diff --git a/controllers/sriovoperatorconfig_controller.go b/controllers/sriovoperatorconfig_controller.go index 92e10075c..a958eb967 100644 --- a/controllers/sriovoperatorconfig_controller.go +++ b/controllers/sriovoperatorconfig_controller.go @@ -80,7 +80,7 @@ func (r *SriovOperatorConfigReconciler) Reconcile(ctx context.Context, req ctrl. if errors.IsNotFound(err) { singleNode, err := utils.IsSingleNodeCluster(r.Client) if err != nil { - return reconcile.Result{}, fmt.Errorf("Couldn't check the anount of nodes in the cluster") + return reconcile.Result{}, fmt.Errorf("Couldn't check the amount of nodes in the cluster") } // Default Config object not found, create it. diff --git a/deploy/clusterrole.yaml b/deploy/clusterrole.yaml index 77869f52c..fcc1e8443 100644 --- a/deploy/clusterrole.yaml +++ b/deploy/clusterrole.yaml @@ -30,6 +30,9 @@ rules: - apiGroups: ["machineconfiguration.openshift.io"] resources: ["*"] verbs: ["*"] +- apiGroups: ["config.openshift.io"] + resources: ["infrastructures"] + verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/deploy/role.yaml b/deploy/role.yaml index 49595a311..6629379cd 100644 --- a/deploy/role.yaml +++ b/deploy/role.yaml @@ -48,6 +48,14 @@ rules: - rolebindings verbs: - '*' +- apiGroups: + - config.openshift.io + resources: + - infrastructures + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/deployment/sriov-network-operator/templates/clusterrole.yaml b/deployment/sriov-network-operator/templates/clusterrole.yaml index 72a3335db..1e918973f 100644 --- a/deployment/sriov-network-operator/templates/clusterrole.yaml +++ b/deployment/sriov-network-operator/templates/clusterrole.yaml @@ -32,6 +32,9 @@ rules: - apiGroups: ["machineconfiguration.openshift.io"] resources: ["*"] verbs: ["*"] + - apiGroups: ["config.openshift.io"] + resources: ["infrastructures"] + verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/deployment/sriov-network-operator/templates/role.yaml b/deployment/sriov-network-operator/templates/role.yaml index 50d537097..35a9d50af 100644 --- a/deployment/sriov-network-operator/templates/role.yaml +++ b/deployment/sriov-network-operator/templates/role.yaml @@ -51,6 +51,14 @@ rules: - rolebindings verbs: - '*' + - apiGroups: + - config.openshift.io + resources: + - infrastructures + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/go.mod b/go.mod index af4977770..dfcce97d5 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,6 @@ module github.com/k8snetworkplumbingwg/sriov-network-operator go 1.16 require ( - cloud.google.com/go v0.58.0 // indirect github.com/Masterminds/sprig/v3 v3.2.2 github.com/blang/semver v3.5.1+incompatible github.com/cenkalti/backoff v2.2.1+incompatible @@ -19,6 +18,7 @@ require ( github.com/k8snetworkplumbingwg/network-attachment-definition-client v0.0.0-20200626054723-37f83d1996bc github.com/onsi/ginkgo v1.14.1 github.com/onsi/gomega v1.10.2 + github.com/openshift/api v0.0.0-20210325163602-e37aaed4c278 github.com/openshift/client-go v0.0.0-20200827190008-3062137373b5 github.com/openshift/machine-config-operator v0.0.1-0.20201023110058-6c8bd9b2915c github.com/pkg/errors v0.9.1 diff --git a/go.sum b/go.sum index 151f82be2..d79e8a1ff 100644 --- a/go.sum +++ b/go.sum @@ -9,28 +9,20 @@ cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6T cloud.google.com/go v0.51.0/go.mod h1:hWtGJ6gnXH+KgDv+V0zFGDvpi07n3z8ZNj3T1RW0Gcw= cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= +cloud.google.com/go v0.54.0 h1:3ithwDMr7/3vpAMXiH+ZQnYbuIsh+OPhUPMFC9enmn0= cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.58.0 h1:vtAfVc723K3xKq1BQydk/FyCldnaNFhGhpJxaJzgRMQ= -cloud.google.com/go v0.58.0/go.mod h1:W+9FnSUw6nhVwXlFcp1eL+krq5+HQUJeUogSeJZZiWg= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/14rcole/gopopulate v0.0.0-20180821133914-b175b219e774/go.mod h1:6/0dYRLLXyJjbkIPeeGyoJ/eKOSI0eU6eTlCBYibgd0= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= @@ -351,14 +343,12 @@ github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= @@ -401,7 +391,6 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -414,8 +403,6 @@ github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OI github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200507031123-427632fa3b1c/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -625,10 +612,12 @@ github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.m github.com/opencontainers/selinux v1.5.2/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= github.com/openshift/api v0.0.0-20200326160804-ecb9283fe820/go.mod h1:RKMJ5CBnljLfnej+BJ/xnOWc3kZDvJUaIAEq2oKSPtE= github.com/openshift/api v0.0.0-20200827090112-c05698d102cf/go.mod h1:M3xexPhgM8DISzzRpuFUy+jfPjQPIcs9yqEYj17mXV8= -github.com/openshift/api v0.0.0-20200829102639-8a3a835f1acf h1:KP/v5AGCaq1Sbe6QrlFGZM1fHBswiHuniMTC4/hgbVw= github.com/openshift/api v0.0.0-20200829102639-8a3a835f1acf/go.mod h1:M3xexPhgM8DISzzRpuFUy+jfPjQPIcs9yqEYj17mXV8= +github.com/openshift/api v0.0.0-20210325163602-e37aaed4c278 h1:v36R7Yzq/CvWnYaPM+eh09ffZtmURq0k6gLmyhxOc3c= +github.com/openshift/api v0.0.0-20210325163602-e37aaed4c278/go.mod h1:aqU5Cq+kqKKPbDMqxo9FojgDeSpNJI7iuskjXjtojDg= github.com/openshift/build-machinery-go v0.0.0-20200211121458-5e3d6e570160/go.mod h1:1CkcsT3aVebzRBzVTSbiKSkJMsC/CASqxesfqEMfJEc= github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= +github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/client-go v0.0.0-20200827190008-3062137373b5 h1:E6WhVL5p3rfjtc+o+jVG/29Aclnf3XIF7akxXvadwR0= github.com/openshift/client-go v0.0.0-20200827190008-3062137373b5/go.mod h1:5rGmrkQ8DJEUXA+AR3rEjfH+HFyg4/apY9iCQFgvPfE= github.com/openshift/library-go v0.0.0-20191003152030-97c62d8a2901/go.mod h1:NBttNjZpWwup/nthuLbPAPSYC8Qyo+BBK5bCtFoyYjo= @@ -786,7 +775,6 @@ github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQ github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1/go.mod h1:QcJo0QPSfTONNIgpN5RA8prR7fF8nkF6cTWTcNerRO8= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= @@ -905,11 +893,7 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= @@ -972,12 +956,7 @@ golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1052,15 +1031,8 @@ golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200606014950-c42cb6316fb6/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200616133436-c1934b75d054 h1:HHeAlu5H9b71C+Fx0K+1dGgVFN1DM1/wz4aoGOA5qS8= golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1079,11 +1051,7 @@ google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsb google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.26.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1108,15 +1076,8 @@ google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvx google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200608115520-7c474a2e3482/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a h1:pOwg4OoaRYScjmR4LlLgdtnyoHYTSAVhhqe5uPdpII8= google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -1130,10 +1091,8 @@ google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQ google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.28.1 h1:C1QC6KzgSiLyBabDi87BbjaGreoRgGUF5nOyvfrAZ1k= google.golang.org/grpc v1.28.1/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1 h1:EC2SB8S04d2r73uptxphDSUG+kTKVgjRPF+N3xpxRB4= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1188,15 +1147,15 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +honnef.co/go/tools v0.0.1-2020.1.3 h1:sXmLre5bzIR6ypkjXCDI3jHPssRhc8KD/Ome589sc3U= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4 h1:UoveltGrhghAA7ePc+e+QYDHXrBps2PqFZiHkGR/xK8= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= howett.net/plist v0.0.0-20181124034731-591f970eefbb h1:jhnBjNi9UFpfpl8YZhA9CrOqpnJdvzuiHsl/dnxl11M= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= k8s.io/api v0.18.0/go.mod h1:q2HRQkfDzHMBZL9l/y9rH63PkQl4vae0xRT+8prbrK8= k8s.io/api v0.18.1/go.mod h1:3My4jorQWzSs5a+l7Ge6JBbIxChLnY8HnuT58ZWolss= k8s.io/api v0.18.3/go.mod h1:UOaMwERbqJMfeeeHc8XJKawj4P9TgDRnViIqqBeH2QA= k8s.io/api v0.19.0/go.mod h1:I1K45XlvTrDjmj5LoM5LuP/KYrhWbjUKT/SoPG0qTjw= +k8s.io/api v0.20.0/go.mod h1:HyLC5l5eoS/ygQYl1BXBgFzWNlkHiAuyNAbevIn+FKg= k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.20.2 h1:y/HR22XDZY3pniu9hIFDLpUCPq2w5eQ6aV/VFQ7uJMw= k8s.io/api v0.20.2/go.mod h1:d7n6Ehyzx+S+cE3VhTGfVNNqtGc/oL9DCdYYahlurV8= @@ -1207,6 +1166,7 @@ k8s.io/apimachinery v0.18.0/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftc k8s.io/apimachinery v0.18.1/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= k8s.io/apimachinery v0.18.3/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= k8s.io/apimachinery v0.19.0/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= +k8s.io/apimachinery v0.20.0/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.2 h1:hFx6Sbt1oG0n6DZ+g4bFt5f6BoMkOjKWsQFu077M3Vg= k8s.io/apimachinery v0.20.2/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= @@ -1223,6 +1183,7 @@ k8s.io/client-go v0.20.2/go.mod h1:kH5brqWqp7HDxUFKoEgiI4v8G1xzbe9giaCenUWJzgE= k8s.io/code-generator v0.18.0/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc= k8s.io/code-generator v0.18.3/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c= k8s.io/code-generator v0.19.0/go.mod h1:moqLn7w0t9cMs4+5CQyxnfA/HV8MF6aAVENF+WZZhgk= +k8s.io/code-generator v0.20.0/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg= k8s.io/code-generator v0.20.1/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg= k8s.io/code-generator v0.20.2 h1:SQaysped4EtUDk3u1zphnUJiOAwFdhHx9xS3WKAE0x8= k8s.io/code-generator v0.20.2/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg= diff --git a/main.go b/main.go index 3050cf95e..cf8f6a8a8 100644 --- a/main.go +++ b/main.go @@ -36,7 +36,6 @@ import ( "k8s.io/client-go/kubernetes" clientgoscheme "k8s.io/client-go/kubernetes/scheme" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" - "k8s.io/client-go/rest" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/healthz" @@ -44,6 +43,7 @@ import ( sriovnetworkv1 "github.com/k8snetworkplumbingwg/sriov-network-operator/api/v1" "github.com/k8snetworkplumbingwg/sriov-network-operator/controllers" + "github.com/k8snetworkplumbingwg/sriov-network-operator/pkg/leaderelection" "github.com/k8snetworkplumbingwg/sriov-network-operator/pkg/utils" //+kubebuilder:scaffold:imports ) @@ -77,14 +77,26 @@ func main() { opts.BindFlags(flag.CommandLine) flag.Parse() + restConfig := ctrl.GetConfigOrDie() + kubeClient, err := client.New(restConfig, client.Options{Scheme: scheme}) + if err != nil { + setupLog.Error(err, "couldn't create client") + os.Exit(1) + } + + le := leaderelection.GetLeaderElectionConfig(kubeClient, enableLeaderElection) + ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) namespace := os.Getenv("NAMESPACE") - mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ + mgr, err := ctrl.NewManager(restConfig, ctrl.Options{ Scheme: scheme, MetricsBindAddress: metricsAddr, Port: 9443, HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, + LeaseDuration: &le.LeaseDuration, + RenewDeadline: &le.RenewDeadline, + RetryPeriod: &le.RetryPeriod, LeaderElectionID: "a56def2a.openshift.io", Namespace: namespace, }) @@ -92,7 +104,7 @@ func main() { setupLog.Error(err, "unable to start manager") os.Exit(1) } - mgrGlobal, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ + mgrGlobal, err := ctrl.NewManager(restConfig, ctrl.Options{ Scheme: scheme, MetricsBindAddress: "0", }) @@ -144,14 +156,14 @@ func main() { // +kubebuilder:scaffold:builder // Create a default SriovNetworkNodePolicy - err = createDefaultPolicy(ctrl.GetConfigOrDie()) + err = createDefaultPolicy(kubeClient) if err != nil { setupLog.Error(err, "unable to create default SriovNetworkNodePolicy") os.Exit(1) } // Create default SriovOperatorConfig - err = createDefaultOperatorConfig(ctrl.GetConfigOrDie()) + err = createDefaultOperatorConfig(kubeClient) if err != nil { setupLog.Error(err, "unable to create default SriovOperatorConfig") os.Exit(1) @@ -194,12 +206,8 @@ func initNicIdMap() error { return nil } -func createDefaultPolicy(cfg *rest.Config) error { +func createDefaultPolicy(c client.Client) error { logger := setupLog.WithName("createDefaultPolicy") - c, err := client.New(cfg, client.Options{Scheme: scheme}) - if err != nil { - return fmt.Errorf("Couldn't create client: %v", err) - } policy := &sriovnetworkv1.SriovNetworkNodePolicy{ Spec: sriovnetworkv1.SriovNetworkNodePolicySpec{ NumVfs: 0, @@ -209,7 +217,7 @@ func createDefaultPolicy(cfg *rest.Config) error { } name := "default" namespace := os.Getenv("NAMESPACE") - err = c.Get(context.TODO(), types.NamespacedName{Name: name, Namespace: namespace}, policy) + err := c.Get(context.TODO(), types.NamespacedName{Name: name, Namespace: namespace}, policy) if err != nil { if errors.IsNotFound(err) { logger.Info("Create a default SriovNetworkNodePolicy") @@ -226,16 +234,11 @@ func createDefaultPolicy(cfg *rest.Config) error { return nil } -func createDefaultOperatorConfig(cfg *rest.Config) error { +func createDefaultOperatorConfig(c client.Client) error { logger := setupLog.WithName("createDefaultOperatorConfig") - c, err := client.New(cfg, client.Options{Scheme: scheme}) - if err != nil { - return fmt.Errorf("Couldn't create client: %v", err) - } - singleNode, err := utils.IsSingleNodeCluster(c) if err != nil { - return fmt.Errorf("Couldn't check the anount of nodes in the cluster") + return fmt.Errorf("Couldn't check the amount of nodes in the cluster") } enableAdmissionController := os.Getenv("ENABLE_ADMISSION_CONTROLLER") == "true" diff --git a/pkg/leaderelection/leaderelection.go b/pkg/leaderelection/leaderelection.go new file mode 100644 index 000000000..070719576 --- /dev/null +++ b/pkg/leaderelection/leaderelection.go @@ -0,0 +1,50 @@ +package leaderelection + +import ( + "time" + + "github.com/golang/glog" + "k8s.io/client-go/tools/leaderelection" + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/k8snetworkplumbingwg/sriov-network-operator/pkg/utils" +) + +const ( + // Defaults follow conventions + // https://github.com/openshift/enhancements/blob/master/CONVENTIONS.md#high-availability + // Impl Calculations: https://github.com/openshift/library-go/commit/7e7d216ed91c3119800219c9194e5e57113d059a + defaultLeaseDuration = 137 * time.Second + defaultRenewDeadline = 107 * time.Second + defaultRetryPeriod = 26 * time.Second +) + +func GetLeaderElectionConfig(c client.Client, enabled bool) (defaultConfig leaderelection.LeaderElectionConfig) { + defaultConfig = leaderelection.LeaderElectionConfig{ + LeaseDuration: defaultLeaseDuration, + RenewDeadline: defaultRenewDeadline, + RetryPeriod: defaultRetryPeriod, + } + + if enabled { + isSingleNode, err := utils.IsSingleNodeCluster(c) + if err != nil { + glog.Warningf("unable to get cluster infrastructure status, using HA cluster values for leader election: %v", err) + return + } + if isSingleNode { + return leaderElectionSingleNodeConfig(defaultConfig) + } + } + return +} + +// Default leader election for Single Node environments +// Impl Calculations: +// https://github.com/openshift/library-go/commit/2612981f3019479805ac8448b997266fc07a236a#diff-61dd95c7fd45fa18038e825205fbfab8a803f1970068157608b6b1e9e6c27248R127 +func leaderElectionSingleNodeConfig(config leaderelection.LeaderElectionConfig) leaderelection.LeaderElectionConfig { + config.LeaseDuration = 270 * time.Second + config.RenewDeadline = 240 * time.Second + config.RetryPeriod = 60 * time.Second + return config +} diff --git a/pkg/utils/cluster.go b/pkg/utils/cluster.go index 1421e1e62..72a78e2da 100644 --- a/pkg/utils/cluster.go +++ b/pkg/utils/cluster.go @@ -2,14 +2,30 @@ package utils import ( "context" + "fmt" + "os" "github.com/golang/glog" + configv1 "github.com/openshift/api/config/v1" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" ) +const ( + // default Infrastructure resource name for Openshift + infraResourceName = "cluster" +) + func IsSingleNodeCluster(c client.Client) (bool, error) { + if os.Getenv("CLUSTER_TYPE") == ClusterTypeOpenshift { + return openshiftSingleNodeClusterStatus(c) + } + return k8sSingleNodeClusterStatus(c) +} + +func k8sSingleNodeClusterStatus(c client.Client) (bool, error) { nodeList := &corev1.NodeList{} err := c.List(context.TODO(), nodeList) if err != nil { @@ -21,6 +37,17 @@ func IsSingleNodeCluster(c client.Client) (bool, error) { glog.Infof("IsSingleNodeCluster(): one node found in the cluster") return true, nil } - return false, nil } + +func openshiftSingleNodeClusterStatus(c client.Client) (bool, error) { + infra := &configv1.Infrastructure{} + err := c.Get(context.TODO(), types.NamespacedName{Name: infraResourceName}, infra) + if err != nil { + return false, err + } + if infra == nil { + return false, fmt.Errorf("getting resource Infrastructure (name: %s) succeeded but object was nil", infraResourceName) + } + return infra.Status.ControlPlaneTopology == configv1.SingleReplicaTopologyMode, nil +} diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml index f7767a124..2bf271283 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml @@ -4,6 +4,7 @@ metadata: name: clusteroperators.config.openshift.io annotations: include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: additionalPrinterColumns: - JSONPath: .status.versions[?(@.name=="operator")].version @@ -92,7 +93,9 @@ spec: format: date-time message: description: message provides additional information about the - current condition. This is only to be consumed by humans. + current condition. This is only to be consumed by humans. It + may contain Line Feed characters (U+000A), which should be rendered + as new lines. type: string reason: description: reason is the CamelCase reason for the condition's diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml index b5dc54376..628538d0e 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -4,6 +4,7 @@ metadata: name: clusterversions.config.openshift.io annotations: include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io versions: @@ -218,7 +219,9 @@ spec: format: date-time message: description: message provides additional information about the - current condition. This is only to be consumed by humans. + current condition. This is only to be consumed by humans. It + may contain Line Feed characters (U+000A), which should be rendered + as new lines. type: string reason: description: reason is the CamelCase reason for the condition's diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml index 19994f42c..18e6187e6 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: operatorhubs.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io names: diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml index b6fb1c48c..ddd5d700d 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml @@ -1,102 +1,103 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: proxies.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io scope: Cluster - preserveUnknownFields: false - versions: - - name: v1 - served: true - storage: true names: kind: Proxy listKind: ProxyList plural: proxies singular: proxy - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: Proxy holds cluster-wide information on how to configure default - proxies for the cluster. The canonical name is `cluster` - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds user-settable values for the proxy configuration - type: object - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. Empty - means unset and will not result in an env var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or CIDRs - for which the proxy should not be used. Empty means unset and will - not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used to verify - readiness of the proxy. - type: array - items: + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: Proxy holds cluster-wide information on how to configure default + proxies for the cluster. The canonical name is `cluster` + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds user-settable values for the proxy configuration + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. Empty + means unset and will not result in an env var. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. Empty + means unset and will not result in an env var. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or + CIDRs for which the proxy should not be used. Empty means unset + and will not result in an env var. type: string - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing a CA - certificate bundle. The trustedCA field should only be consumed by - a proxy validator. The validator is responsible for reading the certificate - bundle from the required key \"ca-bundle.crt\", merging it with the - system default trust bundle, and writing the merged trust bundle to - a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" - namespace. Clients that expect to make proxy connections must use - the trusted-ca-bundle for all HTTPS requests to the proxy, and may - use the trusted-ca-bundle for non-proxy HTTPS requests as well. \n - The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". - Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: ConfigMap - metadata: name: user-ca-bundle namespace: openshift-config data: - \ ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom - CA certificate bundle. -----END CERTIFICATE-----" - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map + readinessEndpoints: + description: readinessEndpoints is a list of endpoints used to verify + readiness of the proxy. + type: array + items: type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or CIDRs - for which the proxy should not be used. - type: string + trustedCA: + description: "trustedCA is a reference to a ConfigMap containing a + CA certificate bundle. The trustedCA field should only be consumed + by a proxy validator. The validator is responsible for reading the + certificate bundle from the required key \"ca-bundle.crt\", merging + it with the system default trust bundle, and writing the merged + trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" + namespace. Clients that expect to make proxy connections must use + the trusted-ca-bundle for all HTTPS requests to the proxy, and may + use the trusted-ca-bundle for non-proxy HTTPS requests as well. + \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". + Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: + ConfigMap metadata: name: user-ca-bundle namespace: openshift-config + \ data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom + CA certificate bundle. -----END CERTIFICATE-----" + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or + CIDRs for which the proxy should not be used. + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml index 468ad078d..bd730570c 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: apiservers.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io scope: Cluster diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml index c6de0ac13..b90d578f3 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml @@ -1,123 +1,103 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: authentications.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io + scope: Cluster names: kind: Authentication listKind: AuthenticationList plural: authentications singular: authentication - scope: Cluster - preserveUnknownFields: false - subresources: - status: {} versions: - name: v1 served: true storage: true - "validation": - "openAPIV3Schema": - description: Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an instance - is `cluster`. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: oc - get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" is - used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - serviceAccountIssuer: - description: serviceAccountIssuer is the identifier of the bound service - account token issuer. The default is https://kubernetes.default.svc - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - type: string - webhookTokenAuthenticator: - description: webhookTokenAuthenticator configures a remote token reviewer. - These remote authentication webhooks can be used to verify bearer - tokens via the tokenreviews.authentication.k8s.io REST API. This is - required to honor bearer tokens that are provisioned by an external - authentication service. - type: object - required: - - kubeConfig - properties: - kubeConfig: - description: "kubeConfig references a secret that contains kube - config file data which describes how to access the remote webhook - service. The namespace for the referenced secret is openshift-config. - \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - \n The key \"kubeConfig\" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. If the - specified kube config data is not valid, the webhook is not honored." - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting it has - no effect. - type: array - items: - description: deprecatedWebhookTokenAuthenticator holds the necessary - configuration options for a remote token authenticator. It's the - same as WebhookTokenAuthenticator but it's missing the 'required' - validation on KubeConfig field. + subresources: + status: {} + schema: + openAPIV3Schema: + description: Authentication specifies cluster-wide settings for authentication + (like OAuth and webhook token authenticators). The canonical name of an + instance is `cluster`. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + oauthMetadata: + description: 'oauthMetadata contains the discovery endpoint data for + OAuth 2.0 Authorization Server Metadata for an external OAuth server. + This discovery document can be viewed from its served location: + oc get --raw ''/.well-known/oauth-authorization-server'' For further + details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 + If oauthMetadata.name is non-empty, this value has precedence over + any metadata reference stored in status. The key "oauthMetadata" + is used to locate the data. If specified and the config map or expected + key is not found, no metadata is served. If the specified metadata + is not valid, no metadata is served. The namespace for this config + map is openshift-config.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + serviceAccountIssuer: + description: 'serviceAccountIssuer is the identifier of the bound + service account token issuer. The default is https://kubernetes.default.svc + WARNING: Updating this field will result in the invalidation of + all bound tokens with the previous issuer value. Unless the holder + of a bound token has explicit support for a change in issuer, they + will not request a new bound token until pod restart or until their + existing token exceeds 80% of its duration.' + type: string + type: + description: type identifies the cluster managed, user facing authentication + mode in use. Specifically, it manages the component that responds + to login attempts. The default is IntegratedOAuth. + type: string + webhookTokenAuthenticator: + description: webhookTokenAuthenticator configures a remote token reviewer. + These remote authentication webhooks can be used to verify bearer + tokens via the tokenreviews.authentication.k8s.io REST API. This + is required to honor bearer tokens that are provisioned by an external + authentication service. type: object + required: + - kubeConfig properties: kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. If - the specified kube config data is not valid, the webhook is - not honored. The namespace for this secret is determined by - the point of use.' + description: "kubeConfig references a secret that contains kube + config file data which describes how to access the remote webhook + service. The namespace for the referenced secret is openshift-config. + \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication + \n The key \"kubeConfig\" is used to locate the data. If the + secret or expected key is not found, the webhook is not honored. + If the specified kube config data is not valid, the webhook + is not honored." type: object required: - name @@ -125,29 +105,57 @@ spec: name: description: name is the metadata.name of the referenced secret type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. This - field has no meaning if authentication spec.type is not set to IntegratedOAuth. - The key "oauthMetadata" is used to locate the data. If the config - map or expected key is not found, no metadata is served. If the specified - metadata is not valid, no metadata is served. The namespace for this - config map is openshift-config-managed.' - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string + webhookTokenAuthenticators: + description: webhookTokenAuthenticators is DEPRECATED, setting it + has no effect. + type: array + items: + description: deprecatedWebhookTokenAuthenticator holds the necessary + configuration options for a remote token authenticator. It's the + same as WebhookTokenAuthenticator but it's missing the 'required' + validation on KubeConfig field. + type: object + properties: + kubeConfig: + description: 'kubeConfig contains kube config file data which + describes how to access the remote webhook service. For further + details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication + The key "kubeConfig" is used to locate the data. If the secret + or expected key is not found, the webhook is not honored. + If the specified kube config data is not valid, the webhook + is not honored. The namespace for this secret is determined + by the point of use.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + properties: + integratedOAuthMetadata: + description: 'integratedOAuthMetadata contains the discovery endpoint + data for OAuth 2.0 Authorization Server Metadata for the in-cluster + integrated OAuth server. This discovery document can be viewed from + its served location: oc get --raw ''/.well-known/oauth-authorization-server'' + For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 + This contains the observed value based on cluster state. An explicitly + set value in spec.oauthMetadata has precedence over this field. + This field has no meaning if authentication spec.type is not set + to IntegratedOAuth. The key "oauthMetadata" is used to locate the + data. If the config map or expected key is not found, no metadata + is served. If the specified metadata is not valid, no metadata is + served. The namespace for this config map is openshift-config-managed.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml index 9bd611360..7a71db46a 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: builds.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io scope: Cluster diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml index 4234d732e..69639c1d9 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: consoles.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: scope: Cluster preserveUnknownFields: false diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml index e864cae7a..8e6f86222 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: dnses.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io names: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml index ec458de32..8bba554b4 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml @@ -1,78 +1,78 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: featuregates.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io - version: v1 scope: Cluster - preserveUnknownFields: false names: kind: FeatureGate - singular: featuregate - plural: featuregates listKind: FeatureGateList + plural: featuregates + singular: featuregate versions: - name: v1 served: true storage: true - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: Feature holds cluster-wide information about feature gates. The - canonical name is `cluster` - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - customNoUpgrade: - description: customNoUpgrade allows the enabling or disabling of any - feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, - and PREVENTS UPGRADES. Because of its nature, this setting cannot - be validated. If you have any typos or accidentally apply invalid - combinations your cluster may fail in an unrecoverable way. featureSet - must equal "CustomNoUpgrade" must be set to use this field. - type: object - properties: - disabled: - description: disabled is a list of all feature gates that you want - to force off - type: array - items: - type: string - enabled: - description: enabled is a list of all feature gates that you want - to force on - type: array - items: - type: string - nullable: true - featureSet: - description: featureSet changes the list of features in the cluster. The - default is empty. Be very careful adjusting this setting. Turning - on or off features may cause irreversible changes in your cluster - which cannot be undone. - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object + subresources: + status: {} + schema: + openAPIV3Schema: + description: Feature holds cluster-wide information about feature gates. The + canonical name is `cluster` + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + customNoUpgrade: + description: customNoUpgrade allows the enabling or disabling of any + feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE + UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting + cannot be validated. If you have any typos or accidentally apply + invalid combinations your cluster may fail in an unrecoverable way. featureSet + must equal "CustomNoUpgrade" must be set to use this field. + type: object + properties: + disabled: + description: disabled is a list of all feature gates that you + want to force off + type: array + items: + type: string + enabled: + description: enabled is a list of all feature gates that you want + to force on + type: array + items: + type: string + nullable: true + featureSet: + description: featureSet changes the list of features in the cluster. The + default is empty. Be very careful adjusting this setting. Turning + on or off features may cause irreversible changes in your cluster + which cannot be undone. + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml index 858681c9d..35ed9bf17 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: images.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io scope: Cluster @@ -116,6 +118,19 @@ spec: type: array items: type: string + containerRuntimeSearchRegistries: + description: 'containerRuntimeSearchRegistries are registries that + will be searched when pulling images that do not have fully qualified + domains in their pull specs. Registries will be searched in the + order provided in the list. Note: this search list only works + with the container runtime, i.e CRI-O. Will NOT work with builds + or imagestream imports.' + type: array + format: hostname + minItems: 1 + items: + type: string + x-kubernetes-list-type: set insecureRegistries: description: insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml index 7287300e4..212c1e21f 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml @@ -1,9 +1,11 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: infrastructures.