaml", size: 310, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-controller_rbac.authorization.k8s.io_v1_rolebinding.yaml", size: 310, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -759,7 +759,7 @@ func assetsComponentsOdfLvmTopolvmController_v1_serviceaccountYaml() (*asset, er return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-controller_v1_serviceaccount.yaml", size: 103, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-controller_v1_serviceaccount.yaml", size: 103, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -856,7 +856,7 @@ func assetsComponentsOdfLvmTopolvmCsiProvisioner_rbacAuthorizationK8sIo_v1_clust return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-provisioner_rbac.authorization.k8s.io_v1_clusterrole.yaml", size: 1015, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-provisioner_rbac.authorization.k8s.io_v1_clusterrole.yaml", size: 1015, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -885,7 +885,7 @@ func assetsComponentsOdfLvmTopolvmCsiProvisioner_rbacAuthorizationK8sIo_v1_clust return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-provisioner_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml", size: 298, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-provisioner_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml", size: 298, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -943,7 +943,7 @@ func assetsComponentsOdfLvmTopolvmCsiProvisioner_rbacAuthorizationK8sIo_v1_roleY return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-provisioner_rbac.authorization.k8s.io_v1_role.yaml", size: 538, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-provisioner_rbac.authorization.k8s.io_v1_role.yaml", size: 538, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -973,7 +973,7 @@ func assetsComponentsOdfLvmTopolvmCsiProvisioner_rbacAuthorizationK8sIo_v1_roleb return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-provisioner_rbac.authorization.k8s.io_v1_rolebinding.yaml", size: 315, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-provisioner_rbac.authorization.k8s.io_v1_rolebinding.yaml", size: 315, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1036,7 +1036,7 @@ func assetsComponentsOdfLvmTopolvmCsiResizer_rbacAuthorizationK8sIo_v1_clusterro return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-resizer_rbac.authorization.k8s.io_v1_clusterrole.yaml", size: 569, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-resizer_rbac.authorization.k8s.io_v1_clusterrole.yaml", size: 569, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1065,7 +1065,7 @@ func assetsComponentsOdfLvmTopolvmCsiResizer_rbacAuthorizationK8sIo_v1_clusterro return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-resizer_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml", size: 290, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-resizer_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml", size: 290, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1099,7 +1099,7 @@ func assetsComponentsOdfLvmTopolvmCsiResizer_rbacAuthorizationK8sIo_v1_roleYaml( return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-resizer_rbac.authorization.k8s.io_v1_role.yaml", size: 258, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-resizer_rbac.authorization.k8s.io_v1_role.yaml", size: 258, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1129,7 +1129,7 @@ func assetsComponentsOdfLvmTopolvmCsiResizer_rbacAuthorizationK8sIo_v1_rolebindi return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-resizer_rbac.authorization.k8s.io_v1_rolebinding.yaml", size: 307, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-csi-resizer_rbac.authorization.k8s.io_v1_rolebinding.yaml", size: 307, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1160,7 +1160,7 @@ func assetsComponentsOdfLvmTopolvmLvmdConfig_configmap_v1Yaml() (*asset, error) return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-lvmd-config_configmap_v1.yaml", size: 299, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-lvmd-config_configmap_v1.yaml", size: 299, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1190,7 +1190,7 @@ func assetsComponentsOdfLvmTopolvmNodeScc_rbacAuthorizationK8sIo_v1_clusterroleY return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-node-scc_rbac.authorization.k8s.io_v1_clusterrole.yaml", size: 235, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-node-scc_rbac.authorization.k8s.io_v1_clusterrole.yaml", size: 235, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1219,7 +1219,7 @@ func assetsComponentsOdfLvmTopolvmNodeScc_rbacAuthorizationK8sIo_v1_clusterroleb return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-node-scc_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml", size: 278, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-node-scc_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml", size: 278, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1268,7 +1268,7 @@ func assetsComponentsOdfLvmTopolvmNodeSecuritycontextconstraintYaml() (*asset, e return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-node-securitycontextconstraint.yaml", size: 642, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-node-securitycontextconstraint.yaml", size: 642, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1456,7 +1456,7 @@ func assetsComponentsOdfLvmTopolvmNode_daemonsetYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-node_daemonset.yaml", size: 5212, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-node_daemonset.yaml", size: 5212, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1509,7 +1509,7 @@ func assetsComponentsOdfLvmTopolvmNode_rbacAuthorizationK8sIo_v1_clusterroleYaml return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-node_rbac.authorization.k8s.io_v1_clusterrole.yaml", size: 466, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-node_rbac.authorization.k8s.io_v1_clusterrole.yaml", size: 466, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1538,7 +1538,7 @@ func assetsComponentsOdfLvmTopolvmNode_rbacAuthorizationK8sIo_v1_clusterrolebind return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-node_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml", size: 270, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-node_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml", size: 270, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1561,7 +1561,7 @@ func assetsComponentsOdfLvmTopolvmNode_v1_serviceaccountYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-node_v1_serviceaccount.yaml", size: 99, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-node_v1_serviceaccount.yaml", size: 99, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1585,7 +1585,7 @@ func assetsComponentsOdfLvmTopolvmOpenshiftStorage_namespaceYaml() (*asset, erro return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-openshift-storage_namespace.yaml", size: 165, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm-openshift-storage_namespace.yaml", size: 165, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1685,7 +1685,7 @@ func assetsComponentsOdfLvmTopolvmCybozuCom_logicalvolumesYaml() (*asset, error) return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm.cybozu.com_logicalvolumes.yaml", size: 3096, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm.cybozu.com_logicalvolumes.yaml", size: 3096, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1715,7 +1715,7 @@ func assetsComponentsOdfLvmTopolvm_defaultStorageClassYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm_default-storage-class.yaml", size: 334, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/odf-lvm/topolvm_default-storage-class.yaml", size: 334, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1743,7 +1743,7 @@ func assetsComponentsOpenshiftDnsDnsClusterRoleBindingYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-dns/dns/cluster-role-binding.yaml", size: 223, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-dns/dns/cluster-role-binding.yaml", size: 223, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1797,7 +1797,7 @@ func assetsComponentsOpenshiftDnsDnsClusterRoleYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-dns/dns/cluster-role.yaml", size: 492, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-dns/dns/cluster-role.yaml", size: 492, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1843,109 +1843,101 @@ func assetsComponentsOpenshiftDnsDnsConfigmapYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-dns/dns/configmap.yaml", size: 610, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-dns/dns/configmap.yaml", size: 610, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } var _assetsComponentsOpenshiftDnsDnsDaemonsetYaml = []byte(`kind: DaemonSet apiVersion: apps/v1 -metadata: - labels: - dns.operator.openshift.io/owning-dns: default - name: dns-default - namespace: openshift-dns spec: - selector: - matchLabels: - dns.operator.openshift.io/daemonset-dns: default template: metadata: - labels: - dns.operator.openshift.io/daemonset-dns: default annotations: target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' + labels: + dns.operator.openshift.io/daemonset-dns: default spec: serviceAccountName: dns priorityClassName: system-node-critical containers: - - name: dns - image: {{ .ReleaseImage.coredns }} - imagePullPolicy: IfNotPresent - terminationMessagePolicy: FallbackToLogsOnError - command: [ "coredns" ] - args: [ "-conf", "/etc/coredns/Corefile" ] - volumeMounts: - - name: config-volume - mountPath: /etc/coredns - readOnly: true - ports: - - containerPort: 5353 - name: dns - protocol: UDP - - containerPort: 5353 - name: dns-tcp - protocol: TCP - readinessProbe: - httpGet: - path: /ready - port: 8181 