From 7c219dba4f58af51bbc33501c273e751bca184fe Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Mon, 28 Oct 2024 20:05:16 -0400 Subject: [PATCH 1/4] vendoring: bump openshift/api * Update openshift/api into a commit that contains the floatingIP change needed by this PR. * Run `go mod tidy && go mod vendor`. * Run `make update`. --- go.mod | 2 +- go.sum | 24 +- ...0-custom-resource-definition-internal.yaml | 109 +- manifests/00-custom-resource-definition.yaml | 3201 ++++++++++------- .../openshift/api/.ci-operator.yaml | 2 +- .../github.com/openshift/api/Dockerfile.ocp | 4 +- vendor/github.com/openshift/api/README.md | 8 +- .../openshift/api/apps/v1/generated.proto | 30 +- .../api/authorization/v1/generated.pb.go | 508 ++- .../api/authorization/v1/generated.proto | 64 +- .../openshift/api/authorization/v1/types.go | 34 +- .../authorization/v1/zz_generated.deepcopy.go | 6 + .../v1/zz_generated.swagger_doc_generated.go | 38 +- .../openshift/api/build/v1/generated.proto | 90 +- .../api/cloudnetwork/v1/generated.proto | 6 +- .../api/config/v1/types_cluster_version.go | 50 +- .../openshift/api/config/v1/types_image.go | 52 + .../api/config/v1/types_infrastructure.go | 19 +- .../openshift/api/config/v1/types_network.go | 21 +- .../openshift/api/config/v1/types_node.go | 10 +- .../api/config/v1/zz_generated.deepcopy.go | 9 +- ..._generated.featuregated-crd-manifests.yaml | 5 +- .../v1/zz_generated.swagger_doc_generated.go | 26 +- .../api/console/v1/zz_generated.deepcopy.go | 4 +- .../openshift/api/envtest-releases.yaml | 27 + vendor/github.com/openshift/api/features.md | 28 +- .../openshift/api/features/features.go | 164 +- .../openshift/api/image/v1/generated.proto | 54 +- .../api/machine/v1beta1/types_awsprovider.go | 4 + .../api/machine/v1beta1/types_machine.go | 12 +- .../api/machine/v1beta1/types_machineset.go | 4 +- .../machine/v1beta1/types_vsphereprovider.go | 20 +- .../zz_generated.swagger_doc_generated.go | 1 + .../openshift/api/network/v1/generated.proto | 41 +- .../openshift/api/network/v1/types.go | 25 +- .../v1/zz_generated.swagger_doc_generated.go | 8 +- .../api/networkoperator/v1/generated.proto | 6 +- .../openshift/api/oauth/v1/generated.proto | 22 +- .../api/openshiftcontrolplane/v1/types.go | 30 + .../v1/zz_generated.swagger_doc_generated.go | 1 + .../openshift/api/operator/v1/types.go | 51 +- .../api/operator/v1/types_console.go | 11 +- .../operator/v1/types_csi_cluster_driver.go | 59 + .../api/operator/v1/types_ingress.go | 38 + .../api/operator/v1/types_network.go | 168 +- .../operator/v1/types_openshiftapiserver.go | 7 - ...000_10_config-operator_01_configs.crd.yaml | 100 +- ..._12_etcd_01_etcds-CustomNoUpgrade.crd.yaml | 132 +- .../0000_12_etcd_01_etcds-Default.crd.yaml | 125 +- ...etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml | 132 +- ...tcd_01_etcds-TechPreviewNoUpgrade.crd.yaml | 132 +- ..._kube-apiserver_01_kubeapiservers.crd.yaml | 131 +- ...manager_01_kubecontrollermanagers.crd.yaml | 125 +- ..._kube-scheduler_01_kubeschedulers.crd.yaml | 112 +- ...-apiserver_01_openshiftapiservers.crd.yaml | 98 +- ...ud-credential_00_cloudcredentials.crd.yaml | 115 +- ...or_00_kubestorageversionmigrators.crd.yaml | 97 +- ...authentication_01_authentications.crd.yaml | 102 +- .../0000_50_console_01_consoles.crd.yaml | 616 +++- ..._50_ingress_00_ingresscontrollers.crd.yaml | 3201 ++++++++++------- ..._50_insights_00_insightsoperators.crd.yaml | 203 +- ...er_02_openshiftcontrollermanagers.crd.yaml | 97 +- .../0000_50_service-ca_02_servicecas.crd.yaml | 96 +- .../0000_50_storage_01_storages.crd.yaml | 110 +- .../0000_70_dns_00_dnses.crd.yaml | 647 ++-- ...twork_01_networks-CustomNoUpgrade.crd.yaml | 1025 ++++++ ...00_70_network_01_networks-Default.crd.yaml | 969 +++++ ...k_01_networks-DevPreviewNoUpgrade.crd.yaml | 1025 ++++++ ..._01_networks-TechPreviewNoUpgrade.crd.yaml | 1025 ++++++ .../0000_70_network_01_networks.crd.yaml | 931 ----- ...troller_01_csisnapshotcontrollers.crd.yaml | 97 +- ...e-config_01_machineconfigurations.crd.yaml | 659 ++-- ...0_csi-driver_01_clustercsidrivers.crd.yaml | 324 +- .../api/operator/v1/zz_generated.deepcopy.go | 99 +- ..._generated.featuregated-crd-manifests.yaml | 5 +- .../v1/zz_generated.swagger_doc_generated.go | 131 +- .../0000_50_dns_01_dnsrecords.crd.yaml | 109 +- .../openshift/api/project/v1/generated.proto | 8 +- .../openshift/api/quota/v1/generated.proto | 16 +- .../openshift/api/route/v1/generated.proto | 18 +- .../openshift/api/route/v1/types.go | 10 +- ..._generated.featuregated-crd-manifests.yaml | 2 +- .../openshift/api/samples/v1/generated.proto | 8 +- .../openshift/api/security/v1/generated.pb.go | 431 ++- .../openshift/api/security/v1/generated.proto | 56 +- .../openshift/api/security/v1/types.go | 44 + .../api/security/v1/zz_generated.deepcopy.go | 3 + ..._generated.featuregated-crd-manifests.yaml | 3 +- .../v1/zz_generated.swagger_doc_generated.go | 22 +- .../openshift/api/template/v1/generated.proto | 24 +- .../openshift/api/user/v1/generated.proto | 20 +- vendor/modules.txt | 4 +- 92 files changed, 12273 insertions(+), 6269 deletions(-) create mode 100644 vendor/github.com/openshift/api/envtest-releases.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks.crd.yaml diff --git a/go.mod b/go.mod index ca22e0ba29..e4eacc8a5f 100644 --- a/go.mod +++ b/go.mod @@ -157,6 +157,6 @@ require ( // github.com/operator-framework/operator-sdk. replace ( bitbucket.org/ww/goautoneg => github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d - github.com/openshift/api => github.com/openshift/api v0.0.0-20240806152114-6b4a57ec20b0 + github.com/openshift/api => github.com/openshift/api v0.0.0-20241004095111-b1f700bdd8d2 k8s.io/client-go => k8s.io/client-go v0.31.1 ) diff --git a/go.sum b/go.sum index 56621bcdbf..ee46611f29 100644 --- a/go.sum +++ b/go.sum @@ -309,6 +309,7 @@ github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT github.com/emicklei/go-restful v2.10.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.11.1+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -324,7 +325,6 @@ github.com/evanphx/json-patch v4.1.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= @@ -347,7 +347,6 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/fsouza/fake-gcs-server v1.7.0/go.mod h1:5XIRs4YvwNbNoz+1JF8j6KLAyDh7RHGAyAK3EP2EsNk= github.com/fsouza/go-dockerclient v0.0.0-20171004212419-da3951ba2e9e/go.mod h1:KpcjM623fQYE9MZiTGzKhjfxXAV9wbyX2C1cyRHfhl0= -github.com/fxamacker/cbor/v2 v2.6.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= @@ -374,7 +373,6 @@ github.com/go-logr/logr v0.2.1/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -606,7 +604,6 @@ github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OI github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190723021845-34ac40c74b70/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= @@ -618,7 +615,6 @@ github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.1.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k= @@ -886,7 +882,6 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -951,8 +946,6 @@ github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3Ro github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0= github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= -github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= @@ -982,9 +975,7 @@ github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+q github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4= github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= -github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk= github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= @@ -1002,8 +993,8 @@ github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.m github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= -github.com/openshift/api v0.0.0-20240806152114-6b4a57ec20b0 h1:iyH3ClIXTa75VdDuYWpEZX+Y05uXKy/7o+8EWiGNVKU= -github.com/openshift/api v0.0.0-20240806152114-6b4a57ec20b0/go.mod h1:OOh6Qopf21pSzqNVCB5gomomBXb8o5sGKZxG2KNpaXM= +github.com/openshift/api v0.0.0-20241004095111-b1f700bdd8d2 h1:wCRdyt+nHnJsfuLMJF9RW1JK8G4Gvo//gBy6bZI5USE= +github.com/openshift/api v0.0.0-20241004095111-b1f700bdd8d2/go.mod h1:Shkl4HanLwDiiBzakv+con/aMGnVE2MAGvoKp5oyYUo= github.com/openshift/build-machinery-go v0.0.0-20200211121458-5e3d6e570160/go.mod h1:1CkcsT3aVebzRBzVTSbiKSkJMsC/CASqxesfqEMfJEc= github.com/openshift/client-go v0.0.0-20200116152001-92a2713fa240/go.mod h1:4riOwdj99Hd/q+iAcJZfNCsQQQMwURnZV6RL4WHYS5w= github.com/openshift/client-go v0.0.0-20240405120947-c67c8325cdd8 h1:HGfbllzRcrJBSiwzNjBCs7sExLUxC5/1evnvlNGB0Cg= @@ -1124,7 +1115,6 @@ github.com/rogpeppe/go-internal v1.3.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE github.com/rogpeppe/go-internal v1.4.0/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.5.0/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= @@ -1382,7 +1372,6 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= @@ -1452,7 +1441,6 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= -golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= @@ -1483,7 +1471,6 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= @@ -1576,7 +1563,6 @@ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= @@ -1702,7 +1688,6 @@ golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= -golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= @@ -1878,7 +1863,6 @@ k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78= k8s.io/api v0.18.3/go.mod h1:UOaMwERbqJMfeeeHc8XJKawj4P9TgDRnViIqqBeH2QA= k8s.io/api v0.18.6/go.mod h1:eeyxr+cwCjMdLAmr2W3RyDI0VvTawSg/3RFFBEnmZGI= k8s.io/api v0.19.3/go.mod h1:VF+5FT1B74Pw3KxMdKyinLo+zynBaMBiAfGMuldcNDs= -k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= k8s.io/apiextensions-apiserver v0.0.0-20190918161926-8f644eb6e783/go.mod h1:xvae1SZB3E17UpV59AWc271W/Ph25N+bjPyR63X6tPY= @@ -1902,7 +1886,6 @@ k8s.io/apimachinery v0.18.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftc k8s.io/apimachinery v0.18.3/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= k8s.io/apimachinery v0.18.6/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= k8s.io/apimachinery v0.19.3/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= -k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= k8s.io/apiserver v0.0.0-20190918160949-bfa5e2e684ad/go.mod h1:XPCXEwhjaFN29a8NldXA901ElnKeKLrLtREO9ZhFyhg= @@ -2023,7 +2006,6 @@ sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+s sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= vbom.ml/util v0.0.0-20160121211510-db5cfe13f5cc/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI= diff --git a/manifests/00-custom-resource-definition-internal.yaml b/manifests/00-custom-resource-definition-internal.yaml index 69bf00ef62..c0a64012d8 100644 --- a/manifests/00-custom-resource-definition-internal.yaml +++ b/manifests/00-custom-resource-definition-internal.yaml @@ -20,23 +20,32 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster - .spec.publicZone and .spec.privateZone. \n Cluster admin manipulation of - this resource is not supported. This resource is only for internal communication - of OpenShift operators. \n If DNSManagementPolicy is \"Unmanaged\", the - operator will not be responsible for managing the DNS records on the cloud - provider. \n Compatibility level 1: Stable within a major release for a - minimum of 12 months or 3 minor releases (whichever is longer)." + description: |- + DNSRecord is a DNS record managed in the zones defined by + dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone. + + Cluster admin manipulation of this resource is not supported. This resource + is only for internal communication of OpenShift operators. + + If DNSManagementPolicy is "Unmanaged", the operator will not be responsible + for managing the DNS records on the cloud provider. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -46,14 +55,17 @@ spec: properties: dnsManagementPolicy: default: Managed - description: "dnsManagementPolicy denotes the current policy applied - on the DNS record. Records that have policy set as \"Unmanaged\" - are ignored by the ingress operator. This means that the DNS record - on the cloud provider is not managed by the operator, and the \"Published\" - status condition will be updated to \"Unknown\" status, since it - is externally managed. Any existing record on the cloud provider - can be deleted at the discretion of the cluster admin. \n This field - defaults to Managed. Valid values are \"Managed\" and \"Unmanaged\"." + description: |- + dnsManagementPolicy denotes the current policy applied on the DNS + record. Records that have policy set as "Unmanaged" are ignored by + the ingress operator. This means that the DNS record on the cloud + provider is not managed by the operator, and the "Published" status + condition will be updated to "Unknown" status, since it is externally + managed. Any existing record on the cloud provider can be deleted at + the discretion of the cluster admin. + + This field defaults to Managed. Valid values are "Managed" and + "Unmanaged". enum: - Managed - Unmanaged @@ -63,9 +75,10 @@ spec: minLength: 1 type: string recordTTL: - description: recordTTL is the record TTL in seconds. If zero, the - default is 30. RecordTTL will not be used in AWS regions Alias targets, - but will be used in CNAME targets, per AWS API contract. + description: |- + recordTTL is the record TTL in seconds. If zero, the default is 30. + RecordTTL will not be used in AWS regions Alias targets, but + will be used in CNAME targets, per AWS API contract. format: int64 minimum: 0 type: integer @@ -93,12 +106,13 @@ spec: description: status is the most recently observed status of the dnsRecord. properties: observedGeneration: - description: observedGeneration is the most recently observed generation - of the DNSRecord. When the DNSRecord is updated, the controller - updates the corresponding record in each managed zone. If an update - for a particular zone fails, that failure is recorded in the status - condition for the zone so that the controller can determine that - it needs to retry the update for that specific zone. + description: |- + observedGeneration is the most recently observed generation of the + DNSRecord. When the DNSRecord is updated, the controller updates the + corresponding record in each managed zone. If an update for a + particular zone fails, that failure is recorded in the status + condition for the zone so that the controller can determine that it + needs to retry the update for that specific zone. format: int64 type: integer zones: @@ -108,11 +122,12 @@ spec: zone. properties: conditions: - description: "conditions are any conditions associated with - the record in the zone. \n If publishing the record succeeds, - the \"Published\" condition will be set with status \"True\" - and upon failure it will be set to \"False\" along with the - reason and message describing the cause of the failure." + description: |- + conditions are any conditions associated with the record in the zone. + + If publishing the record succeeds, the "Published" condition will be + set with status "True" and upon failure it will be set to "False" along + with the reason and message describing the cause of the failure. items: description: DNSZoneCondition is just the standard condition fields. @@ -139,20 +154,26 @@ spec: description: dnsZone is the zone where the record is published. properties: id: - description: "id is the identifier that can be used to find - the DNS hosted zone. \n on AWS zone can be fetched using - `ID` as id in [1] on Azure zone can be fetched using `ID` - as a pre-determined name in [2], on GCP zone can be fetched - using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + description: |- + id is the identifier that can be used to find the DNS hosted zone. + + on AWS zone can be fetched using `ID` as id in [1] + on Azure zone can be fetched using `ID` as a pre-determined name in [2], + on GCP zone can be fetched using `ID` as a pre-determined name in [3]. + + [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" + [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get type: string tags: additionalProperties: type: string - description: "tags can be used to query the DNS hosted zone. - \n on AWS, resourcegroupstaggingapi [1] can be used to - fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + description: |- + tags can be used to query the DNS hosted zone. + + on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, + + [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options type: object type: object type: object diff --git a/manifests/00-custom-resource-definition.yaml b/manifests/00-custom-resource-definition.yaml index 6adf7cd357..2524b5a84a 100644 --- a/manifests/00-custom-resource-definition.yaml +++ b/manifests/00-custom-resource-definition.yaml @@ -20,26 +20,37 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "IngressController describes a managed ingress controller for - the cluster. The controller can service OpenShift Route and Kubernetes Ingress - resources. \n When an IngressController is created, a new ingress controller - deployment is created to allow external traffic to reach the services that - expose Ingress or Route resources. Updating this resource may lead to disruption - for public facing network connections as a new ingress controller revision - may be rolled out. \n https://kubernetes.io/docs/concepts/services-networking/ingress-controllers - \n Whenever possible, sensible defaults for the platform are used. See each - field for more details. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." + description: |- + IngressController describes a managed ingress controller for the cluster. The + controller can service OpenShift Route and Kubernetes Ingress resources. + + When an IngressController is created, a new ingress controller deployment is + created to allow external traffic to reach the services that expose Ingress + or Route resources. Updating this resource may lead to disruption for public + facing network connections as a new ingress controller revision may be rolled + out. + + https://kubernetes.io/docs/concepts/services-networking/ingress-controllers + + Whenever possible, sensible defaults for the platform are used. See each + field for more details. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -48,28 +59,30 @@ spec: IngressController. properties: clientTLS: - description: clientTLS specifies settings for requesting and verifying - client certificates, which can be used to enable mutual TLS for + description: |- + clientTLS specifies settings for requesting and verifying client + certificates, which can be used to enable mutual TLS for edge-terminated and reencrypt routes. properties: allowedSubjectPatterns: - description: allowedSubjectPatterns specifies a list of regular - expressions that should be matched against the distinguished - name on a valid client certificate to filter requests. The - regular expressions must use PCRE syntax. If this list is empty, - no filtering is performed. If the list is nonempty, then at - least one pattern must match a client certificate's distinguished - name or else the ingress controller rejects the certificate - and denies the connection. + description: |- + allowedSubjectPatterns specifies a list of regular expressions that + should be matched against the distinguished name on a valid client + certificate to filter requests. The regular expressions must use + PCRE syntax. If this list is empty, no filtering is performed. If + the list is nonempty, then at least one pattern must match a client + certificate's distinguished name or else the ingress controller + rejects the certificate and denies the connection. items: type: string type: array x-kubernetes-list-type: atomic clientCA: - description: clientCA specifies a configmap containing the PEM-encoded - CA certificate bundle that should be used to verify a client's - certificate. The administrator must create this configmap in - the openshift-config namespace. + description: |- + clientCA specifies a configmap containing the PEM-encoded CA + certificate bundle that should be used to verify a client's + certificate. The administrator must create this configmap in the + openshift-config namespace. properties: name: description: name is the metadata.name of the referenced config @@ -79,12 +92,14 @@ spec: - name type: object clientCertificatePolicy: - description: "clientCertificatePolicy specifies whether the ingress - controller requires clients to provide certificates. This field - accepts the values \"Required\" or \"Optional\". \n Note that - the ingress controller only checks client certificates for edge-terminated - and reencrypt TLS routes; it cannot check certificates for cleartext - HTTP or passthrough TLS routes." + description: |- + clientCertificatePolicy specifies whether the ingress controller + requires clients to provide certificates. This field accepts the + values "Required" or "Optional". + + Note that the ingress controller only checks client certificates for + edge-terminated and reencrypt TLS routes; it cannot check + certificates for cleartext HTTP or passthrough TLS routes. enum: - "" - Required @@ -95,103 +110,133 @@ spec: - clientCertificatePolicy type: object defaultCertificate: - description: "defaultCertificate is a reference to a secret containing - the default certificate served by the ingress controller. When Routes - don't specify their own certificate, defaultCertificate is used. - \n The secret must contain the following keys and data: \n tls.crt: - certificate file contents tls.key: key file contents \n If unset, - a wildcard certificate is automatically generated and used. The - certificate is valid for the ingress controller domain (and subdomains) - and the generated certificate's CA will be automatically integrated - with the cluster's trust store. \n If a wildcard certificate is - used and shared by multiple HTTP/2 enabled routes (which implies - ALPN) then clients (i.e., notably browsers) are at liberty to reuse - open connections. This means a client can reuse a connection to - another route and that is likely to fail. This behaviour is generally - known as connection coalescing. \n The in-use certificate (whether - generated or user-specified) will be automatically integrated with - OpenShift's built-in OAuth server." + description: |- + defaultCertificate is a reference to a secret containing the default + certificate served by the ingress controller. When Routes don't specify + their own certificate, defaultCertificate is used. + + The secret must contain the following keys and data: + + tls.crt: certificate file contents + tls.key: key file contents + + If unset, a wildcard certificate is automatically generated and used. The + certificate is valid for the ingress controller domain (and subdomains) and + the generated certificate's CA will be automatically integrated with the + cluster's trust store. + + If a wildcard certificate is used and shared by multiple + HTTP/2 enabled routes (which implies ALPN) then clients + (i.e., notably browsers) are at liberty to reuse open + connections. This means a client can reuse a connection to + another route and that is likely to fail. This behaviour is + generally known as connection coalescing. + + The in-use certificate (whether generated or user-specified) will be + automatically integrated with OpenShift's built-in OAuth server. properties: name: default: "" - description: 'Name of the referent. This field is effectively - required, but due to backwards compatibility is allowed to be - empty. Instances of this type with an empty value here are almost - certainly wrong. TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic domain: - description: "domain is a DNS name serviced by the ingress controller - and is used to configure multiple features: \n * For the LoadBalancerService - endpoint publishing strategy, domain is used to configure DNS records. - See endpointPublishingStrategy. \n * When using a generated default - certificate, the certificate will be valid for domain and its subdomains. - See defaultCertificate. \n * The value is published to individual - Route statuses so that end-users know where to target external DNS - records. \n domain must be unique among all IngressControllers, - and cannot be updated. \n If empty, defaults to ingress.config.openshift.io/cluster - .spec.domain." + description: |- + domain is a DNS name serviced by the ingress controller and is used to + configure multiple features: + + * For the LoadBalancerService endpoint publishing strategy, domain is + used to configure DNS records. See endpointPublishingStrategy. + + * When using a generated default certificate, the certificate will be valid + for domain and its subdomains. See defaultCertificate. + + * The value is published to individual Route statuses so that end-users + know where to target external DNS records. + + domain must be unique among all IngressControllers, and cannot be + updated. + + If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. type: string endpointPublishingStrategy: - description: "endpointPublishingStrategy is used to publish the ingress - controller endpoints to other networks, enable load balancer integrations, - etc. \n If unset, the default is based on infrastructure.config.openshift.io/cluster - .status.platform: \n AWS: LoadBalancerService (with External - scope) Azure: LoadBalancerService (with External scope) GCP: - \ LoadBalancerService (with External scope) IBMCloud: LoadBalancerService - (with External scope) AlibabaCloud: LoadBalancerService (with External - scope) Libvirt: HostNetwork \n Any other platform types (including - None) default to HostNetwork. \n endpointPublishingStrategy cannot - be updated." + description: |- + endpointPublishingStrategy is used to publish the ingress controller + endpoints to other networks, enable load balancer integrations, etc. + + If unset, the default is based on + infrastructure.config.openshift.io/cluster .status.platform: + + AWS: LoadBalancerService (with External scope) + Azure: LoadBalancerService (with External scope) + GCP: LoadBalancerService (with External scope) + IBMCloud: LoadBalancerService (with External scope) + AlibabaCloud: LoadBalancerService (with External scope) + Libvirt: HostNetwork + + Any other platform types (including None) default to HostNetwork. + + endpointPublishingStrategy cannot be updated. properties: hostNetwork: - description: hostNetwork holds parameters for the HostNetwork - endpoint publishing strategy. Present only if type is HostNetwork. + description: |- + hostNetwork holds parameters for the HostNetwork endpoint publishing + strategy. Present only if type is HostNetwork. properties: httpPort: default: 80 - description: httpPort is the port on the host which should - be used to listen for HTTP requests. This field should be - set when port 80 is already in use. The value should not - coincide with the NodePort range of the cluster. When the - value is 0 or is not specified it defaults to 80. + description: |- + httpPort is the port on the host which should be used to listen for + HTTP requests. This field should be set when port 80 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 80. format: int32 maximum: 65535 minimum: 0 type: integer httpsPort: default: 443 - description: httpsPort is the port on the host which should - be used to listen for HTTPS requests. This field should - be set when port 443 is already in use. The value should - not coincide with the NodePort range of the cluster. When - the value is 0 or is not specified it defaults to 443. + description: |- + httpsPort is the port on the host which should be used to listen for + HTTPS requests. This field should be set when port 443 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 443. format: int32 maximum: 65535 minimum: 0 type: integer protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. enum: - "" - TCP @@ -199,49 +244,49 @@ spec: type: string statsPort: default: 1936 - description: statsPort is the port on the host where the stats - from the router are published. The value should not coincide - with the NodePort range of the cluster. If an external load - balancer is configured to forward connections to this IngressController, - the load balancer should use this port for health checks. - The load balancer can send HTTP probes on this port on a - given node, with the path /healthz/ready to determine if - the ingress controller is ready to receive traffic on the - node. For proper operation the load balancer must not forward - traffic to a node until the health check reports ready. - The load balancer should also stop forwarding requests within - a maximum of 45 seconds after /healthz/ready starts reporting - not-ready. Probing every 5 to 10 seconds, with a 5-second - timeout and with a threshold of two successful or failed - requests to become healthy or unhealthy respectively, are - well-tested values. When the value is 0 or is not specified - it defaults to 1936. + description: |- + statsPort is the port on the host where the stats from the router are + published. The value should not coincide with the NodePort range of the + cluster. If an external load balancer is configured to forward connections + to this IngressController, the load balancer should use this port for + health checks. The load balancer can send HTTP probes on this port on a + given node, with the path /healthz/ready to determine if the ingress + controller is ready to receive traffic on the node. For proper operation + the load balancer must not forward traffic to a node until the health + check reports ready. The load balancer should also stop forwarding requests + within a maximum of 45 seconds after /healthz/ready starts reporting + not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + a threshold of two successful or failed requests to become healthy or + unhealthy respectively, are well-tested values. When the value is 0 or + is not specified it defaults to 1936. format: int32 maximum: 65535 minimum: 0 type: integer type: object loadBalancer: - description: loadBalancer holds parameters for the load balancer. - Present only if type is LoadBalancerService. + description: |- + loadBalancer holds parameters for the load balancer. Present only if + type is LoadBalancerService. properties: allowedSourceRanges: - description: "allowedSourceRanges specifies an allowlist of - IP address ranges to which access to the load balancer should - be restricted. Each range must be specified using CIDR - notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range - is specified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 - are used by default, which allows all source addresses. - \n To facilitate migration from earlier versions of OpenShift - that did not have the allowedSourceRanges field, you may - set the service.beta.kubernetes.io/load-balancer-source-ranges - annotation on the \"router-\" service - in the \"openshift-ingress\" namespace, and this annotation - will take effect if allowedSourceRanges is empty on OpenShift - 4.12." + description: |- + allowedSourceRanges specifies an allowlist of IP address ranges to which + access to the load balancer should be restricted. Each range must be + specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + which allows all source addresses. + + To facilitate migration from earlier versions of OpenShift that did + not have the allowedSourceRanges field, you may set the + service.beta.kubernetes.io/load-balancer-source-ranges annotation on + the "router-" service in the + "openshift-ingress" namespace, and this annotation will take + effect if allowedSourceRanges is empty on OpenShift 4.12. items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). + description: |- + CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" + or "fd00::/8"). pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) type: string nullable: true @@ -249,66 +294,69 @@ spec: x-kubernetes-list-type: atomic dnsManagementPolicy: default: Managed - description: 'dnsManagementPolicy indicates if the lifecycle - of the wildcard DNS record associated with the load balancer - service will be managed by the ingress operator. It defaults - to Managed. Valid values are: Managed and Unmanaged.' + description: |- + dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + associated with the load balancer service will be managed by + the ingress operator. It defaults to Managed. + Valid values are: Managed and Unmanaged. enum: - Managed - Unmanaged type: string providerParameters: - description: "providerParameters holds desired load balancer - information specific to the underlying infrastructure provider. - \n If empty, defaults will be applied. See specific providerParameters - fields for details about their defaults." + description: |- + providerParameters holds desired load balancer information specific to + the underlying infrastructure provider. + + If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults. properties: aws: - description: "aws provides configuration settings that - are specific to AWS load balancers. \n If empty, defaults - will be applied. See specific aws fields for details - about their defaults." + description: |- + aws provides configuration settings that are specific to AWS + load balancers. + + If empty, defaults will be applied. See specific aws fields for + details about their defaults. properties: classicLoadBalancer: - description: classicLoadBalancerParameters holds configuration - parameters for an AWS classic load balancer. Present - only if type is Classic. + description: |- + classicLoadBalancerParameters holds configuration parameters for an AWS + classic load balancer. Present only if type is Classic. properties: connectionIdleTimeout: - description: connectionIdleTimeout specifies the - maximum time period that a connection may be - idle before the load balancer closes the connection. The - value must be parseable as a time duration value; - see . A - nil or zero value means no opinion, in which - case a default value is used. The default value - for this field is 60s. This default is subject - to change. + description: |- + connectionIdleTimeout specifies the maximum time period that a + connection may be idle before the load balancer closes the + connection. The value must be parseable as a time duration value; + see . A nil or zero value + means no opinion, in which case a default value is used. The default + value for this field is 60s. This default is subject to change. format: duration type: string subnets: - description: "subnets specifies the subnets to - which the load balancer will attach. The subnets - may be specified by either their ID or name. - The total number of subnets is limited to 10. - \n In order for the load balancer to be provisioned - with subnets, each subnet must exist, each subnet - must be from a different availability zone, - and the load balancer service must be recreated - to pick up new values. \n When omitted from - the spec, the subnets will be auto-discovered - for each availability zone. Auto-discovered - subnets are not reported in the status of the - IngressController object." + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. properties: ids: - description: ids specifies a list of AWS subnets - by subnet ID. Subnet IDs must start with - "subnet-", consist only of alphanumeric - characters, must be exactly 24 characters - long, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. items: description: AWSSubnetID is a reference to an AWS subnet ID. @@ -324,13 +372,12 @@ spec: rule: self.all(x, self.exists_one(y, x == y)) names: - description: names specifies a list of AWS - subnets by subnet name. Subnet names must - not start with "subnet-", must not include - commas, must be under 256 characters in - length, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. items: description: AWSSubnetName is a reference to an AWS subnet name. @@ -363,31 +410,28 @@ spec: has(self.names) && self.names.size() > 0 type: object networkLoadBalancer: - description: networkLoadBalancerParameters holds configuration - parameters for an AWS network load balancer. Present - only if type is NLB. + description: |- + networkLoadBalancerParameters holds configuration parameters for an AWS + network load balancer. Present only if type is NLB. properties: eipAllocations: - description: "eipAllocations is a list of IDs - for Elastic IP (EIP) addresses that are assigned - to the Network Load Balancer. The following - restrictions apply: \n eipAllocations can only - be used with external scope, not internal. An - EIP can be allocated to only a single IngressController. - The number of EIP allocations must match the - number of subnets that are used for the load - balancer. Each EIP allocation must be unique. + description: |- + eipAllocations is a list of IDs for Elastic IP (EIP) addresses that + are assigned to the Network Load Balancer. + The following restrictions apply: + + eipAllocations can only be used with external scope, not internal. + An EIP can be allocated to only a single IngressController. + The number of EIP allocations must match the number of subnets that are used for the load balancer. + Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted. - \n See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html - for general information about configuration, - characteristics, and limitations of Elastic - IP addresses." + + See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general + information about configuration, characteristics, and limitations of Elastic IP addresses. items: - description: EIPAllocation is an ID for an Elastic - IP (EIP) address that can be allocated to - an ELB in the AWS environment. Values must - begin with `eipalloc-` followed by exactly - 17 hexadecimal (`[0-9a-fA-F]`) characters. + description: |- + EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment. + Values must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters. maxLength: 26 minLength: 26 type: string @@ -406,28 +450,28 @@ spec: - message: eipAllocations cannot contain duplicates rule: self.all(x, self.exists_one(y, x == y)) subnets: - description: "subnets specifies the subnets to - which the load balancer will attach. The subnets - may be specified by either their ID or name. - The total number of subnets is limited to 10. - \n In order for the load balancer to be provisioned - with subnets, each subnet must exist, each subnet - must be from a different availability zone, - and the load balancer service must be recreated - to pick up new values. \n When omitted from - the spec, the subnets will be auto-discovered - for each availability zone. Auto-discovered - subnets are not reported in the status of the - IngressController object." + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. properties: ids: - description: ids specifies a list of AWS subnets - by subnet ID. Subnet IDs must start with - "subnet-", consist only of alphanumeric - characters, must be exactly 24 characters - long, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. items: description: AWSSubnetID is a reference to an AWS subnet ID. @@ -443,13 +487,12 @@ spec: rule: self.all(x, self.exists_one(y, x == y)) names: - description: names specifies a list of AWS - subnets by subnet name. Subnet names must - not start with "subnet-", must not include - commas, must be under 256 characters in - length, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. items: description: AWSSubnetName is a reference to an AWS subnet name. @@ -501,15 +544,21 @@ spec: ? size(self.subnets.names) == size(self.eipAllocations) : true' type: - description: "type is the type of AWS load balancer - to instantiate for an ingresscontroller. \n Valid - values are: \n * \"Classic\": A Classic Load Balancer - that makes routing decisions at either the transport - layer (TCP/SSL) or the application layer (HTTP/HTTPS). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - \n * \"NLB\": A Network Load Balancer that makes - routing decisions at the transport layer (TCP/SSL). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" + description: |- + type is the type of AWS load balancer to instantiate for an ingresscontroller. + + Valid values are: + + * "Classic": A Classic Load Balancer that makes routing decisions at either + the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + + * "NLB": A Network Load Balancer that makes routing decisions at the + transport layer (TCP/SSL). See the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb enum: - Classic - NLB @@ -518,67 +567,99 @@ spec: - type type: object gcp: - description: "gcp provides configuration settings that - are specific to GCP load balancers. \n If empty, defaults - will be applied. See specific gcp fields for details - about their defaults." + description: |- + gcp provides configuration settings that are specific to GCP + load balancers. + + If empty, defaults will be applied. See specific gcp fields for + details about their defaults. properties: clientAccess: - description: "clientAccess describes how client access - is restricted for internal load balancers. \n Valid - values are: * \"Global\": Specifying an internal - load balancer with Global client access allows clients - from any region within the VPC to communicate with - the load balancer. \n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access - \n * \"Local\": Specifying an internal load balancer - with Local client access means only clients within - the same region (and VPC) as the GCP load balancer - can communicate with the load balancer. Note that - this is the default behavior. \n https://cloud.google.com/load-balancing/docs/internal#client_access" + description: |- + clientAccess describes how client access is restricted for internal + load balancers. + + Valid values are: + * "Global": Specifying an internal load balancer with Global client access + allows clients from any region within the VPC to communicate with the load + balancer. + + https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + + * "Local": Specifying an internal load balancer with Local client access + means only clients within the same region (and VPC) as the GCP load balancer + can communicate with the load balancer. Note that this is the default behavior. + + https://cloud.google.com/load-balancing/docs/internal#client_access enum: - Global - Local type: string type: object ibm: - description: "ibm provides configuration settings that - are specific to IBM Cloud load balancers. \n If empty, - defaults will be applied. See specific ibm fields for - details about their defaults." + description: |- + ibm provides configuration settings that are specific to IBM Cloud + load balancers. + + If empty, defaults will be applied. See specific ibm fields for + details about their defaults. properties: protocol: - description: "protocol specifies whether the load - balancer uses PROXY protocol to forward connections - to the IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: - \"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\" - \n PROXY protocol can be used with load balancers - that support it to communicate the source addresses - of client connections when forwarding those connections - to the IngressController. Using PROXY protocol - enables the IngressController to report those source - addresses instead of reporting the load balancer's - address in HTTP headers and logs. Note that enabling - PROXY protocol on the IngressController will cause - connections to fail if you are not using a load - balancer that uses PROXY protocol to forward connections - to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n Valid values - for protocol are TCP, PROXY and omitted. When omitted, - this means no opinion and the platform is left to - choose a reasonable default, which is subject to - change over time. The current default is TCP, without - the proxy protocol enabled." + description: |- + protocol specifies whether the load balancer uses PROXY protocol to forward connections to + the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + Valid values for protocol are TCP, PROXY and omitted. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is TCP, without the proxy protocol enabled. enum: - "" - TCP - PROXY type: string type: object + openstack: + description: |- + openstack provides configuration settings that are specific to OpenStack + load balancers. + + If empty, defaults will be applied. See specific openstack fields for + details about their defaults. + properties: + floatingIP: + description: |- + floatingIP specifies the IP address that the load balancer will use. + When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. + This value must be a valid IPv4 or IPv6 address. + type: string + x-kubernetes-validations: + - message: floatingIP must be a valid IPv4 or IPv6 + address + rule: isIP(self) + type: object type: - description: type is the underlying infrastructure provider - for the load balancer. Allowed values are "AWS", "Azure", - "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and - "VSphere". + description: |- + type is the underlying infrastructure provider for the load balancer. + Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + "OpenStack", and "VSphere". enum: - AWS - Azure @@ -592,9 +673,14 @@ spec: required: - type type: object + x-kubernetes-validations: + - message: openstack is not permitted when type is not OpenStack + rule: 'has(self.type) && self.type == ''OpenStack'' ? true + : !has(self.openstack)' scope: - description: scope indicates the scope at which the load balancer - is exposed. Possible values are "External" and "Internal". + description: |- + scope indicates the scope at which the load balancer is exposed. + Possible values are "External" and "Internal". enum: - Internal - External @@ -608,28 +694,41 @@ spec: rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)' + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' nodePort: - description: nodePort holds parameters for the NodePortService - endpoint publishing strategy. Present only if type is NodePortService. + description: |- + nodePort holds parameters for the NodePortService endpoint publishing strategy. + Present only if type is NodePortService. properties: protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. enum: - "" - TCP @@ -637,27 +736,36 @@ spec: type: string type: object private: - description: private holds parameters for the Private endpoint - publishing strategy. Present only if type is Private. + description: |- + private holds parameters for the Private endpoint publishing + strategy. Present only if type is Private. properties: protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. enum: - "" - TCP @@ -665,33 +773,53 @@ spec: type: string type: object type: - description: "type is the publishing strategy to use. Valid values - are: \n * LoadBalancerService \n Publishes the ingress controller - using a Kubernetes LoadBalancer Service. \n In this configuration, - the ingress controller deployment uses container networking. - A LoadBalancer Service is created to publish the deployment. - \n See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - \n If domain is set, a wildcard DNS record will be managed to - point at the LoadBalancer Service's external name. DNS records - are managed only in DNS zones defined by dns.config.openshift.io/cluster - .spec.publicZone and .spec.privateZone. \n Wildcard DNS management - is currently supported only on the AWS, Azure, and GCP platforms. - \n * HostNetwork \n Publishes the ingress controller on node - ports where the ingress controller is deployed. \n In this configuration, - the ingress controller deployment uses host networking, bound - to node ports 80 and 443. The user is responsible for configuring - an external load balancer to publish the ingress controller - via the node ports. \n * Private \n Does not publish the ingress - controller. \n In this configuration, the ingress controller - deployment uses container networking, and is not explicitly - published. The user must manually publish the ingress controller. - \n * NodePortService \n Publishes the ingress controller using - a Kubernetes NodePort Service. \n In this configuration, the - ingress controller deployment uses container networking. A NodePort - Service is created to publish the deployment. The specific node - ports are dynamically allocated by OpenShift; however, to support - static port allocations, user changes to the node port field - of the managed NodePort Service will preserved." + description: |- + type is the publishing strategy to use. Valid values are: + + * LoadBalancerService + + Publishes the ingress controller using a Kubernetes LoadBalancer Service. + + In this configuration, the ingress controller deployment uses container + networking. A LoadBalancer Service is created to publish the deployment. + + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + If domain is set, a wildcard DNS record will be managed to point at the + LoadBalancer Service's external name. DNS records are managed only in DNS + zones defined by dns.config.openshift.io/cluster .spec.publicZone and + .spec.privateZone. + + Wildcard DNS management is currently supported only on the AWS, Azure, + and GCP platforms. + + * HostNetwork + + Publishes the ingress controller on node ports where the ingress controller + is deployed. + + In this configuration, the ingress controller deployment uses host + networking, bound to node ports 80 and 443. The user is responsible for + configuring an external load balancer to publish the ingress controller via + the node ports. + + * Private + + Does not publish the ingress controller. + + In this configuration, the ingress controller deployment uses container + networking, and is not explicitly published. The user must manually publish + the ingress controller. + + * NodePortService + + Publishes the ingress controller using a Kubernetes NodePort Service. + + In this configuration, the ingress controller deployment uses container + networking. A NodePort Service is created to publish the deployment. The + specific node ports are dynamically allocated by OpenShift; however, to + support static port allocations, user changes to the node port + field of the managed NodePort Service will preserved. enum: - LoadBalancerService - HostNetwork @@ -702,39 +830,40 @@ spec: - type type: object httpCompression: - description: httpCompression defines a policy for HTTP traffic compression. + description: |- + httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression. properties: mimeTypes: - description: "mimeTypes is a list of MIME types that should have - compression applied. This list can be empty, in which case the - ingress controller does not apply compression. \n Note: Not - all MIME types benefit from compression, but HAProxy will still - use resources to try to compress if instructed to. Generally - speaking, text (html, css, js, etc.) formats benefit from compression, - but formats that are already compressed (image, audio, video, - etc.) benefit little in exchange for the time and cpu spent - on compressing again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2" + description: |- + mimeTypes is a list of MIME types that should have compression applied. + This list can be empty, in which case the ingress controller does not apply compression. + + Note: Not all MIME types benefit from compression, but HAProxy will still use resources + to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) + formats benefit from compression, but formats that are already compressed (image, + audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing + again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2 items: - description: "CompressionMIMEType defines the format of a single - MIME type. E.g. \"text/css; charset=utf-8\", \"text/html\", - \"text/*\", \"image/svg+xml\", \"application/octet-stream\", - \"X-custom/customsub\", etc. \n The format should follow the - Content-Type definition in RFC 1341: Content-Type := type - \"/\" subtype *[\";\" parameter] - The type in Content-Type - can be one of: application, audio, image, message, multipart, - text, video, or a custom type preceded by \"X-\" and followed - by a token as defined below. - The token is a string of at - least one character, and not containing white space, control - characters, or any of the characters in the tspecials set. - - The tspecials set contains the characters ()<>@,;:\\\"/[]?.= - - The subtype in Content-Type is also a token. - The optional - parameter/s following the subtype are defined as: token \"=\" - (token / quoted-string) - The quoted-string, as defined in - RFC 822, is surrounded by double quotes and can contain white - space plus any character EXCEPT \\, \", and CR. It can also - contain any single ASCII character as long as it is escaped - by \\." + description: |- + CompressionMIMEType defines the format of a single MIME type. + E.g. "text/css; charset=utf-8", "text/html", "text/*", "image/svg+xml", + "application/octet-stream", "X-custom/customsub", etc. + + The format should follow the Content-Type definition in RFC 1341: + Content-Type := type "/" subtype *[";" parameter] + - The type in Content-Type can be one of: + application, audio, image, message, multipart, text, video, or a custom + type preceded by "X-" and followed by a token as defined below. + - The token is a string of at least one character, and not containing white + space, control characters, or any of the characters in the tspecials set. + - The tspecials set contains the characters ()<>@,;:\"/[]?.= + - The subtype in Content-Type is also a token. + - The optional parameter/s following the subtype are defined as: + token "=" (token / quoted-string) + - The quoted-string, as defined in RFC 822, is surrounded by double quotes + and can contain white space plus any character EXCEPT \, ", and CR. + It can also contain any single ASCII character as long as it is escaped by \. pattern: ^(?i)(x-[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|application|audio|image|message|multipart|text|video)/[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+(; *[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+=([^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|"(\\[\x00-\x7F]|[^\x0D"\\])*"))*$ @@ -744,37 +873,39 @@ spec: type: object httpEmptyRequestsPolicy: default: Respond - description: "httpEmptyRequestsPolicy describes how HTTP connections - should be handled if the connection times out before a request is - received. Allowed values for this field are \"Respond\" and \"Ignore\". - \ If the field is set to \"Respond\", the ingress controller sends - an HTTP 400 or 408 response, logs the connection (if access logging - is enabled), and counts the connection in the appropriate metrics. - \ If the field is set to \"Ignore\", the ingress controller closes - the connection without sending a response, logging the connection, - or incrementing metrics. The default value is \"Respond\". \n Typically, - these connections come from load balancers' health probes or Web - browsers' speculative connections (\"preconnect\") and can be safely - ignored. However, these requests may also be caused by network - errors, and so setting this field to \"Ignore\" may impede detection - and diagnosis of problems. In addition, these requests may be caused - by port scans, in which case logging empty requests may aid in detecting - intrusion attempts." + description: |- + httpEmptyRequestsPolicy describes how HTTP connections should be + handled if the connection times out before a request is received. + Allowed values for this field are "Respond" and "Ignore". If the + field is set to "Respond", the ingress controller sends an HTTP 400 + or 408 response, logs the connection (if access logging is enabled), + and counts the connection in the appropriate metrics. If the field + is set to "Ignore", the ingress controller closes the connection + without sending a response, logging the connection, or incrementing + metrics. The default value is "Respond". + + Typically, these connections come from load balancers' health probes + or Web browsers' speculative connections ("preconnect") and can be + safely ignored. However, these requests may also be caused by + network errors, and so setting this field to "Ignore" may impede + detection and diagnosis of problems. In addition, these requests may + be caused by port scans, in which case logging empty requests may aid + in detecting intrusion attempts. enum: - Respond - Ignore type: string httpErrorCodePages: - description: httpErrorCodePages specifies a configmap with custom - error pages. The administrator must create this configmap in the - openshift-config namespace. This configmap should have keys in the - format "error-page-.http", where is an - HTTP error code. For example, "error-page-503.http" defines an error - page for HTTP 503 responses. Currently only error pages for 503 - and 404 responses can be customized. Each value in the configmap - should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http - If this field is empty, the ingress controller uses the default - error pages. + description: |- + httpErrorCodePages specifies a configmap with custom error pages. + The administrator must create this configmap in the openshift-config namespace. + This configmap should have keys in the format "error-page-.http", + where is an HTTP error code. + For example, "error-page-503.http" defines an error page for HTTP 503 responses. + Currently only error pages for 503 and 404 responses can be customized. + Each value in the configmap should be the full response, including HTTP headers. + Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http + If this field is empty, the ingress controller uses the default error pages. properties: name: description: name is the metadata.name of the referenced config @@ -784,52 +915,50 @@ spec: - name type: object httpHeaders: - description: "httpHeaders defines policy for HTTP headers. \n If this - field is empty, the default values are used." + description: |- + httpHeaders defines policy for HTTP headers. + + If this field is empty, the default values are used. properties: actions: - description: 'actions specifies options for modifying headers - and their values. Note that this option only applies to cleartext - HTTP connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). Headers cannot be modified for TLS - passthrough connections. Setting the HSTS (`Strict-Transport-Security`) - header is not supported via actions. `Strict-Transport-Security` - may only be configured using the "haproxy.router.openshift.io/hsts_header" - route annotation, and only in accordance with the policy specified - in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here - are applied after any actions related to the following other - fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, - spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. - In case of HTTP request headers, the actions specified in spec.httpHeaders.actions - on the Route will be executed after the actions specified in - the IngressController''s spec.httpHeaders.actions field. In - case of HTTP response headers, the actions specified in spec.httpHeaders.actions - on the IngressController will be executed after the actions - specified in the Route''s spec.httpHeaders.actions field. Headers - set using this API cannot be captured for use in access logs. - The following header names are reserved and may not be modified - via this API: Strict-Transport-Security, Proxy, Host, Cookie, - Set-Cookie. Note that the total size of all net added headers - *after* interpolating dynamic values must not exceed the value - of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. - Please refer to the documentation for that API field for more - details.' + description: |- + actions specifies options for modifying headers and their values. + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be modified for TLS passthrough + connections. + Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` + may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in + accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + Any actions defined here are applied after any actions related to the following other fields: + cache-control, spec.clientTLS, + spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + and spec.httpHeaders.headerNameCaseAdjustments. + In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + the actions specified in the IngressController's spec.httpHeaders.actions field. + In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + executed after the actions specified in the Route's spec.httpHeaders.actions field. + Headers set using this API cannot be captured for use in access logs. + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. Please refer to the documentation + for that API field for more details. properties: request: - description: 'request is a list of HTTP request headers to - modify. Actions defined here will modify the request headers - of all requests passing through an ingress controller. These - actions are applied to all Routes i.e. for all connections - handled by the ingress controller defined within a cluster. - IngressController actions for request headers will be executed - before Route actions. Currently, actions may define to either - `Set` or `Delete` headers values. Actions are applied in - sequence as defined in this list. A maximum of 20 request - header actions may be configured. Sample fetchers allowed - are "req.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[req.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]".' + description: |- + request is a list of HTTP request headers to modify. + Actions defined here will modify the request headers of all requests passing through an ingress controller. + These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + IngressController actions for request headers will be executed before Route actions. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions are applied in sequence as defined in this list. + A maximum of 20 request header actions may be configured. + Sample fetchers allowed are "req.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". items: description: IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. @@ -839,24 +968,20 @@ spec: headers, such as setting or deleting headers. properties: set: - description: set specifies how the HTTP header should - be set. This field is required when type is Set - and forbidden otherwise. + description: |- + set specifies how the HTTP header should be set. + This field is required when type is Set and forbidden otherwise. properties: value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and - may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. maxLength: 16384 minLength: 1 type: string @@ -864,11 +989,11 @@ spec: - value type: object type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. enum: - Set - Delete @@ -882,16 +1007,14 @@ spec: rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Host, Cookie, Set-Cookie. It must be no more - than 255 characters in length. Header name must be - unique.' + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. maxLength: 255 minLength: 1 pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ @@ -933,19 +1056,17 @@ spec: rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) response: - description: 'response is a list of HTTP response headers - to modify. Actions defined here will modify the response - headers of all requests passing through an ingress controller. - These actions are applied to all Routes i.e. for all connections - handled by the ingress controller defined within a cluster. - IngressController actions for response headers will be executed - after Route actions. Currently, actions may define to either - `Set` or `Delete` headers values. Actions are applied in - sequence as defined in this list. A maximum of 20 response - header actions may be configured. Sample fetchers allowed - are "res.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[res.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]".' + description: |- + response is a list of HTTP response headers to modify. + Actions defined here will modify the response headers of all requests passing through an ingress controller. + These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + IngressController actions for response headers will be executed after Route actions. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions are applied in sequence as defined in this list. + A maximum of 20 response header actions may be configured. + Sample fetchers allowed are "res.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". items: description: IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. @@ -955,24 +1076,20 @@ spec: headers, such as setting or deleting headers. properties: set: - description: set specifies how the HTTP header should - be set. This field is required when type is Set - and forbidden otherwise. + description: |- + set specifies how the HTTP header should be set. + This field is required when type is Set and forbidden otherwise. properties: value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and - may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. maxLength: 16384 minLength: 1 type: string @@ -980,11 +1097,11 @@ spec: - value type: object type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. enum: - Set - Delete @@ -998,16 +1115,14 @@ spec: rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Host, Cookie, Set-Cookie. It must be no more - than 255 characters in length. Header name must be - unique.' + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. maxLength: 255 minLength: 1 pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ @@ -1050,18 +1165,25 @@ spec: && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) type: object forwardedHeaderPolicy: - description: "forwardedHeaderPolicy specifies when and how the - IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, + description: |- + forwardedHeaderPolicy specifies when and how the IngressController + sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version - HTTP headers. The value may be one of the following: \n * \"Append\", - which specifies that the IngressController appends the headers, - preserving existing headers. \n * \"Replace\", which specifies - that the IngressController sets the headers, replacing any existing - Forwarded or X-Forwarded-* headers. \n * \"IfNone\", which specifies - that the IngressController sets the headers if they are not - already set. \n * \"Never\", which specifies that the IngressController - never sets the headers, preserving any existing headers. \n - By default, the policy is \"Append\"." + HTTP headers. The value may be one of the following: + + * "Append", which specifies that the IngressController appends the + headers, preserving existing headers. + + * "Replace", which specifies that the IngressController sets the + headers, replacing any existing Forwarded or X-Forwarded-* headers. + + * "IfNone", which specifies that the IngressController sets the + headers if they are not already set. + + * "Never", which specifies that the IngressController never sets the + headers, preserving any existing headers. + + By default, the policy is "Append". enum: - Append - Replace @@ -1069,23 +1191,27 @@ spec: - Never type: string headerNameCaseAdjustments: - description: "headerNameCaseAdjustments specifies case adjustments - that can be applied to HTTP header names. Each adjustment is - specified as an HTTP header name with the desired capitalization. - \ For example, specifying \"X-Forwarded-For\" indicates that - the \"x-forwarded-for\" HTTP header should be adjusted to have - the specified capitalization. \n These adjustments are only - applied to cleartext, edge-terminated, and re-encrypt routes, - and only when using HTTP/1. \n For request headers, these adjustments - are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true - annotation. For response headers, these adjustments are applied - to all HTTP responses. \n If this field is empty, no request - headers are adjusted." + description: |- + headerNameCaseAdjustments specifies case adjustments that can be + applied to HTTP header names. Each adjustment is specified as an + HTTP header name with the desired capitalization. For example, + specifying "X-Forwarded-For" indicates that the "x-forwarded-for" + HTTP header should be adjusted to have the specified capitalization. + + These adjustments are only applied to cleartext, edge-terminated, and + re-encrypt routes, and only when using HTTP/1. + + For request headers, these adjustments are applied only for routes + that have the haproxy.router.openshift.io/h1-adjust-case=true + annotation. For response headers, these adjustments are applied to + all HTTP responses. + + If this field is empty, no request headers are adjusted. items: - description: IngressControllerHTTPHeaderNameCaseAdjustment is - the name of an HTTP header (for example, "X-Forwarded-For") - in the desired capitalization. The value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. + description: |- + IngressControllerHTTPHeaderNameCaseAdjustment is the name of an HTTP header + (for example, "X-Forwarded-For") in the desired capitalization. The value + must be a valid HTTP header name as defined in RFC 2616 section 4.2. maxLength: 1024 minLength: 0 pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ @@ -1094,32 +1220,35 @@ spec: type: array x-kubernetes-list-type: atomic uniqueId: - description: "uniqueId describes configuration for a custom HTTP - header that the ingress controller should inject into incoming - HTTP requests. Typically, this header is configured to have - a value that is unique to the HTTP request. The header can - be used by applications or included in access logs to facilitate - tracing individual HTTP requests. \n If this field is empty, - no such header is injected into requests." + description: |- + uniqueId describes configuration for a custom HTTP header that the + ingress controller should inject into incoming HTTP requests. + Typically, this header is configured to have a value that is unique + to the HTTP request. The header can be used by applications or + included in access logs to facilitate tracing individual HTTP + requests. + + If this field is empty, no such header is injected into requests. properties: format: - description: 'format specifies the format for the injected - HTTP header''s value. This field has no effect unless name - is specified. For the HAProxy-based ingress controller - implementation, this format uses the same syntax as the - HTTP log format. If the field is empty, the default value - is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the corresponding - HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3' + description: |- + format specifies the format for the injected HTTP header's value. + This field has no effect unless name is specified. For the + HAProxy-based ingress controller implementation, this format uses the + same syntax as the HTTP log format. If the field is empty, the + default value is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the + corresponding HAProxy documentation: + http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 maxLength: 1024 minLength: 0 pattern: ^(%(%|(\{[-+]?[QXE](,[-+]?[QXE])*\})?([A-Za-z]+|\[[.0-9A-Z_a-z]+(\([^)]+\))?(,[.0-9A-Z_a-z]+(\([^)]+\))?)*\]))|[^%[:cntrl:]])*$ type: string name: - description: name specifies the name of the HTTP header (for - example, "unique-id") that the ingress controller should - inject into HTTP requests. The field's value must be a - valid HTTP header name as defined in RFC 2616 section 4.2. If - the field is empty, no header is injected. + description: |- + name specifies the name of the HTTP header (for example, "unique-id") + that the ingress controller should inject into HTTP requests. The + field's value must be a valid HTTP header name as defined in RFC 2616 + section 4.2. If the field is empty, no header is injected. maxLength: 1024 minLength: 0 pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ @@ -1127,35 +1256,42 @@ spec: type: object type: object logging: - description: logging defines parameters for what should be logged - where. If this field is empty, operational logs are enabled but - access logs are disabled. + description: |- + logging defines parameters for what should be logged where. If this + field is empty, operational logs are enabled but access logs are + disabled. properties: access: - description: "access describes how the client requests should - be logged. \n If this field is empty, access logging is disabled." + description: |- + access describes how the client requests should be logged. + + If this field is empty, access logging is disabled. properties: destination: description: destination is where access logs go. properties: container: - description: container holds parameters for the Container - logging destination. Present only if type is Container. + description: |- + container holds parameters for the Container logging destination. + Present only if type is Container. properties: maxLength: default: 1024 - description: "maxLength is the maximum length of the - log message. \n Valid values are integers in the - range 480 to 8192, inclusive. \n When omitted, the - default value is 1024." + description: |- + maxLength is the maximum length of the log message. + + Valid values are integers in the range 480 to 8192, inclusive. + + When omitted, the default value is 1024. format: int32 maximum: 8192 minimum: 480 type: integer type: object syslog: - description: syslog holds parameters for a syslog endpoint. Present - only if type is Syslog. + description: |- + syslog holds parameters for a syslog endpoint. Present only if + type is Syslog. oneOf: - properties: address: @@ -1165,13 +1301,15 @@ spec: format: ipv6 properties: address: - description: address is the IP address of the syslog - endpoint that receives log messages. + description: |- + address is the IP address of the syslog endpoint that receives log + messages. type: string facility: - description: "facility specifies the syslog facility - of log messages. \n If this field is empty, the - facility is \"local1\"." + description: |- + facility specifies the syslog facility of log messages. + + If this field is empty, the facility is "local1". enum: - kern - user @@ -1200,17 +1338,20 @@ spec: type: string maxLength: default: 1024 - description: "maxLength is the maximum length of the - log message. \n Valid values are integers in the - range 480 to 4096, inclusive. \n When omitted, the - default value is 1024." + description: |- + maxLength is the maximum length of the log message. + + Valid values are integers in the range 480 to 4096, inclusive. + + When omitted, the default value is 1024. format: int32 maximum: 4096 minimum: 480 type: integer port: - description: port is the UDP port number of the syslog - endpoint that receives log messages. + description: |- + port is the UDP port number of the syslog endpoint that receives log + messages. format: int32 maximum: 65535 minimum: 1 @@ -1220,21 +1361,26 @@ spec: - port type: object type: - description: "type is the type of destination for logs. - \ It must be one of the following: \n * Container \n - The ingress operator configures the sidecar container - named \"logs\" on the ingress controller pod and configures - the ingress controller to write logs to the sidecar. - \ The logs are then available as container logs. The - expectation is that the administrator configures a custom - logging solution that reads logs from this sidecar. - \ Note that using container logs means that logs may - be dropped if the rate of logs exceeds the container - runtime's or the custom logging solution's capacity. - \n * Syslog \n Logs are sent to a syslog endpoint. The - administrator must specify an endpoint that can receive - syslog messages. The expectation is that the administrator - has configured a custom syslog instance." + description: |- + type is the type of destination for logs. It must be one of the + following: + + * Container + + The ingress operator configures the sidecar container named "logs" on + the ingress controller pod and configures the ingress controller to + write logs to the sidecar. The logs are then available as container + logs. The expectation is that the administrator configures a custom + logging solution that reads logs from this sidecar. Note that using + container logs means that logs may be dropped if the rate of logs + exceeds the container runtime's or the custom logging solution's + capacity. + + * Syslog + + Logs are sent to a syslog endpoint. The administrator must specify + an endpoint that can receive syslog messages. The expectation is + that the administrator has configured a custom syslog instance. enum: - Container - Syslog @@ -1243,51 +1389,51 @@ spec: - type type: object httpCaptureCookies: - description: httpCaptureCookies specifies HTTP cookies that - should be captured in access logs. If this field is empty, - no cookies are captured. + description: |- + httpCaptureCookies specifies HTTP cookies that should be captured in + access logs. If this field is empty, no cookies are captured. items: - description: IngressControllerCaptureHTTPCookie describes - an HTTP cookie that should be captured. + description: |- + IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be + captured. properties: matchType: - description: matchType specifies the type of match to - be performed on the cookie name. Allowed values are - "Exact" for an exact string match and "Prefix" for - a string prefix match. If "Exact" is specified, a - name must be specified in the name field. If "Prefix" - is provided, a prefix must be specified in the namePrefix - field. For example, specifying matchType "Prefix" - and namePrefix "foo" will capture a cookie named "foo" - or "foobar" but not one named "bar". The first matching - cookie is captured. + description: |- + matchType specifies the type of match to be performed on the cookie + name. Allowed values are "Exact" for an exact string match and + "Prefix" for a string prefix match. If "Exact" is specified, a name + must be specified in the name field. If "Prefix" is provided, a + prefix must be specified in the namePrefix field. For example, + specifying matchType "Prefix" and namePrefix "foo" will capture a + cookie named "foo" or "foobar" but not one named "bar". The first + matching cookie is captured. enum: - Exact - Prefix type: string maxLength: - description: maxLength specifies a maximum length of - the string that will be logged, which includes the - cookie name, cookie value, and one-character delimiter. If - the log entry exceeds this length, the value will - be truncated in the log message. Note that the ingress - controller may impose a separate bound on the total - length of HTTP headers in a request. + description: |- + maxLength specifies a maximum length of the string that will be + logged, which includes the cookie name, cookie value, and + one-character delimiter. If the log entry exceeds this length, the + value will be truncated in the log message. Note that the ingress + controller may impose a separate bound on the total length of HTTP + headers in a request. maximum: 1024 minimum: 1 type: integer name: - description: name specifies a cookie name. Its value - must be a valid HTTP cookie name as defined in RFC - 6265 section 4.1. + description: |- + name specifies a cookie name. Its value must be a valid HTTP cookie + name as defined in RFC 6265 section 4.1. maxLength: 1024 minLength: 0 pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ type: string namePrefix: - description: namePrefix specifies a cookie name prefix. Its - value must be a valid HTTP cookie name as defined - in RFC 6265 section 4.1. + description: |- + namePrefix specifies a cookie name prefix. Its value must be a valid + HTTP cookie name as defined in RFC 6265 section 4.1. maxLength: 1024 minLength: 0 pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ @@ -1301,35 +1447,38 @@ spec: type: array x-kubernetes-list-type: atomic httpCaptureHeaders: - description: "httpCaptureHeaders defines HTTP headers that - should be captured in access logs. If this field is empty, - no headers are captured. \n Note that this option only applies - to cleartext HTTP connections and to secure HTTP connections - for which the ingress controller terminates encryption (that - is, edge-terminated or reencrypt connections). Headers - cannot be captured for TLS passthrough connections." + description: |- + httpCaptureHeaders defines HTTP headers that should be captured in + access logs. If this field is empty, no headers are captured. + + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be captured for TLS passthrough + connections. properties: request: - description: "request specifies which HTTP request headers - to capture. \n If this field is empty, no request headers - are captured." + description: |- + request specifies which HTTP request headers to capture. + + If this field is empty, no request headers are captured. items: - description: IngressControllerCaptureHTTPHeader describes - an HTTP header that should be captured. + description: |- + IngressControllerCaptureHTTPHeader describes an HTTP header that should be + captured. properties: maxLength: - description: maxLength specifies a maximum length - for the header value. If a header value exceeds - this length, the value will be truncated in the - log message. Note that the ingress controller - may impose a separate bound on the total length - of HTTP headers in a request. + description: |- + maxLength specifies a maximum length for the header value. If a + header value exceeds this length, the value will be truncated in the + log message. Note that the ingress controller may impose a separate + bound on the total length of HTTP headers in a request. minimum: 1 type: integer name: - description: name specifies a header name. Its - value must be a valid HTTP header name as defined - in RFC 2616 section 4.2. + description: |- + name specifies a header name. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ type: string required: @@ -1340,26 +1489,27 @@ spec: type: array x-kubernetes-list-type: atomic response: - description: "response specifies which HTTP response headers - to capture. \n If this field is empty, no response headers - are captured." + description: |- + response specifies which HTTP response headers to capture. + + If this field is empty, no response headers are captured. items: - description: IngressControllerCaptureHTTPHeader describes - an HTTP header that should be captured. + description: |- + IngressControllerCaptureHTTPHeader describes an HTTP header that should be + captured. properties: maxLength: - description: maxLength specifies a maximum length - for the header value. If a header value exceeds - this length, the value will be truncated in the - log message. Note that the ingress controller - may impose a separate bound on the total length - of HTTP headers in a request. + description: |- + maxLength specifies a maximum length for the header value. If a + header value exceeds this length, the value will be truncated in the + log message. Note that the ingress controller may impose a separate + bound on the total length of HTTP headers in a request. minimum: 1 type: integer name: - description: name specifies a header name. Its - value must be a valid HTTP header name as defined - in RFC 2616 section 4.2. + description: |- + name specifies a header name. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ type: string required: @@ -1371,30 +1521,34 @@ spec: x-kubernetes-list-type: atomic type: object httpLogFormat: - description: "httpLogFormat specifies the format of the log - message for an HTTP request. \n If this field is empty, - log messages use the implementation's default HTTP log format. - \ For HAProxy's default HTTP log format, see the HAProxy - documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 - \n Note that this format only applies to cleartext HTTP - connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). It does not affect the log format - for TLS passthrough connections." + description: |- + httpLogFormat specifies the format of the log message for an HTTP + request. + + If this field is empty, log messages use the implementation's default + HTTP log format. For HAProxy's default HTTP log format, see the + HAProxy documentation: + http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + + Note that this format only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). It does not affect the log format for TLS passthrough + connections. type: string logEmptyRequests: default: Log - description: logEmptyRequests specifies how connections on - which no request is received should be logged. Typically, - these empty requests come from load balancers' health probes - or Web browsers' speculative connections ("preconnect"), - in which case logging these requests may be undesirable. However, - these requests may also be caused by network errors, in - which case logging empty requests may be useful for diagnosing - the errors. In addition, these requests may be caused by - port scans, in which case logging empty requests may aid - in detecting intrusion attempts. Allowed values for this - field are "Log" and "Ignore". The default value is "Log". + description: |- + logEmptyRequests specifies how connections on which no request is + received should be logged. Typically, these empty requests come from + load balancers' health probes or Web browsers' speculative + connections ("preconnect"), in which case logging these requests may + be undesirable. However, these requests may also be caused by + network errors, in which case logging empty requests may be useful + for diagnosing the errors. In addition, these requests may be caused + by port scans, in which case logging empty requests may aid in + detecting intrusion attempts. Allowed values for this field are + "Log" and "Ignore". The default value is "Log". enum: - Log - Ignore @@ -1404,32 +1558,34 @@ spec: type: object type: object namespaceSelector: - description: "namespaceSelector is used to filter the set of namespaces - serviced by the ingress controller. This is useful for implementing - shards. \n If unset, the default is no filtering." + description: |- + namespaceSelector is used to filter the set of namespaces serviced by the + ingress controller. This is useful for implementing shards. + + If unset, the default is no filtering. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -1444,56 +1600,70 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic nodePlacement: - description: "nodePlacement enables explicit control over the scheduling - of the ingress controller. \n If unset, defaults are used. See NodePlacement - for more details." + description: |- + nodePlacement enables explicit control over the scheduling of the ingress + controller. + + If unset, defaults are used. See NodePlacement for more details. properties: nodeSelector: - description: "nodeSelector is the node selector applied to ingress - controller deployments. \n If set, the specified selector is - used and replaces the default. \n If unset, the default depends - on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses - status. \n When defaultPlacement is Workers, the default is: - \n kubernetes.io/os: linux node-role.kubernetes.io/worker: '' - \n When defaultPlacement is ControlPlane, the default is: \n - kubernetes.io/os: linux node-role.kubernetes.io/master: '' \n - These defaults are subject to change. \n Note that using nodeSelector.matchExpressions - is not supported. Only nodeSelector.matchLabels may be used. - \ This is a limitation of the Kubernetes API: the pod spec does - not allow complex expressions for node selectors." + description: |- + nodeSelector is the node selector applied to ingress controller + deployments. + + If set, the specified selector is used and replaces the default. + + If unset, the default depends on the value of the defaultPlacement + field in the cluster config.openshift.io/v1/ingresses status. + + When defaultPlacement is Workers, the default is: + + kubernetes.io/os: linux + node-role.kubernetes.io/worker: '' + + When defaultPlacement is ControlPlane, the default is: + + kubernetes.io/os: linux + node-role.kubernetes.io/master: '' + + These defaults are subject to change. + + Note that using nodeSelector.matchExpressions is not supported. Only + nodeSelector.matchLabels may be used. This is a limitation of the + Kubernetes API: the pod spec does not allow complex expressions for + node selectors. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1507,132 +1677,152 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic tolerations: - description: "tolerations is a list of tolerations applied to - ingress controller deployments. \n The default is an empty list. - \n See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/" + description: |- + tolerations is a list of tolerations applied to ingress controller + deployments. + + The default is an empty list. + + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array x-kubernetes-list-type: atomic type: object replicas: - description: "replicas is the desired number of ingress controller - replicas. If unset, the default depends on the value of the defaultPlacement - field in the cluster config.openshift.io/v1/ingresses status. \n - The value of replicas is set based on the value of a chosen field - in the Infrastructure CR. If defaultPlacement is set to ControlPlane, - the chosen field will be controlPlaneTopology. If it is set to Workers - the chosen field will be infrastructureTopology. Replicas will then - be set to 1 or 2 based whether the chosen field's value is SingleReplica - or HighlyAvailable, respectively. \n These defaults are subject - to change." + description: |- + replicas is the desired number of ingress controller replicas. If unset, + the default depends on the value of the defaultPlacement field in the + cluster config.openshift.io/v1/ingresses status. + + The value of replicas is set based on the value of a chosen field in the + Infrastructure CR. If defaultPlacement is set to ControlPlane, the + chosen field will be controlPlaneTopology. If it is set to Workers the + chosen field will be infrastructureTopology. Replicas will then be set to 1 + or 2 based whether the chosen field's value is SingleReplica or + HighlyAvailable, respectively. + + These defaults are subject to change. format: int32 type: integer routeAdmission: - description: "routeAdmission defines a policy for handling new route - claims (for example, to allow or deny claims across namespaces). - \n If empty, defaults will be applied. See specific routeAdmission - fields for details about their defaults." + description: |- + routeAdmission defines a policy for handling new route claims (for example, + to allow or deny claims across namespaces). + + If empty, defaults will be applied. See specific routeAdmission fields + for details about their defaults. properties: namespaceOwnership: - description: "namespaceOwnership describes how host name claims - across namespaces should be handled. \n Value must be one of: - \n - Strict: Do not allow routes in different namespaces to - claim the same host. \n - InterNamespaceAllowed: Allow routes - to claim different paths of the same host name across namespaces. - \n If empty, the default is Strict." + description: |- + namespaceOwnership describes how host name claims across namespaces should + be handled. + + Value must be one of: + + - Strict: Do not allow routes in different namespaces to claim the same host. + + - InterNamespaceAllowed: Allow routes to claim different paths of the same + host name across namespaces. + + If empty, the default is Strict. enum: - InterNamespaceAllowed - Strict type: string wildcardPolicy: - description: "wildcardPolicy describes how routes with wildcard - policies should be handled for the ingress controller. WildcardPolicy - controls use of routes [1] exposed by the ingress controller - based on the route's wildcard policy. \n [1] https://github.com/openshift/api/blob/master/route/v1/types.go - \n Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed - will cause admitted routes with a wildcard policy of Subdomain - to stop working. These routes must be updated to a wildcard - policy of None to be readmitted by the ingress controller. \n - WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed - values. \n If empty, defaults to \"WildcardsDisallowed\"." + description: |- + wildcardPolicy describes how routes with wildcard policies should + be handled for the ingress controller. WildcardPolicy controls use + of routes [1] exposed by the ingress controller based on the route's + wildcard policy. + + [1] https://github.com/openshift/api/blob/master/route/v1/types.go + + Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed + will cause admitted routes with a wildcard policy of Subdomain to stop + working. These routes must be updated to a wildcard policy of None to be + readmitted by the ingress controller. + + WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values. + + If empty, defaults to "WildcardsDisallowed". enum: - WildcardsAllowed - WildcardsDisallowed type: string type: object routeSelector: - description: "routeSelector is used to filter the set of Routes serviced - by the ingress controller. This is useful for implementing shards. - \n If unset, the default is no filtering." + description: |- + routeSelector is used to filter the set of Routes serviced by the ingress + controller. This is useful for implementing shards. + + If unset, the default is no filtering. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -1647,49 +1837,65 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections - for ingresscontrollers. \n If unset, the default is based on the - apiservers.config.openshift.io/cluster resource. \n Note that when - using the Old, Intermediate, and Modern profile types, the effective - profile configuration is subject to change between releases. For - example, given a specification to use the Intermediate profile deployed - on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new - profile configuration to be applied to the ingress controller, resulting - in a rollout." + description: |- + tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. + + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + + Note that when using the Old, Intermediate, and Modern profile types, the effective + profile configuration is subject to change between releases. For example, given + a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade + to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress + controller, resulting in a rollout. properties: custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - ECDHE-RSA-AES128-GCM-SHA256 \n - ECDHE-ECDSA-AES128-GCM-SHA256 - \n minTLSVersion: VersionTLS11" + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. An example custom profile + looks like this: + + ciphers: + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + minTLSVersion: VersionTLS11 nullable: true properties: ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators - may remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic minTLSVersion: - description: "minTLSVersion is used to specify the minimal - version of the TLS protocol that is negotiated during the - TLS handshake. For example, to use TLS versions 1.1, 1.2 - and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: - currently the highest minTLSVersion allowed is VersionTLS12" + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + + NOTE: currently the highest minTLSVersion allowed is VersionTLS12 enum: - VersionTLS10 - VersionTLS11 @@ -1698,52 +1904,144 @@ spec: type: string type: object intermediate: - description: "intermediate is a TLS security profile based on: - \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n - ECDHE-ECDSA-AES128-GCM-SHA256 \n - ECDHE-RSA-AES128-GCM-SHA256 - \n - ECDHE-ECDSA-AES256-GCM-SHA384 \n - ECDHE-RSA-AES256-GCM-SHA384 - \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - DHE-RSA-AES128-GCM-SHA256 \n - DHE-RSA-AES256-GCM-SHA384 - \n minTLSVersion: VersionTLS12" + description: |- + intermediate is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + - ECDHE-RSA-AES256-GCM-SHA384 + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - DHE-RSA-AES128-GCM-SHA256 + + - DHE-RSA-AES256-GCM-SHA384 + + minTLSVersion: VersionTLS12 nullable: true type: object modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n minTLSVersion: VersionTLS13" + description: |- + modern is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + minTLSVersion: VersionTLS13 nullable: true type: object old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n - ECDHE-ECDSA-AES128-GCM-SHA256 \n - ECDHE-RSA-AES128-GCM-SHA256 - \n - ECDHE-ECDSA-AES256-GCM-SHA384 \n - ECDHE-RSA-AES256-GCM-SHA384 - \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - DHE-RSA-AES128-GCM-SHA256 \n - DHE-RSA-AES256-GCM-SHA384 - \n - DHE-RSA-CHACHA20-POLY1305 \n - ECDHE-ECDSA-AES128-SHA256 - \n - ECDHE-RSA-AES128-SHA256 \n - ECDHE-ECDSA-AES128-SHA \n - - ECDHE-RSA-AES128-SHA \n - ECDHE-ECDSA-AES256-SHA384 \n - ECDHE-RSA-AES256-SHA384 - \n - ECDHE-ECDSA-AES256-SHA \n - ECDHE-RSA-AES256-SHA \n - DHE-RSA-AES128-SHA256 - \n - DHE-RSA-AES256-SHA256 \n - AES128-GCM-SHA256 \n - AES256-GCM-SHA384 - \n - AES128-SHA256 \n - AES256-SHA256 \n - AES128-SHA \n - AES256-SHA - \n - DES-CBC3-SHA \n minTLSVersion: VersionTLS10" + description: |- + old is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + - ECDHE-RSA-AES256-GCM-SHA384 + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - DHE-RSA-AES128-GCM-SHA256 + + - DHE-RSA-AES256-GCM-SHA384 + + - DHE-RSA-CHACHA20-POLY1305 + + - ECDHE-ECDSA-AES128-SHA256 + + - ECDHE-RSA-AES128-SHA256 + + - ECDHE-ECDSA-AES128-SHA + + - ECDHE-RSA-AES128-SHA + + - ECDHE-ECDSA-AES256-SHA384 + + - ECDHE-RSA-AES256-SHA384 + + - ECDHE-ECDSA-AES256-SHA + + - ECDHE-RSA-AES256-SHA + + - DHE-RSA-AES128-SHA256 + + - DHE-RSA-AES256-SHA256 + + - AES128-GCM-SHA256 + + - AES256-GCM-SHA384 + + - AES128-SHA256 + + - AES256-SHA256 + + - AES128-SHA + + - AES256-SHA + + - DES-CBC3-SHA + + minTLSVersion: VersionTLS10 nullable: true type: object type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found - to be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides + the ability to specify individual TLS security profile parameters. + Old, Intermediate and Modern are TLS security profiles based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + + The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers + are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be + reduced. + + Note that the Modern profile is currently not supported because it is not + yet well adopted by common software libraries. enum: - Old - Intermediate @@ -1763,197 +2061,238 @@ spec: format: int32 maximum: 2000000 minimum: 2000 - description: "tuningOptions defines parameters for adjusting the performance - of ingress controller pods. All fields are optional and will use - their respective defaults if not set. See specific tuningOptions - fields for more details. \n Setting fields within tuningOptions - is generally not recommended. The default values are suitable for - most configurations." + description: |- + tuningOptions defines parameters for adjusting the performance of + ingress controller pods. All fields are optional and will use their + respective defaults if not set. See specific tuningOptions fields for + more details. + + Setting fields within tuningOptions is generally not recommended. The + default values are suitable for most configurations. properties: clientFinTimeout: - description: "clientFinTimeout defines how long a connection will - be held open while waiting for the client response to the server/backend - closing the connection. \n If unset, the default timeout is - 1s" + description: |- + clientFinTimeout defines how long a connection will be held open while + waiting for the client response to the server/backend closing the + connection. + + If unset, the default timeout is 1s format: duration type: string clientTimeout: - description: "clientTimeout defines how long a connection will - be held open while waiting for a client response. \n If unset, - the default timeout is 30s" + description: |- + clientTimeout defines how long a connection will be held open while + waiting for a client response. + + If unset, the default timeout is 30s format: duration type: string connectTimeout: - description: "ConnectTimeout defines the maximum time to wait - for a connection attempt to a server/backend to succeed. \n - This field expects an unsigned duration string of decimal numbers, - each with optional fraction and a unit suffix, e.g. \"300ms\", - \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or - \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\". - \n When omitted, this means the user has no opinion and the - platform is left to choose a reasonable default. This default - is subject to change over time. The current default is 5s." + description: |- + ConnectTimeout defines the maximum time to wait for + a connection attempt to a server/backend to succeed. + + This field expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + When omitted, this means the user has no opinion and the platform is left + to choose a reasonable default. This default is subject to change over time. + The current default is 5s. pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ type: string headerBufferBytes: - description: "headerBufferBytes describes how much memory should - be reserved (in bytes) for IngressController connection sessions. - Note that this value must be at least 16384 if HTTP/2 is enabled - for the IngressController (https://tools.ietf.org/html/rfc7540). - If this field is empty, the IngressController will use a default - value of 32768 bytes. \n Setting this field is generally not - recommended as headerBufferBytes values that are too small may - break the IngressController and headerBufferBytes values that - are too large could cause the IngressController to use significantly - more memory than necessary." + description: |- + headerBufferBytes describes how much memory should be reserved + (in bytes) for IngressController connection sessions. + Note that this value must be at least 16384 if HTTP/2 is + enabled for the IngressController (https://tools.ietf.org/html/rfc7540). + If this field is empty, the IngressController will use a default value + of 32768 bytes. + + Setting this field is generally not recommended as headerBufferBytes + values that are too small may break the IngressController and + headerBufferBytes values that are too large could cause the + IngressController to use significantly more memory than necessary. format: int32 minimum: 16384 type: integer headerBufferMaxRewriteBytes: - description: "headerBufferMaxRewriteBytes describes how much memory - should be reserved (in bytes) from headerBufferBytes for HTTP - header rewriting and appending for IngressController connection - sessions. Note that incoming HTTP requests will be limited to + description: |- + headerBufferMaxRewriteBytes describes how much memory should be reserved + (in bytes) from headerBufferBytes for HTTP header rewriting + and appending for IngressController connection sessions. + Note that incoming HTTP requests will be limited to (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning headerBufferBytes must be greater than headerBufferMaxRewriteBytes. - If this field is empty, the IngressController will use a default - value of 8192 bytes. \n Setting this field is generally not - recommended as headerBufferMaxRewriteBytes values that are too - small may break the IngressController and headerBufferMaxRewriteBytes - values that are too large could cause the IngressController - to use significantly more memory than necessary." + If this field is empty, the IngressController will use a default value + of 8192 bytes. + + Setting this field is generally not recommended as + headerBufferMaxRewriteBytes values that are too small may break the + IngressController and headerBufferMaxRewriteBytes values that are too + large could cause the IngressController to use significantly more memory + than necessary. format: int32 minimum: 4096 type: integer healthCheckInterval: - description: "healthCheckInterval defines how long the router - waits between two consecutive health checks on its configured - backends. This value is applied globally as a default for all - routes, but may be overridden per-route by the route annotation - \"router.openshift.io/haproxy.health.check.interval\". \n Expects - an unsigned duration string of decimal numbers, each with optional - fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". - Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" - U+03BC), \"ms\", \"s\", \"m\", \"h\". \n Setting this to less - than 5s can cause excess traffic due to too frequent TCP health - checks and accompanying SYN packet storms. Alternatively, setting - this too high can result in increased latency, due to backend - servers that are no longer available, but haven't yet been detected - as such. \n An empty or zero healthCheckInterval means no opinion - and IngressController chooses a default, which is subject to - change over time. Currently the default healthCheckInterval - value is 5s. \n Currently the minimum allowed value is 1s and - the maximum allowed value is 2147483647ms (24.85 days). Both - are subject to change over time." + description: |- + healthCheckInterval defines how long the router waits between two consecutive + health checks on its configured backends. This value is applied globally as + a default for all routes, but may be overridden per-route by the route annotation + "router.openshift.io/haproxy.health.check.interval". + + Expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + Setting this to less than 5s can cause excess traffic due to too frequent + TCP health checks and accompanying SYN packet storms. Alternatively, setting + this too high can result in increased latency, due to backend servers that are no + longer available, but haven't yet been detected as such. + + An empty or zero healthCheckInterval means no opinion and IngressController chooses + a default, which is subject to change over time. + Currently the default healthCheckInterval value is 5s. + + Currently the minimum allowed value is 1s and the maximum allowed value is + 2147483647ms (24.85 days). Both are subject to change over time. pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ type: string maxConnections: - description: "maxConnections defines the maximum number of simultaneous - connections that can be established per HAProxy process. Increasing - this value allows each ingress controller pod to handle more - connections but at the cost of additional system resources being - consumed. \n Permitted values are: empty, 0, -1, and the range - 2000-2000000. \n If this field is empty or 0, the IngressController - will use the default value of 50000, but the default is subject - to change in future releases. \n If the value is -1 then HAProxy - will dynamically compute a maximum value based on the available - ulimits in the running container. Selecting -1 (i.e., auto) - will result in a large value being computed (~520000 on OpenShift - >=4.10 clusters) and therefore each HAProxy process will incur - significant memory usage compared to the current default of - 50000. \n Setting a value that is greater than the current operating - system limit will prevent the HAProxy process from starting. - \n If you choose a discrete value (e.g., 750000) and the router - pod is migrated to a new node, there's no guarantee that that - new node has identical ulimits configured. In such a scenario - the pod would fail to start. If you have nodes with different - ulimits configured (e.g., different tuned profiles) and you - choose a discrete value then the guidance is to use -1 and let - the value be computed dynamically at runtime. \n You can monitor - memory usage for router containers with the following metric: - 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'. - \n You can monitor memory usage of individual HAProxy processes - in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'." + description: |- + maxConnections defines the maximum number of simultaneous + connections that can be established per HAProxy process. + Increasing this value allows each ingress controller pod to + handle more connections but at the cost of additional + system resources being consumed. + + Permitted values are: empty, 0, -1, and the range + 2000-2000000. + + If this field is empty or 0, the IngressController will use + the default value of 50000, but the default is subject to + change in future releases. + + If the value is -1 then HAProxy will dynamically compute a + maximum value based on the available ulimits in the running + container. Selecting -1 (i.e., auto) will result in a large + value being computed (~520000 on OpenShift >=4.10 clusters) + and therefore each HAProxy process will incur significant + memory usage compared to the current default of 50000. + + Setting a value that is greater than the current operating + system limit will prevent the HAProxy process from + starting. + + If you choose a discrete value (e.g., 750000) and the + router pod is migrated to a new node, there's no guarantee + that that new node has identical ulimits configured. In + such a scenario the pod would fail to start. If you have + nodes with different ulimits configured (e.g., different + tuned profiles) and you choose a discrete value then the + guidance is to use -1 and let the value be computed + dynamically at runtime. + + You can monitor memory usage for router containers with the + following metric: + 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}'. + + You can monitor memory usage of individual HAProxy + processes in router containers with the following metric: + 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. format: int32 type: integer reloadInterval: - description: "reloadInterval defines the minimum interval at which - the router is allowed to reload to accept new changes. Increasing - this value can prevent the accumulation of HAProxy processes, - depending on the scenario. Increasing this interval can also - lessen load imbalance on a backend's servers when using the - roundrobin balancing algorithm. Alternatively, decreasing this - value may decrease latency since updates to HAProxy's configuration - can take effect more quickly. \n The value must be a time duration - value; see . Currently, - the minimum value allowed is 1s, and the maximum allowed value - is 120s. Minimum and maximum allowed values may change in future - versions of OpenShift. Note that if a duration outside of these - bounds is provided, the value of reloadInterval will be capped/floored - and not rejected (e.g. a duration of over 120s will be capped - to 120s; the IngressController will not reject and replace this - disallowed value with the default). \n A zero value for reloadInterval - tells the IngressController to choose the default, which is - currently 5s and subject to change without notice. \n This field - expects an unsigned duration string of decimal numbers, each - with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" - or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" - U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\". \n Note: - Setting a value significantly larger than the default of 5s - can cause latency in observing updates to routes and their endpoints. - HAProxy's configuration will be reloaded less frequently, and - newly created routes will not be served until the subsequent - reload." + description: |- + reloadInterval defines the minimum interval at which the router is allowed to reload + to accept new changes. Increasing this value can prevent the accumulation of + HAProxy processes, depending on the scenario. Increasing this interval can + also lessen load imbalance on a backend's servers when using the roundrobin + balancing algorithm. Alternatively, decreasing this value may decrease latency + since updates to HAProxy's configuration can take effect more quickly. + + The value must be a time duration value; see . + Currently, the minimum value allowed is 1s, and the maximum allowed value is + 120s. Minimum and maximum allowed values may change in future versions of OpenShift. + Note that if a duration outside of these bounds is provided, the value of reloadInterval + will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to + 120s; the IngressController will not reject and replace this disallowed value with + the default). + + A zero value for reloadInterval tells the IngressController to choose the default, + which is currently 5s and subject to change without notice. + + This field expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + Note: Setting a value significantly larger than the default of 5s can cause latency + in observing updates to routes and their endpoints. HAProxy's configuration will + be reloaded less frequently, and newly created routes will not be served until the + subsequent reload. pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ type: string serverFinTimeout: - description: "serverFinTimeout defines how long a connection will - be held open while waiting for the server/backend response to - the client closing the connection. \n If unset, the default - timeout is 1s" + description: |- + serverFinTimeout defines how long a connection will be held open while + waiting for the server/backend response to the client closing the + connection. + + If unset, the default timeout is 1s format: duration type: string serverTimeout: - description: "serverTimeout defines how long a connection will - be held open while waiting for a server/backend response. \n - If unset, the default timeout is 30s" + description: |- + serverTimeout defines how long a connection will be held open while + waiting for a server/backend response. + + If unset, the default timeout is 30s format: duration type: string threadCount: - description: "threadCount defines the number of threads created - per HAProxy process. Creating more threads allows each ingress - controller pod to handle more connections, at the cost of more - system resources being used. HAProxy currently supports up to - 64 threads. If this field is empty, the IngressController will - use the default value. The current default is 4 threads, but - this may change in future releases. \n Setting this field is - generally not recommended. Increasing the number of HAProxy - threads allows ingress controller pods to utilize more CPU time - under load, potentially starving other pods if set too high. - Reducing the number of threads may cause the ingress controller - to perform poorly." + description: |- + threadCount defines the number of threads created per HAProxy process. + Creating more threads allows each ingress controller pod to handle more + connections, at the cost of more system resources being used. HAProxy + currently supports up to 64 threads. If this field is empty, the + IngressController will use the default value. The current default is 4 + threads, but this may change in future releases. + + Setting this field is generally not recommended. Increasing the number + of HAProxy threads allows ingress controller pods to utilize more CPU + time under load, potentially starving other pods if set too high. + Reducing the number of threads may cause the ingress controller to + perform poorly. format: int32 maximum: 64 minimum: 1 type: integer tlsInspectDelay: - description: "tlsInspectDelay defines how long the router can - hold data to find a matching route. \n Setting this too short - can cause the router to fall back to the default certificate - for edge-terminated or reencrypt routes even when a better matching - certificate could be used. \n If unset, the default inspect - delay is 5s" + description: |- + tlsInspectDelay defines how long the router can hold data to find a + matching route. + + Setting this too short can cause the router to fall back to the default + certificate for edge-terminated or reencrypt routes even when a better + matching certificate could be used. + + If unset, the default inspect delay is 5s format: duration type: string tunnelTimeout: - description: "tunnelTimeout defines how long a tunnel connection - (including websockets) will be held open while the tunnel is - idle. \n If unset, the default timeout is 1h" + description: |- + tunnelTimeout defines how long a tunnel connection (including + websockets) will be held open while the tunnel is idle. + + If unset, the default timeout is 1h format: duration type: string type: object unsupportedConfigOverrides: - description: unsupportedConfigOverrides allows specifying unsupported + description: |- + unsupportedConfigOverrides allows specifying unsupported configuration options. Its use is unsupported. nullable: true type: object @@ -1963,33 +2302,52 @@ spec: description: status is the most recently observed status of the IngressController. properties: availableReplicas: - description: availableReplicas is number of observed available replicas - according to the ingress controller deployment. + description: |- + availableReplicas is number of observed available replicas according to the + ingress controller deployment. format: int32 type: integer conditions: - description: "conditions is a list of conditions and their status. - \n Available means the ingress controller deployment is available - and servicing route and ingress resources (i.e, .status.availableReplicas - equals .spec.replicas) \n There are additional conditions which - indicate the status of other ingress controller features and capabilities. - \n * LoadBalancerManaged - True if the following conditions are - met: * The endpoint publishing strategy requires a service load - balancer. - False if any of those conditions are unsatisfied. \n - * LoadBalancerReady - True if the following conditions are met: - * A load balancer is managed. * The load balancer is ready. - False - if any of those conditions are unsatisfied. \n * DNSManaged - True - if the following conditions are met: * The endpoint publishing strategy - and platform support DNS. * The ingress controller domain is set. - * dns.config.openshift.io/cluster configures DNS zones. - False - if any of those conditions are unsatisfied. \n * DNSReady - True - if the following conditions are met: * DNS is managed. * DNS records - have been successfully created. - False if any of those conditions - are unsatisfied." + description: |- + conditions is a list of conditions and their status. + + Available means the ingress controller deployment is available and + servicing route and ingress resources (i.e, .status.availableReplicas + equals .spec.replicas) + + There are additional conditions which indicate the status of other + ingress controller features and capabilities. + + * LoadBalancerManaged + - True if the following conditions are met: + * The endpoint publishing strategy requires a service load balancer. + - False if any of those conditions are unsatisfied. + + * LoadBalancerReady + - True if the following conditions are met: + * A load balancer is managed. + * The load balancer is ready. + - False if any of those conditions are unsatisfied. + + * DNSManaged + - True if the following conditions are met: + * The endpoint publishing strategy and platform support DNS. + * The ingress controller domain is set. + * dns.config.openshift.io/cluster configures DNS zones. + - False if any of those conditions are unsatisfied. + + * DNSReady + - True if the following conditions are met: + * DNS is managed. + * DNS records have been successfully created. + - False if any of those conditions are unsatisfied. items: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -1997,10 +2355,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -2015,49 +2383,58 @@ spec: use. properties: hostNetwork: - description: hostNetwork holds parameters for the HostNetwork - endpoint publishing strategy. Present only if type is HostNetwork. + description: |- + hostNetwork holds parameters for the HostNetwork endpoint publishing + strategy. Present only if type is HostNetwork. properties: httpPort: default: 80 - description: httpPort is the port on the host which should - be used to listen for HTTP requests. This field should be - set when port 80 is already in use. The value should not - coincide with the NodePort range of the cluster. When the - value is 0 or is not specified it defaults to 80. + description: |- + httpPort is the port on the host which should be used to listen for + HTTP requests. This field should be set when port 80 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 80. format: int32 maximum: 65535 minimum: 0 type: integer httpsPort: default: 443 - description: httpsPort is the port on the host which should - be used to listen for HTTPS requests. This field should - be set when port 443 is already in use. The value should - not coincide with the NodePort range of the cluster. When - the value is 0 or is not specified it defaults to 443. + description: |- + httpsPort is the port on the host which should be used to listen for + HTTPS requests. This field should be set when port 443 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 443. format: int32 maximum: 65535 minimum: 0 type: integer protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. enum: - "" - TCP @@ -2065,49 +2442,49 @@ spec: type: string statsPort: default: 1936 - description: statsPort is the port on the host where the stats - from the router are published. The value should not coincide - with the NodePort range of the cluster. If an external load - balancer is configured to forward connections to this IngressController, - the load balancer should use this port for health checks. - The load balancer can send HTTP probes on this port on a - given node, with the path /healthz/ready to determine if - the ingress controller is ready to receive traffic on the - node. For proper operation the load balancer must not forward - traffic to a node until the health check reports ready. - The load balancer should also stop forwarding requests within - a maximum of 45 seconds after /healthz/ready starts reporting - not-ready. Probing every 5 to 10 seconds, with a 5-second - timeout and with a threshold of two successful or failed - requests to become healthy or unhealthy respectively, are - well-tested values. When the value is 0 or is not specified - it defaults to 1936. + description: |- + statsPort is the port on the host where the stats from the router are + published. The value should not coincide with the NodePort range of the + cluster. If an external load balancer is configured to forward connections + to this IngressController, the load balancer should use this port for + health checks. The load balancer can send HTTP probes on this port on a + given node, with the path /healthz/ready to determine if the ingress + controller is ready to receive traffic on the node. For proper operation + the load balancer must not forward traffic to a node until the health + check reports ready. The load balancer should also stop forwarding requests + within a maximum of 45 seconds after /healthz/ready starts reporting + not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + a threshold of two successful or failed requests to become healthy or + unhealthy respectively, are well-tested values. When the value is 0 or + is not specified it defaults to 1936. format: int32 maximum: 65535 minimum: 0 type: integer type: object loadBalancer: - description: loadBalancer holds parameters for the load balancer. - Present only if type is LoadBalancerService. + description: |- + loadBalancer holds parameters for the load balancer. Present only if + type is LoadBalancerService. properties: allowedSourceRanges: - description: "allowedSourceRanges specifies an allowlist of - IP address ranges to which access to the load balancer should - be restricted. Each range must be specified using CIDR - notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range - is specified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 - are used by default, which allows all source addresses. - \n To facilitate migration from earlier versions of OpenShift - that did not have the allowedSourceRanges field, you may - set the service.beta.kubernetes.io/load-balancer-source-ranges - annotation on the \"router-\" service - in the \"openshift-ingress\" namespace, and this annotation - will take effect if allowedSourceRanges is empty on OpenShift - 4.12." + description: |- + allowedSourceRanges specifies an allowlist of IP address ranges to which + access to the load balancer should be restricted. Each range must be + specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + which allows all source addresses. + + To facilitate migration from earlier versions of OpenShift that did + not have the allowedSourceRanges field, you may set the + service.beta.kubernetes.io/load-balancer-source-ranges annotation on + the "router-" service in the + "openshift-ingress" namespace, and this annotation will take + effect if allowedSourceRanges is empty on OpenShift 4.12. items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). + description: |- + CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" + or "fd00::/8"). pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) type: string nullable: true @@ -2115,66 +2492,69 @@ spec: x-kubernetes-list-type: atomic dnsManagementPolicy: default: Managed - description: 'dnsManagementPolicy indicates if the lifecycle - of the wildcard DNS record associated with the load balancer - service will be managed by the ingress operator. It defaults - to Managed. Valid values are: Managed and Unmanaged.' + description: |- + dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + associated with the load balancer service will be managed by + the ingress operator. It defaults to Managed. + Valid values are: Managed and Unmanaged. enum: - Managed - Unmanaged type: string providerParameters: - description: "providerParameters holds desired load balancer - information specific to the underlying infrastructure provider. - \n If empty, defaults will be applied. See specific providerParameters - fields for details about their defaults." + description: |- + providerParameters holds desired load balancer information specific to + the underlying infrastructure provider. + + If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults. properties: aws: - description: "aws provides configuration settings that - are specific to AWS load balancers. \n If empty, defaults - will be applied. See specific aws fields for details - about their defaults." + description: |- + aws provides configuration settings that are specific to AWS + load balancers. + + If empty, defaults will be applied. See specific aws fields for + details about their defaults. properties: classicLoadBalancer: - description: classicLoadBalancerParameters holds configuration - parameters for an AWS classic load balancer. Present - only if type is Classic. + description: |- + classicLoadBalancerParameters holds configuration parameters for an AWS + classic load balancer. Present only if type is Classic. properties: connectionIdleTimeout: - description: connectionIdleTimeout specifies the - maximum time period that a connection may be - idle before the load balancer closes the connection. The - value must be parseable as a time duration value; - see . A - nil or zero value means no opinion, in which - case a default value is used. The default value - for this field is 60s. This default is subject - to change. + description: |- + connectionIdleTimeout specifies the maximum time period that a + connection may be idle before the load balancer closes the + connection. The value must be parseable as a time duration value; + see . A nil or zero value + means no opinion, in which case a default value is used. The default + value for this field is 60s. This default is subject to change. format: duration type: string subnets: - description: "subnets specifies the subnets to - which the load balancer will attach. The subnets - may be specified by either their ID or name. - The total number of subnets is limited to 10. - \n In order for the load balancer to be provisioned - with subnets, each subnet must exist, each subnet - must be from a different availability zone, - and the load balancer service must be recreated - to pick up new values. \n When omitted from - the spec, the subnets will be auto-discovered - for each availability zone. Auto-discovered - subnets are not reported in the status of the - IngressController object." + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. properties: ids: - description: ids specifies a list of AWS subnets - by subnet ID. Subnet IDs must start with - "subnet-", consist only of alphanumeric - characters, must be exactly 24 characters - long, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. items: description: AWSSubnetID is a reference to an AWS subnet ID. @@ -2190,13 +2570,12 @@ spec: rule: self.all(x, self.exists_one(y, x == y)) names: - description: names specifies a list of AWS - subnets by subnet name. Subnet names must - not start with "subnet-", must not include - commas, must be under 256 characters in - length, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. items: description: AWSSubnetName is a reference to an AWS subnet name. @@ -2229,31 +2608,28 @@ spec: has(self.names) && self.names.size() > 0 type: object networkLoadBalancer: - description: networkLoadBalancerParameters holds configuration - parameters for an AWS network load balancer. Present - only if type is NLB. + description: |- + networkLoadBalancerParameters holds configuration parameters for an AWS + network load balancer. Present only if type is NLB. properties: eipAllocations: - description: "eipAllocations is a list of IDs - for Elastic IP (EIP) addresses that are assigned - to the Network Load Balancer. The following - restrictions apply: \n eipAllocations can only - be used with external scope, not internal. An - EIP can be allocated to only a single IngressController. - The number of EIP allocations must match the - number of subnets that are used for the load - balancer. Each EIP allocation must be unique. + description: |- + eipAllocations is a list of IDs for Elastic IP (EIP) addresses that + are assigned to the Network Load Balancer. + The following restrictions apply: + + eipAllocations can only be used with external scope, not internal. + An EIP can be allocated to only a single IngressController. + The number of EIP allocations must match the number of subnets that are used for the load balancer. + Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted. - \n See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html - for general information about configuration, - characteristics, and limitations of Elastic - IP addresses." + + See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general + information about configuration, characteristics, and limitations of Elastic IP addresses. items: - description: EIPAllocation is an ID for an Elastic - IP (EIP) address that can be allocated to - an ELB in the AWS environment. Values must - begin with `eipalloc-` followed by exactly - 17 hexadecimal (`[0-9a-fA-F]`) characters. + description: |- + EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment. + Values must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters. maxLength: 26 minLength: 26 type: string @@ -2272,28 +2648,28 @@ spec: - message: eipAllocations cannot contain duplicates rule: self.all(x, self.exists_one(y, x == y)) subnets: - description: "subnets specifies the subnets to - which the load balancer will attach. The subnets - may be specified by either their ID or name. - The total number of subnets is limited to 10. - \n In order for the load balancer to be provisioned - with subnets, each subnet must exist, each subnet - must be from a different availability zone, - and the load balancer service must be recreated - to pick up new values. \n When omitted from - the spec, the subnets will be auto-discovered - for each availability zone. Auto-discovered - subnets are not reported in the status of the - IngressController object." + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. properties: ids: - description: ids specifies a list of AWS subnets - by subnet ID. Subnet IDs must start with - "subnet-", consist only of alphanumeric - characters, must be exactly 24 characters - long, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. items: description: AWSSubnetID is a reference to an AWS subnet ID. @@ -2309,13 +2685,12 @@ spec: rule: self.all(x, self.exists_one(y, x == y)) names: - description: names specifies a list of AWS - subnets by subnet name. Subnet names must - not start with "subnet-", must not include - commas, must be under 256 characters in - length, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. items: description: AWSSubnetName is a reference to an AWS subnet name. @@ -2367,15 +2742,21 @@ spec: ? size(self.subnets.names) == size(self.eipAllocations) : true' type: - description: "type is the type of AWS load balancer - to instantiate for an ingresscontroller. \n Valid - values are: \n * \"Classic\": A Classic Load Balancer - that makes routing decisions at either the transport - layer (TCP/SSL) or the application layer (HTTP/HTTPS). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - \n * \"NLB\": A Network Load Balancer that makes - routing decisions at the transport layer (TCP/SSL). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" + description: |- + type is the type of AWS load balancer to instantiate for an ingresscontroller. + + Valid values are: + + * "Classic": A Classic Load Balancer that makes routing decisions at either + the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + + * "NLB": A Network Load Balancer that makes routing decisions at the + transport layer (TCP/SSL). See the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb enum: - Classic - NLB @@ -2384,67 +2765,99 @@ spec: - type type: object gcp: - description: "gcp provides configuration settings that - are specific to GCP load balancers. \n If empty, defaults - will be applied. See specific gcp fields for details - about their defaults." + description: |- + gcp provides configuration settings that are specific to GCP + load balancers. + + If empty, defaults will be applied. See specific gcp fields for + details about their defaults. properties: clientAccess: - description: "clientAccess describes how client access - is restricted for internal load balancers. \n Valid - values are: * \"Global\": Specifying an internal - load balancer with Global client access allows clients - from any region within the VPC to communicate with - the load balancer. \n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access - \n * \"Local\": Specifying an internal load balancer - with Local client access means only clients within - the same region (and VPC) as the GCP load balancer - can communicate with the load balancer. Note that - this is the default behavior. \n https://cloud.google.com/load-balancing/docs/internal#client_access" + description: |- + clientAccess describes how client access is restricted for internal + load balancers. + + Valid values are: + * "Global": Specifying an internal load balancer with Global client access + allows clients from any region within the VPC to communicate with the load + balancer. + + https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + + * "Local": Specifying an internal load balancer with Local client access + means only clients within the same region (and VPC) as the GCP load balancer + can communicate with the load balancer. Note that this is the default behavior. + + https://cloud.google.com/load-balancing/docs/internal#client_access enum: - Global - Local type: string type: object ibm: - description: "ibm provides configuration settings that - are specific to IBM Cloud load balancers. \n If empty, - defaults will be applied. See specific ibm fields for - details about their defaults." + description: |- + ibm provides configuration settings that are specific to IBM Cloud + load balancers. + + If empty, defaults will be applied. See specific ibm fields for + details about their defaults. properties: protocol: - description: "protocol specifies whether the load - balancer uses PROXY protocol to forward connections - to the IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: - \"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\" - \n PROXY protocol can be used with load balancers - that support it to communicate the source addresses - of client connections when forwarding those connections - to the IngressController. Using PROXY protocol - enables the IngressController to report those source - addresses instead of reporting the load balancer's - address in HTTP headers and logs. Note that enabling - PROXY protocol on the IngressController will cause - connections to fail if you are not using a load - balancer that uses PROXY protocol to forward connections - to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n Valid values - for protocol are TCP, PROXY and omitted. When omitted, - this means no opinion and the platform is left to - choose a reasonable default, which is subject to - change over time. The current default is TCP, without - the proxy protocol enabled." + description: |- + protocol specifies whether the load balancer uses PROXY protocol to forward connections to + the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + Valid values for protocol are TCP, PROXY and omitted. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is TCP, without the proxy protocol enabled. enum: - "" - TCP - PROXY type: string type: object + openstack: + description: |- + openstack provides configuration settings that are specific to OpenStack + load balancers. + + If empty, defaults will be applied. See specific openstack fields for + details about their defaults. + properties: + floatingIP: + description: |- + floatingIP specifies the IP address that the load balancer will use. + When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. + This value must be a valid IPv4 or IPv6 address. + type: string + x-kubernetes-validations: + - message: floatingIP must be a valid IPv4 or IPv6 + address + rule: isIP(self) + type: object type: - description: type is the underlying infrastructure provider - for the load balancer. Allowed values are "AWS", "Azure", - "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and - "VSphere". + description: |- + type is the underlying infrastructure provider for the load balancer. + Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + "OpenStack", and "VSphere". enum: - AWS - Azure @@ -2458,9 +2871,14 @@ spec: required: - type type: object + x-kubernetes-validations: + - message: openstack is not permitted when type is not OpenStack + rule: 'has(self.type) && self.type == ''OpenStack'' ? true + : !has(self.openstack)' scope: - description: scope indicates the scope at which the load balancer - is exposed. Possible values are "External" and "Internal". + description: |- + scope indicates the scope at which the load balancer is exposed. + Possible values are "External" and "Internal". enum: - Internal - External @@ -2474,28 +2892,41 @@ spec: rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)' + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' nodePort: - description: nodePort holds parameters for the NodePortService - endpoint publishing strategy. Present only if type is NodePortService. + description: |- + nodePort holds parameters for the NodePortService endpoint publishing strategy. + Present only if type is NodePortService. properties: protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. enum: - "" - TCP @@ -2503,27 +2934,36 @@ spec: type: string type: object private: - description: private holds parameters for the Private endpoint - publishing strategy. Present only if type is Private. + description: |- + private holds parameters for the Private endpoint publishing + strategy. Present only if type is Private. properties: protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. enum: - "" - TCP @@ -2531,33 +2971,53 @@ spec: type: string type: object type: - description: "type is the publishing strategy to use. Valid values - are: \n * LoadBalancerService \n Publishes the ingress controller - using a Kubernetes LoadBalancer Service. \n In this configuration, - the ingress controller deployment uses container networking. - A LoadBalancer Service is created to publish the deployment. - \n See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - \n If domain is set, a wildcard DNS record will be managed to - point at the LoadBalancer Service's external name. DNS records - are managed only in DNS zones defined by dns.config.openshift.io/cluster - .spec.publicZone and .spec.privateZone. \n Wildcard DNS management - is currently supported only on the AWS, Azure, and GCP platforms. - \n * HostNetwork \n Publishes the ingress controller on node - ports where the ingress controller is deployed. \n In this configuration, - the ingress controller deployment uses host networking, bound - to node ports 80 and 443. The user is responsible for configuring - an external load balancer to publish the ingress controller - via the node ports. \n * Private \n Does not publish the ingress - controller. \n In this configuration, the ingress controller - deployment uses container networking, and is not explicitly - published. The user must manually publish the ingress controller. - \n * NodePortService \n Publishes the ingress controller using - a Kubernetes NodePort Service. \n In this configuration, the - ingress controller deployment uses container networking. A NodePort - Service is created to publish the deployment. The specific node - ports are dynamically allocated by OpenShift; however, to support - static port allocations, user changes to the node port field - of the managed NodePort Service will preserved." + description: |- + type is the publishing strategy to use. Valid values are: + + * LoadBalancerService + + Publishes the ingress controller using a Kubernetes LoadBalancer Service. + + In this configuration, the ingress controller deployment uses container + networking. A LoadBalancer Service is created to publish the deployment. + + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + If domain is set, a wildcard DNS record will be managed to point at the + LoadBalancer Service's external name. DNS records are managed only in DNS + zones defined by dns.config.openshift.io/cluster .spec.publicZone and + .spec.privateZone. + + Wildcard DNS management is currently supported only on the AWS, Azure, + and GCP platforms. + + * HostNetwork + + Publishes the ingress controller on node ports where the ingress controller + is deployed. + + In this configuration, the ingress controller deployment uses host + networking, bound to node ports 80 and 443. The user is responsible for + configuring an external load balancer to publish the ingress controller via + the node ports. + + * Private + + Does not publish the ingress controller. + + In this configuration, the ingress controller deployment uses container + networking, and is not explicitly published. The user must manually publish + the ingress controller. + + * NodePortService + + Publishes the ingress controller using a Kubernetes NodePort Service. + + In this configuration, the ingress controller deployment uses container + networking. A NodePort Service is created to publish the deployment. The + specific node ports are dynamically allocated by OpenShift; however, to + support static port allocations, user changes to the node port + field of the managed NodePort Service will preserved. enum: - LoadBalancerService - HostNetwork @@ -2575,24 +3035,24 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -2607,11 +3067,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -2626,24 +3085,24 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -2658,38 +3117,44 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic selector: - description: selector is a label selector, in string format, for ingress - controller pods corresponding to the IngressController. The number - of matching pods should equal the value of availableReplicas. + description: |- + selector is a label selector, in string format, for ingress controller pods + corresponding to the IngressController. The number of matching pods should + equal the value of availableReplicas. type: string tlsProfile: description: tlsProfile is the TLS connection configuration that is in effect. properties: ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators may - remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic minTLSVersion: - description: "minTLSVersion is used to specify the minimal version - of the TLS protocol that is negotiated during the TLS handshake. - For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n - minTLSVersion: VersionTLS11 \n NOTE: currently the highest minTLSVersion - allowed is VersionTLS12" + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + + NOTE: currently the highest minTLSVersion allowed is VersionTLS12 enum: - VersionTLS10 - VersionTLS11 diff --git a/vendor/github.com/openshift/api/.ci-operator.yaml b/vendor/github.com/openshift/api/.ci-operator.yaml index 1e59c02c25..64887a08b4 100644 --- a/vendor/github.com/openshift/api/.ci-operator.yaml +++ b/vendor/github.com/openshift/api/.ci-operator.yaml @@ -1,4 +1,4 @@ build_root_image: name: release namespace: openshift - tag: rhel-9-release-golang-1.22-openshift-4.17 + tag: rhel-9-release-golang-1.22-openshift-4.18 diff --git a/vendor/github.com/openshift/api/Dockerfile.ocp b/vendor/github.com/openshift/api/Dockerfile.ocp index d4f61d8787..f815fa9cf4 100644 --- a/vendor/github.com/openshift/api/Dockerfile.ocp +++ b/vendor/github.com/openshift/api/Dockerfile.ocp @@ -1,10 +1,10 @@ -FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.22-openshift-4.17 AS builder +FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.22-openshift-4.18 AS builder WORKDIR /go/src/github.com/openshift/api COPY . . ENV GO_PACKAGE github.com/openshift/api RUN make build --warn-undefined-variables -FROM registry.ci.openshift.org/ocp/4.16:base-rhel9 +FROM registry.ci.openshift.org/ocp/4.18:base-rhel9 # copy the built binaries to /usr/bin COPY --from=builder /go/src/github.com/openshift/api/render /usr/bin/ diff --git a/vendor/github.com/openshift/api/README.md b/vendor/github.com/openshift/api/README.md index 2054ba8151..2f503a88d2 100644 --- a/vendor/github.com/openshift/api/README.md +++ b/vendor/github.com/openshift/api/README.md @@ -4,7 +4,7 @@ This repo holds the API type definitions and serialization code used by [openshi APIs in this repo ship inside OCP payloads. ## Adding new FeatureGates -Add your FeatureGate to feature_gates.go. +Add your FeatureGate to `features.go`. The threshold for merging a fully disabled or TechPreview FeatureGate is an open enhancement. To promote to Default on any ClusterProfile, the threshold is 99% passing tests on all platforms or QE sign off. @@ -62,7 +62,7 @@ route/ tests/ routes.route.openshift.io/ AAA_ungated.yaml - ExternalRouteCertificate.yaml + RouteExternalCertificate.yaml ``` Here's an `AAA_ungated.yaml` example: ```yaml @@ -72,12 +72,12 @@ crdName: routes.route.openshift.io tests: ``` -Here's an `ExternalRouteCertificate.yaml` example: +Here's an `RouteExternalCertificate.yaml` example: ```yaml apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this. name: Route crdName: routes.route.openshift.io -featureGate: ExternalRouteCertificate +featureGate: RouteExternalCertificate tests: ``` diff --git a/vendor/github.com/openshift/api/apps/v1/generated.proto b/vendor/github.com/openshift/api/apps/v1/generated.proto index ddf28f6004..010f36b955 100644 --- a/vendor/github.com/openshift/api/apps/v1/generated.proto +++ b/vendor/github.com/openshift/api/apps/v1/generated.proto @@ -19,7 +19,7 @@ message CustomDeploymentStrategyParams { optional string image = 1; // Environment holds the environment which will be given to the container for Image. - repeated k8s.io.api.core.v1.EnvVar environment = 2; + repeated .k8s.io.api.core.v1.EnvVar environment = 2; // Command is optional and overrides CMD in the container Image. repeated string command = 3; @@ -39,7 +39,7 @@ message DeploymentCause { message DeploymentCauseImageTrigger { // From is a reference to the changed object which triggered a deployment. The field may have // the kinds DockerImage, ImageStreamTag, or ImageStreamImage. - optional k8s.io.api.core.v1.ObjectReference from = 1; + optional .k8s.io.api.core.v1.ObjectReference from = 1; } // DeploymentCondition describes the state of a deployment config at a certain point. @@ -51,10 +51,10 @@ message DeploymentCondition { optional string status = 2; // The last time this condition was updated. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastUpdateTime = 6; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastUpdateTime = 6; // The last time the condition transitioned from one status to another. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; // The reason for the condition's last transition. optional string reason = 4; @@ -79,7 +79,7 @@ message DeploymentCondition { message DeploymentConfig { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Spec represents a desired deployment state and how to deploy to it. optional DeploymentConfigSpec spec = 2; @@ -96,7 +96,7 @@ message DeploymentConfig { message DeploymentConfigList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is a list of deployment configs repeated DeploymentConfig items = 2; @@ -120,7 +120,7 @@ message DeploymentConfigRollback { // DeploymentConfigRollbackSpec represents the options for rollback generation. message DeploymentConfigRollbackSpec { // From points to a ReplicationController which is a deployment. - optional k8s.io.api.core.v1.ObjectReference from = 1; + optional .k8s.io.api.core.v1.ObjectReference from = 1; // Revision to rollback to. If set to 0, rollback to the last revision. optional int64 revision = 2; @@ -179,7 +179,7 @@ message DeploymentConfigSpec { // Template is the object that describes the pod that will be created if // insufficient replicas are detected. - optional k8s.io.api.core.v1.PodTemplateSpec template = 8; + optional .k8s.io.api.core.v1.PodTemplateSpec template = 8; } // DeploymentConfigStatus represents the current deployment state. @@ -258,7 +258,7 @@ message DeploymentLogOptions { // precedes the time a pod was started, only logs since the pod start will be returned. // If this value is in the future, no logs will be returned. // Only one of sinceSeconds or sinceTime may be specified. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time sinceTime = 5; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time sinceTime = 5; // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line // of log output. Defaults to false. @@ -321,7 +321,7 @@ message DeploymentStrategy { optional RollingDeploymentStrategyParams rollingParams = 4; // Resources contains resource requirements to execute the deployment and any hooks. - optional k8s.io.api.core.v1.ResourceRequirements resources = 5; + optional .k8s.io.api.core.v1.ResourceRequirements resources = 5; // Labels is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods. map labels = 6; @@ -349,7 +349,7 @@ message DeploymentTriggerImageChangeParams { // From is a reference to an image stream tag to watch for changes. From.Name is the only // required subfield - if From.Namespace is blank, the namespace of the current deployment // trigger will be used. - optional k8s.io.api.core.v1.ObjectReference from = 3; + optional .k8s.io.api.core.v1.ObjectReference from = 3; // LastTriggeredImage is the last image to be triggered. optional string lastTriggeredImage = 4; @@ -381,7 +381,7 @@ message ExecNewPodHook { repeated string command = 1; // Env is a set of environment variables to supply to the hook pod's container. - repeated k8s.io.api.core.v1.EnvVar env = 2; + repeated .k8s.io.api.core.v1.EnvVar env = 2; // ContainerName is the name of a container in the deployment pod template // whose container image will be used for the hook pod's container. @@ -452,7 +452,7 @@ message RollingDeploymentStrategyParams { // RC can be scaled down further, followed by scaling up the new RC, // ensuring that at least 70% of original number of pods are available at // all times during the update. - optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxUnavailable = 4; + optional .k8s.io.apimachinery.pkg.util.intstr.IntOrString maxUnavailable = 4; // MaxSurge is the maximum number of pods that can be scheduled above the // original number of pods. Value can be an absolute number (ex: 5) or a @@ -466,7 +466,7 @@ message RollingDeploymentStrategyParams { // killed, new RC can be scaled up further, ensuring that total number of // pods running at any time during the update is atmost 130% of original // pods. - optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxSurge = 5; + optional .k8s.io.apimachinery.pkg.util.intstr.IntOrString maxSurge = 5; // Pre is a lifecycle hook which is executed before the deployment process // begins. All LifecycleHookFailurePolicy values are supported. @@ -485,6 +485,6 @@ message TagImageHook { optional string containerName = 1; // To is the target ImageStreamTag to set the container's image onto. - optional k8s.io.api.core.v1.ObjectReference to = 2; + optional .k8s.io.api.core.v1.ObjectReference to = 2; } diff --git a/vendor/github.com/openshift/api/authorization/v1/generated.pb.go b/vendor/github.com/openshift/api/authorization/v1/generated.pb.go index 4a38ab6f76..c52cebf07a 100644 --- a/vendor/github.com/openshift/api/authorization/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/authorization/v1/generated.pb.go @@ -1053,121 +1053,123 @@ func init() { } var fileDescriptor_39b89822f939ca46 = []byte{ - // 1821 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x19, 0xcd, 0x6f, 0x1b, 0x59, - 0x3d, 0xcf, 0x76, 0x1c, 0xfb, 0xe7, 0x26, 0xce, 0xbe, 0x66, 0xdb, 0x69, 0xa0, 0xb6, 0x35, 0x20, - 0x48, 0x05, 0x3b, 0x26, 0x01, 0x4a, 0xdb, 0x15, 0x5a, 0xd9, 0xdd, 0xa8, 0x8a, 0x54, 0x9a, 0xec, - 0x0b, 0xbb, 0x5a, 0x2d, 0x1f, 0x62, 0x3c, 0x79, 0xb1, 0x87, 0x8c, 0x67, 0xac, 0x79, 0xe3, 0x94, - 0x82, 0x90, 0x0a, 0x12, 0x07, 0x2e, 0x68, 0x2f, 0x20, 0x8e, 0x20, 0xfe, 0x00, 0xc4, 0x05, 0x09, - 0x24, 0x38, 0x71, 0xe8, 0x81, 0x43, 0x25, 0x2e, 0x15, 0x42, 0x86, 0xba, 0x88, 0x03, 0x07, 0xfe, - 0x06, 0xf4, 0xde, 0xbc, 0xf1, 0x7c, 0x78, 0xac, 0x78, 0x92, 0x26, 0x82, 0x55, 0x6f, 0x9e, 0xf7, - 0xfb, 0xfe, 0x7c, 0xbf, 0xdf, 0x33, 0xdc, 0xee, 0x9a, 0x5e, 0x6f, 0xd8, 0xd1, 0x0c, 0xa7, 0xdf, - 0x74, 0x06, 0xd4, 0x66, 0x3d, 0xf3, 0xd0, 0x6b, 0xea, 0x03, 0xb3, 0xa9, 0x0f, 0xbd, 0x9e, 0xe3, - 0x9a, 0xdf, 0xd5, 0x3d, 0xd3, 0xb1, 0x9b, 0xc7, 0x9b, 0xcd, 0x2e, 0xb5, 0xa9, 0xab, 0x7b, 0xf4, - 0x40, 0x1b, 0xb8, 0x8e, 0xe7, 0xe0, 0x1b, 0x21, 0xa9, 0x36, 0x21, 0xd5, 0xf4, 0x81, 0xa9, 0xc5, - 0x48, 0xb5, 0xe3, 0xcd, 0xf5, 0x37, 0x22, 0x52, 0xba, 0x4e, 0xd7, 0x69, 0x0a, 0x0e, 0x9d, 0xe1, - 0xa1, 0xf8, 0x12, 0x1f, 0xe2, 0x97, 0xcf, 0x79, 0x5d, 0x3d, 0xba, 0xc5, 0x34, 0xd3, 0x11, 0x6a, - 0x18, 0x8e, 0x4b, 0x53, 0xa4, 0xc7, 0x70, 0xdc, 0x8e, 0x6e, 0xa4, 0xe1, 0x7c, 0x21, 0xc4, 0xe9, - 0xeb, 0x46, 0xcf, 0xb4, 0xa9, 0xfb, 0xa8, 0x39, 0x38, 0xea, 0xf2, 0x03, 0xd6, 0xec, 0x53, 0x4f, - 0x4f, 0xa3, 0x6a, 0xce, 0xa2, 0x72, 0x87, 0xb6, 0x67, 0xf6, 0xe9, 0x14, 0xc1, 0xcd, 0x93, 0x08, - 0x98, 0xd1, 0xa3, 0x7d, 0x3d, 0x49, 0xa7, 0xfe, 0xa0, 0x00, 0xc5, 0x96, 0xc1, 0x7d, 0x84, 0x9b, - 0x50, 0xb6, 0xf5, 0x3e, 0x65, 0x03, 0xdd, 0xa0, 0x0a, 0x6a, 0xa0, 0x8d, 0x72, 0xfb, 0xb5, 0x27, - 0xa3, 0xfa, 0xc2, 0x78, 0x54, 0x2f, 0x3f, 0x08, 0x00, 0x24, 0xc4, 0xc1, 0x0d, 0x28, 0x1c, 0x53, - 0xb7, 0xa3, 0xe4, 0x04, 0xee, 0x25, 0x89, 0x5b, 0x78, 0x8f, 0xba, 0x1d, 0x22, 0x20, 0xf8, 0x36, - 0xac, 0xba, 0x94, 0x39, 0x43, 0xd7, 0xa0, 0xad, 0xbd, 0x9d, 0x7b, 0xae, 0x33, 0x1c, 0x28, 0x79, - 0x81, 0xbd, 0x2c, 0xb1, 0x17, 0xc5, 0x21, 0x99, 0x42, 0xc3, 0x6f, 0x01, 0x8e, 0x9c, 0xbd, 0x47, - 0x5d, 0x66, 0x3a, 0xb6, 0x52, 0x10, 0xc4, 0x55, 0x49, 0xbc, 0x24, 0x8f, 0x49, 0x0a, 0x2a, 0xfe, - 0x2c, 0x94, 0x82, 0x53, 0x65, 0x51, 0x90, 0xad, 0x4a, 0xb2, 0x12, 0x91, 0xe7, 0x64, 0x82, 0x81, - 0x6f, 0xc1, 0xa5, 0xe0, 0x37, 0xb7, 0x55, 0x29, 0x0a, 0x8a, 0x35, 0x49, 0x71, 0x89, 0x44, 0x60, - 0x24, 0x86, 0xc9, 0xbd, 0x30, 0xd0, 0xbd, 0x9e, 0x52, 0x8a, 0x7b, 0x61, 0x4f, 0xf7, 0x7a, 0x44, - 0x40, 0xf0, 0xdb, 0xb0, 0x6a, 0xb2, 0x07, 0x8e, 0x1d, 0x30, 0x79, 0x97, 0xdc, 0x57, 0xca, 0x0d, - 0xb4, 0x51, 0x6a, 0x2b, 0x12, 0x7b, 0x75, 0x27, 0x01, 0x27, 0x53, 0x14, 0xf8, 0x7d, 0x58, 0x32, - 0x1c, 0xdb, 0xa3, 0xb6, 0xa7, 0x2c, 0x35, 0xd0, 0x46, 0x65, 0xeb, 0x0d, 0xcd, 0x8f, 0xb9, 0x16, - 0x8d, 0xb9, 0x36, 0x38, 0xea, 0x6a, 0x32, 0xe6, 0x1a, 0xd1, 0x1f, 0x6e, 0x7f, 0xc7, 0xa3, 0x36, - 0xf7, 0x47, 0xe8, 0xb4, 0xbb, 0x3e, 0x17, 0x12, 0xb0, 0x53, 0x7f, 0x9d, 0x83, 0xca, 0x5d, 0x6b, - 0xc8, 0x3c, 0xea, 0x12, 0xc7, 0xa2, 0xf8, 0x5b, 0x50, 0xe2, 0x79, 0x79, 0xa0, 0x7b, 0xba, 0xc8, - 0x83, 0xca, 0xd6, 0xe7, 0x66, 0x8a, 0xe2, 0x59, 0xac, 0x71, 0x6c, 0xed, 0x78, 0x53, 0xdb, 0xed, - 0x7c, 0x9b, 0x1a, 0xde, 0x57, 0xa8, 0xa7, 0xb7, 0xb1, 0x94, 0x06, 0xe1, 0x19, 0x99, 0x70, 0xc5, - 0x1f, 0xc0, 0xa2, 0x3b, 0xb4, 0x28, 0x53, 0x72, 0x8d, 0xfc, 0x46, 0x65, 0xeb, 0x8b, 0xda, 0xdc, - 0x65, 0xac, 0xed, 0x39, 0x96, 0x69, 0x3c, 0x22, 0x43, 0x8b, 0x86, 0x39, 0xc4, 0xbf, 0x18, 0xf1, - 0x59, 0xe2, 0x0e, 0x54, 0xf5, 0x6e, 0xd7, 0xa5, 0x5d, 0x41, 0xc2, 0x41, 0x22, 0xe5, 0x2a, 0x5b, - 0x9f, 0x88, 0x18, 0xa1, 0xf1, 0x72, 0xe5, 0xec, 0x5a, 0x71, 0xd4, 0xf6, 0xe5, 0xf1, 0xa8, 0x5e, - 0x4d, 0x1c, 0x92, 0x24, 0x43, 0xf5, 0xdf, 0x79, 0xc0, 0x11, 0x8f, 0xb5, 0x4d, 0xfb, 0xc0, 0xb4, - 0xbb, 0x17, 0xe0, 0x38, 0x0a, 0xe5, 0x21, 0xa3, 0xae, 0x28, 0x47, 0x51, 0x77, 0x95, 0xad, 0x5b, - 0x19, 0x9c, 0xb7, 0x3b, 0xe0, 0xbf, 0x74, 0x4b, 0xd0, 0xb7, 0x97, 0x79, 0x65, 0xbf, 0x1b, 0xb0, - 0x23, 0x21, 0x67, 0xdc, 0x03, 0xe8, 0xf2, 0x2a, 0xf4, 0xe5, 0xe4, 0xcf, 0x28, 0x67, 0x85, 0x9b, - 0x73, 0x6f, 0xc2, 0x8f, 0x44, 0x78, 0xe3, 0x77, 0xa0, 0xc4, 0x86, 0xc2, 0x52, 0xa6, 0x14, 0x44, - 0x32, 0xc4, 0xc2, 0xc4, 0x3b, 0x6f, 0xe8, 0x20, 0x42, 0x0f, 0xa9, 0x4b, 0x6d, 0x83, 0x86, 0xa5, - 0xbc, 0x2f, 0x89, 0xc9, 0x84, 0x0d, 0x7e, 0x00, 0x4b, 0xae, 0x63, 0x51, 0x42, 0x0f, 0x45, 0xdd, - 0xcf, 0xc9, 0x71, 0x52, 0x1e, 0xc4, 0xa7, 0x25, 0x01, 0x13, 0xf5, 0xaf, 0x08, 0xae, 0x4c, 0x07, - 0xfb, 0xbe, 0xc9, 0x3c, 0xfc, 0xf5, 0xa9, 0x80, 0x6b, 0xf3, 0x05, 0x9c, 0x53, 0x8b, 0x70, 0x4f, - 0x0c, 0x09, 0x4e, 0x22, 0xc1, 0xee, 0xc0, 0xa2, 0xe9, 0xd1, 0x7e, 0x50, 0x25, 0x5f, 0xce, 0x10, - 0x80, 0x69, 0x7d, 0xc3, 0x6a, 0xd9, 0xe1, 0x3c, 0x89, 0xcf, 0x5a, 0xfd, 0x33, 0x82, 0x6a, 0x04, - 0xf9, 0x02, 0xac, 0xfa, 0x5a, 0xdc, 0xaa, 0x9b, 0xa7, 0xb4, 0x2a, 0xdd, 0x9c, 0x9f, 0x21, 0x58, - 0xf5, 0x6f, 0x14, 0xca, 0x3c, 0xd7, 0xf4, 0x2f, 0x36, 0x15, 0x8a, 0x22, 0xe3, 0x98, 0x82, 0x1a, - 0xf9, 0x8d, 0x72, 0x1b, 0xc6, 0xa3, 0x7a, 0x51, 0x60, 0x31, 0x22, 0x21, 0xf8, 0x9b, 0x50, 0xb4, - 0xf4, 0x0e, 0xb5, 0x02, 0xb5, 0x3e, 0x3f, 0xa7, 0xc5, 0x9c, 0x66, 0x9f, 0x5a, 0xd4, 0xf0, 0x1c, - 0x37, 0xbc, 0x2e, 0x83, 0x13, 0x46, 0x24, 0x57, 0xb5, 0x0e, 0xd7, 0x77, 0xd8, 0x1e, 0x75, 0x19, - 0x2f, 0x0b, 0x99, 0xb4, 0x2d, 0xc3, 0xa0, 0x8c, 0x11, 0x7a, 0x6c, 0xd2, 0x87, 0xaa, 0x05, 0xd7, - 0xee, 0x3b, 0x86, 0x6e, 0x05, 0x2d, 0x3f, 0x0a, 0xc4, 0xbb, 0xc1, 0x25, 0x2d, 0xe3, 0xb1, 0x99, - 0xc1, 0x69, 0x3e, 0x61, 0xbb, 0xc0, 0x75, 0x23, 0x92, 0x8d, 0xfa, 0xd3, 0x1c, 0x28, 0x42, 0x5c, - 0x8a, 0x2a, 0x2f, 0x5d, 0x1a, 0xbf, 0x22, 0x79, 0x6f, 0x49, 0x0e, 0x0a, 0xbc, 0xf5, 0x10, 0x01, - 0xc1, 0x9f, 0x9e, 0x84, 0x28, 0x2f, 0x42, 0x54, 0x1d, 0x8f, 0xea, 0x15, 0x3f, 0x44, 0xfb, 0x96, - 0x69, 0xd0, 0x49, 0x9c, 0xbe, 0x01, 0x45, 0x66, 0x38, 0x03, 0xca, 0xc4, 0x28, 0x50, 0xd9, 0xba, - 0x7d, 0x8a, 0xae, 0xb4, 0x2f, 0x18, 0xf8, 0x69, 0xe0, 0xff, 0x26, 0x92, 0xa9, 0xfa, 0x13, 0x04, - 0xab, 0xbc, 0x31, 0x1d, 0x44, 0xef, 0xc3, 0x06, 0x14, 0xf8, 0xd0, 0x23, 0x67, 0xa2, 0x89, 0xfa, - 0x62, 0x16, 0x10, 0x10, 0xfc, 0x3e, 0x14, 0x78, 0xb7, 0x90, 0x1d, 0xf9, 0xb4, 0x29, 0x3d, 0xe1, - 0x2c, 0x5a, 0x90, 0xe0, 0xa8, 0xfe, 0x06, 0xc1, 0xd5, 0xa4, 0x42, 0xc1, 0x75, 0x73, 0xb2, 0x5e, - 0x1e, 0x54, 0xdc, 0x90, 0x40, 0xaa, 0x77, 0xc6, 0x3e, 0x72, 0x59, 0xca, 0xa9, 0x44, 0x0e, 0x49, - 0x54, 0x8c, 0xfa, 0x18, 0x81, 0x18, 0x18, 0x0f, 0xe6, 0xf4, 0xde, 0x3b, 0x31, 0xef, 0x35, 0x33, - 0xa8, 0x37, 0xd3, 0x6d, 0xbf, 0x0a, 0xe2, 0x98, 0xcd, 0x5f, 0xfd, 0x34, 0x7f, 0xdd, 0xcc, 0xaa, - 0xd0, 0xdc, 0x8e, 0xba, 0x03, 0xcb, 0xb1, 0x9b, 0x12, 0xd7, 0x83, 0xde, 0xe8, 0x37, 0xaa, 0x72, - 0xb2, 0xbf, 0xdd, 0x29, 0xfd, 0xfc, 0x17, 0xf5, 0x85, 0xc7, 0x7f, 0x6b, 0x2c, 0xa8, 0x6f, 0xc2, - 0x4a, 0x3c, 0x9f, 0xb3, 0x10, 0xff, 0x38, 0x0f, 0x10, 0x0e, 0x52, 0x9c, 0x92, 0x8f, 0xeb, 0x31, - 0x4a, 0x3e, 0xc5, 0x33, 0xe2, 0x9f, 0xe3, 0x1f, 0x22, 0x78, 0x5d, 0xf7, 0x3c, 0xd7, 0xec, 0x0c, - 0x3d, 0x1a, 0x69, 0xad, 0xc1, 0x0c, 0x92, 0x71, 0x14, 0xbd, 0x2e, 0x3d, 0xf3, 0x7a, 0x2b, 0x8d, - 0x27, 0x49, 0x17, 0x85, 0x3f, 0x03, 0x65, 0x7d, 0x60, 0xde, 0x8b, 0xb6, 0x09, 0x31, 0xc1, 0x04, - 0x2b, 0x03, 0x23, 0x21, 0x9c, 0x23, 0x07, 0x53, 0xba, 0x3f, 0x58, 0x48, 0xe4, 0xa0, 0xbd, 0x32, - 0x12, 0xc2, 0xf1, 0x97, 0x60, 0x39, 0x3a, 0xd2, 0x33, 0x65, 0x51, 0x10, 0xbc, 0x36, 0x1e, 0xd5, - 0x97, 0xa3, 0x93, 0x3f, 0x23, 0x71, 0x3c, 0xdc, 0x86, 0xaa, 0x1d, 0x9b, 0xd2, 0x99, 0x52, 0x14, - 0xa4, 0xca, 0x78, 0x54, 0x5f, 0x8b, 0x0f, 0xf0, 0xb2, 0x91, 0x25, 0x09, 0xd4, 0x2e, 0xac, 0x5d, - 0x4c, 0xcf, 0xff, 0x3b, 0x82, 0x8f, 0xa7, 0x49, 0x22, 0x94, 0x0d, 0x1c, 0x9b, 0xd1, 0xec, 0x0b, - 0xe0, 0x27, 0x61, 0x91, 0x77, 0x6f, 0xff, 0xce, 0x2c, 0xfb, 0x73, 0x1e, 0x6f, 0xea, 0xd2, 0x54, - 0x1f, 0x38, 0x7f, 0x6f, 0x7f, 0x0b, 0x56, 0xe8, 0xb1, 0x6e, 0x0d, 0xb9, 0xb6, 0xdb, 0xae, 0xeb, - 0xb8, 0x72, 0xdd, 0xbb, 0x2a, 0x95, 0xa8, 0x6e, 0x73, 0xa8, 0x3e, 0x01, 0x93, 0x04, 0xba, 0xfa, - 0x27, 0x04, 0x85, 0xff, 0xff, 0x0d, 0x46, 0x7d, 0x91, 0x87, 0xca, 0xab, 0xb5, 0xe2, 0xa3, 0xbe, - 0x56, 0xf0, 0xc9, 0xfb, 0x62, 0xf7, 0x89, 0x33, 0x4c, 0xde, 0x27, 0x2f, 0x12, 0x2f, 0x10, 0x5c, - 0x89, 0x5e, 0x74, 0x91, 0xf9, 0xfb, 0xfc, 0xf3, 0xb7, 0x0b, 0x05, 0x36, 0xa0, 0x86, 0x4c, 0xdd, - 0xed, 0xd3, 0x19, 0x16, 0x51, 0x79, 0x7f, 0x40, 0x8d, 0x70, 0x40, 0xe0, 0x5f, 0x44, 0x08, 0x50, - 0xc7, 0x08, 0xd6, 0xd3, 0x49, 0x2e, 0x20, 0x7e, 0x87, 0xf1, 0xf8, 0xb5, 0xce, 0x6c, 0xe6, 0x8c, - 0x50, 0xfe, 0x3e, 0x3f, 0xcb, 0x48, 0xee, 0x09, 0xfc, 0x08, 0xaa, 0xbc, 0xa4, 0xdd, 0xf0, 0x58, - 0xda, 0x7a, 0x27, 0x83, 0x42, 0x62, 0xf6, 0x8f, 0x68, 0x22, 0xde, 0x5d, 0x12, 0x87, 0x24, 0x29, - 0x07, 0x7f, 0x1f, 0x56, 0x45, 0x91, 0x47, 0x65, 0xfb, 0x31, 0x7f, 0x33, 0x83, 0xec, 0xe4, 0x82, - 0xd8, 0x5e, 0x1b, 0x8f, 0xea, 0x53, 0x6b, 0x23, 0x99, 0x12, 0x85, 0x7f, 0x89, 0xe0, 0x1a, 0xa3, - 0xee, 0xb1, 0x69, 0x50, 0xdd, 0x30, 0x9c, 0xa1, 0xed, 0x45, 0x15, 0xf1, 0xfb, 0xd9, 0xdb, 0x19, - 0x14, 0xd9, 0xf7, 0x79, 0xb5, 0x7c, 0x5e, 0x51, 0x8d, 0xae, 0x8f, 0x47, 0xf5, 0x6b, 0x33, 0xc1, - 0x64, 0xb6, 0x16, 0xea, 0x1f, 0x11, 0x94, 0x2e, 0x68, 0x93, 0xff, 0x6a, 0x3c, 0x1f, 0x33, 0x0f, - 0xee, 0xe9, 0xd9, 0xf7, 0x1f, 0x04, 0x57, 0xf6, 0xa9, 0x75, 0x28, 0x5b, 0xb0, 0x7f, 0x33, 0xfa, - 0x23, 0x51, 0x50, 0xe6, 0x28, 0x73, 0x99, 0xa7, 0x33, 0x9c, 0x55, 0xe6, 0xf8, 0x08, 0x8a, 0xcc, - 0xd3, 0xbd, 0x61, 0x70, 0x19, 0xde, 0xcd, 0x22, 0x6a, 0x5a, 0x8c, 0x60, 0xd5, 0x5e, 0x91, 0x82, - 0x8a, 0xfe, 0x37, 0x91, 0x22, 0xd4, 0xef, 0xc1, 0xfa, 0x6c, 0xf5, 0x22, 0x0b, 0x2f, 0x3a, 0x8f, - 0x85, 0xd7, 0x82, 0xab, 0xc9, 0x34, 0x93, 0x57, 0xd7, 0x1c, 0xeb, 0x52, 0x6c, 0x60, 0xcc, 0x9d, - 0x3c, 0x30, 0xaa, 0x7f, 0x41, 0x30, 0x3b, 0xab, 0xf1, 0x8f, 0x10, 0x54, 0xe3, 0x89, 0xed, 0x6f, - 0x24, 0x95, 0xad, 0xf6, 0x19, 0x8a, 0x2a, 0xb8, 0x89, 0x27, 0x53, 0x64, 0x1c, 0x81, 0x91, 0xa4, - 0x4c, 0xac, 0x01, 0x4c, 0x54, 0x8e, 0xcd, 0xb6, 0x13, 0x9b, 0x18, 0x89, 0x60, 0xa8, 0x1f, 0xe6, - 0xe0, 0xf2, 0xab, 0x77, 0x94, 0x58, 0x5a, 0xfd, 0x13, 0xc1, 0xc7, 0x52, 0x5c, 0x72, 0xfa, 0x55, - 0xe3, 0x06, 0x2c, 0xe9, 0x96, 0xe5, 0x3c, 0xa4, 0x07, 0xc2, 0xfa, 0x52, 0x38, 0x58, 0xb5, 0xfc, - 0x63, 0x12, 0xc0, 0xf1, 0xa7, 0xa0, 0xe8, 0x52, 0x9d, 0xc9, 0x8e, 0x5c, 0x0e, 0xeb, 0x8e, 0x88, - 0x53, 0x22, 0xa1, 0xb8, 0x05, 0x55, 0x1a, 0x5f, 0x28, 0x4e, 0xda, 0x37, 0x92, 0xf8, 0xea, 0xbf, - 0x10, 0xe0, 0x94, 0x3e, 0x65, 0xc4, 0xfa, 0x54, 0xeb, 0x6c, 0xcd, 0xe3, 0x7f, 0xa2, 0x47, 0xfd, - 0x81, 0x37, 0xe5, 0xf4, 0x06, 0x15, 0x24, 0x25, 0x9a, 0x99, 0x94, 0xe1, 0xfb, 0x6b, 0x6e, 0xe6, - 0xfb, 0x6b, 0x98, 0x8f, 0xf9, 0xf3, 0xc8, 0xc7, 0xdf, 0x21, 0x50, 0x66, 0x19, 0x1d, 0xee, 0x72, - 0xe8, 0xe5, 0xff, 0x1b, 0x95, 0x92, 0x64, 0xb9, 0x8c, 0x49, 0xf6, 0x5b, 0x04, 0xc9, 0xc9, 0x08, - 0xd7, 0x83, 0xcd, 0x3b, 0xf2, 0x62, 0x23, 0x36, 0xef, 0x60, 0xe9, 0x9e, 0xc7, 0xe7, 0xe1, 0x9b, - 0x77, 0xfe, 0x3c, 0xde, 0xbc, 0xdb, 0xbb, 0x4f, 0x9e, 0xd7, 0x16, 0x9e, 0x3e, 0xaf, 0x2d, 0x3c, - 0x7b, 0x5e, 0x5b, 0x78, 0x3c, 0xae, 0xa1, 0x27, 0xe3, 0x1a, 0x7a, 0x3a, 0xae, 0xa1, 0x67, 0xe3, - 0x1a, 0xfa, 0xc7, 0xb8, 0x86, 0x3e, 0x7c, 0x51, 0x5b, 0xf8, 0xe0, 0xc6, 0xdc, 0xff, 0xfe, 0xff, - 0x37, 0x00, 0x00, 0xff, 0xff, 0xac, 0xa0, 0x30, 0xab, 0x29, 0x20, 0x00, 0x00, + // 1841 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x1a, 0xcd, 0x6f, 0x1b, 0x4b, + 0x3d, 0x63, 0x3b, 0x8e, 0xfd, 0x73, 0x13, 0xe7, 0x4d, 0xf3, 0xd2, 0x6d, 0xa0, 0xb6, 0xb5, 0x20, + 0x48, 0x05, 0x6f, 0x4d, 0x02, 0x94, 0xb6, 0x4f, 0xe8, 0xc9, 0xee, 0x8b, 0xaa, 0x48, 0xa5, 0xc9, + 0x9b, 0xf0, 0x9e, 0xaa, 0xf2, 0x21, 0xd6, 0x9b, 0x89, 0xbd, 0x64, 0xbd, 0x6b, 0xed, 0xac, 0x53, + 0x0a, 0x42, 0x2a, 0x48, 0x1c, 0xb8, 0x20, 0x4e, 0x88, 0x23, 0x88, 0x3f, 0x00, 0x71, 0x41, 0x02, + 0x09, 0x4e, 0x1c, 0x82, 0x84, 0x50, 0x25, 0x2e, 0x15, 0x42, 0x86, 0xba, 0x9c, 0x38, 0x72, 0xe1, + 0x8a, 0x66, 0x76, 0xd6, 0xfb, 0x61, 0x5b, 0xf1, 0x26, 0x24, 0xbc, 0x56, 0xbd, 0x79, 0xe7, 0xf7, + 0xfd, 0x9b, 0xdf, 0xe7, 0x24, 0x70, 0xab, 0x6d, 0x7a, 0x9d, 0x7e, 0x4b, 0x33, 0x9c, 0x6e, 0xdd, + 0xe9, 0x51, 0x9b, 0x75, 0xcc, 0x03, 0xaf, 0xae, 0xf7, 0xcc, 0xba, 0xde, 0xf7, 0x3a, 0x8e, 0x6b, + 0x7e, 0x5b, 0xf7, 0x4c, 0xc7, 0xae, 0x1f, 0x6d, 0xd4, 0xdb, 0xd4, 0xa6, 0xae, 0xee, 0xd1, 0x7d, + 0xad, 0xe7, 0x3a, 0x9e, 0x83, 0xaf, 0x87, 0xa4, 0xda, 0x88, 0x54, 0xd3, 0x7b, 0xa6, 0x16, 0x23, + 0xd5, 0x8e, 0x36, 0xd6, 0xde, 0x8a, 0x48, 0x69, 0x3b, 0x6d, 0xa7, 0x2e, 0x38, 0xb4, 0xfa, 0x07, + 0xe2, 0x4b, 0x7c, 0x88, 0x5f, 0x3e, 0xe7, 0x35, 0xf5, 0xf0, 0x26, 0xd3, 0x4c, 0x47, 0xa8, 0x61, + 0x38, 0x2e, 0x9d, 0x20, 0x3d, 0x86, 0xe3, 0xb6, 0x74, 0x63, 0x12, 0xce, 0xe7, 0x42, 0x9c, 0xae, + 0x6e, 0x74, 0x4c, 0x9b, 0xba, 0x8f, 0xeb, 0xbd, 0xc3, 0x36, 0x3f, 0x60, 0xf5, 0x2e, 0xf5, 0xf4, + 0x49, 0x54, 0xf5, 0x69, 0x54, 0x6e, 0xdf, 0xf6, 0xcc, 0x2e, 0x1d, 0x23, 0xb8, 0x71, 0x12, 0x01, + 0x33, 0x3a, 0xb4, 0xab, 0x27, 0xe9, 0xd4, 0xef, 0xe5, 0x20, 0xdf, 0x30, 0xb8, 0x8f, 0x70, 0x1d, + 0x8a, 0xb6, 0xde, 0xa5, 0xac, 0xa7, 0x1b, 0x54, 0x41, 0x35, 0xb4, 0x5e, 0x6c, 0xbe, 0x71, 0x3c, + 0xa8, 0xce, 0x0d, 0x07, 0xd5, 0xe2, 0xfd, 0x00, 0x40, 0x42, 0x1c, 0x5c, 0x83, 0xdc, 0x11, 0x75, + 0x5b, 0x4a, 0x46, 0xe0, 0x5e, 0x92, 0xb8, 0xb9, 0x0f, 0xa8, 0xdb, 0x22, 0x02, 0x82, 0x6f, 0xc1, + 0xb2, 0x4b, 0x99, 0xd3, 0x77, 0x0d, 0xda, 0xd8, 0xdd, 0xbe, 0xeb, 0x3a, 0xfd, 0x9e, 0x92, 0x15, + 0xd8, 0x8b, 0x12, 0x7b, 0x5e, 0x1c, 0x92, 0x31, 0x34, 0xfc, 0x0e, 0xe0, 0xc8, 0xd9, 0x07, 0xd4, + 0x65, 0xa6, 0x63, 0x2b, 0x39, 0x41, 0x5c, 0x96, 0xc4, 0x0b, 0xf2, 0x98, 0x4c, 0x40, 0xc5, 0x9f, + 0x86, 0x42, 0x70, 0xaa, 0xcc, 0x0b, 0xb2, 0x65, 0x49, 0x56, 0x20, 0xf2, 0x9c, 0x8c, 0x30, 0xf0, + 0x4d, 0xb8, 0x14, 0xfc, 0xe6, 0xb6, 0x2a, 0x79, 0x41, 0xb1, 0x22, 0x29, 0x2e, 0x91, 0x08, 0x8c, + 0xc4, 0x30, 0xb9, 0x17, 0x7a, 0xba, 0xd7, 0x51, 0x0a, 0x71, 0x2f, 0xec, 0xea, 0x5e, 0x87, 0x08, + 0x08, 0x7e, 0x17, 0x96, 0x4d, 0x76, 0xdf, 0xb1, 0x03, 0x26, 0xef, 0x93, 0x7b, 0x4a, 0xb1, 0x86, + 0xd6, 0x0b, 0x4d, 0x45, 0x62, 0x2f, 0x6f, 0x27, 0xe0, 0x64, 0x8c, 0x02, 0x3f, 0x80, 0x05, 0xc3, + 0xb1, 0x3d, 0x6a, 0x7b, 0xca, 0x42, 0x0d, 0xad, 0x97, 0x36, 0xdf, 0xd2, 0xfc, 0x3b, 0xd7, 0xa2, + 0x77, 0xae, 0xf5, 0x0e, 0xdb, 0x9a, 0xbc, 0x73, 0x8d, 0xe8, 0x8f, 0xb6, 0xbe, 0xe5, 0x51, 0x9b, + 0xfb, 0x23, 0x74, 0xda, 0x1d, 0x9f, 0x0b, 0x09, 0xd8, 0xa9, 0xbf, 0xcc, 0x40, 0xe9, 0x8e, 0xd5, + 0x67, 0x1e, 0x75, 0x89, 0x63, 0x51, 0xfc, 0x0d, 0x28, 0xf0, 0xb8, 0xdc, 0xd7, 0x3d, 0x5d, 0xc4, + 0x41, 0x69, 0xf3, 0x33, 0x53, 0x45, 0xf1, 0x28, 0xd6, 0x38, 0xb6, 0x76, 0xb4, 0xa1, 0xed, 0xb4, + 0xbe, 0x49, 0x0d, 0xef, 0x4b, 0xd4, 0xd3, 0x9b, 0x58, 0x4a, 0x83, 0xf0, 0x8c, 0x8c, 0xb8, 0xe2, + 0x87, 0x30, 0xef, 0xf6, 0x2d, 0xca, 0x94, 0x4c, 0x2d, 0xbb, 0x5e, 0xda, 0xfc, 0xbc, 0x36, 0x73, + 0x1a, 0x6b, 0xbb, 0x8e, 0x65, 0x1a, 0x8f, 0x49, 0xdf, 0xa2, 0x61, 0x0c, 0xf1, 0x2f, 0x46, 0x7c, + 0x96, 0xb8, 0x05, 0x65, 0xbd, 0xdd, 0x76, 0x69, 0x5b, 0x90, 0x70, 0x90, 0x08, 0xb9, 0xd2, 0xe6, + 0xc7, 0x22, 0x46, 0x68, 0x3c, 0x5d, 0x39, 0xbb, 0x46, 0x1c, 0xb5, 0x79, 0x79, 0x38, 0xa8, 0x96, + 0x13, 0x87, 0x24, 0xc9, 0x50, 0xfd, 0x57, 0x16, 0x70, 0xc4, 0x63, 0x4d, 0xd3, 0xde, 0x37, 0xed, + 0xf6, 0x05, 0x38, 0x8e, 0x42, 0xb1, 0xcf, 0xa8, 0x2b, 0xd2, 0x51, 0xe4, 0x5d, 0x69, 0xf3, 0x66, + 0x0a, 0xe7, 0xed, 0xf4, 0xf8, 0x2f, 0xdd, 0x12, 0xf4, 0xcd, 0x45, 0x9e, 0xd9, 0xef, 0x07, 0xec, + 0x48, 0xc8, 0x19, 0x77, 0x00, 0xda, 0x3c, 0x0b, 0x7d, 0x39, 0xd9, 0x33, 0xca, 0x59, 0xe2, 0xe6, + 0xdc, 0x1d, 0xf1, 0x23, 0x11, 0xde, 0xf8, 0x3d, 0x28, 0xb0, 0xbe, 0xb0, 0x94, 0x29, 0x39, 0x11, + 0x0c, 0xb1, 0x6b, 0xe2, 0x95, 0x37, 0x74, 0x10, 0xa1, 0x07, 0xd4, 0xa5, 0xb6, 0x41, 0xc3, 0x54, + 0xde, 0x93, 0xc4, 0x64, 0xc4, 0x06, 0xdf, 0x87, 0x05, 0xd7, 0xb1, 0x28, 0xa1, 0x07, 0x22, 0xef, + 0x67, 0xe4, 0x38, 0x4a, 0x0f, 0xe2, 0xd3, 0x92, 0x80, 0x89, 0xfa, 0x57, 0x04, 0xab, 0xe3, 0x97, + 0x7d, 0xcf, 0x64, 0x1e, 0xfe, 0xea, 0xd8, 0x85, 0x6b, 0xb3, 0x5d, 0x38, 0xa7, 0x16, 0xd7, 0x3d, + 0x32, 0x24, 0x38, 0x89, 0x5c, 0x76, 0x0b, 0xe6, 0x4d, 0x8f, 0x76, 0x83, 0x2c, 0xf9, 0x62, 0x8a, + 0x0b, 0x18, 0xd7, 0x37, 0xcc, 0x96, 0x6d, 0xce, 0x93, 0xf8, 0xac, 0xd5, 0x3f, 0x21, 0x28, 0x47, + 0x90, 0x2f, 0xc0, 0xaa, 0xaf, 0xc4, 0xad, 0xba, 0x71, 0x4a, 0xab, 0x26, 0x9b, 0xf3, 0x13, 0x04, + 0xcb, 0x7e, 0x47, 0xa1, 0xcc, 0x73, 0x4d, 0xbf, 0xb1, 0xa9, 0x90, 0x17, 0x11, 0xc7, 0x14, 0x54, + 0xcb, 0xae, 0x17, 0x9b, 0x30, 0x1c, 0x54, 0xf3, 0x02, 0x8b, 0x11, 0x09, 0xc1, 0x5f, 0x87, 0xbc, + 0xa5, 0xb7, 0xa8, 0x15, 0xa8, 0xf5, 0xd9, 0x19, 0x2d, 0xe6, 0x34, 0x7b, 0xd4, 0xa2, 0x86, 0xe7, + 0xb8, 0x61, 0xbb, 0x0c, 0x4e, 0x18, 0x91, 0x5c, 0xd5, 0x2a, 0x5c, 0xdb, 0x66, 0xbb, 0xd4, 0x65, + 0x3c, 0x2d, 0x64, 0xd0, 0x36, 0x0c, 0x83, 0x32, 0x46, 0xe8, 0x91, 0x49, 0x1f, 0xa9, 0x7f, 0x46, + 0x70, 0xf5, 0x9e, 0x63, 0xe8, 0x56, 0x50, 0xf3, 0xa3, 0xd0, 0x58, 0x65, 0xc9, 0x9c, 0x4b, 0x65, + 0xd9, 0x09, 0xe6, 0x00, 0x79, 0xe5, 0x1b, 0x29, 0xee, 0xc5, 0x27, 0x6c, 0xe6, 0xb8, 0x00, 0x22, + 0xd9, 0xa8, 0xff, 0xc9, 0x80, 0x22, 0x0c, 0x9a, 0x60, 0x6d, 0xcc, 0x9e, 0xf9, 0x97, 0xc2, 0x1e, + 0xde, 0xe7, 0x79, 0x81, 0x4c, 0x4e, 0x3b, 0xbc, 0x7e, 0x12, 0x01, 0xc1, 0x9f, 0x1c, 0xc5, 0x59, + 0x56, 0xc4, 0x59, 0x79, 0x38, 0xa8, 0x96, 0xfc, 0x38, 0xdb, 0xb3, 0x4c, 0x83, 0x8e, 0x82, 0xed, + 0x6b, 0x90, 0x67, 0x86, 0xd3, 0xa3, 0x4c, 0xcc, 0x33, 0xa5, 0xcd, 0x5b, 0xa7, 0x28, 0xad, 0x7b, + 0x82, 0x81, 0x1f, 0xcb, 0xfe, 0x6f, 0x22, 0x99, 0xaa, 0x3f, 0x42, 0xb0, 0xcc, 0xab, 0xeb, 0x7e, + 0xb4, 0xa9, 0xd7, 0x20, 0xc7, 0x27, 0x37, 0x39, 0xd8, 0x8d, 0xd4, 0x17, 0x03, 0x8d, 0x80, 0xe0, + 0x07, 0x90, 0xe3, 0x25, 0x4f, 0xc6, 0xd7, 0x69, 0xf3, 0x72, 0xc4, 0x59, 0xd4, 0x51, 0xc1, 0x51, + 0xfd, 0x15, 0x82, 0x2b, 0x49, 0x85, 0x82, 0x9e, 0x79, 0xb2, 0x5e, 0x1e, 0x94, 0xdc, 0x90, 0x40, + 0xaa, 0x77, 0xc6, 0x62, 0x78, 0x59, 0xca, 0x29, 0x45, 0x0e, 0x49, 0x54, 0x8c, 0xfa, 0x04, 0x81, + 0x98, 0x7a, 0xf7, 0x67, 0xf4, 0xde, 0x7b, 0x31, 0xef, 0xd5, 0x53, 0xa8, 0x37, 0xd5, 0x6d, 0xbf, + 0x08, 0xee, 0x31, 0x9d, 0xbf, 0xba, 0x93, 0xfc, 0x75, 0x23, 0xad, 0x42, 0x33, 0x3b, 0xea, 0x36, + 0x2c, 0xc6, 0xda, 0x3d, 0xae, 0x06, 0x05, 0xde, 0xaf, 0xb6, 0xc5, 0x64, 0x91, 0xbe, 0x5d, 0xf8, + 0xe9, 0xcf, 0xaa, 0x73, 0x4f, 0xfe, 0x56, 0x9b, 0x53, 0xdf, 0x86, 0xa5, 0x78, 0x3c, 0xa7, 0x21, + 0xfe, 0x61, 0x16, 0x20, 0x9c, 0x06, 0x39, 0x25, 0xdf, 0x39, 0x62, 0x94, 0x7c, 0x15, 0x61, 0xc4, + 0x3f, 0xc7, 0xdf, 0x47, 0xf0, 0xa6, 0xee, 0x79, 0xae, 0xd9, 0xea, 0x7b, 0x34, 0xd2, 0x1f, 0x82, + 0x41, 0x2a, 0xe5, 0x3c, 0x7d, 0x4d, 0x7a, 0xe6, 0xcd, 0xc6, 0x24, 0x9e, 0x64, 0xb2, 0x28, 0xfc, + 0x29, 0x28, 0xea, 0x3d, 0xf3, 0x6e, 0xb4, 0x4c, 0x88, 0x31, 0x2c, 0xd8, 0x7b, 0x18, 0x09, 0xe1, + 0x1c, 0x39, 0x58, 0x35, 0xfc, 0xe9, 0x48, 0x22, 0x07, 0x2d, 0x82, 0x91, 0x10, 0x8e, 0xbf, 0x00, + 0x8b, 0xd1, 0xbd, 0x84, 0x29, 0xf3, 0x82, 0xe0, 0x8d, 0xe1, 0xa0, 0xba, 0x18, 0x5d, 0x5f, 0x18, + 0x89, 0xe3, 0xe1, 0x26, 0x94, 0xed, 0xd8, 0xaa, 0xc1, 0x94, 0xbc, 0x20, 0x55, 0x86, 0x83, 0xea, + 0x4a, 0x7c, 0x0b, 0x91, 0x85, 0x2c, 0x49, 0xa0, 0xfe, 0x11, 0xc1, 0xca, 0xab, 0xd2, 0xb8, 0xfe, + 0x8e, 0xe0, 0xa3, 0x93, 0x6c, 0x21, 0x94, 0xf5, 0x1c, 0x9b, 0xd1, 0xf4, 0x8b, 0xf2, 0xc7, 0x61, + 0x9e, 0x37, 0x08, 0x7f, 0xb6, 0x28, 0xfa, 0xf3, 0x30, 0xef, 0x1b, 0xd2, 0x9b, 0x3e, 0x70, 0xf6, + 0xf6, 0xf1, 0x0e, 0x2c, 0xd1, 0x23, 0xdd, 0xea, 0x73, 0x6d, 0xb7, 0x5c, 0xd7, 0x71, 0xe5, 0x5a, + 0x7c, 0x45, 0x2a, 0x51, 0xde, 0xe2, 0x50, 0x7d, 0x04, 0x26, 0x09, 0x74, 0xf5, 0x0f, 0x08, 0x72, + 0x2f, 0xff, 0xa6, 0xa7, 0xbe, 0xc8, 0x42, 0xe9, 0xf5, 0xfa, 0xf5, 0xaa, 0xaf, 0x5f, 0x7c, 0x43, + 0xb9, 0xd8, 0xbd, 0xeb, 0x0c, 0x1b, 0xca, 0xc9, 0x0b, 0xd7, 0x0b, 0x04, 0xab, 0xd1, 0x5e, 0x1a, + 0xd9, 0x53, 0xce, 0x3f, 0x7e, 0xdb, 0x90, 0x63, 0x3d, 0x6a, 0xc8, 0xd0, 0xdd, 0x3a, 0x9d, 0x61, + 0x11, 0x95, 0xf7, 0x7a, 0xd4, 0x08, 0x67, 0x10, 0xfe, 0x45, 0x84, 0x00, 0x75, 0x88, 0x60, 0x6d, + 0x32, 0xc9, 0x05, 0xdc, 0xdf, 0x41, 0xfc, 0xfe, 0x1a, 0x67, 0x36, 0x73, 0xca, 0x55, 0xfe, 0x36, + 0x3b, 0xcd, 0x48, 0xee, 0x09, 0xfc, 0x18, 0xca, 0x3c, 0xa5, 0xdd, 0xf0, 0x58, 0xda, 0x7a, 0x3b, + 0x85, 0x42, 0x62, 0xbd, 0x88, 0x68, 0x22, 0xde, 0xa7, 0x12, 0x87, 0x24, 0x29, 0x07, 0x7f, 0x17, + 0x96, 0x45, 0x92, 0x47, 0x65, 0xfb, 0x77, 0xfe, 0x76, 0x0a, 0xd9, 0xc9, 0x45, 0xba, 0xb9, 0x32, + 0x1c, 0x54, 0xc7, 0xd6, 0x6b, 0x32, 0x26, 0x0a, 0xff, 0x1c, 0xc1, 0x55, 0x46, 0xdd, 0x23, 0xd3, + 0xa0, 0xba, 0x61, 0x38, 0x7d, 0xdb, 0x8b, 0x2a, 0xe2, 0xd7, 0xb3, 0x77, 0x53, 0x28, 0xb2, 0xe7, + 0xf3, 0x6a, 0xf8, 0xbc, 0xa2, 0x1a, 0x5d, 0x1b, 0x0e, 0xaa, 0x57, 0xa7, 0x82, 0xc9, 0x74, 0x2d, + 0xd4, 0xdf, 0x23, 0x28, 0x5c, 0xd0, 0x8b, 0xc7, 0x97, 0xe3, 0xf1, 0x98, 0x7a, 0x37, 0x98, 0x1c, + 0x7d, 0x4f, 0x33, 0xb0, 0xba, 0x47, 0xad, 0x03, 0x59, 0x82, 0xfd, 0xce, 0x38, 0x3e, 0x74, 0x65, + 0xcf, 0xb5, 0x90, 0xa0, 0xd4, 0x85, 0x64, 0xb2, 0xca, 0xd3, 0x0a, 0x09, 0x3e, 0x84, 0x3c, 0xf3, + 0x74, 0xaf, 0x1f, 0xb4, 0xdb, 0x3b, 0x69, 0x44, 0x8d, 0x8b, 0x11, 0xac, 0x9a, 0x4b, 0x52, 0x50, + 0xde, 0xff, 0x26, 0x52, 0x84, 0xfa, 0x1d, 0x58, 0x9b, 0xae, 0x5e, 0x64, 0x6b, 0x47, 0xe7, 0xb1, + 0xb5, 0x5b, 0x70, 0x25, 0x19, 0xc8, 0xb2, 0x39, 0xce, 0xb0, 0xf3, 0xc5, 0x46, 0xd2, 0xcc, 0xc9, + 0x23, 0xa9, 0xfa, 0x17, 0x04, 0xd3, 0xf3, 0x06, 0xff, 0x00, 0x41, 0x39, 0x9e, 0x3a, 0xfe, 0x5a, + 0x55, 0xda, 0x6c, 0x9e, 0x21, 0x6d, 0x83, 0x5e, 0x3f, 0x9a, 0x53, 0xe3, 0x08, 0x8c, 0x24, 0x65, + 0x62, 0x0d, 0x60, 0xa4, 0x72, 0x6c, 0x7a, 0x1e, 0xd9, 0xc4, 0x48, 0x04, 0x43, 0xfd, 0x77, 0x06, + 0x2e, 0xbf, 0x7e, 0x6e, 0xba, 0xe0, 0xe7, 0xa6, 0x7f, 0x22, 0xf8, 0xc8, 0x04, 0xa7, 0x9f, 0x7e, + 0x5d, 0xba, 0x0e, 0x0b, 0xba, 0x65, 0x39, 0x8f, 0xe8, 0xbe, 0xb0, 0xbe, 0x10, 0x0e, 0x87, 0x0d, + 0xff, 0x98, 0x04, 0x70, 0xfc, 0x09, 0xc8, 0xbb, 0x54, 0x67, 0xb2, 0xab, 0x14, 0xc3, 0xcc, 0x26, + 0xe2, 0x94, 0x48, 0x28, 0x6e, 0x40, 0x99, 0xc6, 0x97, 0xa2, 0x93, 0x76, 0xa6, 0x24, 0xbe, 0x7a, + 0x9c, 0x01, 0xfc, 0x7f, 0xa9, 0xb5, 0x46, 0xac, 0xd6, 0x36, 0xce, 0x56, 0x00, 0x3f, 0x14, 0x75, + 0xf6, 0x77, 0x08, 0x56, 0xa7, 0x14, 0xd9, 0x20, 0xec, 0xd1, 0xd4, 0xb0, 0x0f, 0x5f, 0xf3, 0x33, + 0x53, 0x5f, 0xf3, 0xc3, 0x88, 0xcf, 0x9e, 0x47, 0xc4, 0xff, 0x06, 0x81, 0x32, 0xcd, 0xe8, 0x70, + 0xe3, 0x45, 0xff, 0xfb, 0xbf, 0x6d, 0x4e, 0x08, 0xe3, 0x4c, 0xca, 0x30, 0xfe, 0x35, 0x82, 0xe4, + 0xfc, 0x88, 0xab, 0xc1, 0xfb, 0x44, 0xe4, 0xe9, 0x4c, 0xbc, 0x4f, 0x04, 0x4f, 0x13, 0xb3, 0xf8, + 0x3c, 0xfc, 0x0b, 0x4a, 0xf6, 0x3c, 0xfe, 0x82, 0xd2, 0xdc, 0x39, 0x7e, 0x5e, 0x99, 0x7b, 0xfa, + 0xbc, 0x32, 0xf7, 0xec, 0x79, 0x65, 0xee, 0xc9, 0xb0, 0x82, 0x8e, 0x87, 0x15, 0xf4, 0x74, 0x58, + 0x41, 0xcf, 0x86, 0x15, 0xf4, 0x8f, 0x61, 0x05, 0xfd, 0xf8, 0x45, 0x65, 0xee, 0xe1, 0xf5, 0x99, + 0xff, 0x97, 0xe4, 0xbf, 0x01, 0x00, 0x00, 0xff, 0xff, 0xa0, 0x1c, 0xfa, 0x7f, 0x77, 0x22, 0x00, + 0x00, } func (m *Action) Marshal() (dAtA []byte, err error) { @@ -1569,6 +1571,16 @@ func (m *LocalResourceAccessReview) MarshalToSizedBuffer(dAtA []byte) (int, erro _ = i var l int _ = l + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 { size, err := m.Action.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -1602,6 +1614,16 @@ func (m *LocalSubjectAccessReview) MarshalToSizedBuffer(dAtA []byte) (int, error _ = i var l int _ = l + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a if m.Scopes != nil { { size, err := m.Scopes.MarshalToSizedBuffer(dAtA[:i]) @@ -1955,6 +1977,16 @@ func (m *ResourceAccessReview) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 { size, err := m.Action.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -2410,6 +2442,16 @@ func (m *SelfSubjectRulesReview) MarshalToSizedBuffer(dAtA []byte) (int, error) _ = i var l int _ = l + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a { size, err := m.Status.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -2567,6 +2609,16 @@ func (m *SubjectAccessReview) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x2a if m.Scopes != nil { { size, err := m.Scopes.MarshalToSizedBuffer(dAtA[:i]) @@ -2672,6 +2724,16 @@ func (m *SubjectRulesReview) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a { size, err := m.Status.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -2998,6 +3060,8 @@ func (m *LocalResourceAccessReview) Size() (n int) { _ = l l = m.Action.Size() n += 1 + l + sovGenerated(uint64(l)) + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -3021,6 +3085,8 @@ func (m *LocalSubjectAccessReview) Size() (n int) { l = m.Scopes.Size() n += 1 + l + sovGenerated(uint64(l)) } + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -3155,6 +3221,8 @@ func (m *ResourceAccessReview) Size() (n int) { _ = l l = m.Action.Size() n += 1 + l + sovGenerated(uint64(l)) + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -3322,6 +3390,8 @@ func (m *SelfSubjectRulesReview) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = m.Status.Size() n += 1 + l + sovGenerated(uint64(l)) + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -3392,6 +3462,8 @@ func (m *SubjectAccessReview) Size() (n int) { l = m.Scopes.Size() n += 1 + l + sovGenerated(uint64(l)) } + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -3421,6 +3493,8 @@ func (m *SubjectRulesReview) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = m.Status.Size() n += 1 + l + sovGenerated(uint64(l)) + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -3612,6 +3686,7 @@ func (this *LocalResourceAccessReview) String() string { } s := strings.Join([]string{`&LocalResourceAccessReview{`, `Action:` + strings.Replace(strings.Replace(this.Action.String(), "Action", "Action", 1), `&`, ``, 1) + `,`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -3625,6 +3700,7 @@ func (this *LocalSubjectAccessReview) String() string { `User:` + fmt.Sprintf("%v", this.User) + `,`, `GroupsSlice:` + fmt.Sprintf("%v", this.GroupsSlice) + `,`, `Scopes:` + strings.Replace(fmt.Sprintf("%v", this.Scopes), "OptionalScopes", "OptionalScopes", 1) + `,`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -3694,6 +3770,7 @@ func (this *ResourceAccessReview) String() string { } s := strings.Join([]string{`&ResourceAccessReview{`, `Action:` + strings.Replace(strings.Replace(this.Action.String(), "Action", "Action", 1), `&`, ``, 1) + `,`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -3824,6 +3901,7 @@ func (this *SelfSubjectRulesReview) String() string { s := strings.Join([]string{`&SelfSubjectRulesReview{`, `Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "SelfSubjectRulesReviewSpec", "SelfSubjectRulesReviewSpec", 1), `&`, ``, 1) + `,`, `Status:` + strings.Replace(strings.Replace(this.Status.String(), "SubjectRulesReviewStatus", "SubjectRulesReviewStatus", 1), `&`, ``, 1) + `,`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -3874,6 +3952,7 @@ func (this *SubjectAccessReview) String() string { `User:` + fmt.Sprintf("%v", this.User) + `,`, `GroupsSlice:` + fmt.Sprintf("%v", this.GroupsSlice) + `,`, `Scopes:` + strings.Replace(fmt.Sprintf("%v", this.Scopes), "OptionalScopes", "OptionalScopes", 1) + `,`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -3898,6 +3977,7 @@ func (this *SubjectRulesReview) String() string { s := strings.Join([]string{`&SubjectRulesReview{`, `Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "SubjectRulesReviewSpec", "SubjectRulesReviewSpec", 1), `&`, ``, 1) + `,`, `Status:` + strings.Replace(strings.Replace(this.Status.String(), "SubjectRulesReviewStatus", "SubjectRulesReviewStatus", 1), `&`, ``, 1) + `,`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -5119,6 +5199,39 @@ func (m *LocalResourceAccessReview) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -5302,6 +5415,39 @@ func (m *LocalSubjectAccessReview) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -6252,6 +6398,39 @@ func (m *ResourceAccessReview) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -7510,6 +7689,39 @@ func (m *SelfSubjectRulesReview) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -8009,6 +8221,39 @@ func (m *SubjectAccessReview) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -8291,6 +8536,39 @@ func (m *SubjectRulesReview) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/vendor/github.com/openshift/api/authorization/v1/generated.proto b/vendor/github.com/openshift/api/authorization/v1/generated.proto index 774a96b828..28e4e8ce62 100644 --- a/vendor/github.com/openshift/api/authorization/v1/generated.proto +++ b/vendor/github.com/openshift/api/authorization/v1/generated.proto @@ -44,7 +44,7 @@ message Action { // Content is the actual content of the request for create and update // +kubebuilder:pruning:PreserveUnknownFields - optional k8s.io.apimachinery.pkg.runtime.RawExtension content = 7; + optional .k8s.io.apimachinery.pkg.runtime.RawExtension content = 7; } // ClusterRole is a logical grouping of PolicyRules that can be referenced as a unit by ClusterRoleBindings. @@ -54,7 +54,7 @@ message Action { message ClusterRole { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Rules holds all the PolicyRules for this ClusterRole repeated PolicyRule rules = 2; @@ -62,7 +62,7 @@ message ClusterRole { // AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. // If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be // stomped by the controller. - optional k8s.io.api.rbac.v1.AggregationRule aggregationRule = 3; + optional .k8s.io.api.rbac.v1.AggregationRule aggregationRule = 3; } // ClusterRoleBinding references a ClusterRole, but not contain it. It can reference any ClusterRole in the same namespace or in the global namespace. @@ -74,7 +74,7 @@ message ClusterRole { message ClusterRoleBinding { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // UserNames holds all the usernames directly bound to the role. // This field should only be specified when supporting legacy clients and servers. @@ -95,12 +95,12 @@ message ClusterRoleBinding { // Thus newer clients that do not need to support backwards compatibility should send // only fully qualified Subjects and should omit the UserNames and GroupNames fields. // Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames. - repeated k8s.io.api.core.v1.ObjectReference subjects = 4; + repeated .k8s.io.api.core.v1.ObjectReference subjects = 4; // RoleRef can only reference the current namespace and the global namespace. // If the ClusterRoleRef cannot be resolved, the Authorizer must return an error. // Since Policy is a singleton, this is sufficient knowledge to locate a role. - optional k8s.io.api.core.v1.ObjectReference roleRef = 5; + optional .k8s.io.api.core.v1.ObjectReference roleRef = 5; } // ClusterRoleBindingList is a collection of ClusterRoleBindings @@ -110,7 +110,7 @@ message ClusterRoleBinding { message ClusterRoleBindingList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is a list of ClusterRoleBindings repeated ClusterRoleBinding items = 2; @@ -123,7 +123,7 @@ message ClusterRoleBindingList { message ClusterRoleList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is a list of ClusterRoles repeated ClusterRole items = 2; @@ -140,7 +140,7 @@ message GroupRestriction { // Selectors specifies a list of label selectors over group labels. // +nullable - repeated k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labels = 2; + repeated .