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io names: @@ -12,403 +14,497 @@ spec: plural: infrastructures singular: infrastructure scope: Cluster - preserveUnknownFields: false - subresources: - status: {} versions: - name: v1 served: true storage: true - "validation": - "openAPIV3Schema": - description: Infrastructure holds cluster-wide information about Infrastructure. The - canonical name is `cluster` - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - cloudConfig: - description: "cloudConfig is a reference to a ConfigMap containing the - cloud provider configuration file. This configuration file is used - to configure the Kubernetes cloud provider integration when using - the built-in cloud provider integration or the external cloud controller - manager. The namespace for this config map is openshift-config. \n - cloudConfig should only be consumed by the kube_cloud_config controller. - The controller is responsible for using the user configuration in - the spec for various platforms and combining that with the user provided - ConfigMap in this field to create a stitched kube cloud config. The - controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` - namespace with the kube cloud config is stored in `cloud.conf` key. - All the clients are expected to use the generated ConfigMap only." - type: object - properties: - key: - description: Key allows pointing to a specific key/value inside - of the configmap. This is useful for logical file references. - type: string - name: - type: string - platformSpec: - description: platformSpec holds desired information specific to the - underlying infrastructure provider. - type: object - properties: - aws: - description: AWS contains settings specific to the Amazon Web Services - infrastructure provider. - type: object - properties: - serviceEndpoints: - description: serviceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - type: array - items: - description: AWSServiceEndpoint store the configuration of - a custom url to override existing defaults of AWS Services. - type: object - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - type: string - pattern: ^[a-z0-9-]+$ - url: - description: url is fully qualified URI with scheme https, - that overrides the default generated endpoint for a - client. This must be provided and cannot be empty. - type: string - pattern: ^https:// - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - type: object - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - type: object - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - type: object - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - type: object - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - type: object - type: - description: type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, machine - creation and deletion, and other integrations are enabled. If - None, no infrastructure automation is enabled. Allowed values - are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", - "VSphere", "oVirt", and "None". Individual components may not - support all platforms, and must handle unrecognized platforms - as None if they do not support that platform. - type: string - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - vsphere: - description: VSphere contains settings specific to the VSphere infrastructure - provider. - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme 'https', - address and optionally a port (defaulting to 443). apiServerInternalURL - can be used by components like kubelets, to contact the Kubernetes - API server using the infrastructure provider rather than Kubernetes - networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme 'https', address - and optionally a port (defaulting to 443). apiServerURL can be used - by components like the web console to tell users where to find the - Kubernetes API. - type: string - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch the SRV - records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster with a - human friendly name. Once set it should not be changed. Must be of - max length 27 and must have only alphanumeric or hyphen characters. - type: string - platform: - description: "platform is the underlying infrastructure provider for - the cluster. \n Deprecated: Use platformStatus.type instead." - type: string - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - platformStatus: - description: platformStatus holds status information specific to the - underlying infrastructure provider. - type: object - properties: - aws: - description: AWS contains settings specific to the Amazon Web Services - infrastructure provider. - type: object - properties: - region: - description: region holds the default AWS region for new AWS - resources created by the cluster. - type: string - serviceEndpoints: - description: ServiceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - type: array - items: - description: AWSServiceEndpoint store the configuration of - a custom url to override existing defaults of AWS Services. - type: object - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - type: string - pattern: ^[a-z0-9-]+$ - url: - description: url is fully qualified URI with scheme https, - that overrides the default generated endpoint for a - client. This must be provided and cannot be empty. - type: string - pattern: ^https:// - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - type: object - properties: - cloudName: - description: cloudName is the name of the Azure cloud environment - which can be used to configure the Azure SDK with the appropriate - Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. - type: string - enum: - - "" - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - networkResourceGroupName: - description: networkResourceGroupName is the Resource Group - for network resources like the Virtual Network and Subnets - used by the cluster. If empty, the value is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group for new - Azure resources created for the cluster. - type: string - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components inside - the cluster, like kubelets using the infrastructure rather - than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer in - front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target of - a wildcard DNS record used to resolve default route host names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal DNS - used by the nodes. Unlike the one managed by the DNS operator, - `NodeDNSIP` provides name resolution for the nodes themselves. - There is no DNS-as-a-service for BareMetal deployments. In - order to minimize necessary changes to the datacenter DNS, - a DNS service is hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - type: object - properties: - projectID: - description: resourceGroupName is the Project ID for new GCP - resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources created - for the cluster. - type: string - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - type: object - properties: - location: - description: Location is where the cluster has been deployed - type: string - providerType: - description: ProviderType indicates the type of cluster that - was created - type: string - resourceGroupName: - description: ResourceGroupName is the Resource Group for new - IBMCloud resources created for the cluster. - type: string - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components inside - the cluster, like kubelets using the infrastructure rather - than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer in - front of the API servers. - type: string - cloudName: - description: cloudName is the name of the desired OpenStack - cloud in the client configuration file (`clouds.yaml`). - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target of - a wildcard DNS record used to resolve default route host names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal DNS - used by the nodes. Unlike the one managed by the DNS operator, - `NodeDNSIP` provides name resolution for the nodes themselves. - There is no DNS-as-a-service for OpenStack deployments. In - order to minimize necessary changes to the datacenter DNS, - a DNS service is hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components inside - the cluster, like kubelets using the infrastructure rather - than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer in - front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target of - a wildcard DNS record used to resolve default route host names. - type: string - nodeDNSIP: - description: 'deprecated: as of 4.6, this field is no longer - set or honored. It will be removed in a future release.' - type: string - type: - description: "type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, machine - creation and deletion, and other integrations are enabled. If - None, no infrastructure automation is enabled. Allowed values - are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", - \"VSphere\", \"oVirt\", and \"None\". Individual components may - not support all platforms, and must handle unrecognized platforms - as None if they do not support that platform. \n This value will - be synced with to the `status.platform` and `status.platformStatus.type`. - Currently this value cannot be changed once set." - type: string - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - vsphere: - description: VSphere contains settings specific to the VSphere infrastructure - provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components inside - the cluster, like kubelets using the infrastructure rather - than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer in - front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target of - a wildcard DNS record used to resolve default route host names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal DNS - used by the nodes. Unlike the one managed by the DNS operator, - `NodeDNSIP` provides name resolution for the nodes themselves. - There is no DNS-as-a-service for vSphere deployments. In order - to minimize necessary changes to the datacenter DNS, a DNS - service is hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string + subresources: + status: {} + schema: + openAPIV3Schema: + description: Infrastructure holds cluster-wide information about Infrastructure. The + canonical name is `cluster` + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + cloudConfig: + description: "cloudConfig is a reference to a ConfigMap containing + the cloud provider configuration file. This configuration file is + used to configure the Kubernetes cloud provider integration when + using the built-in cloud provider integration or the external cloud + controller manager. The namespace for this config map is openshift-config. + \n cloudConfig should only be consumed by the kube_cloud_config + controller. The controller is responsible for using the user configuration + in the spec for various platforms and combining that with the user + provided ConfigMap in this field to create a stitched kube cloud + config. The controller generates a ConfigMap `kube-cloud-config` + in `openshift-config-managed` namespace with the kube cloud config + is stored in `cloud.conf` key. All the clients are expected to use + the generated ConfigMap only." + type: object + properties: + key: + description: Key allows pointing to a specific key/value inside + of the configmap. This is useful for logical file references. + type: string + name: + type: string + platformSpec: + description: platformSpec holds desired information specific to the + underlying infrastructure provider. + type: object + properties: + aws: + description: AWS contains settings specific to the Amazon Web + Services infrastructure provider. + type: object + properties: + serviceEndpoints: + description: serviceEndpoints list contains custom endpoints + which will override default service endpoint of AWS Services. + There must be only one ServiceEndpoint for a service. + type: array + items: + description: AWSServiceEndpoint store the configuration + of a custom url to override existing defaults of AWS Services. + type: object + properties: + name: + description: name is the name of the AWS service. The + list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + This must be provided and cannot be empty. + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme + https, that overrides the default generated endpoint + for a client. This must be provided and cannot be + empty. + type: string + pattern: ^https:// + azure: + description: Azure contains settings specific to the Azure infrastructure + provider. + type: object + baremetal: + description: BareMetal contains settings specific to the BareMetal + platform. + type: object + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix + Metal infrastructure provider. + type: object + gcp: + description: GCP contains settings specific to the Google Cloud + Platform infrastructure provider. + type: object + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud + infrastructure provider. + type: object + kubevirt: + description: Kubevirt contains settings specific to the kubevirt + infrastructure provider. + type: object + openstack: + description: OpenStack contains settings specific to the OpenStack + infrastructure provider. + type: object + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure + provider. + type: object + type: + description: type is the underlying infrastructure provider for + the cluster. This value controls whether infrastructure automation + such as service load balancers, dynamic volume provisioning, + machine creation and deletion, and other integrations are enabled. + If None, no infrastructure automation is enabled. Allowed values + are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", + "VSphere", "oVirt", "KubeVirt", "EquinixMetal", and "None". + Individual components may not support all platforms, and must + handle unrecognized platforms as None if they do not support + that platform. + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + vsphere: + description: VSphere contains settings specific to the VSphere + infrastructure provider. + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + properties: + apiServerInternalURI: + description: apiServerInternalURL is a valid URI with scheme 'https', + address and optionally a port (defaulting to 443). apiServerInternalURL + can be used by components like kubelets, to contact the Kubernetes + API server using the infrastructure provider rather than Kubernetes + networking. + type: string + apiServerURL: + description: apiServerURL is a valid URI with scheme 'https', address + and optionally a port (defaulting to 443). apiServerURL can be + used by components like the web console to tell users where to find + the Kubernetes API. + type: string + controlPlaneTopology: + description: controlPlaneTopology expresses the expectations for operands + that normally run on control nodes. The default is 'HighlyAvailable', + which represents the behavior operators have in a "normal" cluster. + The 'SingleReplica' mode will be used in single-node deployments + and the operators should not configure the operand for highly-available + operation + type: string + default: HighlyAvailable + enum: + - HighlyAvailable + - SingleReplica + etcdDiscoveryDomain: + description: 'etcdDiscoveryDomain is the domain used to fetch the + SRV records for discovering etcd servers and clients. For more info: + https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery + deprecated: as of 4.7, this field is no longer set or honored. It + will be removed in a future release.' + type: string + infrastructureName: + description: infrastructureName uniquely identifies a cluster with + a human friendly name. Once set it should not be changed. Must be + of max length 27 and must have only alphanumeric or hyphen characters. + type: string + infrastructureTopology: + description: infrastructureTopology expresses the expectations for + infrastructure services that do not run on control plane nodes, + usually indicated by a node selector for a `role` value other than + `master`. The default is 'HighlyAvailable', which represents the + behavior operators have in a "normal" cluster. The 'SingleReplica' + mode will be used in single-node deployments and the operators should + not configure the operand for highly-available operation + type: string + default: HighlyAvailable + enum: + - HighlyAvailable + - SingleReplica + platform: + description: "platform is the underlying infrastructure provider for + the cluster. \n Deprecated: Use platformStatus.type instead." + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + platformStatus: + description: platformStatus holds status information specific to the + underlying infrastructure provider. + type: object + properties: + aws: + description: AWS contains settings specific to the Amazon Web + Services infrastructure provider. + type: object + properties: + region: + description: region holds the default AWS region for new AWS + resources created by the cluster. + type: string + serviceEndpoints: + description: ServiceEndpoints list contains custom endpoints + which will override default service endpoint of AWS Services. + There must be only one ServiceEndpoint for a service. + type: array + items: + description: AWSServiceEndpoint store the configuration + of a custom url to override existing defaults of AWS Services. + type: object + properties: + name: + description: name is the name of the AWS service. The + list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html + This must be provided and cannot be empty. + type: string + pattern: ^[a-z0-9-]+$ + url: + description: url is fully qualified URI with scheme + https, that overrides the default generated endpoint + for a client. This must be provided and cannot be + empty. + type: string + pattern: ^https:// + azure: + description: Azure contains settings specific to the Azure infrastructure + provider. + type: object + properties: + cloudName: + description: cloudName is the name of the Azure cloud environment + which can be used to configure the Azure SDK with the appropriate + Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. + type: string + enum: + - "" + - AzurePublicCloud + - AzureUSGovernmentCloud + - AzureChinaCloud + - AzureGermanCloud + networkResourceGroupName: + description: networkResourceGroupName is the Resource Group + for network resources like the Virtual Network and Subnets + used by the cluster. If empty, the value is same as ResourceGroupName. + type: string + resourceGroupName: + description: resourceGroupName is the Resource Group for new + Azure resources created for the cluster. + type: string + baremetal: + description: BareMetal contains settings specific to the BareMetal + platform. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the DNS + operator, `NodeDNSIP` provides name resolution for the nodes + themselves. There is no DNS-as-a-service for BareMetal deployments. + In order to minimize necessary changes to the datacenter + DNS, a DNS service is hosted as a static pod to serve those + hostnames to the nodes in the cluster. + type: string + equinixMetal: + description: EquinixMetal contains settings specific to the Equinix + Metal infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. + type: string + gcp: + description: GCP contains settings specific to the Google Cloud + Platform infrastructure provider. + type: object + properties: + projectID: + description: resourceGroupName is the Project ID for new GCP + resources created for the cluster. + type: string + region: + description: region holds the region for new GCP resources + created for the cluster. + type: string + ibmcloud: + description: IBMCloud contains settings specific to the IBMCloud + infrastructure provider. + type: object + properties: + location: + description: Location is where the cluster has been deployed + type: string + providerType: + description: ProviderType indicates the type of cluster that + was created + type: string + resourceGroupName: + description: ResourceGroupName is the Resource Group for new + IBMCloud resources created for the cluster. + type: string + kubevirt: + description: Kubevirt contains settings specific to the kubevirt + infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. + type: string + openstack: + description: OpenStack contains settings specific to the OpenStack + infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. + type: string + cloudName: + description: cloudName is the name of the desired OpenStack + cloud in the client configuration file (`clouds.yaml`). + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the DNS + operator, `NodeDNSIP` provides name resolution for the nodes + themselves. There is no DNS-as-a-service for OpenStack deployments. + In order to minimize necessary changes to the datacenter + DNS, a DNS service is hosted as a static pod to serve those + hostnames to the nodes in the cluster. + type: string + ovirt: + description: Ovirt contains settings specific to the oVirt infrastructure + provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. + type: string + nodeDNSIP: + description: 'deprecated: as of 4.6, this field is no longer + set or honored. It will be removed in a future release.' + type: string + type: + description: "type is the underlying infrastructure provider for + the cluster. This value controls whether infrastructure automation + such as service load balancers, dynamic volume provisioning, + machine creation and deletion, and other integrations are enabled. + If None, no infrastructure automation is enabled. Allowed values + are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", + \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", and + \"None\". Individual components may not support all platforms, + and must handle unrecognized platforms as None if they do not + support that platform. \n This value will be synced with to + the `status.platform` and `status.platformStatus.type`. Currently + this value cannot be changed once set." + type: string + enum: + - "" + - AWS + - Azure + - BareMetal + - GCP + - Libvirt + - OpenStack + - None + - VSphere + - oVirt + - IBMCloud + - KubeVirt + - EquinixMetal + vsphere: + description: VSphere contains settings specific to the VSphere + infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to contact + the Kubernetes API server that can be used by components + inside the cluster, like kubelets using the infrastructure + rather than Kubernetes networking. It is the IP that the + Infrastructure.status.apiServerInternalURI points to. It + is the IP for a self-hosted load balancer in front of the + API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes to the + default ingress controller. The IP is a suitable target + of a wildcard DNS record used to resolve default route host + names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the DNS + operator, `NodeDNSIP` provides name resolution for the nodes + themselves. There is no DNS-as-a-service for vSphere deployments. + In order to minimize necessary changes to the datacenter + DNS, a DNS service is hosted as a static pod to serve those + hostnames to the nodes in the cluster. + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml index bd7cdad40..e46471732 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: ingresses.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io names: @@ -43,6 +45,69 @@ spec: description: spec holds user settable values for configuration type: object properties: + appsDomain: + description: appsDomain is an optional domain to use instead of the + one specified in the domain field when a Route is created without + specifying an explicit host. If appsDomain is nonempty, this value + is used to generate default host values for Route. Unlike domain, + appsDomain may be modified after installation. This assumes a new + ingresscontroller has been setup with a wildcard certificate. + type: string + componentRoutes: + description: "componentRoutes is an optional list of routes that are + managed by OpenShift components that a cluster-admin is able to configure + the hostname and serving certificate for. The namespace and name of + each route in this list should match an existing entry in the status.componentRoutes + list. \n To determine the set of configurable Routes, look at namespace + and name of entries in the .status.componentRoutes list, where participating + operators write the status of configurable routes." + type: array + items: + description: ComponentRouteSpec allows for configuration of a route's + hostname and serving certificate. + type: object + required: + - hostname + - name + - namespace + properties: + hostname: + description: hostname is the hostname that should be used by the + route. + type: string + format: hostname + name: + description: "name is the logical name of the route to customize. + \n The namespace and name of this componentRoute must match + a corresponding entry in the list of status.componentRoutes + if the route is to be customized." + type: string + maxLength: 256 + minLength: 1 + namespace: + description: "namespace is the namespace of the route to customize. + \n The namespace and name of this componentRoute must match + a corresponding entry in the list of status.componentRoutes + if the route is to be customized." + type: string + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + servingCertKeyPairSecret: + description: servingCertKeyPairSecret is a reference to a secret + of type `kubernetes.io/tls` in the openshift-config namespace. + The serving cert/key pair must match and will be used by the + operator to fulfill the intent of serving with this name. If + the custom hostname uses the default routing suffix of the cluster, + the Secret specification for a serving certificate will not + be needed. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string domain: description: "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will @@ -55,3 +120,177 @@ spec: description: status holds observed values from the cluster. They may not be overridden. type: object + properties: + componentRoutes: + description: componentRoutes is where participating operators place + the current route status for routes whose hostnames and serving certificates + can be customized by the cluster-admin. + type: array + items: + description: ComponentRouteStatus contains information allowing configuration + of a route's hostname and serving certificate. + type: object + required: + - defaultHostname + - name + - namespace + - relatedObjects + properties: + conditions: + description: "conditions are used to communicate the state of + the componentRoutes entry. \n Supported conditions include Available, + Degraded and Progressing. \n If available is true, the content + served by the route can be accessed by users. This includes + cases where a default may continue to serve content while the + customized route specified by the cluster-admin is being configured. + \n If Degraded is true, that means something has gone wrong + trying to handle the componentRoutes entry. The currentHostnames + field may or may not be in effect. \n If Progressing is true, + that means the component is taking some action related to the + componentRoutes entry." + type: array + items: + description: "Condition contains details for one aspect of the + current state of this API Resource. --- This struct is intended + for direct use as an array at the field path .status.conditions. + \ For example, type FooStatus struct{ // Represents the + observations of a foo's current state. // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\" // + +patchMergeKey=type // +patchStrategy=merge // +listType=map + \ // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other + fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not + known, then using the time when the API field changed + is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the + current state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values + and meanings for this field, and whether the values are + considered a guaranteed API. The value should be a CamelCase + string. This field may not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, + Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across + resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability + to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + consumingUsers: + description: consumingUsers is a slice of ServiceAccounts that + need to have read permission on the servingCertKeyPairSecret + secret. + type: array + maxItems: 5 + items: + description: ConsumingUser is an alias for string which we add + validation to. Currently only service accounts are supported. + type: string + maxLength: 512 + minLength: 1 + pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + currentHostnames: + description: currentHostnames is the list of current names used + by the route. Typically, this list should consist of a single + hostname, but if multiple hostnames are supported by the route + the operator may write multiple entries to this list. + type: array + minItems: 1 + items: + description: Hostname is an alias for hostname string validation. + type: string + format: hostname + defaultHostname: + description: defaultHostname is the hostname of this route prior + to customization. + type: string + format: hostname + name: + description: "name is the logical name of the route to customize. + It does not have to be the actual name of a route resource but + it cannot be renamed. \n The namespace and name of this componentRoute + must match a corresponding entry in the list of spec.componentRoutes + if the route is to be customized." + type: string + maxLength: 256 + minLength: 1 + namespace: + description: "namespace is the namespace of the route to customize. + It must be a real namespace. Using an actual namespace ensures + that no two components will conflict and the same component + can be installed multiple times. \n The namespace and name of + this componentRoute must match a corresponding entry in the + list of spec.componentRoutes if the route is to be customized." + type: string + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + relatedObjects: + description: relatedObjects is a list of resources which are useful + when debugging or inspecting how spec.componentRoutes is applied. + type: array + minItems: 1 + items: + description: ObjectReference contains enough information to + let you inspect or modify the referred object. + type: object + required: + - group + - name + - resource + properties: + group: + description: group of the referent. + type: string + name: + description: name of the referent. + type: string + namespace: + description: namespace of the referent. + type: string + resource: + description: resource of the referent. + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml index 5b029401b..7390943a1 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: networks.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io names: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml index 35388d9c9..d3097b874 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml @@ -1,667 +1,676 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: oauths.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io + scope: Cluster names: kind: OAuth listKind: OAuthList plural: oauths singular: oauth - scope: Cluster - preserveUnknownFields: false - subresources: - status: {} versions: - name: v1 served: true storage: true - "validation": - "openAPIV3Schema": - description: OAuth holds cluster-wide information about OAuth. The canonical - name is `cluster`. It is used to configure the integrated OAuth server. This - configuration is only honored when the top level Authentication config has - type set to IntegratedOAuth. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - identityProviders: - description: identityProviders is an ordered list of ways for a user - to identify themselves. When this list is empty, no identities are - provisioned for users. - type: array - items: - description: IdentityProvider provides identities for users authenticating - using credentials - type: object - properties: - basicAuth: - description: basicAuth contains configuration options for the - BasicAuth IdP - type: object - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - tlsClientCert: - description: tlsClientCert is an optional reference to a secret - by name that contains the PEM-encoded TLS client certificate - to present when connecting to the server. The key "tls.crt" - is used to locate the data. If specified and the secret - or expected key is not found, the identity provider is not - honored. If the specified certificate data is not valid, - the identity provider is not honored. The namespace for - this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - tlsClientKey: - description: tlsClientKey is an optional reference to a secret - by name that contains the PEM-encoded TLS private key for - the client certificate referenced in tlsClientCert. The - key "tls.key" is used to locate the data. If specified and - the secret or expected key is not found, the identity provider - is not honored. If the specified certificate data is not - valid, the identity provider is not honored. The namespace - for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - url: - description: url is the remote URL to connect to - type: string - github: - description: github enables user authentication using GitHub credentials - type: object - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - This can only be configured when hostname is set to a non-empty - value. The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map + subresources: + status: {} + schema: + openAPIV3Schema: + description: OAuth holds cluster-wide information about OAuth. The canonical + name is `cluster`. It is used to configure the integrated OAuth server. + This configuration is only honored when the top level Authentication config + has type set to IntegratedOAuth. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + identityProviders: + description: identityProviders is an ordered list of ways for a user + to identify themselves. When this list is empty, no identities are + provisioned for users. + type: array + items: + description: IdentityProvider provides identities for users authenticating + using credentials + type: object + properties: + basicAuth: + description: basicAuth contains configuration options for the + BasicAuth IdP + type: object + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a + secret by name that contains the PEM-encoded TLS client + certificate to present when connecting to the server. + The key "tls.crt" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + tlsClientKey: + description: tlsClientKey is an optional reference to a + secret by name that contains the PEM-encoded TLS private + key for the client certificate referenced in tlsClientCert. + The key "tls.key" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + url: + description: url is the remote URL to connect to + type: string + github: + description: github enables user authentication using GitHub + credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. This can only be configured when hostname is set + to a non-empty value. The namespace for this config map + is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + hostname: + description: hostname is the optional domain (e.g. "mycompany.com") + for use with a hosted instance of GitHub Enterprise. It + must match the GitHub Enterprise settings value configured + at /setup/settings#hostname. + type: string + organizations: + description: organizations optionally restricts which organizations + are allowed to log in + type: array + items: type: string - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the secret - by name containing the oauth client secret. The key "clientSecret" - is used to locate the data. If the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret + teams: + description: teams optionally restricts which teams are + allowed to log in. Format is /. + type: array + items: type: string - hostname: - description: hostname is the optional domain (e.g. "mycompany.com") - for use with a hosted instance of GitHub Enterprise. It - must match the GitHub Enterprise settings value configured - at /setup/settings#hostname. - type: string - organizations: - description: organizations optionally restricts which organizations - are allowed to log in - type: array - items: + gitlab: + description: gitlab enables user authentication using GitLab + credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + url: + description: url is the oauth server base URL type: string - teams: - description: teams optionally restricts which teams are allowed - to log in. Format is /. - type: array - items: + google: + description: google enables user authentication using Google + credentials + type: object + properties: + clientID: + description: clientID is the oauth client ID type: string - gitlab: - description: gitlab enables user authentication using GitLab credentials - type: object - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + hostedDomain: + description: hostedDomain is the optional Google App domain + (e.g. "mycompany.com") to restrict logins to + type: string + htpasswd: + description: htpasswd enables user authentication using an HTPasswd + file to validate credentials + type: object + properties: + fileData: + description: fileData is a required reference to a secret + by name containing the data to use as the htpasswd file. + The key "htpasswd" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. If the specified htpasswd data is not + valid, the identity provider is not honored. The namespace + for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + keystone: + description: keystone enables user authentication using keystone + password credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + domainName: + description: domainName is required for keystone v3 + type: string + tlsClientCert: + description: tlsClientCert is an optional reference to a + secret by name that contains the PEM-encoded TLS client + certificate to present when connecting to the server. + The key "tls.crt" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + tlsClientKey: + description: tlsClientKey is an optional reference to a + secret by name that contains the PEM-encoded TLS private + key for the client certificate referenced in tlsClientCert. + The key "tls.key" is used to locate the data. If specified + and the secret or expected key is not found, the identity + provider is not honored. If the specified certificate + data is not valid, the identity provider is not honored. + The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + url: + description: url is the remote URL to connect to + type: string + ldap: + description: ldap enables user authentication using LDAP credentials + type: object + properties: + attributes: + description: attributes maps LDAP attributes to identities + type: object + properties: + email: + description: email is the list of attributes whose values + should be used as the email address. Optional. If + unspecified, no email is set for the identity + type: array + items: + type: string + id: + description: id is the list of attributes whose values + should be used as the user ID. Required. First non-empty + attribute is used. At least one attribute is required. + If none of the listed attribute have a value, authentication + fails. LDAP standard identity attribute is "dn" + type: array + items: + type: string + name: + description: name is the list of attributes whose values + should be used as the display name. Optional. If unspecified, + no display name is set for the identity LDAP standard + display name attribute is "cn" + type: array + items: + type: string + preferredUsername: + description: preferredUsername is the list of attributes + whose values should be used as the preferred username. + LDAP standard login attribute is "uid" + type: array + items: + type: string + bindDN: + description: bindDN is an optional DN to bind with during + the search phase. + type: string + bindPassword: + description: bindPassword is an optional reference to a + secret by name containing a password to bind with during + the search phase. The key "bindPassword" is used to locate + the data. If specified and the secret or expected key + is not found, the identity provider is not honored. The + namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + insecure: + description: 'insecure, if true, indicates the connection + should not use TLS WARNING: Should not be set to `true` + with the URL scheme "ldaps://" as "ldaps://" URLs always attempt + to connect using TLS, even when `insecure` is set to `true` + When `true`, "ldap://" URLS connect insecurely. When `false`, + "ldap://" URLs are upgraded to a TLS connection using + StartTLS as specified in https://tools.ietf.org/html/rfc2830.' + type: boolean + url: + description: 'url is an RFC 2255 URL which specifies the + LDAP search parameters to use. The syntax of the URL is: + ldap://host:port/basedn?attribute?scope?filter' + type: string + mappingMethod: + description: mappingMethod determines how identities from this + provider are mapped to users Defaults to "claim" + type: string + name: + description: 'name is used to qualify the identities returned + by this provider. - It MUST be unique and not shared by any + other identity provider used - It MUST be a valid path segment: + name cannot equal "." or ".." or contain "/" or "%" or ":" Ref: + https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' + type: string + openID: + description: openID enables user authentication using OpenID + credentials + type: object + properties: + ca: + description: ca is an optional reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. The key "ca.crt" is used to locate + the data. If specified and the config map or expected + key is not found, the identity provider is not honored. + If the specified ca data is not valid, the identity provider + is not honored. If empty, the default system roots are + used. The namespace for this config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + claims: + description: claims mappings + type: object + properties: + email: + description: email is the list of claims whose values + should be used as the email address. Optional. If + unspecified, no email is set for the identity + type: array + items: + type: string + name: + description: name is the list of claims whose values + should be used as the display name. Optional. If unspecified, + no display name is set for the identity + type: array + items: + type: string + preferredUsername: + description: preferredUsername is the list of claims + whose values should be used as the preferred username. + If unspecified, the preferred username is determined + from the value of the sub claim + type: array + items: + type: string + clientID: + description: clientID is the oauth client ID + type: string + clientSecret: + description: clientSecret is a required reference to the + secret by name containing the oauth client secret. The + key "clientSecret" is used to locate the data. If the + secret or expected key is not found, the identity provider + is not honored. The namespace for this secret is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + extraAuthorizeParameters: + description: extraAuthorizeParameters are any custom parameters + to add to the authorize request. + type: object + additionalProperties: type: string - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the secret - by name containing the oauth client secret. The key "clientSecret" - is used to locate the data. If the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret + extraScopes: + description: extraScopes are any scopes to request in addition + to the standard "openid" scope. + type: array + items: type: string - url: - description: url is the oauth server base URL - type: string - google: - description: google enables user authentication using Google credentials - type: object - properties: - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the secret - by name containing the oauth client secret. The key "clientSecret" - is used to locate the data. If the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret + issuer: + description: issuer is the URL that the OpenID Provider + asserts as its Issuer Identifier. It must use the https + scheme with no query or fragment component. + type: string + requestHeader: + description: requestHeader enables user authentication using + request header credentials + type: object + properties: + ca: + description: ca is a required reference to a config map + by name containing the PEM-encoded CA bundle. It is used + as a trust anchor to validate the TLS certificate presented + by the remote server. Specifically, it allows verification + of incoming requests to prevent header spoofing. The key + "ca.crt" is used to locate the data. If the config map + or expected key is not found, the identity provider is + not honored. If the specified ca data is not valid, the + identity provider is not honored. The namespace for this + config map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + config map + type: string + challengeURL: + description: challengeURL is a URL to redirect unauthenticated + /authorize requests to Unauthenticated requests from OAuth + clients which expect WWW-Authenticate challenges will + be redirected here. ${url} is replaced with the current + URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} + ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} + Required when challenge is set to true. + type: string + clientCommonNames: + description: clientCommonNames is an optional list of common + names to require a match from. If empty, any client certificate + validated against the clientCA bundle is considered authoritative. + type: array + items: type: string - hostedDomain: - description: hostedDomain is the optional Google App domain - (e.g. "mycompany.com") to restrict logins to - type: string - htpasswd: - description: htpasswd enables user authentication using an HTPasswd - file to validate credentials - type: object - properties: - fileData: - description: fileData is a required reference to a secret - by name containing the data to use as the htpasswd file. - The key "htpasswd" is used to locate the data. If the secret - or expected key is not found, the identity provider is not - honored. If the specified htpasswd data is not valid, the - identity provider is not honored. The namespace for this - secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret + emailHeaders: + description: emailHeaders is the set of headers to check + for the email address + type: array + items: type: string - keystone: - description: keystone enables user authentication using keystone - password credentials - type: object - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map + headers: + description: headers is the set of headers to check for + identity information + type: array + items: type: string - domainName: - description: domainName is required for keystone v3 - type: string - tlsClientCert: - description: tlsClientCert is an optional reference to a secret - by name that contains the PEM-encoded TLS client certificate - to present when connecting to the server. The key "tls.crt" - is used to locate the data. If specified and the secret - or expected key is not found, the identity provider is not - honored. If the specified certificate data is not valid, - the identity provider is not honored. The namespace for - this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret + loginURL: + description: loginURL is a URL to redirect unauthenticated + /authorize requests to Unauthenticated requests from OAuth + clients which expect interactive logins will be redirected + here ${url} is replaced with the current URL, escaped + to be safe in a query parameter https://www.example.com/sso-login?then=${url} + ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} + Required when login is set to true. + type: string + nameHeaders: + description: nameHeaders is the set of headers to check + for the display name + type: array + items: type: string - tlsClientKey: - description: tlsClientKey is an optional reference to a secret - by name that contains the PEM-encoded TLS private key for - the client certificate referenced in tlsClientCert. The - key "tls.key" is used to locate the data. If specified and - the secret or expected key is not found, the identity provider - is not honored. If the specified certificate data is not - valid, the identity provider is not honored. The namespace - for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret + preferredUsernameHeaders: + description: preferredUsernameHeaders is the set of headers + to check for the preferred username + type: array + items: type: string - url: - description: url is the remote URL to connect to - type: string - ldap: - description: ldap enables user authentication using LDAP credentials + type: + description: type identifies the identity provider type for + this entry. + type: string + templates: + description: templates allow you to customize pages like the login + page. + type: object + properties: + error: + description: error is the name of a secret that specifies a go + template to use to render error pages during the authentication + or grant flow. The key "errors.html" is used to locate the template + data. If specified and the secret or expected key is not found, + the default error page is used. If the specified template is + not valid, the default error page is used. If unspecified, the + default error page is used. The namespace for this secret is + openshift-config. type: object + required: + - name properties: - attributes: - description: attributes maps LDAP attributes to identities - type: object - properties: - email: - description: email is the list of attributes whose values - should be used as the email address. Optional. If unspecified, - no email is set for the identity - type: array - items: - type: string - id: - description: id is the list of attributes whose values - should be used as the user ID. Required. First non-empty - attribute is used. At least one attribute is required. - If none of the listed attribute have a value, authentication - fails. LDAP standard identity attribute is "dn" - type: array - items: - type: string - name: - description: name is the list of attributes whose values - should be used as the display name. Optional. If unspecified, - no display name is set for the identity LDAP standard - display name attribute is "cn" - type: array - items: - type: string - preferredUsername: - description: preferredUsername is the list of attributes - whose values should be used as the preferred username. - LDAP standard login attribute is "uid" - type: array - items: - type: string - bindDN: - description: bindDN is an optional DN to bind with during - the search phase. + name: + description: name is the metadata.name of the referenced secret type: string - bindPassword: - description: bindPassword is an optional reference to a secret - by name containing a password to bind with during the search - phase. The key "bindPassword" is used to locate the data. - If specified and the secret or expected key is not found, - the identity provider is not honored. The namespace for - this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - insecure: - description: 'insecure, if true, indicates the connection - should not use TLS WARNING: Should not be set to `true` - with the URL scheme "ldaps://" as "ldaps://" URLs always attempt - to connect using TLS, even when `insecure` is set to `true` - When `true`, "ldap://" URLS connect insecurely. When `false`, - "ldap://" URLs are upgraded to a TLS connection using StartTLS - as specified in https://tools.ietf.org/html/rfc2830.' - type: boolean - url: - description: 'url is an RFC 2255 URL which specifies the LDAP - search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter' - type: string - mappingMethod: - description: mappingMethod determines how identities from this - provider are mapped to users Defaults to "claim" - type: string - name: - description: 'name is used to qualify the identities returned - by this provider. - It MUST be unique and not shared by any - other identity provider used - It MUST be a valid path segment: - name cannot equal "." or ".." or contain "/" or "%" or ":" Ref: - https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' - type: string - openID: - description: openID enables user authentication using OpenID credentials + login: + description: login is the name of a secret that specifies a go + template to use to render the login page. The key "login.html" + is used to locate the template data. If specified and the secret + or expected key is not found, the default login page is used. + If the specified template is not valid, the default login page + is used. If unspecified, the default login page is used. The + namespace for this secret is openshift-config. type: object + required: + - name properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected key - is not found, the identity provider is not honored. If the - specified ca data is not valid, the identity provider is - not honored. If empty, the default system roots are used. - The namespace for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - claims: - description: claims mappings - type: object - properties: - email: - description: email is the list of claims whose values - should be used as the email address. Optional. If unspecified, - no email is set for the identity - type: array - items: - type: string - name: - description: name is the list of claims whose values should - be used as the display name. Optional. If unspecified, - no display name is set for the identity - type: array - items: - type: string - preferredUsername: - description: preferredUsername is the list of claims whose - values should be used as the preferred username. If - unspecified, the preferred username is determined from - the value of the sub claim - type: array - items: - type: string - clientID: - description: clientID is the oauth client ID + name: + description: name is the metadata.name of the referenced secret type: string - clientSecret: - description: clientSecret is a required reference to the secret - by name containing the oauth client secret. The key "clientSecret" - is used to locate the data. If the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - extraAuthorizeParameters: - description: extraAuthorizeParameters are any custom parameters - to add to the authorize request. - type: object - additionalProperties: - type: string - extraScopes: - description: extraScopes are any scopes to request in addition - to the standard "openid" scope. - type: array - items: - type: string - issuer: - description: issuer is the URL that the OpenID Provider asserts - as its Issuer Identifier. It must use the https scheme with - no query or fragment component. - type: string - requestHeader: - description: requestHeader enables user authentication using request - header credentials + providerSelection: + description: providerSelection is the name of a secret that specifies + a go template to use to render the provider selection page. + The key "providers.html" is used to locate the template data. + If specified and the secret or expected key is not found, the + default provider selection page is used. If the specified template + is not valid, the default provider selection page is used. If + unspecified, the default provider selection page is used. The + namespace for this secret is openshift-config. type: object + required: + - name properties: - ca: - description: ca is a required reference to a config map by - name containing the PEM-encoded CA bundle. It is used as - a trust anchor to validate the TLS certificate presented - by the remote server. Specifically, it allows verification - of incoming requests to prevent header spoofing. The key - "ca.crt" is used to locate the data. If the config map or - expected key is not found, the identity provider is not - honored. If the specified ca data is not valid, the identity - provider is not honored. The namespace for this config map - is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - challengeURL: - description: challengeURL is a URL to redirect unauthenticated - /authorize requests to Unauthenticated requests from OAuth - clients which expect WWW-Authenticate challenges will be - redirected here. ${url} is replaced with the current URL, - escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when challenge is set to true. + name: + description: name is the metadata.name of the referenced secret type: string - clientCommonNames: - description: clientCommonNames is an optional list of common - names to require a match from. If empty, any client certificate - validated against the clientCA bundle is considered authoritative. - type: array - items: - type: string - emailHeaders: - description: emailHeaders is the set of headers to check for - the email address - type: array - items: - type: string - headers: - description: headers is the set of headers to check for identity - information - type: array - items: - type: string - loginURL: - description: loginURL is a URL to redirect unauthenticated - /authorize requests to Unauthenticated requests from OAuth - clients which expect interactive logins will be redirected - here ${url} is replaced with the current URL, escaped to - be safe in a query parameter https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when login is set to true. - type: string - nameHeaders: - description: nameHeaders is the set of headers to check for - the display name - type: array - items: - type: string - preferredUsernameHeaders: - description: preferredUsernameHeaders is the set of headers - to check for the preferred username - type: array - items: - type: string - type: - description: type identifies the identity provider type for this - entry. + tokenConfig: + description: tokenConfig contains options for authorization and access + tokens + type: object + properties: + accessTokenInactivityTimeout: + description: accessTokenInactivityTimeout defines the token inactivity + timeout for tokens granted by any client. The value represents + the maximum amount of time that can occur between consecutive + uses of the token. Tokens become invalid if they are not used + within this temporal window. The user will need to acquire a + new token to regain access once a token times out. Takes valid + time duration string such as "5m", "1.5h" or "2h45m". The minimum + allowed value for duration is 300s (5 minutes). If the timeout + is configured per client, then that value takes precedence. + If the timeout value is not specified and the client does not + override the value, then tokens are valid until their lifetime. type: string - templates: - description: templates allow you to customize pages like the login page. - type: object - properties: - error: - description: error is the name of a secret that specifies a go template - to use to render error pages during the authentication or grant - flow. The key "errors.html" is used to locate the template data. - If specified and the secret or expected key is not found, the - default error page is used. If the specified template is not valid, - the default error page is used. If unspecified, the default error - page is used. The namespace for this secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - login: - description: login is the name of a secret that specifies a go template - to use to render the login page. The key "login.html" is used - to locate the template data. If specified and the secret or expected - key is not found, the default login page is used. If the specified - template is not valid, the default login page is used. If unspecified, - the default login page is used. The namespace for this secret - is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - providerSelection: - description: providerSelection is the name of a secret that specifies - a go template to use to render the provider selection page. The - key "providers.html" is used to locate the template data. If specified - and the secret or expected key is not found, the default provider - selection page is used. If the specified template is not valid, - the default provider selection page is used. If unspecified, the - default provider selection page is used. The namespace for this - secret is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - tokenConfig: - description: tokenConfig contains options for authorization and access - tokens - type: object - properties: - accessTokenInactivityTimeout: - description: accessTokenInactivityTimeout defines the token inactivity - timeout for tokens granted by any client. The value represents - the maximum amount of time that can occur between consecutive - uses of the token. Tokens become invalid if they are not used - within this temporal window. The user will need to acquire a new - token to regain access once a token times out. Takes valid time - duration string such as "5m", "1.5h" or "2h45m". The minimum allowed - value for duration is 300s (5 minutes). If the timeout is configured - per client, then that value takes precedence. If the timeout value - is not specified and the client does not override the value, then - tokens are valid until their lifetime. - type: string - accessTokenInactivityTimeoutSeconds: - description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: - setting this field has no effect.' - type: integer - format: int32 - accessTokenMaxAgeSeconds: - description: accessTokenMaxAgeSeconds defines the maximum age of - access tokens - type: integer - format: int32 - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object + accessTokenInactivityTimeoutSeconds: + description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: + setting this field has no effect.' + type: integer + format: int32 + accessTokenMaxAgeSeconds: + description: accessTokenMaxAgeSeconds defines the maximum age + of access tokens + type: integer + format: int32 + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml index 37541aaed..6de304072 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml @@ -1,65 +1,66 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: projects.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io scope: Cluster - preserveUnknownFields: false - versions: - - name: v1 - served: true - storage: true names: kind: Project listKind: ProjectList plural: projects singular: project - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: Project holds cluster-wide information about Project. The canonical - name is `cluster` - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - projectRequestMessage: - description: projectRequestMessage is the string presented to a user - if they are unable to request a project via the projectrequest api - endpoint - type: string - projectRequestTemplate: - description: projectRequestTemplate is the template to use for creating - projects in response to projectrequest. This must point to a template - in 'openshift-config' namespace. It is optional. If it is not specified, - a default template is used. - type: object - properties: - name: - description: name is the metadata.name of the referenced project - request template - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: Project holds cluster-wide information about Project. The canonical + name is `cluster` + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + projectRequestMessage: + description: projectRequestMessage is the string presented to a user + if they are unable to request a project via the projectrequest api + endpoint + type: string + projectRequestTemplate: + description: projectRequestTemplate is the template to use for creating + projects in response to projectrequest. This must point to a template + in 'openshift-config' namespace. It is optional. If it is not specified, + a default template is used. + type: object + properties: + name: + description: name is the metadata.name of the referenced project + request template + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml index 9652bf1f0..c66ec6ad9 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml @@ -1,13 +1,14 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: schedulers.config.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io scope: Cluster - preserveUnknownFields: false names: kind: Scheduler singular: scheduler @@ -17,75 +18,89 @@ spec: - name: v1 served: true storage: true - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: Scheduler holds cluster-wide config information to run the Kubernetes - Scheduler and influence its placement decisions. The canonical name for this - config is `cluster`. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - defaultNodeSelector: - description: 'defaultNodeSelector helps set the cluster-wide default - node selector to restrict pod placement to specific nodes. This is - applied to the pods created in all namespaces and creates an intersection - with any existing nodeSelectors already set on a pod, additionally - constraining that pod''s selector. For example, defaultNodeSelector: - "type=user-node,region=east" would set nodeSelector field in pod spec - to "type=user-node,region=east" to all pods created in all namespaces. - Namespaces having project-wide node selectors won''t be impacted even - if this field is set. This adds an annotation section to the namespace. - For example, if a new namespace is created with node-selector=''type=user-node,region=east'', - the annotation openshift.io/node-selector: type=user-node,region=east - gets added to the project. When the openshift.io/node-selector annotation - is set on the project the value is used in preference to the value - we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: - "type=user-node,region=west" means that the default of "type=user-node,region=east" - set in defaultNodeSelector would not be applied.' - type: string - mastersSchedulable: - description: 'MastersSchedulable allows masters nodes to be schedulable. - When this flag is turned on, all the master nodes in the cluster will - be made schedulable, so that workload pods can run on them. The default - value for this field is false, meaning none of the master nodes are - schedulable. Important Note: Once the workload pods start running - on the master nodes, extreme care must be taken to ensure that cluster-critical - control plane components are not impacted. Please turn on this field - after doing due diligence.' - type: boolean - policy: - description: policy is a reference to a ConfigMap containing scheduler - policy which has user specified predicates and priorities. If this - ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. - The namespace for this configmap is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object + subresources: + status: {} + schema: + openAPIV3Schema: + description: Scheduler holds cluster-wide config information to run the Kubernetes + Scheduler and influence its placement decisions. The canonical name for + this config is `cluster`. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + defaultNodeSelector: + description: 'defaultNodeSelector helps set the cluster-wide default + node selector to restrict pod placement to specific nodes. This + is applied to the pods created in all namespaces and creates an + intersection with any existing nodeSelectors already set on a pod, + additionally constraining that pod''s selector. For example, defaultNodeSelector: + "type=user-node,region=east" would set nodeSelector field in pod + spec to "type=user-node,region=east" to all pods created in all + namespaces. Namespaces having project-wide node selectors won''t + be impacted even if this field is set. This adds an annotation section + to the namespace. For example, if a new namespace is created with + node-selector=''type=user-node,region=east'', the annotation openshift.io/node-selector: + type=user-node,region=east gets added to the project. When the openshift.io/node-selector + annotation is set on the project the value is used in preference + to the value we are setting for defaultNodeSelector field. For instance, + openshift.io/node-selector: "type=user-node,region=west" means that + the default of "type=user-node,region=east" set in defaultNodeSelector + would not be applied.' + type: string + mastersSchedulable: + description: 'MastersSchedulable allows masters nodes to be schedulable. + When this flag is turned on, all the master nodes in the cluster + will be made schedulable, so that workload pods can run on them. + The default value for this field is false, meaning none of the master + nodes are schedulable. Important Note: Once the workload pods start + running on the master nodes, extreme care must be taken to ensure + that cluster-critical control plane components are not impacted. + Please turn on this field after doing due diligence.' + type: boolean + policy: + description: 'DEPRECATED: the scheduler Policy API has been deprecated + and will be removed in a future release. policy is a reference to + a ConfigMap containing scheduler policy which has user specified + predicates and priorities. If this ConfigMap is not available scheduler + will default to use DefaultAlgorithmProvider. The namespace for + this configmap is openshift-config.