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 3 - successThreshold: 1 - failureThreshold: 3 - timeoutSeconds: 3 - livenessProbe: - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - resources: - requests: - cpu: 50m - memory: 70Mi - - name: kube-rbac-proxy - image: {{ .ReleaseImage.kube_rbac_proxy }} - imagePullPolicy: IfNotPresent - args: - - --secure-listen-address=:9154 - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - - --upstream=http://127.0.0.1:9153/ - - --tls-cert-file=/etc/tls/private/tls.crt - - --tls-private-key-file=/etc/tls/private/tls.key - ports: - - containerPort: 9154 - name: metrics - resources: - requests: - cpu: 10m - memory: 40Mi - volumeMounts: - - mountPath: /etc/tls/private - name: metrics-tls - readOnly: true + - name: dns + imagePullPolicy: IfNotPresent + terminationMessagePolicy: FallbackToLogsOnError + command: ["coredns"] + args: ["-conf", "/etc/coredns/Corefile"] + volumeMounts: + - name: config-volume + mountPath: /etc/coredns + readOnly: true + ports: + - containerPort: 5353 + name: dns + protocol: UDP + - containerPort: 5353 + name: dns-tcp + protocol: TCP + readinessProbe: + httpGet: + path: /ready + port: 8181 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + timeoutSeconds: 3 + livenessProbe: + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + resources: + requests: + cpu: 50m + memory: 70Mi + image: {{ .ReleaseImage.coredns }} + - name: kube-rbac-proxy + args: + - --logtostderr + - --secure-listen-address=:9154 + - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + - --upstream=http://127.0.0.1:9153/ + - --tls-cert-file=/etc/tls/private/tls.crt + - --tls-private-key-file=/etc/tls/private/tls.key + ports: + - containerPort: 9154 + name: metrics + resources: + requests: + cpu: 10m + memory: 40Mi + volumeMounts: + - mountPath: /etc/tls/private + name: metrics-tls + readOnly: true + image: {{ .ReleaseImage.kube_rbac_proxy }} + imagePullPolicy: IfNotPresent dnsPolicy: Default - nodeSelector: - kubernetes.io/os: linux volumes: - - name: config-volume - configMap: - items: - - key: Corefile - path: Corefile - name: dns-default - - name: metrics-tls - secret: - defaultMode: 420 - secretName: dns-default-metrics-tls + - name: config-volume + configMap: + items: + - key: Corefile + path: Corefile + name: dns-default + - name: metrics-tls + secret: + defaultMode: 420 + secretName: dns-default-metrics-tls + nodeSelector: + kubernetes.io/os: linux tolerations: - # DNS needs to run everywhere. Tolerate all taints - - operator: Exists + - operator: Exists updateStrategy: type: RollingUpdate rollingUpdate: @@ -1954,6 +1946,12 @@ spec: # Note: The daemon controller rounds the percentage up # (unlike the deployment controller, which rounds down). maxUnavailable: 10% + selector: + matchLabels: + dns.operator.openshift.io/daemonset-dns: default +metadata: + name: dns-default + namespace: openshift-dns `) func assetsComponentsOpenshiftDnsDnsDaemonsetYamlBytes() ([]byte, error) { @@ -1966,7 +1964,7 @@ func assetsComponentsOpenshiftDnsDnsDaemonsetYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-dns/dns/daemonset.yaml", size: 3217, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-dns/dns/daemonset.yaml", size: 3302, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -1983,7 +1981,11 @@ metadata: openshift.io/run-level: "0" # allow openshift-monitoring to look for ServiceMonitor objects in this namespace openshift.io/cluster-monitoring: "true" - + # allow node-resolver daemonset to pass baseline pod security admission. + # It uses host networking, host path volumes, and is a privileged. + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/warn: privileged `) func assetsComponentsOpenshiftDnsDnsNamespaceYamlBytes() ([]byte, error) { @@ -1996,7 +1998,7 @@ func assetsComponentsOpenshiftDnsDnsNamespaceYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-dns/dns/namespace.yaml", size: 422, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-dns/dns/namespace.yaml", size: 713, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2018,41 +2020,35 @@ func assetsComponentsOpenshiftDnsDnsServiceAccountYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-dns/dns/service-account.yaml", size: 85, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-dns/dns/service-account.yaml", size: 85, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } var _assetsComponentsOpenshiftDnsDnsServiceYaml = []byte(`kind: Service apiVersion: v1 +spec: + ports: + - name: dns + port: 53 + targetPort: dns + protocol: UDP + - name: dns-tcp + port: 53 + targetPort: dns-tcp + protocol: TCP + - name: metrics + port: 9154 + targetPort: metrics + protocol: TCP + clusterIP: {{.ClusterIP}} + selector: + dns.operator.openshift.io/daemonset-dns: default metadata: annotations: service.beta.openshift.io/serving-cert-secret-name: dns-default-metrics-tls - labels: - dns.operator.openshift.io/owning-dns: default name: dns-default namespace: openshift-dns -spec: - clusterIP: {{.ClusterIP}} - selector: - dns.operator.openshift.io/daemonset-dns: default - ports: - - name: dns - port: 53 - targetPort: dns - protocol: UDP - - name: dns-tcp - port: 53 - targetPort: dns-tcp - protocol: TCP - - name: metrics - port: 9154 - targetPort: metrics - protocol: TCP - # TODO: Uncomment when service topology feature gate is enabled. - #topologyKeys: - # - "kubernetes.io/hostname" - # - "*" `) func assetsComponentsOpenshiftDnsDnsServiceYamlBytes() ([]byte, error) { @@ -2065,7 +2061,7 @@ func assetsComponentsOpenshiftDnsDnsServiceYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-dns/dns/service.yaml", size: 691, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-dns/dns/service.yaml", size: 526, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2209,7 +2205,7 @@ func assetsComponentsOpenshiftDnsNodeResolverDaemonsetYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-dns/node-resolver/daemonset.yaml", size: 4823, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-dns/node-resolver/daemonset.yaml", size: 4823, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2231,7 +2227,7 @@ func assetsComponentsOpenshiftDnsNodeResolverServiceAccountYaml() (*asset, error return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-dns/node-resolver/service-account.yaml", size: 95, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-dns/node-resolver/service-account.yaml", size: 95, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2261,7 +2257,7 @@ func assetsComponentsOpenshiftRouterClusterRoleBindingYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-router/cluster-role-binding.yaml", size: 329, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-router/cluster-role-binding.yaml", size: 329, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2339,7 +2335,7 @@ func assetsComponentsOpenshiftRouterClusterRoleYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-router/cluster-role.yaml", size: 883, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-router/cluster-role.yaml", size: 883, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2363,7 +2359,7 @@ func assetsComponentsOpenshiftRouterConfigmapYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-router/configmap.yaml", size: 168, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-router/configmap.yaml", size: 168, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2520,7 +2516,7 @@ func assetsComponentsOpenshiftRouterDeploymentYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-router/deployment.yaml", size: 4746, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-router/deployment.yaml", size: 4746, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2592,7 +2588,7 @@ func assetsComponentsOpenshiftRouterIngressToRouteControllerClusterroleYaml() (* return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-router/ingress-to-route-controller-clusterrole.yaml", size: 764, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-router/ingress-to-route-controller-clusterrole.yaml", size: 764, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2620,7 +2616,7 @@ func assetsComponentsOpenshiftRouterIngressToRouteControllerClusterrolebindingYa return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-router/ingress-to-route-controller-clusterrolebinding.yaml", size: 367, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-router/ingress-to-route-controller-clusterrolebinding.yaml", size: 367, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2651,7 +2647,7 @@ func assetsComponentsOpenshiftRouterNamespaceYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-router/namespace.yaml", size: 503, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-router/namespace.yaml", size: 503, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2675,7 +2671,7 @@ func assetsComponentsOpenshiftRouterServiceAccountYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-router/service-account.yaml", size: 213, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-router/service-account.yaml", size: 213, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2712,7 +2708,7 @@ func assetsComponentsOpenshiftRouterServiceCloudYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-router/service-cloud.yaml", size: 523, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-router/service-cloud.yaml", size: 523, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2757,7 +2753,7 @@ func assetsComponentsOpenshiftRouterServiceInternalYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/openshift-router/service-internal.yaml", size: 727, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/openshift-router/service-internal.yaml", size: 727, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -2959,7 +2955,7 @@ func assetsComponentsOvnClusterroleYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/ovn/clusterrole.yaml", size: 2771, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/ovn/clusterrole.yaml", size: 2771, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -3003,7 +2999,7 @@ func assetsComponentsOvnClusterrolebindingYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/ovn/clusterrolebinding.yaml", size: 663, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/ovn/clusterrolebinding.yaml", size: 663, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -3056,7 +3052,7 @@ func assetsComponentsOvnConfigmapYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/ovn/configmap.yaml", size: 848, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/ovn/configmap.yaml", size: 848, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -3562,7 +3558,7 @@ func assetsComponentsOvnMasterDaemonsetYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/ovn/master/daemonset.yaml", size: 15843, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/ovn/master/daemonset.yaml", size: 15843, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -3585,7 +3581,7 @@ func assetsComponentsOvnMasterServiceaccountYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/ovn/master/serviceaccount.yaml", size: 122, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/ovn/master/serviceaccount.yaml", size: 122, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -3617,7 +3613,7 @@ func assetsComponentsOvnNamespaceYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/ovn/namespace.yaml", size: 542, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/ovn/namespace.yaml", size: 542, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -3763,7 +3759,7 @@ func assetsComponentsOvnNodeDaemonsetYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/ovn/node/daemonset.yaml", size: 3968, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/ovn/node/daemonset.yaml", size: 3968, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -3786,7 +3782,7 @@ func assetsComponentsOvnNodeServiceaccountYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/ovn/node/serviceaccount.yaml", size: 116, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/ovn/node/serviceaccount.yaml", size: 116, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -3840,7 +3836,7 @@ func assetsComponentsOvnRoleYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/ovn/role.yaml", size: 615, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/ovn/role.yaml", size: 615, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -3886,7 +3882,7 @@ func assetsComponentsOvnRolebindingYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/ovn/rolebinding.yaml", size: 699, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/ovn/rolebinding.yaml", size: 699, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -3975,7 +3971,7 @@ func assetsComponentsServiceCaClusterroleYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/service-ca/clusterrole.yaml", size: 970, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/service-ca/clusterrole.yaml", size: 970, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4003,7 +3999,7 @@ func assetsComponentsServiceCaClusterrolebindingYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/service-ca/clusterrolebinding.yaml", size: 285, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/service-ca/clusterrolebinding.yaml", size: 285, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4086,7 +4082,7 @@ func assetsComponentsServiceCaDeploymentYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/service-ca/deployment.yaml", size: 1877, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/service-ca/deployment.yaml", size: 1877, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4110,7 +4106,7 @@ func assetsComponentsServiceCaNsYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/service-ca/ns.yaml", size: 168, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/service-ca/ns.yaml", size: 168, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4174,7 +4170,7 @@ func assetsComponentsServiceCaRoleYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/service-ca/role.yaml", size: 635, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/service-ca/role.yaml", size: 635, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4203,7 +4199,7 @@ func assetsComponentsServiceCaRolebindingYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/service-ca/rolebinding.yaml", size: 305, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/service-ca/rolebinding.yaml", size: 305, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4225,7 +4221,7 @@ func assetsComponentsServiceCaSaYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/service-ca/sa.yaml", size: 99, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/service-ca/sa.yaml", size: 99, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4249,7 +4245,7 @@ func assetsComponentsServiceCaSigningCabundleYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/service-ca/signing-cabundle.yaml", size: 123, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/service-ca/signing-cabundle.yaml", size: 123, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4275,7 +4271,7 @@ func assetsComponentsServiceCaSigningSecretYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/components/service-ca/signing-secret.yaml", size: 144, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/components/service-ca/signing-secret.yaml", size: 144, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4301,7 +4297,7 @@ func assetsCore0000_50_clusterOpenshiftControllerManager_00_namespaceYaml() (*as return nil, err } - info := bindataFileInfo{name: "assets/core/0000_50_cluster-openshift-controller-manager_00_namespace.yaml", size: 254, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/core/0000_50_cluster-openshift-controller-manager_00_namespace.yaml", size: 254, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4355,7 +4351,7 @@ func assetsCoreCsr_approver_clusterroleYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/core/csr_approver_clusterrole.yaml", size: 737, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/core/csr_approver_clusterrole.yaml", size: 737, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4385,7 +4381,7 @@ func assetsCoreCsr_approver_clusterrolebindingYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/core/csr_approver_clusterrolebinding.yaml", size: 457, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/core/csr_approver_clusterrolebinding.yaml", size: 457, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4408,7 +4404,7 @@ func assetsCoreNamespaceOpenshiftInfraYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/core/namespace-openshift-infra.yaml", size: 128, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/core/namespace-openshift-infra.yaml", size: 128, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4438,7 +4434,7 @@ func assetsCoreNamespaceOpenshiftKubeControllerManagerYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/core/namespace-openshift-kube-controller-manager.yaml", size: 415, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/core/namespace-openshift-kube-controller-manager.yaml", size: 415, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4490,7 +4486,7 @@ func assetsCoreNamespaceSecurityAllocationControllerClusterroleYaml() (*asset, e return nil, err } - info := bindataFileInfo{name: "assets/core/namespace-security-allocation-controller-clusterrole.yaml", size: 587, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/core/namespace-security-allocation-controller-clusterrole.yaml", size: 587, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4521,7 +4517,7 @@ func assetsCoreNamespaceSecurityAllocationControllerClusterrolebindingYaml() (*a return nil, err } - info := bindataFileInfo{name: "assets/core/namespace-security-allocation-controller-clusterrolebinding.yaml", size: 504, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/core/namespace-security-allocation-controller-clusterrolebinding.yaml", size: 504, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -4930,7 +4926,7 @@ func assetsCrd0000_01_routeCrdYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/crd/0000_01_route.crd.yaml", size: 18522, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/crd/0000_01_route.crd.yaml", size: 18522, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -5103,7 +5099,7 @@ func assetsCrd0000_03_authorizationOpenshift_01_rolebindingrestrictionCrdYaml() return nil, err } - info := bindataFileInfo{name: "assets/crd/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml", size: 9898, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/crd/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml", size: 9898, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -5401,7 +5397,7 @@ func assetsCrd0000_03_securityOpenshift_01_sccCrdYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/crd/0000_03_security-openshift_01_scc.crd.yaml", size: 16038, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/crd/0000_03_security-openshift_01_scc.crd.yaml", size: 16038, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -5469,7 +5465,7 @@ func assetsCrd0000_03_securityinternalOpenshift_02_rangeallocationCrdYaml() (*as return nil, err } - info := bindataFileInfo{name: "assets/crd/0000_03_securityinternal-openshift_02_rangeallocation.crd.yaml", size: 2388, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/crd/0000_03_securityinternal-openshift_02_rangeallocation.crd.yaml", size: 2388, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -5495,7 +5491,7 @@ func assetsCrdAuthorizationv1LocalApiserviceYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/crd/authorizationv1-local-apiservice.yaml", size: 211, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/crd/authorizationv1-local-apiservice.yaml", size: 211, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -5521,7 +5517,7 @@ func assetsCrdSecurityv1LocalApiserviceYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/crd/securityv1-local-apiservice.yaml", size: 201, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/crd/securityv1-local-apiservice.yaml", size: 201, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -5580,7 +5576,7 @@ func assetsScc0000_20_kubeApiserverOperator_00_sccAnyuidYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/scc/0000_20_kube-apiserver-operator_00_scc-anyuid.yaml", size: 1048, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/scc/0000_20_kube-apiserver-operator_00_scc-anyuid.yaml", size: 1048, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -5644,7 +5640,7 @@ func assetsScc0000_20_kubeApiserverOperator_00_sccHostaccessYaml() (*asset, erro return nil, err } - info := bindataFileInfo{name: "assets/scc/0000_20_kube-apiserver-operator_00_scc-hostaccess.yaml", size: 1267, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/scc/0000_20_kube-apiserver-operator_00_scc-hostaccess.yaml", size: 1267, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -5708,7 +5704,7 @@ func assetsScc0000_20_kubeApiserverOperator_00_sccHostmountAnyuidYaml() (*asset, return nil, err } - info := bindataFileInfo{name: "assets/scc/0000_20_kube-apiserver-operator_00_scc-hostmount-anyuid.yaml", size: 1298, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/scc/0000_20_kube-apiserver-operator_00_scc-hostmount-anyuid.yaml", size: 1298, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -5770,7 +5766,7 @@ func assetsScc0000_20_kubeApiserverOperator_00_sccHostnetworkYaml() (*asset, err return nil, err } - info := bindataFileInfo{name: "assets/scc/0000_20_kube-apiserver-operator_00_scc-hostnetwork.yaml", size: 1123, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/scc/0000_20_kube-apiserver-operator_00_scc-hostnetwork.yaml", size: 1123, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -5832,7 +5828,7 @@ func assetsScc0000_20_kubeApiserverOperator_00_sccNonrootYaml() (*asset, error) return nil, err } - info := bindataFileInfo{name: "assets/scc/0000_20_kube-apiserver-operator_00_scc-nonroot.yaml", size: 1166, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/scc/0000_20_kube-apiserver-operator_00_scc-nonroot.yaml", size: 1166, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -5896,7 +5892,7 @@ func assetsScc0000_20_kubeApiserverOperator_00_sccPrivilegedYaml() (*asset, erro return nil, err } - info := bindataFileInfo{name: "assets/scc/0000_20_kube-apiserver-operator_00_scc-privileged.yaml", size: 1291, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/scc/0000_20_kube-apiserver-operator_00_scc-privileged.yaml", size: 1291, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -5959,7 +5955,7 @@ func assetsScc0000_20_kubeApiserverOperator_00_sccRestrictedYaml() (*asset, erro return nil, err } - info := bindataFileInfo{name: "assets/scc/0000_20_kube-apiserver-operator_00_scc-restricted.yaml", size: 1213, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/scc/0000_20_kube-apiserver-operator_00_scc-restricted.yaml", size: 1213, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -5986,7 +5982,7 @@ func assetsVersionMicroshiftVersionYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "assets/version/microshift-version.yaml", size: 196, mode: os.FileMode(420), modTime: time.Unix(1658914160, 0)} + info := bindataFileInfo{name: "assets/version/microshift-version.yaml", size: 196, mode: os.FileMode(420), modTime: time.Unix(1654679854, 0)} a := &asset{bytes: bytes, info: info} return a, nil } diff --git a/scripts/rebase.sh b/scripts/rebase.sh index ceac901f35..cd48ef2d4a 100755 --- a/scripts/rebase.sh +++ b/scripts/rebase.sh @@ -431,7 +431,7 @@ update_manifests() { yq -i '.spec.template.spec.tolerations = [{"operator": "Exists"}]' "${REPOROOT}"/assets/components/openshift-dns/dns/daemonset.yaml sed -i '/#.*set at runtime/d' "${REPOROOT}"/assets/components/openshift-dns/dns/daemonset.yaml # Render the node-resolver script into the DaemonSet template - export NODE_RESOLVER_SCRIPT="$(sed 's|^| |' "${REPOROOT}"/assets/components/openshift-dns/node-resolver/update-node-resolver.sh)" + export NODE_RESOLVER_SCRIPT="$(sed 's|^.| &|' "${REPOROOT}"/assets/components/openshift-dns/node-resolver/update-node-resolver.sh)" envsubst < "${REPOROOT}"/assets/components/openshift-dns/node-resolver/daemonset.yaml.tmpl > "${REPOROOT}"/assets/components/openshift-dns/node-resolver/daemonset.yaml # Render the DNS service yq -i '.metadata += {"annotations": {"service.beta.openshift.io/serving-cert-secret-name": "dns-default-metrics-tls"}}' "${REPOROOT}"/assets/components/openshift-dns/dns/service.yaml