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + profile: + description: "profile sets which scheduling profile should be set + in order to configure scheduling decisions for new pods. \n Valid + values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" + Defaults to \"LowNodeUtilization\"" + type: string + enum: + - "" + - LowNodeUtilization + - HighNodeUtilization + - NoScoring + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index 131af5a0c..0d1041bd5 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -56,6 +56,12 @@ type AuthenticationSpec struct { // serviceAccountIssuer is the identifier of the bound service account token // issuer. // The default is https://kubernetes.default.svc + // WARNING: Updating this field will result in the invalidation of + // all bound tokens with the previous issuer value. Unless the + // holder of a bound token has explicit support for a change in + // issuer, they will not request a new bound token until pod + // restart or until their existing token exceeds 80% of its + // duration. // +optional ServiceAccountIssuer string `json:"serviceAccountIssuer"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go index 3681d0ff0..299adb1c9 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go @@ -130,7 +130,8 @@ type ClusterOperatorStatusCondition struct { Reason string `json:"reason,omitempty"` // message provides additional information about the current condition. - // This is only to be consumed by humans. + // This is only to be consumed by humans. It may contain Line Feed + // characters (U+000A), which should be rendered as new lines. // +optional Message string `json:"message,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index 7cb30c5d3..43da00631 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -125,7 +125,7 @@ var defaultFeatures = &FeatureGateEnabledDisabled{ "SupportPodPidsLimit", // sig-pod, sjenning "NodeDisruptionExclusion", // sig-scheduling, ccoleman "ServiceNodeExclusion", // sig-scheduling, ccoleman - "SCTPSupport", // sig-network, ccallend + "DownwardAPIHugePages", // sig-node, rphillips }, Disabled: []string{ "LegacyNodeRoleBehavior", // sig-scheduling, ccoleman diff --git a/vendor/github.com/openshift/api/config/v1/types_image.go b/vendor/github.com/openshift/api/config/v1/types_image.go index 63d3d1379..8b762a5a6 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image.go +++ b/vendor/github.com/openshift/api/config/v1/types_image.go @@ -112,4 +112,12 @@ type RegistrySources struct { // Only one of BlockedRegistries or AllowedRegistries may be set. // +optional AllowedRegistries []string `json:"allowedRegistries,omitempty"` + // containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified + // domains in their pull specs. Registries will be searched in the order provided in the list. + // Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports. + // +optional + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:Format=hostname + // +listType=set + ContainerRuntimeSearchRegistries []string `json:"containerRuntimeSearchRegistries,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 3c4bd788f..d5ebcc91c 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -64,6 +64,7 @@ type InfrastructureStatus struct { // etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering // etcd servers and clients. // For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery + // deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release. EtcdDiscoveryDomain string `json:"etcdDiscoveryDomain"` // apiServerURL is a valid URI with scheme 'https', address and @@ -76,10 +77,38 @@ type InfrastructureStatus struct { // like kubelets, to contact the Kubernetes API server using the // infrastructure provider rather than Kubernetes networking. APIServerInternalURL string `json:"apiServerInternalURI"` + + // controlPlaneTopology expresses the expectations for operands that normally run on control nodes. + // The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. + // The 'SingleReplica' mode will be used in single-node deployments + // and the operators should not configure the operand for highly-available operation + // +kubebuilder:default=HighlyAvailable + ControlPlaneTopology TopologyMode `json:"controlPlaneTopology"` + + // infrastructureTopology expresses the expectations for infrastructure services that do not run on control + // plane nodes, usually indicated by a node selector for a `role` value + // other than `master`. + // The default is 'HighlyAvailable', which represents the behavior operators have in a "normal" cluster. + // The 'SingleReplica' mode will be used in single-node deployments + // and the operators should not configure the operand for highly-available operation + // +kubebuilder:default=HighlyAvailable + InfrastructureTopology TopologyMode `json:"infrastructureTopology"` } +// TopologyMode defines the topology mode of the control/infra nodes. +// +kubebuilder:validation:Enum=HighlyAvailable;SingleReplica +type TopologyMode string + +const ( + // "HighlyAvailable" is for operators to configure high-availability as much as possible. + HighlyAvailableTopologyMode TopologyMode = "HighlyAvailable" + + // "SingleReplica" is for operators to avoid spending resources for high-availability purpose. + SingleReplicaTopologyMode TopologyMode = "SingleReplica" +) + // PlatformType is a specific supported infrastructure provider. -// +kubebuilder:validation:Enum="";AWS;Azure;BareMetal;GCP;Libvirt;OpenStack;None;VSphere;oVirt;IBMCloud +// +kubebuilder:validation:Enum="";AWS;Azure;BareMetal;GCP;Libvirt;OpenStack;None;VSphere;oVirt;IBMCloud;KubeVirt;EquinixMetal type PlatformType string const ( @@ -112,6 +141,12 @@ const ( // IBMCloudPlatformType represents IBM Cloud infrastructure. IBMCloudPlatformType PlatformType = "IBMCloud" + + // KubevirtPlatformType represents KubeVirt/Openshift Virtualization infrastructure. + KubevirtPlatformType PlatformType = "KubeVirt" + + // EquinixMetalPlatformType represents Equinix Metal infrastructure. + EquinixMetalPlatformType PlatformType = "EquinixMetal" ) // IBMCloudProviderType is a specific supported IBM Cloud provider cluster type @@ -134,7 +169,7 @@ type PlatformSpec struct { // balancers, dynamic volume provisioning, machine creation and deletion, and // other integrations are enabled. If None, no infrastructure automation is // enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", - // "OpenStack", "VSphere", "oVirt", and "None". Individual components may not support + // "OpenStack", "VSphere", "oVirt", "KubeVirt", "EquinixMetal", and "None". Individual components may not support // all platforms, and must handle unrecognized platforms as None if they do // not support that platform. // @@ -172,6 +207,14 @@ type PlatformSpec struct { // IBMCloud contains settings specific to the IBMCloud infrastructure provider. // +optional IBMCloud *IBMCloudPlatformSpec `json:"ibmcloud,omitempty"` + + // Kubevirt contains settings specific to the kubevirt infrastructure provider. + // +optional + Kubevirt *KubevirtPlatformSpec `json:"kubevirt,omitempty"` + + // EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + // +optional + EquinixMetal *EquinixMetalPlatformSpec `json:"equinixMetal,omitempty"` } // PlatformStatus holds the current status specific to the underlying infrastructure provider @@ -183,7 +226,7 @@ type PlatformStatus struct { // balancers, dynamic volume provisioning, machine creation and deletion, and // other integrations are enabled. If None, no infrastructure automation is // enabled. Allowed values are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", - // "OpenStack", "VSphere", "oVirt", and "None". Individual components may not support + // "OpenStack", "VSphere", "oVirt", "EquinixMetal", and "None". Individual components may not support // all platforms, and must handle unrecognized platforms as None if they do // not support that platform. // @@ -222,6 +265,14 @@ type PlatformStatus struct { // IBMCloud contains settings specific to the IBMCloud infrastructure provider. // +optional IBMCloud *IBMCloudPlatformStatus `json:"ibmcloud,omitempty"` + + // Kubevirt contains settings specific to the kubevirt infrastructure provider. + // +optional + Kubevirt *KubevirtPlatformStatus `json:"kubevirt,omitempty"` + + // EquinixMetal contains settings specific to the Equinix Metal infrastructure provider. + // +optional + EquinixMetal *EquinixMetalPlatformStatus `json:"equinixMetal,omitempty"` } // AWSServiceEndpoint store the configuration of a custom url to @@ -433,6 +484,40 @@ type IBMCloudPlatformStatus struct { ProviderType IBMCloudProviderType `json:"providerType,omitempty"` } +// KubevirtPlatformSpec holds the desired state of the kubevirt infrastructure provider. +// This only includes fields that can be modified in the cluster. +type KubevirtPlatformSpec struct{} + +// KubevirtPlatformStatus holds the current status of the kubevirt infrastructure provider. +type KubevirtPlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + IngressIP string `json:"ingressIP,omitempty"` +} + +// EquinixMetalPlatformSpec holds the desired state of the Equinix Metal infrastructure provider. +// This only includes fields that can be modified in the cluster. +type EquinixMetalPlatformSpec struct{} + +// EquinixMetalPlatformStatus holds the current status of the Equinix Metal infrastructure provider. +type EquinixMetalPlatformStatus struct { + // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used + // by components inside the cluster, like kubelets using the infrastructure rather + // than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI + // points to. It is the IP for a self-hosted load balancer in front of the API servers. + APIServerInternalIP string `json:"apiServerInternalIP,omitempty"` + + // ingressIP is an external IP which routes to the default ingress controller. + // The IP is a suitable target of a wildcard DNS record used to resolve default route host names. + IngressIP string `json:"ingressIP,omitempty"` +} + // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // InfrastructureList is diff --git a/vendor/github.com/openshift/api/config/v1/types_ingress.go b/vendor/github.com/openshift/api/config/v1/types_ingress.go index 0216919ad..9451adc27 100644 --- a/vendor/github.com/openshift/api/config/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/config/v1/types_ingress.go @@ -1,6 +1,8 @@ package v1 -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) // +genclient // +genclient:nonNamespaced @@ -31,13 +33,146 @@ type IngressSpec struct { // // Once set, changing domain is not currently supported. Domain string `json:"domain"` + + // appsDomain is an optional domain to use instead of the one specified + // in the domain field when a Route is created without specifying an explicit + // host. If appsDomain is nonempty, this value is used to generate default + // host values for Route. Unlike domain, appsDomain may be modified after + // installation. + // This assumes a new ingresscontroller has been setup with a wildcard + // certificate. + // +optional + AppsDomain string `json:"appsDomain,omitempty"` + + // componentRoutes is an optional list of routes that are managed by OpenShift components + // that a cluster-admin is able to configure the hostname and serving certificate for. + // The namespace and name of each route in this list should match an existing entry in the + // status.componentRoutes list. + // + // To determine the set of configurable Routes, look at namespace and name of entries in the + // .status.componentRoutes list, where participating operators write the status of + // configurable routes. + // +optional + ComponentRoutes []ComponentRouteSpec `json:"componentRoutes,omitempty"` } +// ConsumingUser is an alias for string which we add validation to. Currently only service accounts are supported. +// +kubebuilder:validation:Pattern="^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=512 +type ConsumingUser string + +// Hostname is an alias for hostname string validation. +// +kubebuilder:validation:Format=hostname +type Hostname string + type IngressStatus struct { + // componentRoutes is where participating operators place the current route status for routes whose + // hostnames and serving certificates can be customized by the cluster-admin. + // +optional + ComponentRoutes []ComponentRouteStatus `json:"componentRoutes,omitempty"` } -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// ComponentRouteSpec allows for configuration of a route's hostname and serving certificate. +type ComponentRouteSpec struct { + // namespace is the namespace of the route to customize. + // + // The namespace and name of this componentRoute must match a corresponding + // entry in the list of status.componentRoutes if the route is to be customized. + // +kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Required + // +required + Namespace string `json:"namespace"` + + // name is the logical name of the route to customize. + // + // The namespace and name of this componentRoute must match a corresponding + // entry in the list of status.componentRoutes if the route is to be customized. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Required + // +required + Name string `json:"name"` + + // hostname is the hostname that should be used by the route. + // +kubebuilder:validation:Required + // +required + Hostname Hostname `json:"hostname"` + + // servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. + // The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. + // If the custom hostname uses the default routing suffix of the cluster, + // the Secret specification for a serving certificate will not be needed. + // +optional + ServingCertKeyPairSecret SecretNameReference `json:"servingCertKeyPairSecret"` +} + +// ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate. +type ComponentRouteStatus struct { + // namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace + // ensures that no two components will conflict and the same component can be installed multiple times. + // + // The namespace and name of this componentRoute must match a corresponding + // entry in the list of spec.componentRoutes if the route is to be customized. + // +kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Required + // +required + Namespace string `json:"namespace"` + + // name is the logical name of the route to customize. It does not have to be the actual name of a route resource + // but it cannot be renamed. + // + // The namespace and name of this componentRoute must match a corresponding + // entry in the list of spec.componentRoutes if the route is to be customized. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=256 + // +kubebuilder:validation:Required + // +required + Name string `json:"name"` + + // defaultHostname is the hostname of this route prior to customization. + // +kubebuilder:validation:Required + // +required + DefaultHostname Hostname `json:"defaultHostname"` + + // consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret. + // +kubebuilder:validation:MaxItems=5 + // +optional + ConsumingUsers []ConsumingUser `json:"consumingUsers,omitempty"` + + // currentHostnames is the list of current names used by the route. Typically, this list should consist of a single + // hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list. + // +kubebuilder:validation:MinItems=1 + // +optional + CurrentHostnames []Hostname `json:"currentHostnames,omitempty"` + + // conditions are used to communicate the state of the componentRoutes entry. + // + // Supported conditions include Available, Degraded and Progressing. + // + // If available is true, the content served by the route can be accessed by users. This includes cases + // where a default may continue to serve content while the customized route specified by the cluster-admin + // is being configured. + // + // If Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. + // The currentHostnames field may or may not be in effect. + // + // If Progressing is true, that means the component is taking some action related to the componentRoutes entry. + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` + + // relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:Required + // +required + RelatedObjects []ObjectReference `json:"relatedObjects"` +} +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object type IngressList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/config/v1/types_scheduling.go b/vendor/github.com/openshift/api/config/v1/types_scheduling.go index c54bb49e9..570f8affc 100644 --- a/vendor/github.com/openshift/api/config/v1/types_scheduling.go +++ b/vendor/github.com/openshift/api/config/v1/types_scheduling.go @@ -22,12 +22,20 @@ type Scheduler struct { } type SchedulerSpec struct { + // DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. // policy is a reference to a ConfigMap containing scheduler policy which has // user specified predicates and priorities. If this ConfigMap is not available // scheduler will default to use DefaultAlgorithmProvider. // The namespace for this configmap is openshift-config. // +optional - Policy ConfigMapNameReference `json:"policy"` + Policy ConfigMapNameReference `json:"policy,omitempty"` + // profile sets which scheduling profile should be set in order to configure scheduling + // decisions for new pods. + // + // Valid values are "LowNodeUtilization", "HighNodeUtilization", "NoScoring" + // Defaults to "LowNodeUtilization" + // +optional + Profile SchedulerProfile `json:"profile,omitempty"` // defaultNodeSelector helps set the cluster-wide default node selector to // restrict pod placement to specific nodes. This is applied to the pods // created in all namespaces and creates an intersection with any existing @@ -62,6 +70,23 @@ type SchedulerSpec struct { MastersSchedulable bool `json:"mastersSchedulable"` } +// +kubebuilder:validation:Enum="";LowNodeUtilization;HighNodeUtilization;NoScoring +type SchedulerProfile string + +var ( + // LowNodeUtililization is the default, and defines a scheduling profile which prefers to + // spread pods evenly among nodes targeting low resource consumption on each node. + LowNodeUtilization SchedulerProfile = "LowNodeUtilization" + + // HighNodeUtilization defines a scheduling profile which packs as many pods as possible onto + // as few nodes as possible targeting a small node count but high resource usage on each node. + HighNodeUtilization SchedulerProfile = "HighNodeUtilization" + + // NoScoring defines a scheduling profile which tries to provide lower-latency scheduling + // at the expense of potentially less optimal pod placement decisions. + NoScoring SchedulerProfile = "NoScoring" +) + type SchedulerStatus struct { } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 7542490ef..d1143545e 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -980,6 +980,61 @@ func (in *ComponentOverride) DeepCopy() *ComponentOverride { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ComponentRouteSpec) DeepCopyInto(out *ComponentRouteSpec) { + *out = *in + out.ServingCertKeyPairSecret = in.ServingCertKeyPairSecret + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentRouteSpec. +func (in *ComponentRouteSpec) DeepCopy() *ComponentRouteSpec { + if in == nil { + return nil + } + out := new(ComponentRouteSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ComponentRouteStatus) DeepCopyInto(out *ComponentRouteStatus) { + *out = *in + if in.ConsumingUsers != nil { + in, out := &in.ConsumingUsers, &out.ConsumingUsers + *out = make([]ConsumingUser, len(*in)) + copy(*out, *in) + } + if in.CurrentHostnames != nil { + in, out := &in.CurrentHostnames, &out.CurrentHostnames + *out = make([]Hostname, len(*in)) + copy(*out, *in) + } + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.RelatedObjects != nil { + in, out := &in.RelatedObjects, &out.RelatedObjects + *out = make([]ObjectReference, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentRouteStatus. +func (in *ComponentRouteStatus) DeepCopy() *ComponentRouteStatus { + if in == nil { + return nil + } + out := new(ComponentRouteStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConfigMapFileReference) DeepCopyInto(out *ConfigMapFileReference) { *out = *in @@ -1340,6 +1395,38 @@ func (in *DeprecatedWebhookTokenAuthenticator) DeepCopy() *DeprecatedWebhookToke return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EquinixMetalPlatformSpec) DeepCopyInto(out *EquinixMetalPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EquinixMetalPlatformSpec. +func (in *EquinixMetalPlatformSpec) DeepCopy() *EquinixMetalPlatformSpec { + if in == nil { + return nil + } + out := new(EquinixMetalPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EquinixMetalPlatformStatus) DeepCopyInto(out *EquinixMetalPlatformStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EquinixMetalPlatformStatus. +func (in *EquinixMetalPlatformStatus) DeepCopy() *EquinixMetalPlatformStatus { + if in == nil { + return nil + } + out := new(EquinixMetalPlatformStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EtcdConnectionInfo) DeepCopyInto(out *EtcdConnectionInfo) { *out = *in @@ -2121,8 +2208,8 @@ func (in *Ingress) DeepCopyInto(out *Ingress) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec - out.Status = in.Status + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) return } @@ -2180,6 +2267,11 @@ func (in *IngressList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressSpec) DeepCopyInto(out *IngressSpec) { *out = *in + if in.ComponentRoutes != nil { + in, out := &in.ComponentRoutes, &out.ComponentRoutes + *out = make([]ComponentRouteSpec, len(*in)) + copy(*out, *in) + } return } @@ -2196,6 +2288,13 @@ func (in *IngressSpec) DeepCopy() *IngressSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressStatus) DeepCopyInto(out *IngressStatus) { *out = *in + if in.ComponentRoutes != nil { + in, out := &in.ComponentRoutes, &out.ComponentRoutes + *out = make([]ComponentRouteStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -2259,6 +2358,38 @@ func (in *KubeClientConfig) DeepCopy() *KubeClientConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubevirtPlatformSpec) DeepCopyInto(out *KubevirtPlatformSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubevirtPlatformSpec. +func (in *KubevirtPlatformSpec) DeepCopy() *KubevirtPlatformSpec { + if in == nil { + return nil + } + out := new(KubevirtPlatformSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubevirtPlatformStatus) DeepCopyInto(out *KubevirtPlatformStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubevirtPlatformStatus. +func (in *KubevirtPlatformStatus) DeepCopy() *KubevirtPlatformStatus { + if in == nil { + return nil + } + out := new(KubevirtPlatformStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LDAPAttributeMapping) DeepCopyInto(out *LDAPAttributeMapping) { *out = *in @@ -2949,6 +3080,16 @@ func (in *PlatformSpec) DeepCopyInto(out *PlatformSpec) { *out = new(IBMCloudPlatformSpec) **out = **in } + if in.Kubevirt != nil { + in, out := &in.Kubevirt, &out.Kubevirt + *out = new(KubevirtPlatformSpec) + **out = **in + } + if in.EquinixMetal != nil { + in, out := &in.EquinixMetal, &out.EquinixMetal + *out = new(EquinixMetalPlatformSpec) + **out = **in + } return } @@ -3005,6 +3146,16 @@ func (in *PlatformStatus) DeepCopyInto(out *PlatformStatus) { *out = new(IBMCloudPlatformStatus) **out = **in } + if in.Kubevirt != nil { + in, out := &in.Kubevirt, &out.Kubevirt + *out = new(KubevirtPlatformStatus) + **out = **in + } + if in.EquinixMetal != nil { + in, out := &in.EquinixMetal, &out.EquinixMetal + *out = new(EquinixMetalPlatformStatus) + **out = **in + } return } @@ -3245,6 +3396,11 @@ func (in *RegistrySources) DeepCopyInto(out *RegistrySources) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.ContainerRuntimeSearchRegistries != nil { + in, out := &in.ContainerRuntimeSearchRegistries, &out.ContainerRuntimeSearchRegistries + *out = make([]string, len(*in)) + copy(*out, *in) + } return } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index 72d3bb2cf..ec4a37cb6 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -315,7 +315,7 @@ var map_AuthenticationSpec = map[string]string{ "oauthMetadata": "oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key \"oauthMetadata\" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.", "webhookTokenAuthenticators": "webhookTokenAuthenticators is DEPRECATED, setting it has no effect.", "webhookTokenAuthenticator": "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service.", - "serviceAccountIssuer": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc", + "serviceAccountIssuer": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will result in the invalidation of all bound tokens with the previous issuer value. Unless the holder of a bound token has explicit support for a change in issuer, they will not request a new bound token until pod restart or until their existing token exceeds 80% of its duration.", } func (AuthenticationSpec) SwaggerDoc() map[string]string { @@ -443,7 +443,7 @@ var map_ClusterOperatorStatusCondition = map[string]string{ "status": "status of the condition, one of True, False, Unknown.", "lastTransitionTime": "lastTransitionTime is the time of the last update to the current status property.", "reason": "reason is the CamelCase reason for the condition's current status.", - "message": "message provides additional information about the current condition. This is only to be consumed by humans.", + "message": "message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", } func (ClusterOperatorStatusCondition) SwaggerDoc() map[string]string { @@ -701,10 +701,11 @@ func (RegistryLocation) SwaggerDoc() map[string]string { } var map_RegistrySources = map[string]string{ - "": "RegistrySources holds cluster-wide information about how to handle the registries config.", - "insecureRegistries": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", - "blockedRegistries": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", - "allowedRegistries": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "": "RegistrySources holds cluster-wide information about how to handle the registries config.", + "insecureRegistries": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", + "blockedRegistries": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "allowedRegistries": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "containerRuntimeSearchRegistries": "containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.", } func (RegistrySources) SwaggerDoc() map[string]string { @@ -778,6 +779,24 @@ func (BareMetalPlatformStatus) SwaggerDoc() map[string]string { return map_BareMetalPlatformStatus } +var map_EquinixMetalPlatformSpec = map[string]string{ + "": "EquinixMetalPlatformSpec holds the desired state of the Equinix Metal infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (EquinixMetalPlatformSpec) SwaggerDoc() map[string]string { + return map_EquinixMetalPlatformSpec +} + +var map_EquinixMetalPlatformStatus = map[string]string{ + "": "EquinixMetalPlatformStatus holds the current status of the Equinix Metal infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", +} + +func (EquinixMetalPlatformStatus) SwaggerDoc() map[string]string { + return map_EquinixMetalPlatformStatus +} + var map_GCPPlatformSpec = map[string]string{ "": "GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. This only includes fields that can be modified in the cluster.", } @@ -844,19 +863,39 @@ func (InfrastructureSpec) SwaggerDoc() map[string]string { } var map_InfrastructureStatus = map[string]string{ - "": "InfrastructureStatus describes the infrastructure the cluster is leveraging.", - "infrastructureName": "infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters.", - "platform": "platform is the underlying infrastructure provider for the cluster.\n\nDeprecated: Use platformStatus.type instead.", - "platformStatus": "platformStatus holds status information specific to the underlying infrastructure provider.", - "etcdDiscoveryDomain": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery", - "apiServerURL": "apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.", - "apiServerInternalURI": "apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.", + "": "InfrastructureStatus describes the infrastructure the cluster is leveraging.", + "infrastructureName": "infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters.", + "platform": "platform is the underlying infrastructure provider for the cluster.\n\nDeprecated: Use platformStatus.type instead.", + "platformStatus": "platformStatus holds status information specific to the underlying infrastructure provider.", + "etcdDiscoveryDomain": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.", + "apiServerURL": "apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.", + "apiServerInternalURI": "apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.", + "controlPlaneTopology": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation", + "infrastructureTopology": "infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation", } func (InfrastructureStatus) SwaggerDoc() map[string]string { return map_InfrastructureStatus } +var map_KubevirtPlatformSpec = map[string]string{ + "": "KubevirtPlatformSpec holds the desired state of the kubevirt infrastructure provider. This only includes fields that can be modified in the cluster.", +} + +func (KubevirtPlatformSpec) SwaggerDoc() map[string]string { + return map_KubevirtPlatformSpec +} + +var map_KubevirtPlatformStatus = map[string]string{ + "": "KubevirtPlatformStatus holds the current status of the kubevirt infrastructure provider.", + "apiServerInternalIP": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", + "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", +} + +func (KubevirtPlatformStatus) SwaggerDoc() map[string]string { + return map_KubevirtPlatformStatus +} + var map_OpenStackPlatformSpec = map[string]string{ "": "OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. This only includes fields that can be modified in the cluster.", } @@ -897,16 +936,18 @@ func (OvirtPlatformStatus) SwaggerDoc() map[string]string { } var map_PlatformSpec = map[string]string{ - "": "PlatformSpec holds the desired state specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", - "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", - "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", - "azure": "Azure contains settings specific to the Azure infrastructure provider.", - "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", - "baremetal": "BareMetal contains settings specific to the BareMetal platform.", - "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", - "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", - "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", - "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", + "": "PlatformSpec holds the desired state specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", + "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", + "azure": "Azure contains settings specific to the Azure infrastructure provider.", + "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", + "baremetal": "BareMetal contains settings specific to the BareMetal platform.", + "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", + "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", + "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", + "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", + "kubevirt": "Kubevirt contains settings specific to the kubevirt infrastructure provider.", + "equinixMetal": "EquinixMetal contains settings specific to the Equinix Metal infrastructure provider.", } func (PlatformSpec) SwaggerDoc() map[string]string { @@ -914,16 +955,18 @@ func (PlatformSpec) SwaggerDoc() map[string]string { } var map_PlatformStatus = map[string]string{ - "": "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.", - "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.\n\nThis value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set.", - "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", - "azure": "Azure contains settings specific to the Azure infrastructure provider.", - "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", - "baremetal": "BareMetal contains settings specific to the BareMetal platform.", - "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", - "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", - "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", - "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", + "": "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.", + "type": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.\n\nThis value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set.", + "aws": "AWS contains settings specific to the Amazon Web Services infrastructure provider.", + "azure": "Azure contains settings specific to the Azure infrastructure provider.", + "gcp": "GCP contains settings specific to the Google Cloud Platform infrastructure provider.", + "baremetal": "BareMetal contains settings specific to the BareMetal platform.", + "openstack": "OpenStack contains settings specific to the OpenStack infrastructure provider.", + "ovirt": "Ovirt contains settings specific to the oVirt infrastructure provider.", + "vsphere": "VSphere contains settings specific to the VSphere infrastructure provider.", + "ibmcloud": "IBMCloud contains settings specific to the IBMCloud infrastructure provider.", + "kubevirt": "Kubevirt contains settings specific to the kubevirt infrastructure provider.", + "equinixMetal": "EquinixMetal contains settings specific to the Equinix Metal infrastructure provider.", } func (PlatformStatus) SwaggerDoc() map[string]string { @@ -949,6 +992,33 @@ func (VSpherePlatformStatus) SwaggerDoc() map[string]string { return map_VSpherePlatformStatus } +var map_ComponentRouteSpec = map[string]string{ + "": "ComponentRouteSpec allows for configuration of a route's hostname and serving certificate.", + "namespace": "namespace is the namespace of the route to customize.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.", + "name": "name is the logical name of the route to customize.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.", + "hostname": "hostname is the hostname that should be used by the route.", + "servingCertKeyPairSecret": "servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", +} + +func (ComponentRouteSpec) SwaggerDoc() map[string]string { + return map_ComponentRouteSpec +} + +var map_ComponentRouteStatus = map[string]string{ + "": "ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate.", + "namespace": "namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace ensures that no two components will conflict and the same component can be installed multiple times.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.", + "name": "name is the logical name of the route to customize. It does not have to be the actual name of a route resource but it cannot be renamed.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.", + "defaultHostname": "defaultHostname is the hostname of this route prior to customization.", + "consumingUsers": "consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret.", + "currentHostnames": "currentHostnames is the list of current names used by the route. Typically, this list should consist of a single hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list.", + "conditions": "conditions are used to communicate the state of the componentRoutes entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured.\n\nIf Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect.\n\nIf Progressing is true, that means the component is taking some action related to the componentRoutes entry.", + "relatedObjects": "relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied.", +} + +func (ComponentRouteStatus) SwaggerDoc() map[string]string { + return map_ComponentRouteStatus +} + var map_Ingress = map[string]string{ "": "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`.", "spec": "spec holds user settable values for configuration", @@ -960,13 +1030,23 @@ func (Ingress) SwaggerDoc() map[string]string { } var map_IngressSpec = map[string]string{ - "domain": "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\".\n\nIt is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\".\n\nOnce set, changing domain is not currently supported.", + "domain": "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\".\n\nIt is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\".\n\nOnce set, changing domain is not currently supported.", + "appsDomain": "appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate.", + "componentRoutes": "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list.\n\nTo determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes.", } func (IngressSpec) SwaggerDoc() map[string]string { return map_IngressSpec } +var map_IngressStatus = map[string]string{ + "componentRoutes": "componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.", +} + +func (IngressStatus) SwaggerDoc() map[string]string { + return map_IngressStatus +} + var map_ClusterNetworkEntry = map[string]string{ "": "ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.", "cidr": "The complete block for pod IPs.", @@ -1383,7 +1463,8 @@ func (Scheduler) SwaggerDoc() map[string]string { } var map_SchedulerSpec = map[string]string{ - "policy": "policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", + "policy": "DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", + "profile": "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods.\n\nValid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"", "defaultNodeSelector": "defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod's selector. For example, defaultNodeSelector: \"type=user-node,region=east\" would set nodeSelector field in pod spec to \"type=user-node,region=east\" to all pods created in all namespaces. Namespaces having project-wide node selectors won't be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector='type=user-node,region=east', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: \"type=user-node,region=west\" means that the default of \"type=user-node,region=east\" set in defaultNodeSelector would not be applied.", "mastersSchedulable": "MastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.", } diff --git a/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml index 6beaeb259..5a90f45db 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: configs.operator.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: scope: Cluster group: operator.openshift.io @@ -51,6 +53,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -64,11 +72,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_20_etcd-operator_01.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml similarity index 87% rename from vendor/github.com/openshift/api/operator/v1/0000_20_etcd-operator_01.crd.yaml rename to vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml index 14f6aeb57..d57ec9e35 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_20_etcd-operator_01.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: etcds.operator.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: scope: Cluster group: operator.openshift.io @@ -22,7 +24,7 @@ spec: schema: openAPIV3Schema: description: Etcd provides information to configure an operator to manage - kube-apiserver. + etcd. type: object required: - spec @@ -63,6 +65,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -76,11 +84,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll succeededRevisionLimit: description: succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, @@ -171,6 +187,10 @@ spec: successful deployment type: integer format: int32 + lastFailedCount: + description: lastFailedCount is how often the last failed revision + failed. + type: integer lastFailedRevision: description: lastFailedRevision is the generation of the deployment we tried and failed to deploy. @@ -182,6 +202,11 @@ spec: type: array items: type: string + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + type: string + format: date-time nodeName: description: nodeName is the name of the node type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml index b695ce838..1f37dcc5e 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml @@ -2,7 +2,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" name: kubeapiservers.operator.openshift.io spec: group: operator.openshift.io @@ -54,6 +56,12 @@ spec: to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string managementState: description: managementState indicates whether and how the operator @@ -68,10 +76,18 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + default: Normal + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string succeededRevisionLimit: description: succeededRevisionLimit is the number of successful static @@ -163,6 +179,10 @@ spec: successful deployment format: int32 type: integer + lastFailedCount: + description: lastFailedCount is how often the last failed revision + failed. + type: integer lastFailedRevision: description: lastFailedRevision is the generation of the deployment we tried and failed to deploy. @@ -174,6 +194,11 @@ spec: items: type: string type: array + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string nodeName: description: nodeName is the name of the node type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml index 6f08cec5d..78bb0b7b1 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml @@ -2,7 +2,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" name: kubecontrollermanagers.operator.openshift.io spec: group: operator.openshift.io @@ -56,6 +58,12 @@ spec: to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string managementState: description: managementState indicates whether and how the operator @@ -70,10 +78,18 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + default: Normal + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string succeededRevisionLimit: description: succeededRevisionLimit is the number of successful static @@ -165,6 +181,10 @@ spec: successful deployment format: int32 type: integer + lastFailedCount: + description: lastFailedCount is how often the last failed revision + failed. + type: integer lastFailedRevision: description: lastFailedRevision is the generation of the deployment we tried and failed to deploy. @@ -176,6 +196,11 @@ spec: items: type: string type: array + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string nodeName: description: nodeName is the name of the node type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml index faf3f0448..a72704706 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml @@ -2,7 +2,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" name: kubeschedulers.operator.openshift.io spec: group: operator.openshift.io @@ -56,6 +58,12 @@ spec: to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string managementState: description: managementState indicates whether and how the operator @@ -70,10 +78,18 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + default: Normal + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string succeededRevisionLimit: description: succeededRevisionLimit is the number of successful static @@ -165,6 +181,10 @@ spec: successful deployment format: int32 type: integer + lastFailedCount: + description: lastFailedCount is how often the last failed revision + failed. + type: integer lastFailedRevision: description: lastFailedRevision is the generation of the deployment we tried and failed to deploy. @@ -176,6 +196,11 @@ spec: items: type: string type: array + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string nodeName: description: nodeName is the name of the node type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml index b6bba3cc6..ad20dab67 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: openshiftapiservers.operator.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: scope: Cluster group: operator.openshift.io @@ -52,6 +54,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -65,11 +73,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml index 098de4470..ef2ec14c8 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml @@ -2,6 +2,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: cloudcredentials.operator.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: scope: Cluster group: operator.openshift.io @@ -42,12 +45,15 @@ spec: type: object properties: credentialsMode: - description: CredentialsMode allows informing CCO that it should not - attempt to dynamically determine the root cloud credentials capabilities, - and it should just run in the specified mode. It also allows putting - the operator into "manual" mode if desired. Leaving the field in - default mode runs CCO so that the cluster's cloud credentials will - be dynamically probed for capabilities (on supported clouds/platforms). + description: 'CredentialsMode allows informing CCO that it should + not attempt to dynamically determine the root cloud credentials + capabilities, and it should just run in the specified mode. It also + allows putting the operator into "manual" mode if desired. Leaving + the field in default mode runs CCO so that the cluster''s cloud + credentials will be dynamically probed for capabilities (on supported + clouds/platforms). Supported modes: AWS/Azure/GCP: "" (Default), + "Mint", "Passthrough", "Manual" Others: Do not set value as other + platforms only support running in "Passthrough"' type: string enum: - "" @@ -62,6 +68,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -75,11 +87,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml index 9adbb29e6..bb616a307 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: kubestorageversionmigrators.operator.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: operator.openshift.io names: @@ -49,6 +51,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -62,11 +70,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml index 20cac90b4..964793f34 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml @@ -4,6 +4,7 @@ metadata: name: authentications.operator.openshift.io annotations: include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: scope: Cluster group: operator.openshift.io @@ -48,6 +49,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -61,11 +68,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the @@ -127,13 +142,6 @@ spec: description: resource is the resource type of the thing you're tracking type: string - managingOAuthAPIServer: - description: ManagingOAuthAPIServer indicates whether this operator - is managing OAuth related APIs. Setting this field to true will - cause OAS-O to step down. Note that this field will be removed in - the future releases, once https://github.com/openshift/enhancements/blob/master/enhancements/authentication/separate-oauth-resources.md - is fully implemented - type: boolean oauthAPIServer: description: OAuthAPIServer holds status specific only to oauth-apiserver type: object diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml index 0d9403cd3..7dc44d28b 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: openshiftcontrollermanagers.operator.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: scope: Cluster group: operator.openshift.io @@ -50,6 +52,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -63,11 +71,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml index a05f40888..18926b9d4 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: storages.operator.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: operator.openshift.io names: @@ -49,6 +51,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -62,11 +70,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml index 7c14492ab..a22523aae 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml @@ -2,7 +2,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" name: ingresscontrollers.operator.openshift.io spec: group: operator.openshift.io @@ -11,7 +13,7 @@ spec: listKind: IngressControllerList plural: ingresscontrollers singular: ingresscontroller - scope: Cluster + scope: Namespaced versions: - name: v1 schema: @@ -91,6 +93,30 @@ spec: hostNetwork: description: hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork. + properties: + protocol: + description: "protocol specifies whether the IngressController + expects incoming connections to use plain TCP or whether + the IngressController expects PROXY protocol. \n PROXY protocol + can be used with load balancers that support it to communicate + the source addresses of client connections when forwarding + those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address + in HTTP headers and logs. Note that enabling PROXY protocol + on the IngressController will cause connections to fail + if you are not using a load balancer that uses PROXY protocol + to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt + for information about PROXY protocol. \n The following values + are valid for this field: \n * The empty string. * \"TCP\". + * \"PROXY\". \n The empty string specifies the default, + which is TCP without PROXY protocol. Note that the default + is subject to change." + enum: + - "" + - TCP + - PROXY + type: string type: object loadBalancer: description: loadBalancer holds parameters for the load balancer. @@ -135,6 +161,29 @@ spec: required: - type type: object + gcp: + description: "gcp provides configuration settings that + are specific to GCP load balancers. \n If empty, defaults + will be applied. See specific gcp fields for details + about their defaults." + properties: + clientAccess: + description: "clientAccess describes how client access + is restricted for internal load balancers. \n Valid + values are: * \"Global\": Specifying an internal + load balancer with Global client access allows + clients from any region within the VPC to communicate + with the load balancer. \n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + \n * \"Local\": Specifying an internal load balancer + with Local client access means only clients within + the same region (and VPC) as the GCP load balancer + \ can communicate with the load balancer. Note + that this is the default behavior. \n https://cloud.google.com/load-balancing/docs/internal#client_access" + enum: + - Global + - Local + type: string + type: object type: description: type is the underlying infrastructure provider for the load balancer. Allowed values are "AWS", "Azure", @@ -164,6 +213,30 @@ spec: nodePort: description: nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService. + properties: + protocol: + description: "protocol specifies whether the IngressController + expects incoming connections to use plain TCP or whether + the IngressController expects PROXY protocol. \n PROXY protocol + can be used with load balancers that support it to communicate + the source addresses of client connections when forwarding + those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address + in HTTP headers and logs. Note that enabling PROXY protocol + on the IngressController will cause connections to fail + if you are not using a load balancer that uses PROXY protocol + to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt + for information about PROXY protocol. \n The following values + are valid for this field: \n * The empty string. * \"TCP\". + * \"PROXY\". \n The empty string specifies the default, + which is TCP without PROXY protocol. Note that the default + is subject to change." + enum: + - "" + - TCP + - PROXY + type: string type: object private: description: private holds parameters for the Private endpoint @@ -206,6 +279,38 @@ spec: required: - type type: object + httpHeaderBuffer: + description: httpHeaderBuffer defines parameters for header buffer + size values. If this field is empty, the default values are used. + See specific httpHeaderBuffer fields for their respective default + values. Setting this field is generally not recommended as header + buffer values that are too small may break the IngressController + and header buffer values that are too large could cause the IngressController + to use significantly more memory than necessary. + properties: + headerBufferBytes: + description: headerBufferBytes describes how much memory should + be reserved (in bytes) for IngressController connection sessions. + Note that this value must be at least 16384 if HTTP/2 is enabled + for the IngressController (https://tools.ietf.org/html/rfc7540). + If this field is empty, the IngressController will use a default + value of 32768 bytes. + format: int32 + minimum: 16384 + type: integer + headerBufferMaxRewriteBytes: + description: headerBufferMaxRewriteBytes describes how much memory + should be reserved (in bytes) from headerBufferBytes for HTTP + header rewriting and appending for IngressController connection + sessions. Note that incoming HTTP requests will be limited to + (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning + headerBufferBytes must be greater than headerBufferMaxRewriteBytes. + If this field is empty, the IngressController will use a default + value of 8192 bytes. + format: int32 + minimum: 4096 + type: integer + type: object httpHeaders: description: "httpHeaders defines policy for HTTP headers. \n If this field is empty, the default values are used." @@ -229,6 +334,30 @@ spec: - IfNone - Never type: string + headerNameCaseAdjustments: + description: "headerNameCaseAdjustments specifies case adjustments + that can be applied to HTTP header names. Each adjustment is + specified as an HTTP header name with the desired capitalization. + \ For example, specifying \"X-Forwarded-For\" indicates that + the \"x-forwarded-for\" HTTP header should be adjusted to have + the specified capitalization. \n These adjustments are only + applied to cleartext, edge-terminated, and re-encrypt routes, + and only when using HTTP/1. \n For request headers, these adjustments + are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true + annotation. For response headers, these adjustments are applied + to all HTTP responses. \n If this field is empty, no request + headers are adjusted." + items: + description: IngressControllerHTTPHeaderNameCaseAdjustment is + the name of an HTTP header (for example, "X-Forwarded-For") + in the desired capitalization. The value must be a valid + HTTP header name as defined in RFC 2616 section 4.2. + maxLength: 1024 + minLength: 0 + pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + nullable: true + type: array uniqueId: description: "uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming @@ -877,6 +1006,30 @@ spec: hostNetwork: description: hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork. + properties: + protocol: + description: "protocol specifies whether the IngressController + expects incoming connections to use plain TCP or whether + the IngressController expects PROXY protocol. \n PROXY protocol + can be used with load balancers that support it to communicate + the source addresses of client connections when forwarding + those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address + in HTTP headers and logs. Note that enabling PROXY protocol + on the IngressController will cause connections to fail + if you are not using a load balancer that uses PROXY protocol + to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt + for information about PROXY protocol. \n The following values + are valid for this field: \n * The empty string. * \"TCP\". + * \"PROXY\". \n The empty string specifies the default, + which is TCP without PROXY protocol. Note that the default + is subject to change." + enum: + - "" + - TCP + - PROXY + type: string type: object loadBalancer: description: loadBalancer holds parameters for the load balancer. @@ -921,6 +1074,29 @@ spec: required: - type type: object + gcp: + description: "gcp provides configuration settings that + are specific to GCP load balancers. \n If empty, defaults + will be applied. See specific gcp fields for details + about their defaults." + properties: + clientAccess: + description: "clientAccess describes how client access + is restricted for internal load balancers. \n Valid + values are: * \"Global\": Specifying an internal + load balancer with Global client access allows + clients from any region within the VPC to communicate + with the load balancer. \n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + \n * \"Local\": Specifying an internal load balancer + with Local client access means only clients within + the same region (and VPC) as the GCP load balancer + \ can communicate with the load balancer. Note + that this is the default behavior. \n https://cloud.google.com/load-balancing/docs/internal#client_access" + enum: + - Global + - Local + type: string + type: object type: description: type is the underlying infrastructure provider for the load balancer. Allowed values are "AWS", "Azure", @@ -950,6 +1126,30 @@ spec: nodePort: description: nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService. + properties: + protocol: + description: "protocol specifies whether the IngressController + expects incoming connections to use plain TCP or whether + the IngressController expects PROXY protocol. \n PROXY protocol + can be used with load balancers that support it to communicate + the source addresses of client connections when forwarding + those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address + in HTTP headers and logs. Note that enabling PROXY protocol + on the IngressController will cause connections to fail + if you are not using a load balancer that uses PROXY protocol + to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt + for information about PROXY protocol. \n The following values + are valid for this field: \n * The empty string. * \"TCP\". + * \"PROXY\". \n The empty string specifies the default, + which is TCP without PROXY protocol. Note that the default + is subject to change." + enum: + - "" + - TCP + - PROXY + type: string type: object private: description: private holds parameters for the Private endpoint @@ -1031,4 +1231,8 @@ spec: served: true storage: true subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.availableReplicas status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml index 3f9f7b10a..40acfb081 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml @@ -3,10 +3,17 @@ kind: CustomResourceDefinition metadata: name: servicecas.operator.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: scope: Cluster group: operator.openshift.io + names: + kind: ServiceCA + listKind: ServiceCAList + plural: servicecas + singular: serviceca versions: - name: v1 served: true @@ -38,11 +45,19 @@ spec: type: object properties: logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret - for their operands. + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -56,11 +71,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml index 0f1686695..daf30498f 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml @@ -4,6 +4,7 @@ metadata: name: networks.operator.openshift.io annotations: include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: operator.openshift.io names: @@ -319,6 +320,10 @@ spec: Default is 4789 type: integer format: int32 + ipsecConfig: + description: ipsecConfig enables and configures IPsec for + pods on the pod network within the cluster. + type: object mtu: description: mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default @@ -326,6 +331,45 @@ spec: type: integer format: int32 minimum: 0 + policyAuditConfig: + description: policyAuditConfig is the configuration for network + policy audit events. If unset, reported defaults are used. + type: object + properties: + destination: + description: 'destination is the location for policy log + messages. Regardless of this config, persistent logs + will always be dumped to the host at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: - "libc" -> to use the libc syslog() + function of the host node''s journdald process - "udp:host:port" + -> for sending syslog over UDP - "unix:file" -> for + using the UNIX domain socket directly - "null" -> to + discard all messages logged to syslog The default is + "null"' + type: string + default: "null" + maxFileSize: + description: maxFilesSize is the max size an ACL_audit + log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + type: integer + format: int32 + default: 50 + minimum: 1 + rateLimit: + description: rateLimit is the approximate maximum number + of messages to generate per-second per-node. If unset + the default of 20 msg/sec is used. + type: integer + format: int32 + default: 20 + minimum: 1 + syslogFacility: + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + default: local0 type: description: type is the type of network All NetworkTypes are supported except for NetworkTypeRaw @@ -342,6 +386,58 @@ spec: pod network support should be disabled. If unset, this property defaults to 'false' and multiple network support is enabled. type: boolean + disableNetworkDiagnostics: + description: disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled + or not. If unset, this property defaults to 'false' and network + diagnostics is enabled. Setting this to 'true' would reduce the + additional load of the pods performing the checks. + type: boolean + default: false + exportNetworkFlows: + description: exportNetworkFlows enables and configures the export + of network flow metadata from the pod network by using protocols + NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes + plugin. If unset, flows will not be exported to any collector. + type: object + properties: + ipfix: + description: ipfix defines IPFIX configuration. + type: object + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port + type: array + minItems: 1 + items: + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):[0-9]+$ + netFlow: + description: netFlow defines the NetFlow configuration. + type: object + properties: + collectors: + description: netFlow defines the NetFlow collectors that will + consume the flow data exported from OVS. It is a list of + strings formatted as ip:port + type: array + minItems: 1 + items: + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):[0-9]+$ + sFlow: + description: sFlow defines the SFlow configuration. + type: object + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port + type: array + minItems: 1 + items: + type: string + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):[0-9]+$ kubeProxyConfig: description: kubeProxyConfig lets us configure desired proxy configuration. If not specified, sensible defaults will be chosen by OpenShift @@ -353,7 +449,10 @@ spec: description: The address to "bind" on Defaults to 0.0.0.0 type: string iptablesSyncPeriod: - description: 'The period that iptables rules are refreshed. Default: + description: 'An internal kube-proxy parameter. In older releases + of OCP, this sometimes needed to be adjusted in large clusters + for performance reasons, but this is no longer necessary, and + there is no reason to change this from the default value. Default: 30s' type: string proxyArguments: @@ -367,11 +466,45 @@ spec: items: type: string logLevel: - description: logLevel allows configuring the logging level of the - components deployed by the operator. Currently only Kuryr SDN is - affected by this setting. Please note that turning on extensive - logging may affect performance. The default value is "Normal". + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + managementState: + description: managementState indicates whether and how the operator + should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll serviceNetwork: description: serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single @@ -379,7 +512,90 @@ spec: type: array items: type: string + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: useMultiNetworkPolicy enables a controller which allows + for MultiNetworkPolicy objects to be used on additional networks + as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod + can receive over the secondary interfaces. If unset, this property + defaults to 'false' and MultiNetworkPolicy objects are ignored. + If 'disableMultiNetwork' is 'true' then the value of this field + is ignored. + type: boolean status: - description: NetworkStatus is currently unused. Instead, status is reported - in the Network.config.openshift.io object. + description: NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml index f23db5fef..c77d86e2c 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: consoles.operator.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: scope: Cluster group: operator.openshift.io @@ -80,6 +82,78 @@ spec: in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name. type: string + developerCatalog: + description: developerCatalog allows to configure the shown developer + catalog categories. + type: object + properties: + categories: + description: categories which are shown in the developer catalog. + type: array + items: + description: DeveloperConsoleCatalogCategory for the developer + console catalog. + type: object + required: + - id + - label + properties: + id: + description: ID is an identifier used in the URL to + enable deep linking in console. ID is required and + must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. + type: string + maxLength: 32 + minLength: 1 + pattern: ^[A-Za-z0-9-_]+$ + label: + description: label defines a category display label. + It is required and must have 1-64 characters. + type: string + maxLength: 64 + minLength: 1 + subcategories: + description: subcategories defines a list of child categories. + type: array + items: + description: DeveloperConsoleCatalogCategoryMeta are + the key identifiers of a developer catalog category. + type: object + required: + - id + - label + properties: + id: + description: ID is an identifier used in the URL + to enable deep linking in console. ID is required + and must have 1-32 URL safe (A-Z, a-z, 0-9, + - and _) characters. + type: string + maxLength: 32 + minLength: 1 + pattern: ^[A-Za-z0-9-_]+$ + label: + description: label defines a category display + label. It is required and must have 1-64 characters. + type: string + maxLength: 64 + minLength: 1 + tags: + description: tags is a list of strings that will + match the category. A selected category show + all items which has at least one overlapping + tag between category and item. + type: array + items: + type: string + tags: + description: tags is a list of strings that will match + the category. A selected category show all items which + has at least one overlapping tag between category + and item. + type: array + items: + type: string documentationBaseURL: description: documentationBaseURL links to external documentation are shown in various sections of the web console. Providing @@ -95,6 +169,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -108,11 +188,24 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + plugins: + description: plugins defines a list of enabled console plugin names. + type: array + items: + type: string providers: description: providers contains configuration for using specific service providers. diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00-custom-resource-definition.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00-custom-resource-definition.yaml index 09bb77908..7d50cfe76 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00-custom-resource-definition.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00-custom-resource-definition.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: dnses.operator.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: operator.openshift.io names: @@ -43,6 +45,73 @@ spec: DNS. type: object properties: + nodePlacement: + description: "nodePlacement provides explicit control over the scheduling + of DNS pods. \n Generally, it is useful to run a DNS pod on every + node so that DNS queries are always handled by a local DNS pod instead + of going over the network to a DNS pod on another node. However, + security policies may require restricting the placement of DNS pods + to specific nodes. For example, if a security policy prohibits pods + on arbitrary nodes from communicating with the API, a node selector + can be specified to restrict DNS pods to nodes that are permitted + to communicate with the API. Conversely, if running DNS pods on + nodes with a particular taint is desired, a toleration can be specified + for that taint. \n If unset, defaults are used. See nodePlacement + for more details." + type: object + properties: + nodeSelector: + description: "nodeSelector is the node selector applied to DNS + pods. \n If empty, the default is used, which is currently the + following: \n beta.kubernetes.io/os: linux \n This default + is subject to change. \n If set, the specified selector is used + and replaces the default." + type: object + additionalProperties: + type: string + tolerations: + description: "tolerations is a list of tolerations applied to + DNS pods. \n The default is an empty list. This default is + subject to change. \n See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/" + type: array + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + type: object + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string servers: description: "servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of diff --git a/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml index 16e04f4c7..720253030 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: csisnapshotcontrollers.operator.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: operator.openshift.io names: @@ -49,6 +51,12 @@ spec: \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll managementState: description: managementState indicates whether and how the operator should manage the component @@ -62,11 +70,19 @@ spec: nullable: true x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." type: string + default: Normal + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml index 4b44f35bd..ff66f8c2a 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml @@ -2,7 +2,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" name: clustercsidrivers.operator.openshift.io spec: group: operator.openshift.io @@ -35,8 +37,13 @@ spec: name: enum: - ebs.csi.aws.com + - disk.csi.azure.com + - pd.csi.storage.gke.io + - cinder.csi.openstack.org + - csi.vsphere.vmware.com - manila.csi.openstack.org - csi.ovirt.org + - csi.kubevirt.io type: string type: object spec: @@ -49,6 +56,12 @@ spec: to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string managementState: description: managementState indicates whether and how the operator @@ -63,10 +76,18 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have - to interpret for themselves. + default: Normal + description: "operatorLogLevel is an intent based logging for the + operator itself. It does not give fine grained control, but it + is a simple way to manage coarse grained logging choices that operators + have to interpret for themselves. \n Valid values are: \"Normal\", + \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll type: string unsupportedConfigOverrides: description: 'unsupportedConfigOverrides holds a sparse config that diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch index 22f3a1294..dfcaf8b44 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch +++ b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch @@ -5,5 +5,10 @@ type: string enum: - ebs.csi.aws.com + - disk.csi.azure.com + - pd.csi.storage.gke.io + - cinder.csi.openstack.org + - csi.vsphere.vmware.com - manila.csi.openstack.org - csi.ovirt.org + - csi.kubevirt.io diff --git a/vendor/github.com/openshift/api/operator/v1/types.go b/vendor/github.com/openshift/api/operator/v1/types.go index ed11b3219..c4586ad31 100644 --- a/vendor/github.com/openshift/api/operator/v1/types.go +++ b/vendor/github.com/openshift/api/operator/v1/types.go @@ -56,12 +56,16 @@ type OperatorSpec struct { // Defaults to "Normal". // +optional // +kubebuilder:default=Normal - LogLevel LogLevel `json:"logLevel"` + LogLevel LogLevel `json:"logLevel,omitempty"` // operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a // simple way to manage coarse grained logging choices that operators have to interpret for themselves. + // + // Valid values are: "Normal", "Debug", "Trace", "TraceAll". + // Defaults to "Normal". // +optional - OperatorLogLevel LogLevel `json:"operatorLogLevel"` + // +kubebuilder:default=Normal + OperatorLogLevel LogLevel `json:"operatorLogLevel,omitempty"` // unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override // it will end up overlaying in the following order: @@ -81,6 +85,7 @@ type OperatorSpec struct { ObservedConfig runtime.RawExtension `json:"observedConfig"` } +// +kubebuilder:validation:Enum="";Normal;Debug;Trace;TraceAll type LogLevel string var ( @@ -210,9 +215,13 @@ type NodeStatus struct { CurrentRevision int32 `json:"currentRevision"` // targetRevision is the generation of the deployment we're trying to apply TargetRevision int32 `json:"targetRevision,omitempty"` + // lastFailedRevision is the generation of the deployment we tried and failed to deploy. LastFailedRevision int32 `json:"lastFailedRevision,omitempty"` - + // lastFailedTime is the time the last failed revision failed the last time. + LastFailedTime *metav1.Time `json:"lastFailedTime,omitempty"` + // lastFailedCount is how often the last failed revision failed. + LastFailedCount int `json:"lastFailedCount,omitempty"` // lastFailedRevisionErrors is a list of the errors during the failed deployment referenced in lastFailedRevision LastFailedRevisionErrors []string `json:"lastFailedRevisionErrors,omitempty"` } diff --git a/vendor/github.com/openshift/api/operator/v1/types_authentication.go b/vendor/github.com/openshift/api/operator/v1/types_authentication.go index cf60fb963..61c777cf2 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/operator/v1/types_authentication.go @@ -25,11 +25,6 @@ type AuthenticationSpec struct { } type AuthenticationStatus struct { - // ManagingOAuthAPIServer indicates whether this operator is managing OAuth related APIs. Setting this field to true will cause OAS-O to step down. - // Note that this field will be removed in the future releases, once https://github.com/openshift/enhancements/blob/master/enhancements/authentication/separate-oauth-resources.md is fully implemented - // +optional - ManagingOAuthAPIServer bool `json:"managingOAuthAPIServer,omitempty"` - // OAuthAPIServer holds status specific only to oauth-apiserver // +optional OAuthAPIServer OAuthAPIServerStatus `json:"oauthAPIServer,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go b/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go index bb17c89ff..8d1806cd6 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go +++ b/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go @@ -54,6 +54,9 @@ type CloudCredentialSpec struct { // It also allows putting the operator into "manual" mode if desired. // Leaving the field in default mode runs CCO so that the cluster's cloud credentials // will be dynamically probed for capabilities (on supported clouds/platforms). + // Supported modes: + // AWS/Azure/GCP: "" (Default), "Mint", "Passthrough", "Manual" + // Others: Do not set value as other platforms only support running in "Passthrough" // +optional CredentialsMode CloudCredentialsMode `json:"credentialsMode,omitempty"` } diff --git a/vendor/github.com/openshift/api/operator/v1/types_console.go b/vendor/github.com/openshift/api/operator/v1/types_console.go index 1ef928535..3d3d2b097 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_console.go +++ b/vendor/github.com/openshift/api/operator/v1/types_console.go @@ -42,6 +42,9 @@ type ConsoleSpec struct { // If not specified, default route will be used. // +optional Route ConsoleConfigRoute `json:"route"` + // plugins defines a list of enabled console plugin names. + // +optional + Plugins []string `json:"plugins,omitempty"` } // ConsoleConfigRoute holds information on external route access to console. @@ -106,6 +109,51 @@ type ConsoleCustomization struct { // SVG format preferred // +optional CustomLogoFile configv1.ConfigMapFileReference `json:"customLogoFile,omitempty"` + // developerCatalog allows to configure the shown developer catalog categories. + // +kubebuilder:validation:Optional + // +optional + DeveloperCatalog DeveloperConsoleCatalogCustomization `json:"developerCatalog,omitempty"` +} + +// DeveloperConsoleCatalogCustomization allow cluster admin to configure developer catalog. +type DeveloperConsoleCatalogCustomization struct { + // categories which are shown in the developer catalog. + // +kubebuilder:validation:Optional + // +optional + Categories []DeveloperConsoleCatalogCategory `json:"categories,omitempty"` +} + +// DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category. +type DeveloperConsoleCatalogCategoryMeta struct { + // ID is an identifier used in the URL to enable deep linking in console. + // ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=32 + // +kubebuilder:validation:Pattern=`^[A-Za-z0-9-_]+$` + // +required + ID string `json:"id"` + // label defines a category display label. It is required and must have 1-64 characters. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 + // +required + Label string `json:"label"` + // tags is a list of strings that will match the category. A selected category + // show all items which has at least one overlapping tag between category and item. + // +kubebuilder:validation:Optional + // +optional + Tags []string `json:"tags,omitempty"` +} + +// DeveloperConsoleCatalogCategory for the developer console catalog. +type DeveloperConsoleCatalogCategory struct { + // defines top level category ID, label and filter tags. + DeveloperConsoleCatalogCategoryMeta `json:",inline"` + // subcategories defines a list of child categories. + // +kubebuilder:validation:Optional + // +optional + Subcategories []DeveloperConsoleCatalogCategoryMeta `json:"subcategories,omitempty"` } // Brand is a specific supported brand within the console. diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index e6217ab8c..09413dc74 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -40,9 +40,14 @@ type CSIDriverName string // If you are adding a new driver name here, ensure that kubebuilder:validation:Enum is updated above // and 0000_90_cluster_csi_driver_01_config.crd.yaml-merge-patch file is also updated with new driver name. const ( - AWSEBSCSIDriver CSIDriverName = "ebs.csi.aws.com" - ManilaCSIDriver CSIDriverName = "manila.csi.openstack.org" - OvirtCSIDriver CSIDriverName = "csi.ovirt.org" + AWSEBSCSIDriver CSIDriverName = "ebs.csi.aws.com" + AzureDiskCSIDriver CSIDriverName = "disk.csi.azure.com" + GCPPDCSIDriver CSIDriverName = "pd.csi.storage.gke.io" + CinderCSIDriver CSIDriverName = "cinder.csi.openstack.org" + VSphereCSIDriver CSIDriverName = "csi.vsphere.vmware.com" + ManilaCSIDriver CSIDriverName = "manila.csi.openstack.org" + OvirtCSIDriver CSIDriverName = "csi.ovirt.org" + KubevirtCSIDriver CSIDriverName = "csi.kubevirt.io" ) // ClusterCSIDriverSpec is the desired behavior of CSI driver operator diff --git a/vendor/github.com/openshift/api/operator/v1/types_dns.go b/vendor/github.com/openshift/api/operator/v1/types_dns.go index 5bc361468..112907c9b 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_dns.go +++ b/vendor/github.com/openshift/api/operator/v1/types_dns.go @@ -2,6 +2,8 @@ package v1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + corev1 "k8s.io/api/core/v1" ) // +genclient @@ -42,6 +44,24 @@ type DNSSpec struct { // // +optional Servers []Server `json:"servers,omitempty"` + + // nodePlacement provides explicit control over the scheduling of DNS + // pods. + // + // Generally, it is useful to run a DNS pod on every node so that DNS + // queries are always handled by a local DNS pod instead of going over + // the network to a DNS pod on another node. However, security policies + // may require restricting the placement of DNS pods to specific nodes. + // For example, if a security policy prohibits pods on arbitrary nodes + // from communicating with the API, a node selector can be specified to + // restrict DNS pods to nodes that are permitted to communicate with the + // API. Conversely, if running DNS pods on nodes with a particular + // taint is desired, a toleration can be specified for that taint. + // + // If unset, defaults are used. See nodePlacement for more details. + // + // +optional + NodePlacement DNSNodePlacement `json:"nodePlacement,omitempty"` } // Server defines the schema for a server that runs per instance of CoreDNS. @@ -73,6 +93,31 @@ type ForwardPlugin struct { Upstreams []string `json:"upstreams"` } +// DNSNodePlacement describes the node scheduling configuration for DNS pods. +type DNSNodePlacement struct { + // nodeSelector is the node selector applied to DNS pods. + // + // If empty, the default is used, which is currently the following: + // + // beta.kubernetes.io/os: linux + // + // This default is subject to change. + // + // If set, the specified selector is used and replaces the default. + // + // +optional + NodeSelector map[string]string `json:"nodeSelector,omitempty"` + + // tolerations is a list of tolerations applied to DNS pods. + // + // The default is an empty list. This default is subject to change. + // + // See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + // + // +optional + Tolerations []corev1.Toleration `json:"tolerations,omitempty"` +} + const ( // Available indicates the DNS controller daemonset is available. DNSAvailable = "Available" diff --git a/vendor/github.com/openshift/api/operator/v1/types_etcd.go b/vendor/github.com/openshift/api/operator/v1/types_etcd.go index 6a2fbdb9a..106c92b81 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_etcd.go +++ b/vendor/github.com/openshift/api/operator/v1/types_etcd.go @@ -8,7 +8,7 @@ import ( // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// Etcd provides information to configure an operator to manage kube-apiserver. +// Etcd provides information to configure an operator to manage etcd. type Etcd struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 4b7bb2fb4..8c5ee0b0a 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -176,6 +176,17 @@ type IngressControllerSpec struct { // // +optional HTTPHeaders *IngressControllerHTTPHeaders `json:"httpHeaders,omitempty"` + + // httpHeaderBuffer defines parameters for header buffer size values. + // If this field is empty, the default values are used. See specific + // httpHeaderBuffer fields for their respective default values. + // Setting this field is generally not recommended as header buffer + // values that are too small may break the IngressController and header + // buffer values that are too large could cause the IngressController to + // use significantly more memory than necessary. + // + // +optional + HTTPHeaderBuffer IngressControllerHTTPHeaderBuffer `json:"httpHeaderBuffer,omitempty"` } // NodePlacement describes node scheduling configuration for an ingress @@ -279,6 +290,15 @@ type ProviderLoadBalancerParameters struct { // // +optional AWS *AWSLoadBalancerParameters `json:"aws,omitempty"` + + // gcp provides configuration settings that are specific to GCP + // load balancers. + // + // If empty, defaults will be applied. See specific gcp fields for + // details about their defaults. + // + // +optional + GCP *GCPLoadBalancerParameters `json:"gcp,omitempty"` } // LoadBalancerProviderType is the underlying infrastructure provider for the @@ -344,6 +364,39 @@ const ( AWSNetworkLoadBalancer AWSLoadBalancerType = "NLB" ) +// GCPLoadBalancerParameters provides configuration settings that are +// specific to GCP load balancers. +type GCPLoadBalancerParameters struct { + // clientAccess describes how client access is restricted for internal + // load balancers. + // + // Valid values are: + // * "Global": Specifying an internal load balancer with Global client access + // allows clients from any region within the VPC to communicate with the load + // balancer. + // + // https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + // + // * "Local": Specifying an internal load balancer with Local client access + // means only clients within the same region (and VPC) as the GCP load balancer + // can communicate with the load balancer. Note that this is the default behavior. + // + // https://cloud.google.com/load-balancing/docs/internal#client_access + // + // +optional + ClientAccess GCPClientAccess `json:"clientAccess,omitempty"` +} + +// GCPClientAccess describes how client access is restricted for internal +// load balancers. +// +kubebuilder:validation:Enum=Global;Local +type GCPClientAccess string + +const ( + GCPGlobalAccess GCPClientAccess = "Global" + GCPLocalAccess GCPClientAccess = "Local" +) + // AWSClassicLoadBalancerParameters holds configuration parameters for an // AWS Classic load balancer. type AWSClassicLoadBalancerParameters struct { @@ -357,6 +410,34 @@ type AWSNetworkLoadBalancerParameters struct { // HostNetworkStrategy holds parameters for the HostNetwork endpoint publishing // strategy. type HostNetworkStrategy struct { + // protocol specifies whether the IngressController expects incoming + // connections to use plain TCP or whether the IngressController expects + // PROXY protocol. + // + // PROXY protocol can be used with load balancers that support it to + // communicate the source addresses of client connections when + // forwarding those connections to the IngressController. Using PROXY + // protocol enables the IngressController to report those source + // addresses instead of reporting the load balancer's address in HTTP + // headers and logs. Note that enabling PROXY protocol on the + // IngressController will cause connections to fail if you are not using + // a load balancer that uses PROXY protocol to forward connections to + // the IngressController. See + // http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + // information about PROXY protocol. + // + // The following values are valid for this field: + // + // * The empty string. + // * "TCP". + // * "PROXY". + // + // The empty string specifies the default, which is TCP without PROXY + // protocol. Note that the default is subject to change. + // + // +kubebuilder:validation:Optional + // +optional + Protocol IngressControllerProtocol `json:"protocol,omitempty"` } // PrivateStrategy holds parameters for the Private endpoint publishing @@ -366,8 +447,46 @@ type PrivateStrategy struct { // NodePortStrategy holds parameters for the NodePortService endpoint publishing strategy. type NodePortStrategy struct { + // protocol specifies whether the IngressController expects incoming + // connections to use plain TCP or whether the IngressController expects + // PROXY protocol. + // + // PROXY protocol can be used with load balancers that support it to + // communicate the source addresses of client connections when + // forwarding those connections to the IngressController. Using PROXY + // protocol enables the IngressController to report those source + // addresses instead of reporting the load balancer's address in HTTP + // headers and logs. Note that enabling PROXY protocol on the + // IngressController will cause connections to fail if you are not using + // a load balancer that uses PROXY protocol to forward connections to + // the IngressController. See + // http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + // information about PROXY protocol. + // + // The following values are valid for this field: + // + // * The empty string. + // * "TCP". + // * "PROXY". + // + // The empty string specifies the default, which is TCP without PROXY + // protocol. Note that the default is subject to change. + // + // +kubebuilder:validation:Optional + // +optional + Protocol IngressControllerProtocol `json:"protocol,omitempty"` } +// IngressControllerProtocol specifies whether PROXY protocol is enabled or not. +// +kubebuilder:validation:Enum="";TCP;PROXY +type IngressControllerProtocol string + +const ( + DefaultProtocol IngressControllerProtocol = "" + TCPProtocol IngressControllerProtocol = "TCP" + ProxyProtocol IngressControllerProtocol = "PROXY" +) + // EndpointPublishingStrategy is a way to publish the endpoints of an // IngressController, and represents the type and any additional configuration // for a specific type. @@ -660,8 +779,26 @@ const ( // IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be // captured. -// +union type IngressControllerCaptureHTTPCookie struct { + IngressControllerCaptureHTTPCookieUnion `json:",inline"` + + // maxLength specifies a maximum length of the string that will be + // logged, which includes the cookie name, cookie value, and + // one-character delimiter. If the log entry exceeds this length, the + // value will be truncated in the log message. Note that the ingress + // controller may impose a separate bound on the total length of HTTP + // headers in a request. + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=1024 + // +required + MaxLength int `json:"maxLength"` +} + +// IngressControllerCaptureHTTPCookieUnion describes optional fields of an HTTP cookie that should be captured. +// +union +type IngressControllerCaptureHTTPCookieUnion struct { // matchType specifies the type of match to be performed on the cookie // name. Allowed values are "Exact" for an exact string match and // "Prefix" for a string prefix match. If "Exact" is specified, a name @@ -693,19 +830,6 @@ type IngressControllerCaptureHTTPCookie struct { // +kubebuilder:validation:MaxLength=1024 // +optional NamePrefix string `json:"namePrefix"` - - // maxLength specifies a maximum length of the string that will be - // logged, which includes the cookie name, cookie value, and - // one-character delimiter. If the log entry exceeds this length, the - // value will be truncated in the log message. Note that the ingress - // controller may impose a separate bound on the total length of HTTP - // headers in a request. - // - // +kubebuilder:validation:Required - // +kubebuilder:validation:Minimum=1 - // +kubebuilder:validation:Maximum=1024 - // +required - MaxLength int `json:"maxLength"` } // AccessLogging describes how client requests should be logged. @@ -810,6 +934,16 @@ type IngressControllerHTTPUniqueIdHeaderPolicy struct { Format string `json:"format,omitempty"` } +// IngressControllerHTTPHeaderNameCaseAdjustment is the name of an HTTP header +// (for example, "X-Forwarded-For") in the desired capitalization. The value +// must be a valid HTTP header name as defined in RFC 2616 section 4.2. +// +// +optional +// +kubebuilder:validation:Pattern="^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$" +// +kubebuilder:validation:MinLength=0 +// +kubebuilder:validation:MaxLength=1024 +type IngressControllerHTTPHeaderNameCaseAdjustment string + // IngressControllerHTTPHeaders specifies how the IngressController handles // certain HTTP headers. type IngressControllerHTTPHeaders struct { @@ -846,6 +980,56 @@ type IngressControllerHTTPHeaders struct { // // +optional UniqueId IngressControllerHTTPUniqueIdHeaderPolicy `json:"uniqueId,omitempty"` + + // headerNameCaseAdjustments specifies case adjustments that can be + // applied to HTTP header names. Each adjustment is specified as an + // HTTP header name with the desired capitalization. For example, + // specifying "X-Forwarded-For" indicates that the "x-forwarded-for" + // HTTP header should be adjusted to have the specified capitalization. + // + // These adjustments are only applied to cleartext, edge-terminated, and + // re-encrypt routes, and only when using HTTP/1. + // + // For request headers, these adjustments are applied only for routes + // that have the haproxy.router.openshift.io/h1-adjust-case=true + // annotation. For response headers, these adjustments are applied to + // all HTTP responses. + // + // If this field is empty, no request headers are adjusted. + // + // +nullable + // +optional + HeaderNameCaseAdjustments []IngressControllerHTTPHeaderNameCaseAdjustment `json:"headerNameCaseAdjustments,omitempty"` +} + +// IngressControllerHTTPHeaderBuffer specifies the size of the +// per-connection HTTP header buffers. +type IngressControllerHTTPHeaderBuffer struct { + // headerBufferBytes describes how much memory should be reserved + // (in bytes) for IngressController connection sessions. + // Note that this value must be at least 16384 if HTTP/2 is + // enabled for the IngressController (https://tools.ietf.org/html/rfc7540). + // If this field is empty, the IngressController will use a default value + // of 32768 bytes. + // + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Minimum=16384 + // +optional + HeaderBufferBytes int32 `json:"headerBufferBytes,omitempty"` + + // headerBufferMaxRewriteBytes describes how much memory should be reserved + // (in bytes) from headerBufferBytes for HTTP header rewriting + // and appending for IngressController connection sessions. + // Note that incoming HTTP requests will be limited to + // (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning + // headerBufferBytes must be greater than headerBufferMaxRewriteBytes. + // If this field is empty, the IngressController will use a default value + // of 8192 bytes. + // + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Minimum=4096 + // +optional + HeaderBufferMaxRewriteBytes int32 `json:"headerBufferMaxRewriteBytes,omitempty"` } var ( diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index 7e678d11a..242f49caf 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -19,9 +19,10 @@ type Network struct { Status NetworkStatus `json:"status,omitempty"` } -// NetworkStatus is currently unused. Instead, status -// is reported in the Network.config.openshift.io object. +// NetworkStatus is detailed operator status, which is distilled +// up to the Network clusteroperator object. type NetworkStatus struct { + OperatorStatus `json:",inline"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -35,6 +36,8 @@ type NetworkList struct { // NetworkSpec is the top-level network configuration object. type NetworkSpec struct { + OperatorSpec `json:",inline"` + // clusterNetwork is the IP address pool to use for pod IPs. // Some network providers, e.g. OpenShift SDN, support multiple ClusterNetworks. // Others only support one. This is equivalent to the cluster-cidr. @@ -57,6 +60,16 @@ type NetworkSpec struct { // 'false' and multiple network support is enabled. DisableMultiNetwork *bool `json:"disableMultiNetwork,omitempty"` + // useMultiNetworkPolicy enables a controller which allows for + // MultiNetworkPolicy objects to be used on additional networks as + // created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + // objects, but NetworkPolicy objects only apply to the primary interface. + // With MultiNetworkPolicy, you can control the traffic that a pod can receive + // over the secondary interfaces. If unset, this property defaults to 'false' + // and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + // 'true' then the value of this field is ignored. + UseMultiNetworkPolicy *bool `json:"useMultiNetworkPolicy,omitempty"` + // deployKubeProxy specifies whether or not a standalone kube-proxy should // be deployed by the operator. Some network providers include kube-proxy // or similar functionality. If unset, the plugin will attempt to select @@ -65,17 +78,25 @@ type NetworkSpec struct { // +optional DeployKubeProxy *bool `json:"deployKubeProxy,omitempty"` + // disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + // CRs from a test pod to every node, apiserver and LB should be disabled or not. + // If unset, this property defaults to 'false' and network diagnostics is enabled. + // Setting this to 'true' would reduce the additional load of the pods performing the checks. + // +optional + // +kubebuilder:default:=false + DisableNetworkDiagnostics bool `json:"disableNetworkDiagnostics"` + // kubeProxyConfig lets us configure desired proxy configuration. // If not specified, sensible defaults will be chosen by OpenShift directly. // Not consumed by all network providers - currently only openshift-sdn. KubeProxyConfig *ProxyConfig `json:"kubeProxyConfig,omitempty"` - // logLevel allows configuring the logging level of the components deployed - // by the operator. Currently only Kuryr SDN is affected by this setting. - // Please note that turning on extensive logging may affect performance. - // The default value is "Normal". + // exportNetworkFlows enables and configures the export of network flow metadata from the pod network + // by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + // If unset, flows will not be exported to any collector. // +optional - LogLevel LogLevel `json:"logLevel"` + // +kubebuilder:validation:MinProperties=1 + ExportNetworkFlows *ExportNetworkFlows `json:"exportNetworkFlows,omitempty"` } // ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size @@ -317,6 +338,14 @@ type OVNKubernetesConfig struct { // not using OVN. // +optional HybridOverlayConfig *HybridOverlayConfig `json:"hybridOverlayConfig,omitempty"` + // ipsecConfig enables and configures IPsec for pods on the pod network within the + // cluster. + // +optional + IPsecConfig *IPsecConfig `json:"ipsecConfig,omitempty"` + // policyAuditConfig is the configuration for network policy audit events. If unset, + // reported defaults are used. + // +optional + PolicyAuditConfig *PolicyAuditConfig `json:"policyAuditConfig,omitempty"` } type HybridOverlayConfig struct { @@ -328,6 +357,80 @@ type HybridOverlayConfig struct { HybridOverlayVXLANPort *uint32 `json:"hybridOverlayVXLANPort,omitempty"` } +type IPsecConfig struct { +} + +type ExportNetworkFlows struct { + // netFlow defines the NetFlow configuration. + // +optional + NetFlow *NetFlowConfig `json:"netFlow,omitempty"` + // sFlow defines the SFlow configuration. + // +optional + SFlow *SFlowConfig `json:"sFlow,omitempty"` + // ipfix defines IPFIX configuration. + // +optional + IPFIX *IPFIXConfig `json:"ipfix,omitempty"` +} + +type NetFlowConfig struct { + // netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + // It is a list of strings formatted as ip:port + // +kubebuilder:validation:MinItems=1 + Collectors []IPPort `json:"collectors,omitempty"` +} + +type SFlowConfig struct { + // sFlowCollectors is list of strings formatted as ip:port + // +kubebuilder:validation:MinItems=1 + Collectors []IPPort `json:"collectors,omitempty"` +} + +type IPFIXConfig struct { + // ipfixCollectors is list of strings formatted as ip:port + // +kubebuilder:validation:MinItems=1 + Collectors []IPPort `json:"collectors,omitempty"` +} + +// +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):[0-9]+$` +type IPPort string + +type PolicyAuditConfig struct { + // rateLimit is the approximate maximum number of messages to generate per-second per-node. If + // unset the default of 20 msg/sec is used. + // +kubebuilder:default=20 + // +kubebuilder:validation:Minimum=1 + // +optional + RateLimit *uint32 `json:"rateLimit,omitempty"` + + // maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + // Units are in MB and the Default is 50MB + // +kubebuilder:default=50 + // +kubebuilder:validation:Minimum=1 + // +optional + MaxFileSize *uint32 `json:"maxFileSize,omitempty"` + + // destination is the location for policy log messages. + // Regardless of this config, persistent logs will always be dumped to the host + // at /var/log/ovn/ however + // Additionally syslog output may be configured as follows. + // Valid values are: + // - "libc" -> to use the libc syslog() function of the host node's journdald process + // - "udp:host:port" -> for sending syslog over UDP + // - "unix:file" -> for using the UNIX domain socket directly + // - "null" -> to discard all messages logged to syslog + // The default is "null" + // +kubebuilder:default=null + // +kubebuilder:pattern='^libc$|^null$|^udp:(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]):([0-9]){0,5}$|^unix:(\/[^\/ ]*)+([^\/\s])$' + // +optional + Destination string `json:"destination,omitempty"` + + // syslogFacility the RFC5424 facility for generated messages, e.g. "kern". Default is "local0" + // +kubebuilder:default=local0 + // +kubebuilder:Enum=kern;user;mail;daemon;auth;syslog;lpr;news;uucp;clock;ftp;ntp;audit;alert;clock2;local0;local1;local2;local3;local4;local5;local6;local7 + // +optional + SyslogFacility string `json:"syslogFacility,omitempty"` +} + // NetworkType describes the network plugin type to configure type NetworkType string @@ -337,7 +440,9 @@ type ProxyArgumentList []string // ProxyConfig defines the configuration knobs for kubeproxy // All of these are optional and have sensible defaults type ProxyConfig struct { - // The period that iptables rules are refreshed. + // An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + // in large clusters for performance reasons, but this is no longer necessary, and there is no reason + // to change this from the default value. // Default: 30s IptablesSyncPeriod string `json:"iptablesSyncPeriod,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index 4fbc10cf2..b2f7224bb 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -654,6 +654,7 @@ func (in *ConsoleConfigRoute) DeepCopy() *ConsoleConfigRoute { func (in *ConsoleCustomization) DeepCopyInto(out *ConsoleCustomization) { *out = *in out.CustomLogoFile = in.CustomLogoFile + in.DeveloperCatalog.DeepCopyInto(&out.DeveloperCatalog) return } @@ -725,9 +726,14 @@ func (in *ConsoleProviders) DeepCopy() *ConsoleProviders { func (in *ConsoleSpec) DeepCopyInto(out *ConsoleSpec) { *out = *in in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) - out.Customization = in.Customization + in.Customization.DeepCopyInto(&out.Customization) in.Providers.DeepCopyInto(&out.Providers) out.Route = in.Route + if in.Plugins != nil { + in, out := &in.Plugins, &out.Plugins + *out = make([]string, len(*in)) + copy(*out, *in) + } return } @@ -835,6 +841,36 @@ func (in *DNSList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DNSNodePlacement) DeepCopyInto(out *DNSNodePlacement) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]corev1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSNodePlacement. +func (in *DNSNodePlacement) DeepCopy() *DNSNodePlacement { + if in == nil { + return nil + } + out := new(DNSNodePlacement) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DNSSpec) DeepCopyInto(out *DNSSpec) { *out = *in @@ -845,6 +881,7 @@ func (in *DNSSpec) DeepCopyInto(out *DNSSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + in.NodePlacement.DeepCopyInto(&out.NodePlacement) return } @@ -912,6 +949,74 @@ func (in *DefaultNetworkDefinition) DeepCopy() *DefaultNetworkDefinition { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DeveloperConsoleCatalogCategory) DeepCopyInto(out *DeveloperConsoleCatalogCategory) { + *out = *in + in.DeveloperConsoleCatalogCategoryMeta.DeepCopyInto(&out.DeveloperConsoleCatalogCategoryMeta) + if in.Subcategories != nil { + in, out := &in.Subcategories, &out.Subcategories + *out = make([]DeveloperConsoleCatalogCategoryMeta, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeveloperConsoleCatalogCategory. +func (in *DeveloperConsoleCatalogCategory) DeepCopy() *DeveloperConsoleCatalogCategory { + if in == nil { + return nil + } + out := new(DeveloperConsoleCatalogCategory) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DeveloperConsoleCatalogCategoryMeta) DeepCopyInto(out *DeveloperConsoleCatalogCategoryMeta) { + *out = *in + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeveloperConsoleCatalogCategoryMeta. +func (in *DeveloperConsoleCatalogCategoryMeta) DeepCopy() *DeveloperConsoleCatalogCategoryMeta { + if in == nil { + return nil + } + out := new(DeveloperConsoleCatalogCategoryMeta) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DeveloperConsoleCatalogCustomization) DeepCopyInto(out *DeveloperConsoleCatalogCustomization) { + *out = *in + if in.Categories != nil { + in, out := &in.Categories, &out.Categories + *out = make([]DeveloperConsoleCatalogCategory, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeveloperConsoleCatalogCustomization. +func (in *DeveloperConsoleCatalogCustomization) DeepCopy() *DeveloperConsoleCatalogCustomization { + if in == nil { + return nil + } + out := new(DeveloperConsoleCatalogCustomization) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EndpointPublishingStrategy) DeepCopyInto(out *EndpointPublishingStrategy) { *out = *in @@ -1043,6 +1148,37 @@ func (in *EtcdStatus) DeepCopy() *EtcdStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExportNetworkFlows) DeepCopyInto(out *ExportNetworkFlows) { + *out = *in + if in.NetFlow != nil { + in, out := &in.NetFlow, &out.NetFlow + *out = new(NetFlowConfig) + (*in).DeepCopyInto(*out) + } + if in.SFlow != nil { + in, out := &in.SFlow, &out.SFlow + *out = new(SFlowConfig) + (*in).DeepCopyInto(*out) + } + if in.IPFIX != nil { + in, out := &in.IPFIX, &out.IPFIX + *out = new(IPFIXConfig) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExportNetworkFlows. +func (in *ExportNetworkFlows) DeepCopy() *ExportNetworkFlows { + if in == nil { + return nil + } + out := new(ExportNetworkFlows) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ForwardPlugin) DeepCopyInto(out *ForwardPlugin) { *out = *in @@ -1064,6 +1200,22 @@ func (in *ForwardPlugin) DeepCopy() *ForwardPlugin { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPLoadBalancerParameters) DeepCopyInto(out *GCPLoadBalancerParameters) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPLoadBalancerParameters. +func (in *GCPLoadBalancerParameters) DeepCopy() *GCPLoadBalancerParameters { + if in == nil { + return nil + } + out := new(GCPLoadBalancerParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GenerationStatus) DeepCopyInto(out *GenerationStatus) { *out = *in @@ -1143,6 +1295,43 @@ func (in *IPAMConfig) DeepCopy() *IPAMConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPFIXConfig) DeepCopyInto(out *IPFIXConfig) { + *out = *in + if in.Collectors != nil { + in, out := &in.Collectors, &out.Collectors + *out = make([]IPPort, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPFIXConfig. +func (in *IPFIXConfig) DeepCopy() *IPFIXConfig { + if in == nil { + return nil + } + out := new(IPFIXConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPsecConfig) DeepCopyInto(out *IPsecConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPsecConfig. +func (in *IPsecConfig) DeepCopy() *IPsecConfig { + if in == nil { + return nil + } + out := new(IPsecConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressController) DeepCopyInto(out *IngressController) { *out = *in @@ -1174,6 +1363,7 @@ func (in *IngressController) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressControllerCaptureHTTPCookie) DeepCopyInto(out *IngressControllerCaptureHTTPCookie) { *out = *in + out.IngressControllerCaptureHTTPCookieUnion = in.IngressControllerCaptureHTTPCookieUnion return } @@ -1187,6 +1377,22 @@ func (in *IngressControllerCaptureHTTPCookie) DeepCopy() *IngressControllerCaptu return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerCaptureHTTPCookieUnion) DeepCopyInto(out *IngressControllerCaptureHTTPCookieUnion) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerCaptureHTTPCookieUnion. +func (in *IngressControllerCaptureHTTPCookieUnion) DeepCopy() *IngressControllerCaptureHTTPCookieUnion { + if in == nil { + return nil + } + out := new(IngressControllerCaptureHTTPCookieUnion) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressControllerCaptureHTTPHeader) DeepCopyInto(out *IngressControllerCaptureHTTPHeader) { *out = *in @@ -1229,10 +1435,31 @@ func (in *IngressControllerCaptureHTTPHeaders) DeepCopy() *IngressControllerCapt return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPHeaderBuffer) DeepCopyInto(out *IngressControllerHTTPHeaderBuffer) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPHeaderBuffer. +func (in *IngressControllerHTTPHeaderBuffer) DeepCopy() *IngressControllerHTTPHeaderBuffer { + if in == nil { + return nil + } + out := new(IngressControllerHTTPHeaderBuffer) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressControllerHTTPHeaders) DeepCopyInto(out *IngressControllerHTTPHeaders) { *out = *in out.UniqueId = in.UniqueId + if in.HeaderNameCaseAdjustments != nil { + in, out := &in.HeaderNameCaseAdjustments, &out.HeaderNameCaseAdjustments + *out = make([]IngressControllerHTTPHeaderNameCaseAdjustment, len(*in)) + copy(*out, *in) + } return } @@ -1367,8 +1594,9 @@ func (in *IngressControllerSpec) DeepCopyInto(out *IngressControllerSpec) { if in.HTTPHeaders != nil { in, out := &in.HTTPHeaders, &out.HTTPHeaders *out = new(IngressControllerHTTPHeaders) - **out = **in + (*in).DeepCopyInto(*out) } + out.HTTPHeaderBuffer = in.HTTPHeaderBuffer return } @@ -1927,13 +2155,34 @@ func (in *MyOperatorResourceStatus) DeepCopy() *MyOperatorResourceStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetFlowConfig) DeepCopyInto(out *NetFlowConfig) { + *out = *in + if in.Collectors != nil { + in, out := &in.Collectors, &out.Collectors + *out = make([]IPPort, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetFlowConfig. +func (in *NetFlowConfig) DeepCopy() *NetFlowConfig { + if in == nil { + return nil + } + out := new(NetFlowConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Network) DeepCopyInto(out *Network) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status + in.Status.DeepCopyInto(&out.Status) return } @@ -1991,6 +2240,7 @@ func (in *NetworkList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) if in.ClusterNetwork != nil { in, out := &in.ClusterNetwork, &out.ClusterNetwork *out = make([]ClusterNetworkEntry, len(*in)) @@ -2014,6 +2264,11 @@ func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { *out = new(bool) **out = **in } + if in.UseMultiNetworkPolicy != nil { + in, out := &in.UseMultiNetworkPolicy, &out.UseMultiNetworkPolicy + *out = new(bool) + **out = **in + } if in.DeployKubeProxy != nil { in, out := &in.DeployKubeProxy, &out.DeployKubeProxy *out = new(bool) @@ -2024,6 +2279,11 @@ func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { *out = new(ProxyConfig) (*in).DeepCopyInto(*out) } + if in.ExportNetworkFlows != nil { + in, out := &in.ExportNetworkFlows, &out.ExportNetworkFlows + *out = new(ExportNetworkFlows) + (*in).DeepCopyInto(*out) + } return } @@ -2040,6 +2300,7 @@ func (in *NetworkSpec) DeepCopy() *NetworkSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkStatus) DeepCopyInto(out *NetworkStatus) { *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) return } @@ -2100,6 +2361,10 @@ func (in *NodePortStrategy) DeepCopy() *NodePortStrategy { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeStatus) DeepCopyInto(out *NodeStatus) { *out = *in + if in.LastFailedTime != nil { + in, out := &in.LastFailedTime, &out.LastFailedTime + *out = (*in).DeepCopy() + } if in.LastFailedRevisionErrors != nil { in, out := &in.LastFailedRevisionErrors, &out.LastFailedRevisionErrors *out = make([]string, len(*in)) @@ -2152,6 +2417,16 @@ func (in *OVNKubernetesConfig) DeepCopyInto(out *OVNKubernetesConfig) { *out = new(HybridOverlayConfig) (*in).DeepCopyInto(*out) } + if in.IPsecConfig != nil { + in, out := &in.IPsecConfig, &out.IPsecConfig + *out = new(IPsecConfig) + **out = **in + } + if in.PolicyAuditConfig != nil { + in, out := &in.PolicyAuditConfig, &out.PolicyAuditConfig + *out = new(PolicyAuditConfig) + (*in).DeepCopyInto(*out) + } return } @@ -2454,6 +2729,32 @@ func (in *OperatorStatus) DeepCopy() *OperatorStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyAuditConfig) DeepCopyInto(out *PolicyAuditConfig) { + *out = *in + if in.RateLimit != nil { + in, out := &in.RateLimit, &out.RateLimit + *out = new(uint32) + **out = **in + } + if in.MaxFileSize != nil { + in, out := &in.MaxFileSize, &out.MaxFileSize + *out = new(uint32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyAuditConfig. +func (in *PolicyAuditConfig) DeepCopy() *PolicyAuditConfig { + if in == nil { + return nil + } + out := new(PolicyAuditConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PrivateStrategy) DeepCopyInto(out *PrivateStrategy) { *out = *in @@ -2478,6 +2779,11 @@ func (in *ProviderLoadBalancerParameters) DeepCopyInto(out *ProviderLoadBalancer *out = new(AWSLoadBalancerParameters) (*in).DeepCopyInto(*out) } + if in.GCP != nil { + in, out := &in.GCP, &out.GCP + *out = new(GCPLoadBalancerParameters) + **out = **in + } return } @@ -2558,6 +2864,27 @@ func (in *RouteAdmissionPolicy) DeepCopy() *RouteAdmissionPolicy { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SFlowConfig) DeepCopyInto(out *SFlowConfig) { + *out = *in + if in.Collectors != nil { + in, out := &in.Collectors, &out.Collectors + *out = make([]IPPort, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SFlowConfig. +func (in *SFlowConfig) DeepCopy() *SFlowConfig { + if in == nil { + return nil + } + out := new(SFlowConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Server) DeepCopyInto(out *Server) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index f4cef5edd..cf70b0b06 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -39,6 +39,8 @@ var map_NodeStatus = map[string]string{ "currentRevision": "currentRevision is the generation of the most recently successful deployment", "targetRevision": "targetRevision is the generation of the deployment we're trying to apply", "lastFailedRevision": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", + "lastFailedTime": "lastFailedTime is the time the last failed revision failed the last time.", + "lastFailedCount": "lastFailedCount is how often the last failed revision failed.", "lastFailedRevisionErrors": "lastFailedRevisionErrors is a list of the errors during the failed deployment referenced in lastFailedRevision", } @@ -58,7 +60,7 @@ var map_OperatorSpec = map[string]string{ "": "OperatorSpec contains common fields operators need. It is intended to be anonymous included inside of the Spec struct for your particular operator.", "managementState": "managementState indicates whether and how the operator should manage the component", "logLevel": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "operatorLogLevel": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.", + "operatorLogLevel": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "unsupportedConfigOverrides": "unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides", "observedConfig": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", } @@ -118,8 +120,7 @@ func (AuthenticationList) SwaggerDoc() map[string]string { } var map_AuthenticationStatus = map[string]string{ - "managingOAuthAPIServer": "ManagingOAuthAPIServer indicates whether this operator is managing OAuth related APIs. Setting this field to true will cause OAS-O to step down. Note that this field will be removed in the future releases, once https://github.com/openshift/enhancements/blob/master/enhancements/authentication/separate-oauth-resources.md is fully implemented", - "oauthAPIServer": "OAuthAPIServer holds status specific only to oauth-apiserver", + "oauthAPIServer": "OAuthAPIServer holds status specific only to oauth-apiserver", } func (AuthenticationStatus) SwaggerDoc() map[string]string { @@ -144,7 +145,7 @@ func (CloudCredential) SwaggerDoc() map[string]string { var map_CloudCredentialSpec = map[string]string{ "": "CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator.", - "credentialsMode": "CredentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into \"manual\" mode if desired. Leaving the field in default mode runs CCO so that the cluster's cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms).", + "credentialsMode": "CredentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into \"manual\" mode if desired. Leaving the field in default mode runs CCO so that the cluster's cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms). Supported modes:\n AWS/Azure/GCP: \"\" (Default), \"Mint\", \"Passthrough\", \"Manual\"\n Others: Do not set value as other platforms only support running in \"Passthrough\"", } func (CloudCredentialSpec) SwaggerDoc() map[string]string { @@ -202,6 +203,7 @@ var map_ConsoleCustomization = map[string]string{ "documentationBaseURL": "documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout.", "customProductName": "customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name.", "customLogoFile": "customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. Recommended logo specifications: Dimensions: Max height of 68px and max width of 200px SVG format preferred", + "developerCatalog": "developerCatalog allows to configure the shown developer catalog categories.", } func (ConsoleCustomization) SwaggerDoc() map[string]string { @@ -222,6 +224,7 @@ var map_ConsoleSpec = map[string]string{ "customization": "customization is used to optionally provide a small set of customization options to the web console.", "providers": "providers contains configuration for using specific service providers.", "route": "route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used.", + "plugins": "plugins defines a list of enabled console plugin names.", } func (ConsoleSpec) SwaggerDoc() map[string]string { @@ -236,6 +239,35 @@ func (ConsoleStatus) SwaggerDoc() map[string]string { return map_ConsoleStatus } +var map_DeveloperConsoleCatalogCategory = map[string]string{ + "": "DeveloperConsoleCatalogCategory for the developer console catalog.", + "subcategories": "subcategories defines a list of child categories.", +} + +func (DeveloperConsoleCatalogCategory) SwaggerDoc() map[string]string { + return map_DeveloperConsoleCatalogCategory +} + +var map_DeveloperConsoleCatalogCategoryMeta = map[string]string{ + "": "DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category.", + "id": "ID is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.", + "label": "label defines a category display label. It is required and must have 1-64 characters.", + "tags": "tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.", +} + +func (DeveloperConsoleCatalogCategoryMeta) SwaggerDoc() map[string]string { + return map_DeveloperConsoleCatalogCategoryMeta +} + +var map_DeveloperConsoleCatalogCustomization = map[string]string{ + "": "DeveloperConsoleCatalogCustomization allow cluster admin to configure developer catalog.", + "categories": "categories which are shown in the developer catalog.", +} + +func (DeveloperConsoleCatalogCustomization) SwaggerDoc() map[string]string { + return map_DeveloperConsoleCatalogCustomization +} + var map_StatuspageProvider = map[string]string{ "": "StatuspageProvider provides identity for statuspage account.", "pageID": "pageID is the unique ID assigned by Statuspage for your page. This must be a public page.", @@ -331,9 +363,20 @@ func (DNSList) SwaggerDoc() map[string]string { return map_DNSList } +var map_DNSNodePlacement = map[string]string{ + "": "DNSNodePlacement describes the node scheduling configuration for DNS pods.", + "nodeSelector": "nodeSelector is the node selector applied to DNS pods.\n\nIf empty, the default is used, which is currently the following:\n\n beta.kubernetes.io/os: linux\n\nThis default is subject to change.\n\nIf set, the specified selector is used and replaces the default.", + "tolerations": "tolerations is a list of tolerations applied to DNS pods.\n\nThe default is an empty list. This default is subject to change.\n\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", +} + +func (DNSNodePlacement) SwaggerDoc() map[string]string { + return map_DNSNodePlacement +} + var map_DNSSpec = map[string]string{ - "": "DNSSpec is the specification of the desired behavior of the DNS.", - "servers": "servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server.\n\nFor example, if there are two Servers, one for \"foo.com\" and another for \"a.foo.com\", and the name query is for \"www.a.foo.com\", it will be routed to the Server with Zone \"a.foo.com\".\n\nIf this field is nil, no servers are created.", + "": "DNSSpec is the specification of the desired behavior of the DNS.", + "servers": "servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server.\n\nFor example, if there are two Servers, one for \"foo.com\" and another for \"a.foo.com\", and the name query is for \"www.a.foo.com\", it will be routed to the Server with Zone \"a.foo.com\".\n\nIf this field is nil, no servers are created.", + "nodePlacement": "nodePlacement provides explicit control over the scheduling of DNS pods.\n\nGenerally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint.\n\nIf unset, defaults are used. See nodePlacement for more details.", } func (DNSSpec) SwaggerDoc() map[string]string { @@ -372,7 +415,7 @@ func (Server) SwaggerDoc() map[string]string { } var map_Etcd = map[string]string{ - "": "Etcd provides information to configure an operator to manage kube-apiserver.", + "": "Etcd provides information to configure an operator to manage etcd.", } func (Etcd) SwaggerDoc() map[string]string { @@ -448,8 +491,18 @@ func (EndpointPublishingStrategy) SwaggerDoc() map[string]string { return map_EndpointPublishingStrategy } +var map_GCPLoadBalancerParameters = map[string]string{ + "": "GCPLoadBalancerParameters provides configuration settings that are specific to GCP load balancers.", + "clientAccess": "clientAccess describes how client access is restricted for internal load balancers.\n\nValid values are: * \"Global\": Specifying an internal load balancer with Global client access\n allows clients from any region within the VPC to communicate with the load\n balancer.\n\n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access\n\n* \"Local\": Specifying an internal load balancer with Local client access\n means only clients within the same region (and VPC) as the GCP load balancer\n can communicate with the load balancer. Note that this is the default behavior.\n\n https://cloud.google.com/load-balancing/docs/internal#client_access", +} + +func (GCPLoadBalancerParameters) SwaggerDoc() map[string]string { + return map_GCPLoadBalancerParameters +} + var map_HostNetworkStrategy = map[string]string{ - "": "HostNetworkStrategy holds parameters for the HostNetwork endpoint publishing strategy.", + "": "HostNetworkStrategy holds parameters for the HostNetwork endpoint publishing strategy.", + "protocol": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", } func (HostNetworkStrategy) SwaggerDoc() map[string]string { @@ -467,15 +520,23 @@ func (IngressController) SwaggerDoc() map[string]string { } var map_IngressControllerCaptureHTTPCookie = map[string]string{ - "": "IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be captured.", + "": "IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be captured.", + "maxLength": "maxLength specifies a maximum length of the string that will be logged, which includes the cookie name, cookie value, and one-character delimiter. If the log entry exceeds this length, the value will be truncated in the log message. Note that the ingress controller may impose a separate bound on the total length of HTTP headers in a request.", +} + +func (IngressControllerCaptureHTTPCookie) SwaggerDoc() map[string]string { + return map_IngressControllerCaptureHTTPCookie +} + +var map_IngressControllerCaptureHTTPCookieUnion = map[string]string{ + "": "IngressControllerCaptureHTTPCookieUnion describes optional fields of an HTTP cookie that should be captured.", "matchType": "matchType specifies the type of match to be performed on the cookie name. Allowed values are \"Exact\" for an exact string match and \"Prefix\" for a string prefix match. If \"Exact\" is specified, a name must be specified in the name field. If \"Prefix\" is provided, a prefix must be specified in the namePrefix field. For example, specifying matchType \"Prefix\" and namePrefix \"foo\" will capture a cookie named \"foo\" or \"foobar\" but not one named \"bar\". The first matching cookie is captured.", "name": "name specifies a cookie name. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", "namePrefix": "namePrefix specifies a cookie name prefix. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", - "maxLength": "maxLength specifies a maximum length of the string that will be logged, which includes the cookie name, cookie value, and one-character delimiter. If the log entry exceeds this length, the value will be truncated in the log message. Note that the ingress controller may impose a separate bound on the total length of HTTP headers in a request.", } -func (IngressControllerCaptureHTTPCookie) SwaggerDoc() map[string]string { - return map_IngressControllerCaptureHTTPCookie +func (IngressControllerCaptureHTTPCookieUnion) SwaggerDoc() map[string]string { + return map_IngressControllerCaptureHTTPCookieUnion } var map_IngressControllerCaptureHTTPHeader = map[string]string{ @@ -498,10 +559,21 @@ func (IngressControllerCaptureHTTPHeaders) SwaggerDoc() map[string]string { return map_IngressControllerCaptureHTTPHeaders } +var map_IngressControllerHTTPHeaderBuffer = map[string]string{ + "": "IngressControllerHTTPHeaderBuffer specifies the size of the per-connection HTTP header buffers.", + "headerBufferBytes": "headerBufferBytes describes how much memory should be reserved (in bytes) for IngressController connection sessions. Note that this value must be at least 16384 if HTTP/2 is enabled for the IngressController (https://tools.ietf.org/html/rfc7540). If this field is empty, the IngressController will use a default value of 32768 bytes.", + "headerBufferMaxRewriteBytes": "headerBufferMaxRewriteBytes describes how much memory should be reserved (in bytes) from headerBufferBytes for HTTP header rewriting and appending for IngressController connection sessions. Note that incoming HTTP requests will be limited to (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning headerBufferBytes must be greater than headerBufferMaxRewriteBytes. If this field is empty, the IngressController will use a default value of 8192 bytes.", +} + +func (IngressControllerHTTPHeaderBuffer) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPHeaderBuffer +} + var map_IngressControllerHTTPHeaders = map[string]string{ - "": "IngressControllerHTTPHeaders specifies how the IngressController handles certain HTTP headers.", - "forwardedHeaderPolicy": "forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following:\n\n* \"Append\", which specifies that the IngressController appends the\n headers, preserving existing headers.\n\n* \"Replace\", which specifies that the IngressController sets the\n headers, replacing any existing Forwarded or X-Forwarded-* headers.\n\n* \"IfNone\", which specifies that the IngressController sets the\n headers if they are not already set.\n\n* \"Never\", which specifies that the IngressController never sets the\n headers, preserving any existing headers.\n\nBy default, the policy is \"Append\".", - "uniqueId": "uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests.\n\nIf this field is empty, no such header is injected into requests.", + "": "IngressControllerHTTPHeaders specifies how the IngressController handles certain HTTP headers.", + "forwardedHeaderPolicy": "forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following:\n\n* \"Append\", which specifies that the IngressController appends the\n headers, preserving existing headers.\n\n* \"Replace\", which specifies that the IngressController sets the\n headers, replacing any existing Forwarded or X-Forwarded-* headers.\n\n* \"IfNone\", which specifies that the IngressController sets the\n headers if they are not already set.\n\n* \"Never\", which specifies that the IngressController never sets the\n headers, preserving any existing headers.\n\nBy default, the policy is \"Append\".", + "uniqueId": "uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests.\n\nIf this field is empty, no such header is injected into requests.", + "headerNameCaseAdjustments": "headerNameCaseAdjustments specifies case adjustments that can be applied to HTTP header names. Each adjustment is specified as an HTTP header name with the desired capitalization. For example, specifying \"X-Forwarded-For\" indicates that the \"x-forwarded-for\" HTTP header should be adjusted to have the specified capitalization.\n\nThese adjustments are only applied to cleartext, edge-terminated, and re-encrypt routes, and only when using HTTP/1.\n\nFor request headers, these adjustments are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true annotation. For response headers, these adjustments are applied to all HTTP responses.\n\nIf this field is empty, no request headers are adjusted.", } func (IngressControllerHTTPHeaders) SwaggerDoc() map[string]string { @@ -548,6 +620,7 @@ var map_IngressControllerSpec = map[string]string{ "routeAdmission": "routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces).\n\nIf empty, defaults will be applied. See specific routeAdmission fields for details about their defaults.", "logging": "logging defines parameters for what should be logged where. If this field is empty, operational logs are enabled but access logs are disabled.", "httpHeaders": "httpHeaders defines policy for HTTP headers.\n\nIf this field is empty, the default values are used.", + "httpHeaderBuffer": "httpHeaderBuffer defines parameters for header buffer size values. If this field is empty, the default values are used. See specific httpHeaderBuffer fields for their respective default values. Setting this field is generally not recommended as header buffer values that are too small may break the IngressController and header buffer values that are too large could cause the IngressController to use significantly more memory than necessary.", } func (IngressControllerSpec) SwaggerDoc() map[string]string { @@ -601,7 +674,8 @@ func (NodePlacement) SwaggerDoc() map[string]string { } var map_NodePortStrategy = map[string]string{ - "": "NodePortStrategy holds parameters for the NodePortService endpoint publishing strategy.", + "": "NodePortStrategy holds parameters for the NodePortService endpoint publishing strategy.", + "protocol": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", } func (NodePortStrategy) SwaggerDoc() map[string]string { @@ -620,6 +694,7 @@ var map_ProviderLoadBalancerParameters = map[string]string{ "": "ProviderLoadBalancerParameters holds desired load balancer information specific to the underlying infrastructure provider.", "type": "type is the underlying infrastructure provider for the load balancer. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"OpenStack\", and \"VSphere\".", "aws": "aws provides configuration settings that are specific to AWS load balancers.\n\nIf empty, defaults will be applied. See specific aws fields for details about their defaults.", + "gcp": "gcp provides configuration settings that are specific to GCP load balancers.\n\nIf empty, defaults will be applied. See specific gcp fields for details about their defaults.", } func (ProviderLoadBalancerParameters) SwaggerDoc() map[string]string { @@ -735,6 +810,16 @@ func (DefaultNetworkDefinition) SwaggerDoc() map[string]string { return map_DefaultNetworkDefinition } +var map_ExportNetworkFlows = map[string]string{ + "netFlow": "netFlow defines the NetFlow configuration.", + "sFlow": "sFlow defines the SFlow configuration.", + "ipfix": "ipfix defines IPFIX configuration.", +} + +func (ExportNetworkFlows) SwaggerDoc() map[string]string { + return map_ExportNetworkFlows +} + var map_HybridOverlayConfig = map[string]string{ "hybridClusterNetwork": "HybridClusterNetwork defines a network space given to nodes on an additional overlay network.", "hybridOverlayVXLANPort": "HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. Default is 4789", @@ -754,6 +839,14 @@ func (IPAMConfig) SwaggerDoc() map[string]string { return map_IPAMConfig } +var map_IPFIXConfig = map[string]string{ + "collectors": "ipfixCollectors is list of strings formatted as ip:port", +} + +func (IPFIXConfig) SwaggerDoc() map[string]string { + return map_IPFIXConfig +} + var map_KuryrConfig = map[string]string{ "": "KuryrConfig configures the Kuryr-Kubernetes SDN", "daemonProbesPort": "The port kuryr-daemon will listen for readiness and liveness requests.", @@ -769,6 +862,14 @@ func (KuryrConfig) SwaggerDoc() map[string]string { return map_KuryrConfig } +var map_NetFlowConfig = map[string]string{ + "collectors": "netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. It is a list of strings formatted as ip:port", +} + +func (NetFlowConfig) SwaggerDoc() map[string]string { + return map_NetFlowConfig +} + var map_Network = map[string]string{ "": "Network describes the cluster's desired network configuration. It is consumed by the cluster-network-operator.", } @@ -786,15 +887,17 @@ func (NetworkList) SwaggerDoc() map[string]string { } var map_NetworkSpec = map[string]string{ - "": "NetworkSpec is the top-level network configuration object.", - "clusterNetwork": "clusterNetwork is the IP address pool to use for pod IPs. Some network providers, e.g. OpenShift SDN, support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.", - "serviceNetwork": "serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth.", - "defaultNetwork": "defaultNetwork is the \"default\" network that all pods will receive", - "additionalNetworks": "additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.", - "disableMultiNetwork": "disableMultiNetwork specifies whether or not multiple pod network support should be disabled. If unset, this property defaults to 'false' and multiple network support is enabled.", - "deployKubeProxy": "deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when OpenShift SDN and ovn-kubernetes are used and true otherwise.", - "kubeProxyConfig": "kubeProxyConfig lets us configure desired proxy configuration. If not specified, sensible defaults will be chosen by OpenShift directly. Not consumed by all network providers - currently only openshift-sdn.", - "logLevel": "logLevel allows configuring the logging level of the components deployed by the operator. Currently only Kuryr SDN is affected by this setting. Please note that turning on extensive logging may affect performance. The default value is \"Normal\".", + "": "NetworkSpec is the top-level network configuration object.", + "clusterNetwork": "clusterNetwork is the IP address pool to use for pod IPs. Some network providers, e.g. OpenShift SDN, support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.", + "serviceNetwork": "serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth.", + "defaultNetwork": "defaultNetwork is the \"default\" network that all pods will receive", + "additionalNetworks": "additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.", + "disableMultiNetwork": "disableMultiNetwork specifies whether or not multiple pod network support should be disabled. If unset, this property defaults to 'false' and multiple network support is enabled.", + "useMultiNetworkPolicy": "useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored.", + "deployKubeProxy": "deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when OpenShift SDN and ovn-kubernetes are used and true otherwise.", + "disableNetworkDiagnostics": "disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks.", + "kubeProxyConfig": "kubeProxyConfig lets us configure desired proxy configuration. If not specified, sensible defaults will be chosen by OpenShift directly. Not consumed by all network providers - currently only openshift-sdn.", + "exportNetworkFlows": "exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector.", } func (NetworkSpec) SwaggerDoc() map[string]string { @@ -802,7 +905,7 @@ func (NetworkSpec) SwaggerDoc() map[string]string { } var map_NetworkStatus = map[string]string{ - "": "NetworkStatus is currently unused. Instead, status is reported in the Network.config.openshift.io object.", + "": "NetworkStatus is detailed operator status, which is distilled up to the Network clusteroperator object.", } func (NetworkStatus) SwaggerDoc() map[string]string { @@ -814,6 +917,8 @@ var map_OVNKubernetesConfig = map[string]string{ "mtu": "mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400", "genevePort": "geneve port is the UDP port to be used by geneve encapulation. Default is 6081", "hybridOverlayConfig": "HybridOverlayConfig configures an additional overlay network for peers that are not using OVN.", + "ipsecConfig": "ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.", + "policyAuditConfig": "policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.", } func (OVNKubernetesConfig) SwaggerDoc() map[string]string { @@ -833,9 +938,20 @@ func (OpenShiftSDNConfig) SwaggerDoc() map[string]string { return map_OpenShiftSDNConfig } +var map_PolicyAuditConfig = map[string]string{ + "rateLimit": "rateLimit is the approximate maximum number of messages to generate per-second per-node. If unset the default of 20 msg/sec is used.", + "maxFileSize": "maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs Units are in MB and the Default is 50MB", + "destination": "destination is the location for policy log messages. Regardless of this config, persistent logs will always be dumped to the host at /var/log/ovn/ however Additionally syslog output may be configured as follows. Valid values are: - \"libc\" -> to use the libc syslog() function of the host node's journdald process - \"udp:host:port\" -> for sending syslog over UDP - \"unix:file\" -> for using the UNIX domain socket directly - \"null\" -> to discard all messages logged to syslog The default is \"null\"", + "syslogFacility": "syslogFacility the RFC5424 facility for generated messages, e.g. \"kern\". Default is \"local0\"", +} + +func (PolicyAuditConfig) SwaggerDoc() map[string]string { + return map_PolicyAuditConfig +} + var map_ProxyConfig = map[string]string{ "": "ProxyConfig defines the configuration knobs for kubeproxy All of these are optional and have sensible defaults", - "iptablesSyncPeriod": "The period that iptables rules are refreshed. Default: 30s", + "iptablesSyncPeriod": "An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted in large clusters for performance reasons, but this is no longer necessary, and there is no reason to change this from the default value. Default: 30s", "bindAddress": "The address to \"bind\" on Defaults to 0.0.0.0", "proxyArguments": "Any additional arguments to pass to the kubeproxy process", } @@ -844,6 +960,14 @@ func (ProxyConfig) SwaggerDoc() map[string]string { return map_ProxyConfig } +var map_SFlowConfig = map[string]string{ + "collectors": "sFlowCollectors is list of strings formatted as ip:port", +} + +func (SFlowConfig) SwaggerDoc() map[string]string { + return map_SFlowConfig +} + var map_SimpleMacvlanConfig = map[string]string{ "": "SimpleMacvlanConfig contains configurations for macvlan interface.", "master": "master is the host interface to create the macvlan interface from. If not specified, it will be default route interface", diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml index 66cb5c6a3..16c5e4f8e 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml @@ -3,7 +3,9 @@ kind: CustomResourceDefinition metadata: name: imagecontentsourcepolicies.operator.openshift.io annotations: + include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" spec: group: operator.openshift.io scope: Cluster @@ -52,7 +54,7 @@ spec: and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. Only image pull specifications that have - an image disgest will have this behavior applied to them - tags will + an image digest will have this behavior applied to them - tags will continue to be pulled from the specified repository in the pull spec. \n Each “source” repository is treated independently; configurations for different “source” repositories don’t interact. \n When multiple diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go index 49f8b9522..29345e7d9 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go @@ -25,7 +25,7 @@ type ImageContentSourcePolicySpec struct { // provided to the pod will be compared to the source locations described in RepositoryDigestMirrors // and the image may be pulled down from any of the mirrors in the list instead of the // specified repository allowing administrators to choose a potentially faster mirror. - // Only image pull specifications that have an image disgest will have this behavior applied + // Only image pull specifications that have an image digest will have this behavior applied // to them - tags will continue to be pulled from the specified repository in the pull spec. // // Each “source” repository is treated independently; configurations for different “source” diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go index 5a32df838..7af715955 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go @@ -154,7 +154,7 @@ func (ImageContentSourcePolicyList) SwaggerDoc() map[string]string { var map_ImageContentSourcePolicySpec = map[string]string{ "": "ImageContentSourcePolicySpec is the specification of the ImageContentSourcePolicy CRD.", - "repositoryDigestMirrors": "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. Only image pull specifications that have an image disgest will have this behavior applied to them - tags will continue to be pulled from the specified repository in the pull spec.\n\nEach “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", + "repositoryDigestMirrors": "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. Only image pull specifications that have an image digest will have this behavior applied to them - tags will continue to be pulled from the specified repository in the pull spec.\n\nEach “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", } func (ImageContentSourcePolicySpec) SwaggerDoc() map[string]string { diff --git a/vendor/google.golang.org/grpc/README.md b/vendor/google.golang.org/grpc/README.md index 800e7bd4c..a54b6f560 100644 --- a/vendor/google.golang.org/grpc/README.md +++ b/vendor/google.golang.org/grpc/README.md @@ -130,10 +130,6 @@ possible reasons, including: 1. mis-configured transport credentials, connection failed on handshaking 1. bytes disrupted, possibly by a proxy in between 1. server shutdown - 1. Keepalive parameters caused connection shutdown, for example if you have configured - your server to terminate connections regularly to [trigger DNS lookups](https://github.com/grpc/grpc-go/issues/3170#issuecomment-552517779). - If this is the case, you may want to increase your [MaxConnectionAgeGrace](https://pkg.go.dev/google.golang.org/grpc/keepalive?tab=doc#ServerParameters), - to allow longer RPC calls to finish. It can be tricky to debug this because the error happens on the client side but the root cause of the connection being closed is on the server side. Turn on diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go index 0740693b7..293d2f62f 100644 --- a/vendor/google.golang.org/grpc/clientconn.go +++ b/vendor/google.golang.org/grpc/clientconn.go @@ -194,13 +194,12 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn * cc.mkp = cc.dopts.copts.KeepaliveParams if cc.dopts.copts.Dialer == nil { - cc.dopts.copts.Dialer = func(ctx context.Context, addr string) (net.Conn, error) { - network, addr := parseDialTarget(addr) - return (&net.Dialer{}).DialContext(ctx, network, addr) - } - if cc.dopts.withProxy { - cc.dopts.copts.Dialer = newProxyDialer(cc.dopts.copts.Dialer) - } + cc.dopts.copts.Dialer = newProxyDialer( + func(ctx context.Context, addr string) (net.Conn, error) { + network, addr := parseDialTarget(addr) + return (&net.Dialer{}).DialContext(ctx, network, addr) + }, + ) } if cc.dopts.copts.UserAgent != "" { @@ -1526,9 +1525,9 @@ var ErrClientConnTimeout = errors.New("grpc: timed out when dialing") func (cc *ClientConn) getResolver(scheme string) resolver.Builder { for _, rb := range cc.dopts.resolvers { - if scheme == rb.Scheme() { + if cc.parsedTarget.Scheme == rb.Scheme() { return rb } } - return resolver.Get(scheme) + return resolver.Get(cc.parsedTarget.Scheme) } diff --git a/vendor/google.golang.org/grpc/credentials/tls.go b/vendor/google.golang.org/grpc/credentials/tls.go index 86e956bc8..28b4f6232 100644 --- a/vendor/google.golang.org/grpc/credentials/tls.go +++ b/vendor/google.golang.org/grpc/credentials/tls.go @@ -135,26 +135,16 @@ func NewTLS(c *tls.Config) TransportCredentials { return tc } -// NewClientTLSFromCert constructs TLS credentials from the provided root -// certificate authority certificate(s) to validate server connections. If -// certificates to establish the identity of the client need to be included in -// the credentials (eg: for mTLS), use NewTLS instead, where a complete -// tls.Config can be specified. +// NewClientTLSFromCert constructs TLS credentials from the input certificate for client. // serverNameOverride is for testing only. If set to a non empty string, -// it will override the virtual host name of authority (e.g. :authority header -// field) in requests. +// it will override the virtual host name of authority (e.g. :authority header field) in requests. func NewClientTLSFromCert(cp *x509.CertPool, serverNameOverride string) TransportCredentials { return NewTLS(&tls.Config{ServerName: serverNameOverride, RootCAs: cp}) } -// NewClientTLSFromFile constructs TLS credentials from the provided root -// certificate authority certificate file(s) to validate server connections. If -// certificates to establish the identity of the client need to be included in -// the credentials (eg: for mTLS), use NewTLS instead, where a complete -// tls.Config can be specified. +// NewClientTLSFromFile constructs TLS credentials from the input certificate file for client. // serverNameOverride is for testing only. If set to a non empty string, -// it will override the virtual host name of authority (e.g. :authority header -// field) in requests. +// it will override the virtual host name of authority (e.g. :authority header field) in requests. func NewClientTLSFromFile(certFile, serverNameOverride string) (TransportCredentials, error) { b, err := ioutil.ReadFile(certFile) if err != nil { diff --git a/vendor/google.golang.org/grpc/dialoptions.go b/vendor/google.golang.org/grpc/dialoptions.go index 35bde1033..63f5ae21d 100644 --- a/vendor/google.golang.org/grpc/dialoptions.go +++ b/vendor/google.golang.org/grpc/dialoptions.go @@ -72,7 +72,6 @@ type dialOptions struct { // we need to be able to configure this in tests. resolveNowBackoff func(int) time.Duration resolvers []resolver.Builder - withProxy bool } // DialOption configures how we set up the connection. @@ -308,16 +307,6 @@ func WithInsecure() DialOption { }) } -// WithNoProxy returns a DialOption which disables the use of proxies for this -// ClientConn. This is ignored if WithDialer or WithContextDialer are used. -// -// This API is EXPERIMENTAL. -func WithNoProxy() DialOption { - return newFuncDialOption(func(o *dialOptions) { - o.withProxy = false - }) -} - // WithTransportCredentials returns a DialOption which configures a connection // level security credentials (e.g., TLS/SSL). This should not be used together // with WithCredentialsBundle. @@ -568,7 +557,6 @@ func defaultDialOptions() dialOptions { ReadBufferSize: defaultReadBufSize, }, resolveNowBackoff: internalbackoff.DefaultExponential.Backoff, - withProxy: true, } } diff --git a/vendor/google.golang.org/grpc/go.mod b/vendor/google.golang.org/grpc/go.mod index ecef1ab0c..84c98c29f 100644 --- a/vendor/google.golang.org/grpc/go.mod +++ b/vendor/google.golang.org/grpc/go.mod @@ -3,8 +3,8 @@ module google.golang.org/grpc go 1.11 require ( - github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f github.com/envoyproxy/go-control-plane v0.9.4 + github.com/envoyproxy/protoc-gen-validate v0.1.0 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b github.com/golang/mock v1.1.1 github.com/golang/protobuf v1.3.3 diff --git a/vendor/google.golang.org/grpc/internal/internal.go b/vendor/google.golang.org/grpc/internal/internal.go index c6fbe8bb1..0912f0bf4 100644 --- a/vendor/google.golang.org/grpc/internal/internal.go +++ b/vendor/google.golang.org/grpc/internal/internal.go @@ -37,6 +37,11 @@ var ( // KeepaliveMinPingTime is the minimum ping interval. This must be 10s by // default, but tests may wish to set it lower for convenience. KeepaliveMinPingTime = 10 * time.Second + // StatusRawProto is exported by status/status.go. This func returns a + // pointer to the wrapped Status proto for a given status.Status without a + // call to proto.Clone(). The returned Status proto should not be mutated by + // the caller. + StatusRawProto interface{} // func (*status.Status) *spb.Status // NewRequestInfoContext creates a new context based on the argument context attaching // the passed in RequestInfo to the new context. NewRequestInfoContext interface{} // func(context.Context, credentials.RequestInfo) context.Context diff --git a/vendor/google.golang.org/grpc/internal/status/status.go b/vendor/google.golang.org/grpc/internal/status/status.go deleted file mode 100644 index 681260692..000000000 --- a/vendor/google.golang.org/grpc/internal/status/status.go +++ /dev/null @@ -1,161 +0,0 @@ -/* - * - * Copyright 2020 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -// Package status implements errors returned by gRPC. These errors are -// serialized and transmitted on the wire between server and client, and allow -// for additional data to be transmitted via the Details field in the status -// proto. gRPC service handlers should return an error created by this -// package, and gRPC clients should expect a corresponding error to be -// returned from the RPC call. -// -// This package upholds the invariants that a non-nil error may not -// contain an OK code, and an OK code must result in a nil error. -package status - -import ( - "errors" - "fmt" - - "github.com/golang/protobuf/proto" - "github.com/golang/protobuf/ptypes" - spb "google.golang.org/genproto/googleapis/rpc/status" - "google.golang.org/grpc/codes" -) - -// Status represents an RPC status code, message, and details. It is immutable -// and should be created with New, Newf, or FromProto. -type Status struct { - s *spb.Status -} - -// New returns a Status representing c and msg. -func New(c codes.Code, msg string) *Status { - return &Status{s: &spb.Status{Code: int32(c), Message: msg}} -} - -// Newf returns New(c, fmt.Sprintf(format, a...)). -func Newf(c codes.Code, format string, a ...interface{}) *Status { - return New(c, fmt.Sprintf(format, a...)) -} - -// FromProto returns a Status representing s. -func FromProto(s *spb.Status) *Status { - return &Status{s: proto.Clone(s).(*spb.Status)} -} - -// Err returns an error representing c and msg. If c is OK, returns nil. -func Err(c codes.Code, msg string) error { - return New(c, msg).Err() -} - -// Errorf returns Error(c, fmt.Sprintf(format, a...)). -func Errorf(c codes.Code, format string, a ...interface{}) error { - return Err(c, fmt.Sprintf(format, a...)) -} - -// Code returns the status code contained in s. -func (s *Status) Code() codes.Code { - if s == nil || s.s == nil { - return codes.OK - } - return codes.Code(s.s.Code) -} - -// Message returns the message contained in s. -func (s *Status) Message() string { - if s == nil || s.s == nil { - return "" - } - return s.s.Message -} - -// Proto returns s's status as an spb.Status proto message. -func (s *Status) Proto() *spb.Status { - if s == nil { - return nil - } - return proto.Clone(s.s).(*spb.Status) -} - -// Err returns an immutable error representing s; returns nil if s.Code() is OK. -func (s *Status) Err() error { - if s.Code() == codes.OK { - return nil - } - return (*Error)(s.Proto()) -} - -// WithDetails returns a new status with the provided details messages appended to the status. -// If any errors are encountered, it returns nil and the first error encountered. -func (s *Status) WithDetails(details ...proto.Message) (*Status, error) { - if s.Code() == codes.OK { - return nil, errors.New("no error details for status with code OK") - } - // s.Code() != OK implies that s.Proto() != nil. - p := s.Proto() - for _, detail := range details { - any, err := ptypes.MarshalAny(detail) - if err != nil { - return nil, err - } - p.Details = append(p.Details, any) - } - return &Status{s: p}, nil -} - -// Details returns a slice of details messages attached to the status. -// If a detail cannot be decoded, the error is returned in place of the detail. -func (s *Status) Details() []interface{} { - if s == nil || s.s == nil { - return nil - } - details := make([]interface{}, 0, len(s.s.Details)) - for _, any := range s.s.Details { - detail := &ptypes.DynamicAny{} - if err := ptypes.UnmarshalAny(any, detail); err != nil { - details = append(details, err) - continue - } - details = append(details, detail.Message) - } - return details -} - -// Error is an alias of a status proto. It implements error and Status, -// and a nil Error should never be returned by this package. -type Error spb.Status - -func (se *Error) Error() string { - p := (*spb.Status)(se) - return fmt.Sprintf("rpc error: code = %s desc = %s", codes.Code(p.GetCode()), p.GetMessage()) -} - -// GRPCStatus returns the Status represented by se. -func (se *Error) GRPCStatus() *Status { - return FromProto((*spb.Status)(se)) -} - -// Is implements future error.Is functionality. -// A Error is equivalent if the code and message are identical. -func (se *Error) Is(target error) bool { - tse, ok := target.(*Error) - if !ok { - return false - } - return proto.Equal((*spb.Status)(se), (*spb.Status)(tse)) -} diff --git a/vendor/google.golang.org/grpc/internal/transport/handler_server.go b/vendor/google.golang.org/grpc/internal/transport/handler_server.go index fc44e9761..228b82184 100644 --- a/vendor/google.golang.org/grpc/internal/transport/handler_server.go +++ b/vendor/google.golang.org/grpc/internal/transport/handler_server.go @@ -112,10 +112,11 @@ func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request, stats sta // at this point to be speaking over HTTP/2, so it's able to speak valid // gRPC. type serverHandlerTransport struct { - rw http.ResponseWriter - req *http.Request - timeoutSet bool - timeout time.Duration + rw http.ResponseWriter + req *http.Request + timeoutSet bool + timeout time.Duration + didCommonHeaders bool headerMD metadata.MD @@ -185,11 +186,8 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) erro ht.writeStatusMu.Lock() defer ht.writeStatusMu.Unlock() - headersWritten := s.updateHeaderSent() err := ht.do(func() { - if !headersWritten { - ht.writePendingHeaders(s) - } + ht.writeCommonHeaders(s) // And flush, in case no header or body has been sent yet. // This forces a separation of headers and trailers if this is the @@ -229,8 +227,6 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) erro if err == nil { // transport has not been closed if ht.stats != nil { - // Note: The trailer fields are compressed with hpack after this call returns. - // No WireLength field is set here. ht.stats.HandleRPC(s.Context(), &stats.OutTrailer{ Trailer: s.trailer.Copy(), }) @@ -240,16 +236,14 @@ func (ht *serverHandlerTransport) WriteStatus(s *Stream, st *status.Status) erro return err } -// writePendingHeaders sets common and custom headers on the first -// write call (Write, WriteHeader, or WriteStatus) -func (ht *serverHandlerTransport) writePendingHeaders(s *Stream) { - ht.writeCommonHeaders(s) - ht.writeCustomHeaders(s) -} - // writeCommonHeaders sets common headers on the first write // call (Write, WriteHeader, or WriteStatus). func (ht *serverHandlerTransport) writeCommonHeaders(s *Stream) { + if ht.didCommonHeaders { + return + } + ht.didCommonHeaders = true + h := ht.rw.Header() h["Date"] = nil // suppress Date to make tests happy; TODO: restore h.Set("Content-Type", ht.contentType) @@ -268,30 +262,9 @@ func (ht *serverHandlerTransport) writeCommonHeaders(s *Stream) { } } -// writeCustomHeaders sets custom headers set on the stream via SetHeader -// on the first write call (Write, WriteHeader, or WriteStatus). -func (ht *serverHandlerTransport) writeCustomHeaders(s *Stream) { - h := ht.rw.Header() - - s.hdrMu.Lock() - for k, vv := range s.header { - if isReservedHeader(k) { - continue - } - for _, v := range vv { - h.Add(k, encodeMetadataHeader(k, v)) - } - } - - s.hdrMu.Unlock() -} - func (ht *serverHandlerTransport) Write(s *Stream, hdr []byte, data []byte, opts *Options) error { - headersWritten := s.updateHeaderSent() return ht.do(func() { - if !headersWritten { - ht.writePendingHeaders(s) - } + ht.writeCommonHeaders(s) ht.rw.Write(hdr) ht.rw.Write(data) ht.rw.(http.Flusher).Flush() @@ -299,27 +272,27 @@ func (ht *serverHandlerTransport) Write(s *Stream, hdr []byte, data []byte, opts } func (ht *serverHandlerTransport) WriteHeader(s *Stream, md metadata.MD) error { - if err := s.SetHeader(md); err != nil { - return err - } - - headersWritten := s.updateHeaderSent() err := ht.do(func() { - if !headersWritten { - ht.writePendingHeaders(s) + ht.writeCommonHeaders(s) + h := ht.rw.Header() + for k, vv := range md { + // Clients don't tolerate reading restricted headers after some non restricted ones were sent. + if isReservedHeader(k) { + continue + } + for _, v := range vv { + v = encodeMetadataHeader(k, v) + h.Add(k, v) + } } - ht.rw.WriteHeader(200) ht.rw.(http.Flusher).Flush() }) if err == nil { if ht.stats != nil { - // Note: The header fields are compressed with hpack after this call returns. - // No WireLength field is set here. ht.stats.HandleRPC(s.Context(), &stats.OutHeader{ - Header: md.Copy(), - Compression: s.sendCompress, + Header: md.Copy(), }) } } diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go index 1cc586f73..b1b82ec95 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go @@ -686,8 +686,6 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (_ *Strea } else { header = metadata.Pairs("user-agent", t.userAgent) } - // Note: The header fields are compressed with hpack after this call returns. - // No WireLength field is set here. outHeader := &stats.OutHeader{ Client: true, FullMethod: callHdr.Method, @@ -1195,10 +1193,9 @@ func (t *http2Client) operateHeaders(frame *http2.MetaHeadersFrame) { if t.statsHandler != nil { if isHeader { inHeader := &stats.InHeader{ - Client: true, - WireLength: int(frame.Header().Length), - Header: s.header.Copy(), - Compression: s.recvCompress, + Client: true, + WireLength: int(frame.Header().Length), + Header: s.header.Copy(), } t.statsHandler.HandleRPC(s.ctx, inHeader) } else { diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/vendor/google.golang.org/grpc/internal/transport/http2_server.go index fa33ffb18..8b04b0392 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_server.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_server.go @@ -35,9 +35,11 @@ import ( "golang.org/x/net/http2" "golang.org/x/net/http2/hpack" + spb "google.golang.org/genproto/googleapis/rpc/status" "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" "google.golang.org/grpc/grpclog" + "google.golang.org/grpc/internal" "google.golang.org/grpc/internal/channelz" "google.golang.org/grpc/internal/grpcrand" "google.golang.org/grpc/keepalive" @@ -55,6 +57,9 @@ var ( // ErrHeaderListSizeLimitViolation indicates that the header list size is larger // than the limit set by peer. ErrHeaderListSizeLimitViolation = errors.New("transport: trying to send header list size larger than the limit set by peer") + // statusRawProto is a function to get to the raw status proto wrapped in a + // status.Status without a proto.Clone(). + statusRawProto = internal.StatusRawProto.(func(*status.Status) *spb.Status) ) // serverConnectionCounter counts the number of connections a server has seen @@ -808,11 +813,10 @@ func (t *http2Server) writeHeaderLocked(s *Stream) error { return ErrHeaderListSizeLimitViolation } if t.stats != nil { - // Note: Headers are compressed with hpack after this call returns. - // No WireLength field is set here. + // Note: WireLength is not set in outHeader. + // TODO(mmukhi): Revisit this later, if needed. outHeader := &stats.OutHeader{ - Header: s.header.Copy(), - Compression: s.sendCompress, + Header: s.header.Copy(), } t.stats.HandleRPC(s.Context(), outHeader) } @@ -845,7 +849,7 @@ func (t *http2Server) WriteStatus(s *Stream, st *status.Status) error { headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-status", Value: strconv.Itoa(int(st.Code()))}) headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-message", Value: encodeGrpcMessage(st.Message())}) - if p := st.Proto(); p != nil && len(p.Details) > 0 { + if p := statusRawProto(st); p != nil && len(p.Details) > 0 { stBytes, err := proto.Marshal(p) if err != nil { // TODO: return error instead, when callers are able to handle it. @@ -876,8 +880,6 @@ func (t *http2Server) WriteStatus(s *Stream, st *status.Status) error { rst := s.getState() == streamActive t.finishStream(s, rst, http2.ErrCodeNo, trailingHeader, true) if t.stats != nil { - // Note: The trailer fields are compressed with hpack after this call returns. - // No WireLength field is set here. t.stats.HandleRPC(s.Context(), &stats.OutTrailer{ Trailer: s.trailer.Copy(), }) diff --git a/vendor/google.golang.org/grpc/stats/stats.go b/vendor/google.golang.org/grpc/stats/stats.go index a7970c79a..9e22c393f 100644 --- a/vendor/google.golang.org/grpc/stats/stats.go +++ b/vendor/google.golang.org/grpc/stats/stats.go @@ -81,10 +81,6 @@ type InHeader struct { Client bool // WireLength is the wire length of header. WireLength int - // Compression is the compression algorithm used for the RPC. - Compression string - // Header contains the header metadata received. - Header metadata.MD // The following fields are valid only if Client is false. // FullMethod is the full RPC method string, i.e., /package.service/method. @@ -93,6 +89,10 @@ type InHeader struct { RemoteAddr net.Addr // LocalAddr is the local address of the corresponding connection. LocalAddr net.Addr + // Compression is the compression algorithm used for the RPC. + Compression string + // Header contains the header metadata received. + Header metadata.MD } // IsClient indicates if the stats information is from client side. @@ -141,10 +141,6 @@ func (s *OutPayload) isRPCStats() {} type OutHeader struct { // Client is true if this OutHeader is from client side. Client bool - // Compression is the compression algorithm used for the RPC. - Compression string - // Header contains the header metadata sent. - Header metadata.MD // The following fields are valid only if Client is true. // FullMethod is the full RPC method string, i.e., /package.service/method. @@ -153,6 +149,10 @@ type OutHeader struct { RemoteAddr net.Addr // LocalAddr is the local address of the corresponding connection. LocalAddr net.Addr + // Compression is the compression algorithm used for the RPC. + Compression string + // Header contains the header metadata sent. + Header metadata.MD } // IsClient indicates if this stats information is from client side. @@ -165,9 +165,6 @@ type OutTrailer struct { // Client is true if this OutTrailer is from client side. Client bool // WireLength is the wire length of trailer. - // - // Deprecated: This field is never set. The length is not known when this message is - // emitted because the trailer fields are compressed with hpack after that. WireLength int // Trailer contains the trailer metadata sent to the client. This // field is only valid if this OutTrailer is from the server side. diff --git a/vendor/google.golang.org/grpc/status/status.go b/vendor/google.golang.org/grpc/status/status.go index 01e182c30..a1348e9b1 100644 --- a/vendor/google.golang.org/grpc/status/status.go +++ b/vendor/google.golang.org/grpc/status/status.go @@ -29,23 +29,88 @@ package status import ( "context" + "errors" "fmt" + "github.com/golang/protobuf/proto" + "github.com/golang/protobuf/ptypes" spb "google.golang.org/genproto/googleapis/rpc/status" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/internal/status" + "google.golang.org/grpc/internal" ) -// Status references google.golang.org/grpc/internal/status. It represents an -// RPC status code, message, and details. It is immutable and should be -// created with New, Newf, or FromProto. -// https://godoc.org/google.golang.org/grpc/internal/status -type Status = status.Status +func init() { + internal.StatusRawProto = statusRawProto +} + +func statusRawProto(s *Status) *spb.Status { return s.s } + +// statusError is an alias of a status proto. It implements error and Status, +// and a nil statusError should never be returned by this package. +type statusError spb.Status + +func (se *statusError) Error() string { + p := (*spb.Status)(se) + return fmt.Sprintf("rpc error: code = %s desc = %s", codes.Code(p.GetCode()), p.GetMessage()) +} + +func (se *statusError) GRPCStatus() *Status { + return &Status{s: (*spb.Status)(se)} +} + +// Is implements future error.Is functionality. +// A statusError is equivalent if the code and message are identical. +func (se *statusError) Is(target error) bool { + tse, ok := target.(*statusError) + if !ok { + return false + } + + return proto.Equal((*spb.Status)(se), (*spb.Status)(tse)) +} + +// Status represents an RPC status code, message, and details. It is immutable +// and should be created with New, Newf, or FromProto. +type Status struct { + s *spb.Status +} + +// Code returns the status code contained in s. +func (s *Status) Code() codes.Code { + if s == nil || s.s == nil { + return codes.OK + } + return codes.Code(s.s.Code) +} + +// Message returns the message contained in s. +func (s *Status) Message() string { + if s == nil || s.s == nil { + return "" + } + return s.s.Message +} + +// Proto returns s's status as an spb.Status proto message. +func (s *Status) Proto() *spb.Status { + if s == nil { + return nil + } + return proto.Clone(s.s).(*spb.Status) +} + +// Err returns an immutable error representing s; returns nil if s.Code() is +// OK. +func (s *Status) Err() error { + if s.Code() == codes.OK { + return nil + } + return (*statusError)(s.s) +} // New returns a Status representing c and msg. func New(c codes.Code, msg string) *Status { - return status.New(c, msg) + return &Status{s: &spb.Status{Code: int32(c), Message: msg}} } // Newf returns New(c, fmt.Sprintf(format, a...)). @@ -70,7 +135,7 @@ func ErrorProto(s *spb.Status) error { // FromProto returns a Status representing s. func FromProto(s *spb.Status) *Status { - return status.FromProto(s) + return &Status{s: proto.Clone(s).(*spb.Status)} } // FromError returns a Status representing err if it was produced from this @@ -95,6 +160,42 @@ func Convert(err error) *Status { return s } +// WithDetails returns a new status with the provided details messages appended to the status. +// If any errors are encountered, it returns nil and the first error encountered. +func (s *Status) WithDetails(details ...proto.Message) (*Status, error) { + if s.Code() == codes.OK { + return nil, errors.New("no error details for status with code OK") + } + // s.Code() != OK implies that s.Proto() != nil. + p := s.Proto() + for _, detail := range details { + any, err := ptypes.MarshalAny(detail) + if err != nil { + return nil, err + } + p.Details = append(p.Details, any) + } + return &Status{s: p}, nil +} + +// Details returns a slice of details messages attached to the status. +// If a detail cannot be decoded, the error is returned in place of the detail. +func (s *Status) Details() []interface{} { + if s == nil || s.s == nil { + return nil + } + details := make([]interface{}, 0, len(s.s.Details)) + for _, any := range s.s.Details { + detail := &ptypes.DynamicAny{} + if err := ptypes.UnmarshalAny(any, detail); err != nil { + details = append(details, err) + continue + } + details = append(details, detail.Message) + } + return details +} + // Code returns the Code of the error if it is a Status error, codes.OK if err // is nil, or codes.Unknown otherwise. func Code(err error) codes.Code { diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go index ca5d55fdd..66d09b4ab 100644 --- a/vendor/google.golang.org/grpc/version.go +++ b/vendor/google.golang.org/grpc/version.go @@ -19,4 +19,4 @@ package grpc // Version is the current grpc version. -const Version = "1.29.1" +const Version = "1.28.1" diff --git a/vendor/google.golang.org/grpc/vet.sh b/vendor/google.golang.org/grpc/vet.sh index e12024fb8..f077fe775 100644 --- a/vendor/google.golang.org/grpc/vet.sh +++ b/vendor/google.golang.org/grpc/vet.sh @@ -1,22 +1,20 @@ #!/bin/bash +if [[ `uname -a` = *"Darwin"* ]]; then + echo "It seems you are running on Mac. This script does not work on Mac. See https://github.com/grpc/grpc-go/issues/2047" + exit 1 +fi + set -ex # Exit on error; debugging enabled. set -o pipefail # Fail a pipe if any sub-command fails. -# not makes sure the command passed to it does not exit with a return code of 0. -not() { - # This is required instead of the earlier (! $COMMAND) because subshells and - # pipefail don't work the same on Darwin as in Linux. - ! "$@" -} - die() { echo "$@" >&2 exit 1 } fail_on_output() { - tee /dev/stderr | not read + tee /dev/stderr | (! read) } # Check to make sure it's safe to modify the user's git repo. @@ -62,7 +60,7 @@ if [[ "$1" = "-install" ]]; then unzip ${PROTOC_FILENAME} bin/protoc --version popd - elif not which protoc > /dev/null; then + elif ! which protoc > /dev/null; then die "Please install protoc into your path" fi fi @@ -72,21 +70,21 @@ elif [[ "$#" -ne 0 ]]; then fi # - Ensure all source files contain a copyright message. -not git grep -L "\(Copyright [0-9]\{4,\} gRPC authors\)\|DO NOT EDIT" -- '*.go' +(! git grep -L "\(Copyright [0-9]\{4,\} gRPC authors\)\|DO NOT EDIT" -- '*.go') # - Make sure all tests in grpc and grpc/test use leakcheck via Teardown. -not grep 'func Test[^(]' *_test.go -not grep 'func Test[^(]' test/*.go +(! grep 'func Test[^(]' *_test.go) +(! grep 'func Test[^(]' test/*.go) # - Do not import x/net/context. -not git grep -l 'x/net/context' -- "*.go" +(! git grep -l 'x/net/context' -- "*.go") # - Do not import math/rand for real library code. Use internal/grpcrand for # thread safety. -git grep -l '"math/rand"' -- "*.go" 2>&1 | not grep -v '^examples\|^stress\|grpcrand\|^benchmark\|wrr_test' +git grep -l '"math/rand"' -- "*.go" 2>&1 | (! grep -v '^examples\|^stress\|grpcrand\|^benchmark\|wrr_test') # - Ensure all ptypes proto packages are renamed when importing. -not git grep "\(import \|^\s*\)\"github.com/golang/protobuf/ptypes/" -- "*.go" +(! git grep "\(import \|^\s*\)\"github.com/golang/protobuf/ptypes/" -- "*.go") # - Check imports that are illegal in appengine (until Go 1.11). # TODO: Remove when we drop Go 1.10 support @@ -94,8 +92,8 @@ go list -f {{.Dir}} ./... | xargs go run test/go_vet/vet.go # - gofmt, goimports, golint (with exceptions for generated code), go vet. gofmt -s -d -l . 2>&1 | fail_on_output -goimports -l . 2>&1 | not grep -vE "(_mock|\.pb)\.go" -golint ./... 2>&1 | not grep -vE "(_mock|\.pb)\.go:" +goimports -l . 2>&1 | (! grep -vE "(_mock|\.pb)\.go") +golint ./... 2>&1 | (! grep -vE "(_mock|\.pb)\.go:") go vet -all ./... misspell -error . @@ -121,9 +119,9 @@ fi SC_OUT="$(mktemp)" staticcheck -go 1.9 -checks 'inherit,-ST1015' ./... > "${SC_OUT}" || true # Error if anything other than deprecation warnings are printed. -not grep -v "is deprecated:.*SA1019" "${SC_OUT}" +(! grep -v "is deprecated:.*SA1019" "${SC_OUT}") # Only ignore the following deprecated types/fields/functions. -not grep -Fv '.HandleResolvedAddrs +(! grep -Fv '.HandleResolvedAddrs .HandleSubConnStateChange .HeaderMap .NewAddress @@ -159,5 +157,4 @@ naming.Update naming.Watcher resolver.Backend resolver.GRPCLB' "${SC_OUT}" - -echo SUCCESS +) diff --git a/vendor/modules.txt b/vendor/modules.txt index 2a9e6452e..74bd6d8d5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,5 +1,4 @@ -# cloud.google.com/go v0.58.0 -## explicit +# cloud.google.com/go v0.54.0 cloud.google.com/go/compute/metadata # github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 github.com/Azure/go-ansiterm @@ -266,7 +265,8 @@ github.com/onsi/gomega/matchers/support/goraph/edge github.com/onsi/gomega/matchers/support/goraph/node github.com/onsi/gomega/matchers/support/goraph/util github.com/onsi/gomega/types -# github.com/openshift/api v0.0.0-20200829102639-8a3a835f1acf +# github.com/openshift/api v0.0.0-20210325163602-e37aaed4c278 +## explicit github.com/openshift/api/config/v1 github.com/openshift/api/operator/v1 github.com/openshift/api/operator/v1alpha1 @@ -446,7 +446,7 @@ google.golang.org/appengine/internal/urlfetch google.golang.org/appengine/urlfetch # google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a google.golang.org/genproto/googleapis/rpc/status -# google.golang.org/grpc v1.29.1 +# google.golang.org/grpc v1.28.1 google.golang.org/grpc google.golang.org/grpc/attributes google.golang.org/grpc/backoff @@ -474,7 +474,6 @@ google.golang.org/grpc/internal/grpcsync google.golang.org/grpc/internal/grpcutil google.golang.org/grpc/internal/resolver/dns google.golang.org/grpc/internal/resolver/passthrough -google.golang.org/grpc/internal/status google.golang.org/grpc/internal/syscall google.golang.org/grpc/internal/transport google.golang.org/grpc/keepalive