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labels = 2; } // IsPersonalSubjectAccessReview is a marker for PolicyRule.AttributeRestrictions that denotes that subjectaccessreviews on self should be allowed @@ -155,7 +155,11 @@ message IsPersonalSubjectAccessReview { // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 message LocalResourceAccessReview { - // Action describes the action being tested. The Namespace element is FORCED to the current namespace. + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 2; + + // Action describes the action being tested. The Namespace element is FORCED to the current namespace. optional Action Action = 1; } @@ -164,6 +168,10 @@ message LocalResourceAccessReview { // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 message LocalSubjectAccessReview { + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 5; + // Action describes the action being tested. The Namespace element is FORCED to the current namespace. optional Action Action = 1; @@ -244,7 +252,7 @@ message PolicyRule { // AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. // If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error. // +kubebuilder:pruning:PreserveUnknownFields - optional k8s.io.apimachinery.pkg.runtime.RawExtension attributeRestrictions = 2; + optional .k8s.io.apimachinery.pkg.runtime.RawExtension attributeRestrictions = 2; // APIGroups is the name of the APIGroup that contains the resources. If this field is empty, then both kubernetes and origin API groups are assumed. // That means that if an action is requested against one of the enumerated resources in either the kubernetes or the origin API group, the request @@ -270,6 +278,10 @@ message PolicyRule { // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 message ResourceAccessReview { + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 2; + // Action describes the action being tested. optional Action Action = 1; } @@ -303,7 +315,7 @@ message ResourceAccessReviewResponse { message Role { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Rules holds all the PolicyRules for this Role repeated PolicyRule rules = 2; @@ -318,7 +330,7 @@ message Role { message RoleBinding { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // UserNames holds all the usernames directly bound to the role. // This field should only be specified when supporting legacy clients and servers. @@ -339,12 +351,12 @@ message RoleBinding { // Thus newer clients that do not need to support backwards compatibility should send // only fully qualified Subjects and should omit the UserNames and GroupNames fields. // Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames. - repeated k8s.io.api.core.v1.ObjectReference subjects = 4; + repeated .k8s.io.api.core.v1.ObjectReference subjects = 4; // RoleRef can only reference the current namespace and the global namespace. // If the RoleRef cannot be resolved, the Authorizer must return an error. // Since Policy is a singleton, this is sufficient knowledge to locate a role. - optional k8s.io.api.core.v1.ObjectReference roleRef = 5; + optional .k8s.io.api.core.v1.ObjectReference roleRef = 5; } // RoleBindingList is a collection of RoleBindings @@ -354,7 +366,7 @@ message RoleBinding { message RoleBindingList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is a list of RoleBindings repeated RoleBinding items = 2; @@ -376,7 +388,7 @@ message RoleBindingList { message RoleBindingRestriction { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Spec defines the matcher. optional RoleBindingRestrictionSpec spec = 2; @@ -389,7 +401,7 @@ message RoleBindingRestriction { message RoleBindingRestrictionList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is a list of RoleBindingRestriction objects. repeated RoleBindingRestriction items = 2; @@ -418,7 +430,7 @@ message RoleBindingRestrictionSpec { message RoleList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is a list of Roles repeated Role items = 2; @@ -429,6 +441,10 @@ message RoleList { // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 message SelfSubjectRulesReview { + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 3; + // Spec adds information about how to conduct the check optional SelfSubjectRulesReviewSpec spec = 1; @@ -473,6 +489,10 @@ message ServiceAccountRestriction { // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 message SubjectAccessReview { + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 5; + // Action describes the action being tested. optional Action Action = 1; @@ -515,6 +535,10 @@ message SubjectAccessReviewResponse { // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 message SubjectRulesReview { + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 3; + // Spec adds information about how to conduct the check optional SubjectRulesReviewSpec spec = 1; @@ -557,6 +581,6 @@ message UserRestriction { // Selectors specifies a list of label selectors over user labels. // +nullable - repeated k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labels = 3; + repeated .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labels = 3; } diff --git a/vendor/github.com/openshift/api/authorization/v1/types.go b/vendor/github.com/openshift/api/authorization/v1/types.go index e26eaeb15c..e8dd0c29fa 100644 --- a/vendor/github.com/openshift/api/authorization/v1/types.go +++ b/vendor/github.com/openshift/api/authorization/v1/types.go @@ -154,6 +154,10 @@ type NamedRoleBinding struct { type SelfSubjectRulesReview struct { metav1.TypeMeta `json:",inline"` + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,3,opt,name=metadata"` + // Spec adds information about how to conduct the check Spec SelfSubjectRulesReviewSpec `json:"spec" protobuf:"bytes,1,opt,name=spec"` @@ -180,6 +184,10 @@ type SelfSubjectRulesReviewSpec struct { type SubjectRulesReview struct { metav1.TypeMeta `json:",inline"` + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,3,opt,name=metadata"` + // Spec adds information about how to conduct the check Spec SubjectRulesReviewSpec `json:"spec" protobuf:"bytes,1,opt,name=spec"` @@ -232,7 +240,7 @@ type ResourceAccessReviewResponse struct { // +genclient // +genclient:nonNamespaced -// +genclient:skipVerbs=apply,get,list,create,update,patch,delete,deleteCollection,watch +// +genclient:skipVerbs=apply,applyStatus,get,list,create,update,updateStatus,patch,delete,deleteCollection,watch // +genclient:method=Create,verb=create,result=ResourceAccessReviewResponse // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -244,6 +252,10 @@ type ResourceAccessReviewResponse struct { type ResourceAccessReview struct { metav1.TypeMeta `json:",inline"` + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,2,opt,name=metadata"` + // Action describes the action being tested. Action `json:",inline" protobuf:"bytes,1,opt,name=Action"` } @@ -280,7 +292,7 @@ func (t OptionalScopes) String() string { // +genclient // +genclient:nonNamespaced -// +genclient:skipVerbs=apply,get,list,create,update,patch,delete,deleteCollection,watch +// +genclient:skipVerbs=apply,applyStatus,get,list,create,update,updateStatus,patch,delete,deleteCollection,watch // +genclient:method=Create,verb=create,result=SubjectAccessReviewResponse // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -291,6 +303,10 @@ func (t OptionalScopes) String() string { type SubjectAccessReview struct { metav1.TypeMeta `json:",inline"` + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,5,opt,name=metadata"` + // Action describes the action being tested. Action `json:",inline" protobuf:"bytes,1,opt,name=Action"` // User is optional. If both User and Groups are empty, the current authenticated user is used. @@ -306,7 +322,7 @@ type SubjectAccessReview struct { } // +genclient -// +genclient:skipVerbs=apply,get,list,create,update,patch,delete,deleteCollection,watch +// +genclient:skipVerbs=apply,applyStatus,get,list,create,update,updateStatus,patch,delete,deleteCollection,watch // +genclient:method=Create,verb=create,result=ResourceAccessReviewResponse // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -317,12 +333,16 @@ type SubjectAccessReview struct { type LocalResourceAccessReview struct { metav1.TypeMeta `json:",inline"` - // Action describes the action being tested. The Namespace element is FORCED to the current namespace. + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,2,opt,name=metadata"` + + // Action describes the action being tested. The Namespace element is FORCED to the current namespace. Action `json:",inline" protobuf:"bytes,1,opt,name=Action"` } // +genclient -// +genclient:skipVerbs=apply,get,list,create,update,patch,delete,deleteCollection,watch +// +genclient:skipVerbs=apply,applyStatus,get,list,create,update,updateStatus,patch,delete,deleteCollection,watch // +genclient:method=Create,verb=create,result=SubjectAccessReviewResponse // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -333,6 +353,10 @@ type LocalResourceAccessReview struct { type LocalSubjectAccessReview struct { metav1.TypeMeta `json:",inline"` + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,5,opt,name=metadata"` + // Action describes the action being tested. The Namespace element is FORCED to the current namespace. Action `json:",inline" protobuf:"bytes,1,opt,name=Action"` // User is optional. If both User and Groups are empty, the current authenticated user is used. diff --git a/vendor/github.com/openshift/api/authorization/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/authorization/v1/zz_generated.deepcopy.go index 1214fc02bf..9b7d44f3b2 100644 --- a/vendor/github.com/openshift/api/authorization/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/authorization/v1/zz_generated.deepcopy.go @@ -232,6 +232,7 @@ func (in *IsPersonalSubjectAccessReview) DeepCopyObject() runtime.Object { func (in *LocalResourceAccessReview) DeepCopyInto(out *LocalResourceAccessReview) { *out = *in out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Action.DeepCopyInto(&out.Action) return } @@ -258,6 +259,7 @@ func (in *LocalResourceAccessReview) DeepCopyObject() runtime.Object { func (in *LocalSubjectAccessReview) DeepCopyInto(out *LocalSubjectAccessReview) { *out = *in out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Action.DeepCopyInto(&out.Action) if in.GroupsSlice != nil { in, out := &in.GroupsSlice, &out.GroupsSlice @@ -444,6 +446,7 @@ func (in *PolicyRule) DeepCopy() *PolicyRule { func (in *ResourceAccessReview) DeepCopyInto(out *ResourceAccessReview) { *out = *in out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Action.DeepCopyInto(&out.Action) return } @@ -737,6 +740,7 @@ func (in *RoleList) DeepCopyObject() runtime.Object { func (in *SelfSubjectRulesReview) DeepCopyInto(out *SelfSubjectRulesReview) { *out = *in out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) return @@ -827,6 +831,7 @@ func (in *ServiceAccountRestriction) DeepCopy() *ServiceAccountRestriction { func (in *SubjectAccessReview) DeepCopyInto(out *SubjectAccessReview) { *out = *in out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Action.DeepCopyInto(&out.Action) if in.GroupsSlice != nil { in, out := &in.GroupsSlice, &out.GroupsSlice @@ -888,6 +893,7 @@ func (in *SubjectAccessReviewResponse) DeepCopyObject() runtime.Object { func (in *SubjectRulesReview) DeepCopyInto(out *SubjectRulesReview) { *out = *in out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) return diff --git a/vendor/github.com/openshift/api/authorization/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/authorization/v1/zz_generated.swagger_doc_generated.go index 34777dc958..a8f9b374e2 100644 --- a/vendor/github.com/openshift/api/authorization/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/authorization/v1/zz_generated.swagger_doc_generated.go @@ -91,7 +91,8 @@ func (IsPersonalSubjectAccessReview) SwaggerDoc() map[string]string { } var map_LocalResourceAccessReview = map[string]string{ - "": "LocalResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "": "LocalResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", } func (LocalResourceAccessReview) SwaggerDoc() map[string]string { @@ -99,10 +100,11 @@ func (LocalResourceAccessReview) SwaggerDoc() map[string]string { } var map_LocalSubjectAccessReview = map[string]string{ - "": "LocalSubjectAccessReview is an object for requesting information about whether a user or group can perform an action in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "user": "User is optional. If both User and Groups are empty, the current authenticated user is used.", - "groups": "Groups is optional. Groups is the list of groups to which the User belongs.", - "scopes": "Scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", + "": "LocalSubjectAccessReview is an object for requesting information about whether a user or group can perform an action in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "user": "User is optional. If both User and Groups are empty, the current authenticated user is used.", + "groups": "Groups is optional. Groups is the list of groups to which the User belongs.", + "scopes": "Scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", } func (LocalSubjectAccessReview) SwaggerDoc() map[string]string { @@ -164,7 +166,8 @@ func (PolicyRule) SwaggerDoc() map[string]string { } var map_ResourceAccessReview = map[string]string{ - "": "ResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "": "ResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", } func (ResourceAccessReview) SwaggerDoc() map[string]string { @@ -258,9 +261,10 @@ func (RoleList) SwaggerDoc() map[string]string { } var map_SelfSubjectRulesReview = map[string]string{ - "": "SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "spec": "Spec adds information about how to conduct the check", - "status": "Status is completed by the server to tell which permissions you have", + "": "SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "Spec adds information about how to conduct the check", + "status": "Status is completed by the server to tell which permissions you have", } func (SelfSubjectRulesReview) SwaggerDoc() map[string]string { @@ -297,10 +301,11 @@ func (ServiceAccountRestriction) SwaggerDoc() map[string]string { } var map_SubjectAccessReview = map[string]string{ - "": "SubjectAccessReview is an object for requesting information about whether a user or group can perform an action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "user": "User is optional. If both User and Groups are empty, the current authenticated user is used.", - "groups": "GroupsSlice is optional. Groups is the list of groups to which the User belongs.", - "scopes": "Scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", + "": "SubjectAccessReview is an object for requesting information about whether a user or group can perform an action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "user": "User is optional. If both User and Groups are empty, the current authenticated user is used.", + "groups": "GroupsSlice is optional. Groups is the list of groups to which the User belongs.", + "scopes": "Scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", } func (SubjectAccessReview) SwaggerDoc() map[string]string { @@ -320,9 +325,10 @@ func (SubjectAccessReviewResponse) SwaggerDoc() map[string]string { } var map_SubjectRulesReview = map[string]string{ - "": "SubjectRulesReview is a resource you can create to determine which actions another user can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "spec": "Spec adds information about how to conduct the check", - "status": "Status is completed by the server to tell which permissions you have", + "": "SubjectRulesReview is a resource you can create to determine which actions another user can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "Spec adds information about how to conduct the check", + "status": "Status is completed by the server to tell which permissions you have", } func (SubjectRulesReview) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/build/v1/generated.proto b/vendor/github.com/openshift/api/build/v1/generated.proto index 57b54f3923..b71670f4ec 100644 --- a/vendor/github.com/openshift/api/build/v1/generated.proto +++ b/vendor/github.com/openshift/api/build/v1/generated.proto @@ -19,7 +19,7 @@ option go_package = "github.com/openshift/api/build/v1"; message BinaryBuildRequestOptions { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // asFile determines if the binary should be created as a file within the source rather than extracted as an archive optional string asFile = 2; @@ -69,7 +69,7 @@ message BitbucketWebHookCause { message Build { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // spec is all the inputs used to execute the build. optional BuildSpec spec = 2; @@ -88,10 +88,10 @@ message BuildCondition { optional string status = 2; // The last time this condition was updated. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastUpdateTime = 6; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastUpdateTime = 6; // The last time the condition transitioned from one status to another. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; // The reason for the condition's last transition. optional string reason = 4; @@ -109,7 +109,7 @@ message BuildCondition { message BuildConfig { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // spec holds all the input necessary to produce a new build, and the conditions when // to trigger them. @@ -127,7 +127,7 @@ message BuildConfig { message BuildConfigList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // items is a list of build configs repeated BuildConfig items = 2; @@ -178,7 +178,7 @@ message BuildConfigStatus { message BuildList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // items is a list of builds repeated Build items = 2; @@ -216,7 +216,7 @@ message BuildLogOptions { // precedes the time a pod was started, only logs since the pod start will be returned. // If this value is in the future, no logs will be returned. // Only one of sinceSeconds or sinceTime may be specified. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time sinceTime = 5; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time sinceTime = 5; // timestamps, If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line // of log output. Defaults to false. @@ -257,12 +257,12 @@ message BuildOutput { // This value will be used to look up a container image repository to push to. // In the case of an ImageStreamTag, the ImageStreamTag will be looked for in the namespace of // the build unless Namespace is specified. - optional k8s.io.api.core.v1.ObjectReference to = 1; + optional .k8s.io.api.core.v1.ObjectReference to = 1; // PushSecret is the name of a Secret that would be used for setting // up the authentication for executing the Docker push to authentication // enabled Docker Registry (or Docker Hub). - optional k8s.io.api.core.v1.LocalObjectReference pushSecret = 2; + optional .k8s.io.api.core.v1.LocalObjectReference pushSecret = 2; // imageLabels define a list of labels that are applied to the resulting image. If there // are multiple labels with the same name then the last one in the list is used. @@ -366,16 +366,16 @@ message BuildPostCommitSpec { message BuildRequest { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // revision is the information from the source for a specific repo snapshot. optional SourceRevision revision = 2; // triggeredByImage is the Image that triggered this build. - optional k8s.io.api.core.v1.ObjectReference triggeredByImage = 3; + optional .k8s.io.api.core.v1.ObjectReference triggeredByImage = 3; // from is the reference to the ImageStreamTag that triggered the build. - optional k8s.io.api.core.v1.ObjectReference from = 4; + optional .k8s.io.api.core.v1.ObjectReference from = 4; // binary indicates a request to build from a binary provided to the builder optional BinaryBuildSource binary = 5; @@ -386,7 +386,7 @@ message BuildRequest { optional int64 lastVersion = 6; // env contains additional environment variables you want to pass into a builder container. - repeated k8s.io.api.core.v1.EnvVar env = 7; + repeated .k8s.io.api.core.v1.EnvVar env = 7; // triggeredBy describes which triggers started the most recent update to the // build configuration and contains information about those triggers. @@ -439,7 +439,7 @@ message BuildSource { // The secret contains valid credentials for remote repository, where the // data's key represent the authentication method to be used and value is // the base64 encoded credentials. Supported auth methods are: ssh-privatekey. - optional k8s.io.api.core.v1.LocalObjectReference sourceSecret = 7; + optional .k8s.io.api.core.v1.LocalObjectReference sourceSecret = 7; // secrets represents a list of secrets and their destinations that will // be used only for the build. @@ -479,13 +479,13 @@ message BuildStatus { // startTimestamp is a timestamp representing the server time when this Build started // running in a Pod. // It is represented in RFC3339 form and is in UTC. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startTimestamp = 5; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time startTimestamp = 5; // completionTimestamp is a timestamp representing the server time when this Build was // finished, whether that build failed or succeeded. It reflects the time at which // the Pod running the Build terminated. // It is represented in RFC3339 form and is in UTC. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time completionTimestamp = 6; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time completionTimestamp = 6; // duration contains time.Duration object describing build time. optional int64 duration = 7; @@ -497,7 +497,7 @@ message BuildStatus { optional string outputDockerImageReference = 8; // config is an ObjectReference to the BuildConfig this Build is based on. - optional k8s.io.api.core.v1.ObjectReference config = 9; + optional .k8s.io.api.core.v1.ObjectReference config = 9; // output describes the container image the build has produced. optional BuildStatusOutput output = 10; @@ -677,15 +677,15 @@ message BuildVolumeSource { // secret represents a Secret that should populate this volume. // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret // +optional - optional k8s.io.api.core.v1.SecretVolumeSource secret = 2; + optional .k8s.io.api.core.v1.SecretVolumeSource secret = 2; // configMap represents a ConfigMap that should populate this volume // +optional - optional k8s.io.api.core.v1.ConfigMapVolumeSource configMap = 3; + optional .k8s.io.api.core.v1.ConfigMapVolumeSource configMap = 3; // csi represents ephemeral storage provided by external CSI drivers which support this capability // +optional - optional k8s.io.api.core.v1.CSIVolumeSource csi = 4; + optional .k8s.io.api.core.v1.CSIVolumeSource csi = 4; } // CommonSpec encapsulates all the inputs necessary to represent a build. @@ -709,7 +709,7 @@ message CommonSpec { optional BuildOutput output = 5; // resources computes resource requirements to execute the build. - optional k8s.io.api.core.v1.ResourceRequirements resources = 6; + optional .k8s.io.api.core.v1.ResourceRequirements resources = 6; // postCommit is a build hook executed after the build output image is // committed, before it is pushed to a registry. @@ -756,7 +756,7 @@ message CommonWebHookCause { message ConfigMapBuildSource { // configMap is a reference to an existing configmap that you want to use in your // build. - optional k8s.io.api.core.v1.LocalObjectReference configMap = 1; + optional .k8s.io.api.core.v1.LocalObjectReference configMap = 1; // destinationDir is the directory where the files from the configmap should be // available for the build time. @@ -772,15 +772,15 @@ message ConfigMapBuildSource { message CustomBuildStrategy { // from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which // the container image should be pulled - optional k8s.io.api.core.v1.ObjectReference from = 1; + optional .k8s.io.api.core.v1.ObjectReference from = 1; // pullSecret is the name of a Secret that would be used for setting up // the authentication for pulling the container images from the private Docker // registries - optional k8s.io.api.core.v1.LocalObjectReference pullSecret = 2; + optional .k8s.io.api.core.v1.LocalObjectReference pullSecret = 2; // env contains additional environment variables you want to pass into a builder container. - repeated k8s.io.api.core.v1.EnvVar env = 3; + repeated .k8s.io.api.core.v1.EnvVar env = 3; // exposeDockerSocket will allow running Docker commands (and build container images) from // inside the container. @@ -803,19 +803,19 @@ message DockerBuildStrategy { // from is a reference to an DockerImage, ImageStreamTag, or ImageStreamImage which overrides // the FROM image in the Dockerfile for the build. If the Dockerfile uses multi-stage builds, // this will replace the image in the last FROM directive of the file. - optional k8s.io.api.core.v1.ObjectReference from = 1; + optional .k8s.io.api.core.v1.ObjectReference from = 1; // pullSecret is the name of a Secret that would be used for setting up // the authentication for pulling the container images from the private Docker // registries - optional k8s.io.api.core.v1.LocalObjectReference pullSecret = 2; + optional .k8s.io.api.core.v1.LocalObjectReference pullSecret = 2; // noCache if set to true indicates that the container image build must be executed with the // --no-cache=true flag optional bool noCache = 3; // env contains additional environment variables you want to pass into a builder container. - repeated k8s.io.api.core.v1.EnvVar env = 4; + repeated .k8s.io.api.core.v1.EnvVar env = 4; // forcePull describes if the builder should pull the images from registry prior to building. optional bool forcePull = 5; @@ -829,7 +829,7 @@ message DockerBuildStrategy { // https://docs.docker.com/engine/reference/builder/#/arg for more details. // NOTE: Only the 'name' and 'value' fields are supported. Any settings on the 'valueFrom' field // are ignored. - repeated k8s.io.api.core.v1.EnvVar buildArgs = 7; + repeated .k8s.io.api.core.v1.EnvVar buildArgs = 7; // imageOptimizationPolicy describes what optimizations the system can use when building images // to reduce the final size or time spent building the image. The default policy is 'None' which @@ -854,7 +854,7 @@ message DockerBuildStrategy { message DockerStrategyOptions { // Args contains any build arguments that are to be passed to Docker. See // https://docs.docker.com/engine/reference/builder/#/arg for more details - repeated k8s.io.api.core.v1.EnvVar buildArgs = 1; + repeated .k8s.io.api.core.v1.EnvVar buildArgs = 1; // noCache overrides the docker-strategy noCache option in the build config optional bool noCache = 2; @@ -882,7 +882,7 @@ message GenericWebHookEvent { // env contains additional environment variables you want to pass into a builder container. // ValueFrom is not supported. - repeated k8s.io.api.core.v1.EnvVar env = 3; + repeated .k8s.io.api.core.v1.EnvVar env = 3; // DockerStrategyOptions contains additional docker-strategy specific options for the build optional DockerStrategyOptions dockerStrategyOptions = 4; @@ -960,7 +960,7 @@ message ImageChangeCause { // fromRef contains detailed information about an image that triggered a // build. - optional k8s.io.api.core.v1.ObjectReference fromRef = 2; + optional .k8s.io.api.core.v1.ObjectReference fromRef = 2; } // ImageChangeTrigger allows builds to be triggered when an ImageStream changes @@ -975,7 +975,7 @@ message ImageChangeTrigger { // It is optional. If no From is specified, the From image from the build strategy // will be used. Only one ImageChangeTrigger with an empty From reference is allowed in // a build configuration. - optional k8s.io.api.core.v1.ObjectReference from = 2; + optional .k8s.io.api.core.v1.ObjectReference from = 2; // paused is true if this trigger is temporarily disabled. Optional. optional bool paused = 3; @@ -993,7 +993,7 @@ message ImageChangeTriggerStatus { // lastTriggerTime is the last time this particular ImageStreamTag triggered a Build to start. // This field is only updated when this trigger specifically started a Build. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTriggerTime = 3; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTriggerTime = 3; } // ImageLabel represents a label applied to the resulting image. @@ -1015,7 +1015,7 @@ message ImageLabel { message ImageSource { // from is a reference to an ImageStreamTag, ImageStreamImage, or DockerImage to // copy source from. - optional k8s.io.api.core.v1.ObjectReference from = 1; + optional .k8s.io.api.core.v1.ObjectReference from = 1; // A list of image names that this source will be used in place of during a multi-stage container image // build. For instance, a Dockerfile that uses "COPY --from=nginx:latest" will first check for an image @@ -1033,7 +1033,7 @@ message ImageSource { // pullSecret is a reference to a secret to be used to pull the image from a registry // If the image is pulled from the OpenShift registry, this field does not need to be set. - optional k8s.io.api.core.v1.LocalObjectReference pullSecret = 3; + optional .k8s.io.api.core.v1.LocalObjectReference pullSecret = 3; } // ImageSourcePath describes a path to be copied from a source image and its destination within the build directory. @@ -1070,7 +1070,7 @@ message JenkinsPipelineBuildStrategy { optional string jenkinsfile = 2; // env contains additional environment variables you want to pass into a build pipeline. - repeated k8s.io.api.core.v1.EnvVar env = 3; + repeated .k8s.io.api.core.v1.EnvVar env = 3; } // OptionalNodeSelector is a map that may also be left nil to distinguish between set and unset. @@ -1100,7 +1100,7 @@ message ProxyConfig { message SecretBuildSource { // secret is a reference to an existing secret that you want to use in your // build. - optional k8s.io.api.core.v1.LocalObjectReference secret = 1; + optional .k8s.io.api.core.v1.LocalObjectReference secret = 1; // destinationDir is the directory where the files from the secret should be // available for the build time. @@ -1122,7 +1122,7 @@ message SecretLocalReference { // SecretSpec specifies a secret to be included in a build pod and its corresponding mount point message SecretSpec { // secretSource is a reference to the secret - optional k8s.io.api.core.v1.LocalObjectReference secretSource = 1; + optional .k8s.io.api.core.v1.LocalObjectReference secretSource = 1; // mountPath is the path at which to mount the secret optional string mountPath = 2; @@ -1132,15 +1132,15 @@ message SecretSpec { message SourceBuildStrategy { // from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which // the container image should be pulled - optional k8s.io.api.core.v1.ObjectReference from = 1; + optional .k8s.io.api.core.v1.ObjectReference from = 1; // pullSecret is the name of a Secret that would be used for setting up // the authentication for pulling the container images from the private Docker // registries - optional k8s.io.api.core.v1.LocalObjectReference pullSecret = 2; + optional .k8s.io.api.core.v1.LocalObjectReference pullSecret = 2; // env contains additional environment variables you want to pass into a builder container. - repeated k8s.io.api.core.v1.EnvVar env = 3; + repeated .k8s.io.api.core.v1.EnvVar env = 3; // scripts is the location of Source scripts optional string scripts = 4; @@ -1193,7 +1193,7 @@ message StageInfo { // startTime is a timestamp representing the server time when this Stage started. // It is represented in RFC3339 form and is in UTC. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startTime = 2; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time startTime = 2; // durationMilliseconds identifies how long the stage took // to complete in milliseconds. @@ -1213,7 +1213,7 @@ message StepInfo { // startTime is a timestamp representing the server time when this Step started. // it is represented in RFC3339 form and is in UTC. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startTime = 2; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time startTime = 2; // durationMilliseconds identifies how long the step took // to complete in milliseconds. diff --git a/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto b/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto index dc4557883f..085b49b25e 100644 --- a/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto +++ b/vendor/github.com/openshift/api/cloudnetwork/v1/generated.proto @@ -37,7 +37,7 @@ option go_package = "github.com/openshift/api/cloudnetwork/v1"; message CloudPrivateIPConfig { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // spec is the definition of the desired private IP request. // +kubebuilder:validation:Required @@ -58,7 +58,7 @@ message CloudPrivateIPConfig { message CloudPrivateIPConfigList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // List of CloudPrivateIPConfig. repeated CloudPrivateIPConfig items = 2; @@ -84,6 +84,6 @@ message CloudPrivateIPConfigStatus { // condition is the assignment condition of the private IP and its status // +kubebuilder:validation:Required // +required - repeated k8s.io.apimachinery.pkg.apis.meta.v1.Condition conditions = 2; + repeated .k8s.io.apimachinery.pkg.apis.meta.v1.Condition conditions = 2; } diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 707af9d848..61386a72e4 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -428,7 +428,7 @@ var KnownClusterVersionCapabilities = []ClusterVersionCapability{ } // ClusterVersionCapabilitySet defines sets of cluster version capabilities. -// +kubebuilder:validation:Enum=None;v4.11;v4.12;v4.13;v4.14;v4.15;v4.16;vCurrent +// +kubebuilder:validation:Enum=None;v4.11;v4.12;v4.13;v4.14;v4.15;v4.16;v4.17;v4.18;vCurrent type ClusterVersionCapabilitySet string const ( @@ -472,6 +472,18 @@ const ( // version of OpenShift is installed. ClusterVersionCapabilitySet4_16 ClusterVersionCapabilitySet = "v4.16" + // ClusterVersionCapabilitySet4_17 is the recommended set of + // optional capabilities to enable for the 4.17 version of + // OpenShift. This list will remain the same no matter which + // version of OpenShift is installed. + ClusterVersionCapabilitySet4_17 ClusterVersionCapabilitySet = "v4.17" + + // ClusterVersionCapabilitySet4_18 is the recommended set of + // optional capabilities to enable for the 4.18 version of + // OpenShift. This list will remain the same no matter which + // version of OpenShift is installed. + ClusterVersionCapabilitySet4_18 ClusterVersionCapabilitySet = "v4.18" + // ClusterVersionCapabilitySetCurrent is the recommended set // of optional capabilities to enable for the cluster's // current version of OpenShift. @@ -556,6 +568,42 @@ var ClusterVersionCapabilitySets = map[ClusterVersionCapabilitySet][]ClusterVers ClusterVersionCapabilityIngress, ClusterVersionCapabilityCloudControllerManager, }, + ClusterVersionCapabilitySet4_17: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, + ClusterVersionCapabilityOperatorLifecycleManager, + ClusterVersionCapabilityCloudCredential, + ClusterVersionCapabilityIngress, + ClusterVersionCapabilityCloudControllerManager, + }, + ClusterVersionCapabilitySet4_18: { + ClusterVersionCapabilityBaremetal, + ClusterVersionCapabilityConsole, + ClusterVersionCapabilityInsights, + ClusterVersionCapabilityMarketplace, + ClusterVersionCapabilityStorage, + ClusterVersionCapabilityOpenShiftSamples, + ClusterVersionCapabilityCSISnapshot, + ClusterVersionCapabilityNodeTuning, + ClusterVersionCapabilityMachineAPI, + ClusterVersionCapabilityBuild, + ClusterVersionCapabilityDeploymentConfig, + ClusterVersionCapabilityImageRegistry, + ClusterVersionCapabilityOperatorLifecycleManager, + ClusterVersionCapabilityCloudCredential, + ClusterVersionCapabilityIngress, + ClusterVersionCapabilityCloudControllerManager, + }, ClusterVersionCapabilitySetCurrent: { ClusterVersionCapabilityBaremetal, ClusterVersionCapabilityConsole, diff --git a/vendor/github.com/openshift/api/config/v1/types_image.go b/vendor/github.com/openshift/api/config/v1/types_image.go index a344086c07..d3c694a56f 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image.go +++ b/vendor/github.com/openshift/api/config/v1/types_image.go @@ -37,6 +37,23 @@ type Image struct { Status ImageStatus `json:"status"` } +// ImportModeType describes how to import an image manifest. +// +enum +// +kubebuilder:validation:Enum:="";Legacy;PreserveOriginal +type ImportModeType string + +const ( + // ImportModeLegacy indicates that the legacy behaviour should be used. + // For manifest lists, the legacy behaviour will discard the manifest list and import a single + // sub-manifest. In this case, the platform is chosen in the following order of priority: + // 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. + // This mode is the default. + ImportModeLegacy ImportModeType = "Legacy" + // ImportModePreserveOriginal indicates that the original manifest will be preserved. + // For manifest lists, the manifest list and all its sub-manifests will be imported. + ImportModePreserveOriginal ImportModeType = "PreserveOriginal" +) + type ImageSpec struct { // allowedRegistriesForImport limits the container image registries that normal users may import // images from. Set this list to the registries that you trust to contain valid Docker @@ -45,6 +62,7 @@ type ImageSpec struct { // this policy - typically only administrators or system integrations will have those // permissions. // +optional + // +listType=atomic AllowedRegistriesForImport []RegistryLocation `json:"allowedRegistriesForImport,omitempty"` // externalRegistryHostnames provides the hostnames for the default external image @@ -52,6 +70,7 @@ type ImageSpec struct { // is exposed externally. The first value is used in 'publicDockerImageRepository' // field in ImageStreams. The value must be in "hostname[:port]" format. // +optional + // +listType=atomic ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"` // additionalTrustedCA is a reference to a ConfigMap containing additional CAs that @@ -67,6 +86,21 @@ type ImageSpec struct { // internal cluster registry. // +optional RegistrySources RegistrySources `json:"registrySources"` + + // imageStreamImportMode controls the import mode behaviour of imagestreams. + // It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value + // is specified, this setting is applied to all newly created imagestreams which do not have the + // value set. `Legacy` indicates that the legacy behaviour should be used. + // For manifest lists, the legacy behaviour will discard the manifest list and import a single + // sub-manifest. In this case, the platform is chosen in the following order of priority: + // 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. + // `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, + // the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be + // decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload + // implies the import mode is Legacy and multi payload implies PreserveOriginal. + // +openshift:enable:FeatureGate=ImageStreamImportMode + // +optional + ImageStreamImportMode ImportModeType `json:"imageStreamImportMode"` } type ImageStatus struct { @@ -82,7 +116,22 @@ type ImageStatus struct { // is exposed externally. The first value is used in 'publicDockerImageRepository' // field in ImageStreams. The value must be in "hostname[:port]" format. // +optional + // +listType=atomic ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"` + + // imageStreamImportMode controls the import mode behaviour of imagestreams. It can be + // `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. + // For manifest lists, the legacy behaviour will discard the manifest list and import a single + // sub-manifest. In this case, the platform is chosen in the following order of priority: + // 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. + // `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, + // the manifest list and all its sub-manifests will be imported. This value will be reconciled based + // on either the spec value or if no spec value is specified, the image registry operator would look + // at the ClusterVersion status to determine the payload type and set the import mode accordingly, + // i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal. + // +openshift:enable:FeatureGate=ImageStreamImportMode + // +optional + ImageStreamImportMode ImportModeType `json:"imageStreamImportMode,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -116,16 +165,19 @@ type RegistryLocation struct { type RegistrySources struct { // insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections. // +optional + // +listType=atomic InsecureRegistries []string `json:"insecureRegistries,omitempty"` // blockedRegistries cannot be used for image pull and push actions. All other registries are permitted. // // Only one of BlockedRegistries or AllowedRegistries may be set. // +optional + // +listType=atomic BlockedRegistries []string `json:"blockedRegistries,omitempty"` // allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied. // // Only one of BlockedRegistries or AllowedRegistries may be set. // +optional + // +listType=atomic AllowedRegistries []string `json:"allowedRegistries,omitempty"` // containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified // domains in their pull specs. Registries will be searched in the order provided in the list. diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index e5ff5fc619..392d128c11 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -269,6 +269,7 @@ type ExternalPlatformSpec struct { // PlatformSpec holds the desired state specific to the underlying infrastructure provider // of the current cluster. Since these are used at spec-level for the underlying cluster, it // is supposed that only one of the spec structs is set. +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.vsphere) && has(self.vsphere) ? size(self.vsphere.vcenters) < 2 : true",message="vcenters can have at most 1 item when configured post-install" type PlatformSpec struct { // type is the underlying infrastructure provider for the cluster. This // value controls whether infrastructure automation such as service load @@ -1205,13 +1206,16 @@ type VSpherePlatformTopology struct { ComputeCluster string `json:"computeCluster"` // networks is the list of port group network names within this failure domain. - // Currently, we only support a single interface per RHCOS virtual machine. + // If feature gate VSphereMultiNetworks is enabled, up to 10 network adapters may be defined. + // 10 is the maximum number of virtual network devices which may be attached to a VM as defined by: + // https://configmax.esp.vmware.com/guest?vmwareproduct=vSphere&release=vSphere%208.0&categories=1-0 // The available networks (port groups) can be listed using // `govc ls 'network/*'` - // The single interface should be the absolute path of the form + // Networks should be in the form of an absolute path: // //network/. // +kubebuilder:validation:Required - // +kubebuilder:validation:MaxItems=1 + // +openshift:validation:FeatureGateAwareMaxItems:featureGate="",maxItems=1 + // +openshift:validation:FeatureGateAwareMaxItems:featureGate=VSphereMultiNetworks,maxItems=10 // +kubebuilder:validation:MinItems=1 // +listType=atomic Networks []string `json:"networks"` @@ -1338,15 +1342,22 @@ type VSpherePlatformNodeNetworking struct { // use these fields for configuration. // +kubebuilder:validation:XValidation:rule="!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)",message="apiServerInternalIPs list is required once set" // +kubebuilder:validation:XValidation:rule="!has(oldSelf.ingressIPs) || has(self.ingressIPs)",message="ingressIPs list is required once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.vcenters) && has(self.vcenters) ? size(self.vcenters) < 2 : true",message="vcenters can have at most 1 item when configured post-install" type VSpherePlatformSpec struct { // vcenters holds the connection details for services to communicate with vCenter. - // Currently, only a single vCenter is supported. + // Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported. + // Once the cluster has been installed, you are unable to change the current number of defined + // vCenters except in the case where the cluster has been upgraded from a version of OpenShift + // where the vsphere platform spec was not present. You may make modifications to the existing + // vCenters that are defined in the vcenters list in order to match with any added or modified + // failure domains. // --- // + If VCenters is not defined use the existing cloud-config configmap defined // + in openshift-config. // +kubebuilder:validation:MinItems=0 // +openshift:validation:FeatureGateAwareMaxItems:featureGate="",maxItems=1 // +openshift:validation:FeatureGateAwareMaxItems:featureGate=VSphereMultiVCenters,maxItems=3 + // +kubebuilder:validation:XValidation:rule="size(self) != size(oldSelf) ? size(oldSelf) == 0 && size(self) < 2 : true",message="vcenters cannot be added or removed once set" // +listType=atomic // +optional VCenters []VSpherePlatformVCenterSpec `json:"vcenters,omitempty"` diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go index 211d5c0886..1eeae69dac 100644 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ b/vendor/github.com/openshift/api/config/v1/types_network.go @@ -55,11 +55,11 @@ type NetworkSpec struct { // +listType=atomic ServiceNetwork []string `json:"serviceNetwork"` - // NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). + // NetworkType is the plugin that is to be deployed (e.g. OVNKubernetes). // This should match a value that the cluster-network-operator understands, // or else no networking will be installed. // Currently supported values are: - // - OpenShiftSDN + // - OVNKubernetes // This field is immutable after installation. NetworkType string `json:"networkType"` @@ -101,7 +101,7 @@ type NetworkStatus struct { // +listType=atomic ServiceNetwork []string `json:"serviceNetwork,omitempty"` - // NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). + // NetworkType is the plugin that is deployed (e.g. OVNKubernetes). NetworkType string `json:"networkType,omitempty"` // ClusterNetworkMTU is the MTU for inter-pod networking. @@ -111,15 +111,12 @@ type NetworkStatus struct { Migration *NetworkMigration `json:"migration,omitempty"` // conditions represents the observations of a network.config current state. - // Known .status.conditions.type are: "NetworkTypeMigrationInProgress", "NetworkTypeMigrationMTUReady", - // "NetworkTypeMigrationTargetCNIAvailable", "NetworkTypeMigrationTargetCNIInUse", - // "NetworkTypeMigrationOriginalCNIPurged" and "NetworkDiagnosticsAvailable" + // Known .status.conditions.type are: "NetworkDiagnosticsAvailable" // +optional // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type - // +openshift:enable:FeatureGate=NetworkLiveMigration // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` } @@ -186,15 +183,15 @@ type NetworkList struct { Items []Network `json:"items"` } -// NetworkMigration represents the cluster network configuration. +// NetworkMigration represents the network migration status. type NetworkMigration struct { - // NetworkType is the target plugin that is to be deployed. - // Currently supported values are: OpenShiftSDN, OVNKubernetes - // +kubebuilder:validation:Enum={"OpenShiftSDN","OVNKubernetes"} + // NetworkType is the target plugin that is being deployed. + // DEPRECATED: network type migration is no longer supported, + // so this should always be unset. // +optional NetworkType string `json:"networkType,omitempty"` - // MTU contains the MTU migration configuration. + // MTU is the MTU configuration that is being deployed. // +optional MTU *MTUMigration `json:"mtu,omitempty"` } diff --git a/vendor/github.com/openshift/api/config/v1/types_node.go b/vendor/github.com/openshift/api/config/v1/types_node.go index 8bf099bd5c..b3b1b62c4d 100644 --- a/vendor/github.com/openshift/api/config/v1/types_node.go +++ b/vendor/github.com/openshift/api/config/v1/types_node.go @@ -48,7 +48,15 @@ type NodeSpec struct { WorkerLatencyProfile WorkerLatencyProfileType `json:"workerLatencyProfile,omitempty"` } -type NodeStatus struct{} +type NodeStatus struct { + // conditions contain the details and the current state of the nodes.config object + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` +} // +kubebuilder:validation:Enum=v1;v2;"" type CgroupMode string diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 9a81bc559c..0693469984 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -3783,7 +3783,7 @@ func (in *Node) DeepCopyInto(out *Node) { out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) out.Spec = in.Spec - out.Status = in.Status + in.Status.DeepCopyInto(&out.Status) return } @@ -3857,6 +3857,13 @@ func (in *NodeSpec) DeepCopy() *NodeSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeStatus) DeepCopyInto(out *NodeStatus) { *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index ddc7594f75..fa5dd4e31d 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -218,7 +218,8 @@ images.config.openshift.io: CRDName: images.config.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - ImageStreamImportMode FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -313,6 +314,7 @@ infrastructures.config.openshift.io: - GCPClusterHostedDNS - GCPLabelsTags - VSphereControlPlaneMachineSet + - VSphereMultiNetworks - VSphereMultiVCenters FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" @@ -359,7 +361,6 @@ networks.config.openshift.io: Category: "" FeatureGates: - NetworkDiagnosticsConfig - - NetworkLiveMigration FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index e5e9bdb897..c580bd8342 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -1016,6 +1016,7 @@ var map_ImageSpec = map[string]string{ "externalRegistryHostnames": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", "additionalTrustedCA": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config.", "registrySources": "registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry.", + "imageStreamImportMode": "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.", } func (ImageSpec) SwaggerDoc() map[string]string { @@ -1025,6 +1026,7 @@ func (ImageSpec) SwaggerDoc() map[string]string { var map_ImageStatus = map[string]string{ "internalRegistryHostname": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format. This value is set by the image registry operator which controls the internal registry hostname.", "externalRegistryHostnames": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", + "imageStreamImportMode": "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. This value will be reconciled based on either the spec value or if no spec value is specified, the image registry operator would look at the ClusterVersion status to determine the payload type and set the import mode accordingly, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.", } func (ImageStatus) SwaggerDoc() map[string]string { @@ -1778,7 +1780,7 @@ func (VSpherePlatformNodeNetworkingSpec) SwaggerDoc() map[string]string { var map_VSpherePlatformSpec = map[string]string{ "": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. In the future the cloud provider operator, storage operator and machine operator will use these fields for configuration.", - "vcenters": "vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported.", + "vcenters": "vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported. Once the cluster has been installed, you are unable to change the current number of defined vCenters except in the case where the cluster has been upgraded from a version of OpenShift where the vsphere platform spec was not present. You may make modifications to the existing vCenters that are defined in the vcenters list in order to match with any added or modified failure domains.", "failureDomains": "failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.", "nodeNetworking": "nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.", "apiServerInternalIPs": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", @@ -1809,7 +1811,7 @@ var map_VSpherePlatformTopology = map[string]string{ "": "VSpherePlatformTopology holds the required and optional vCenter objects - datacenter, computeCluster, networks, datastore and resourcePool - to provision virtual machines.", "datacenter": "datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters.", "computeCluster": "computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form //host/. The maximum length of the path is 2048 characters.", - "networks": "networks is the list of port group network names within this failure domain. Currently, we only support a single interface per RHCOS virtual machine. The available networks (port groups) can be listed using `govc ls 'network/*'` The single interface should be the absolute path of the form //network/.", + "networks": "networks is the list of port group network names within this failure domain. If feature gate VSphereMultiNetworks is enabled, up to 10 network adapters may be defined. 10 is the maximum number of virtual network devices which may be attached to a VM as defined by: https://configmax.esp.vmware.com/guest?vmwareproduct=vSphere&release=vSphere%208.0&categories=1-0 The available networks (port groups) can be listed using `govc ls 'network/*'` Networks should be in the form of an absolute path: //network/.", "datastore": "datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form //datastore/ The maximum length of the path is 2048 characters.", "resourcePool": "resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form //host//Resources/. The maximum length of the path is 2048 characters.", "folder": "folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form //vm/. The maximum length of the path is 2048 characters.", @@ -2027,9 +2029,9 @@ func (NetworkList) SwaggerDoc() map[string]string { } var map_NetworkMigration = map[string]string{ - "": "NetworkMigration represents the cluster network configuration.", - "networkType": "NetworkType is the target plugin that is to be deployed. Currently supported values are: OpenShiftSDN, OVNKubernetes", - "mtu": "MTU contains the MTU migration configuration.", + "": "NetworkMigration represents the network migration status.", + "networkType": "NetworkType is the target plugin that is being deployed. DEPRECATED: network type migration is no longer supported, so this should always be unset.", + "mtu": "MTU is the MTU configuration that is being deployed.", } func (NetworkMigration) SwaggerDoc() map[string]string { @@ -2040,7 +2042,7 @@ var map_NetworkSpec = map[string]string{ "": "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", "clusterNetwork": "IP address pool to use for pod IPs. This field is immutable after installation.", "serviceNetwork": "IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.", - "networkType": "NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN This field is immutable after installation.", + "networkType": "NetworkType is the plugin that is to be deployed (e.g. OVNKubernetes). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OVNKubernetes This field is immutable after installation.", "externalIP": "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.", "serviceNodePortRange": "The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.", "networkDiagnostics": "networkDiagnostics defines network diagnostics configuration.\n\nTakes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.", @@ -2054,10 +2056,10 @@ var map_NetworkStatus = map[string]string{ "": "NetworkStatus is the current network configuration.", "clusterNetwork": "IP address pool to use for pod IPs.", "serviceNetwork": "IP address pool for services. Currently, we only support a single entry here.", - "networkType": "NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).", + "networkType": "NetworkType is the plugin that is deployed (e.g. OVNKubernetes).", "clusterNetworkMTU": "ClusterNetworkMTU is the MTU for inter-pod networking.", "migration": "Migration contains the cluster network migration configuration.", - "conditions": "conditions represents the observations of a network.config current state. Known .status.conditions.type are: \"NetworkTypeMigrationInProgress\", \"NetworkTypeMigrationMTUReady\", \"NetworkTypeMigrationTargetCNIAvailable\", \"NetworkTypeMigrationTargetCNIInUse\", \"NetworkTypeMigrationOriginalCNIPurged\" and \"NetworkDiagnosticsAvailable\"", + "conditions": "conditions represents the observations of a network.config current state. Known .status.conditions.type are: \"NetworkDiagnosticsAvailable\"", } func (NetworkStatus) SwaggerDoc() map[string]string { @@ -2093,6 +2095,14 @@ func (NodeSpec) SwaggerDoc() map[string]string { return map_NodeSpec } +var map_NodeStatus = map[string]string{ + "conditions": "conditions contain the details and the current state of the nodes.config object", +} + +func (NodeStatus) SwaggerDoc() map[string]string { + return map_NodeStatus +} + var map_BasicAuthIdentityProvider = map[string]string{ "": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials", } diff --git a/vendor/github.com/openshift/api/console/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/console/v1/zz_generated.deepcopy.go index a268d697ac..b7cd66da0c 100644 --- a/vendor/github.com/openshift/api/console/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/console/v1/zz_generated.deepcopy.go @@ -648,7 +648,9 @@ func (in *ConsoleQuickStartSpec) DeepCopyInto(out *ConsoleQuickStartSpec) { if in.AccessReviewResources != nil { in, out := &in.AccessReviewResources, &out.AccessReviewResources *out = make([]authorizationv1.ResourceAttributes, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } return } diff --git a/vendor/github.com/openshift/api/envtest-releases.yaml b/vendor/github.com/openshift/api/envtest-releases.yaml new file mode 100644 index 0000000000..5651bbcc9d --- /dev/null +++ b/vendor/github.com/openshift/api/envtest-releases.yaml @@ -0,0 +1,27 @@ +releases: + v1.30.3: + envtest-v1.30.3-darwin-amd64.tar.gz: + hash: 81ab2ad5841522976d9a5fc58642b745cf308230b0f2e634acfb2d5c8f288ef837f7b82144a5e91db607d86885101e06dd473a68bcac0d71be2297edc4aaa92e + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.30.3-darwin-amd64.tar.gz + envtest-v1.30.3-darwin-arm64.tar.gz: + hash: 8913c1e2e4b6eab0c92d9ddc611cea1b8a5173374e7544a667366ea66bc98a7d3442f21d34e7da65ba2dbe8e5778b2b0497943514b7b3639fc793bd0e98086f5 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.30.3-darwin-arm64.tar.gz + envtest-v1.30.3-linux-amd64.tar.gz: + hash: 6e81caf1d20c608b0149f36ca8dc6d68e97b22e07f69f1f0788d6c0057ae92fcaae402d26b6766819a31dac1911c6d07bf0328f152d6dd52dcebee94009de024 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.30.3-linux-amd64.tar.gz + envtest-v1.30.3-linux-arm64.tar.gz: + hash: deb395d5e9578a58786c42b4e7d878b4aef984ac2dce510031fbecf12092162a4aee1cde774f1527cfae90f6885382dc7b3d79ec379b7f4160c3a35fad7cbc3b + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.30.3-linux-arm64.tar.gz + v1.31.1: + envtest-v1.31.1-darwin-amd64.tar.gz: + hash: c884c6a9751f12f57ede0dc3d8dfffdb0f60f7111d6d01ca0693b66d663dfbd37c21ab6a9e571d1a6f649ed7db54b04b069ab0aff6366b2db2f5d3d8ba84a296 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.31.1-darwin-amd64.tar.gz + envtest-v1.31.1-darwin-arm64.tar.gz: + hash: c760be21c579a516cad8fbafd0f202229f5e074da1869958b84ae8dca295ffb33eb6fd4fd0b66349c31c4adff1561e7dd188137885e3661e34c0a14e12ada20e + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.31.1-darwin-arm64.tar.gz + envtest-v1.31.1-linux-amd64.tar.gz: + hash: a683fad736249b681d50c40715068ecb64f3ef22a85f29387eb61435c36dfe0cebf0bc7e109e237071cd856bc0e37d79a732309fd8d0b16fba6e019cf5c6e8b6 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.31.1-linux-amd64.tar.gz + envtest-v1.31.1-linux-arm64.tar.gz: + hash: 86fa42c6a3d92e438e35d6066587d0e4f36b910885e10520868959ece2fe740d99abc735f69d6ebe8920291f70d3819b169ad5ddd2db805f8f56a3b83eee3893 + selfLink: https://storage.googleapis.com/openshift-kubebuilder-tools/envtest-v1.31.1-linux-arm64.tar.gz diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md index 376918e26b..e668fc88b3 100644 --- a/vendor/github.com/openshift/api/features.md +++ b/vendor/github.com/openshift/api/features.md @@ -7,31 +7,27 @@ | MachineAPIOperatorDisableMachineHealthCheckController| | | | | | | | MultiArchInstallAzure| | | | | | | | GatewayAPI| | | Enabled | Enabled | | | +| AdditionalRoutingCapabilities| | | Enabled | Enabled | Enabled | Enabled | | AutomatedEtcdBackup| | | Enabled | Enabled | Enabled | Enabled | | BootcNodeManagement| | | Enabled | Enabled | Enabled | Enabled | | CSIDriverSharedResource| | | Enabled | Enabled | Enabled | Enabled | -| ClusterAPIInstallAzure| | | Enabled | Enabled | Enabled | Enabled | -| ClusterAPIInstallPowerVS| | | Enabled | Enabled | Enabled | Enabled | | ClusterMonitoringConfig| | | Enabled | Enabled | Enabled | Enabled | | DNSNameResolver| | | Enabled | Enabled | Enabled | Enabled | | DynamicResourceAllocation| | | Enabled | Enabled | Enabled | Enabled | | EtcdBackendQuota| | | Enabled | Enabled | Enabled | Enabled | | Example| | | Enabled | Enabled | Enabled | Enabled | -| ExternalRouteCertificate| | | Enabled | Enabled | Enabled | Enabled | | GCPClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled | -| GCPLabelsTags| | | Enabled | Enabled | Enabled | Enabled | +| ImageStreamImportMode| | | Enabled | Enabled | Enabled | Enabled | | InsightsConfig| | | Enabled | Enabled | Enabled | Enabled | | InsightsConfigAPI| | | Enabled | Enabled | Enabled | Enabled | | InsightsOnDemandDataGather| | | Enabled | Enabled | Enabled | Enabled | -| InstallAlternateInfrastructureAWS| | | Enabled | Enabled | Enabled | Enabled | +| InsightsRuntimeExtractor| | | Enabled | Enabled | Enabled | Enabled | | MachineAPIProviderOpenStack| | | Enabled | Enabled | Enabled | Enabled | | MachineConfigNodes| | | Enabled | Enabled | Enabled | Enabled | | ManagedBootImagesAWS| | | Enabled | Enabled | Enabled | Enabled | | MaxUnavailableStatefulSet| | | Enabled | Enabled | Enabled | Enabled | | MetricsCollectionProfiles| | | Enabled | Enabled | Enabled | Enabled | | MixedCPUsAllocation| | | Enabled | Enabled | Enabled | Enabled | -| MultiArchInstallAWS| | | Enabled | Enabled | Enabled | Enabled | -| MultiArchInstallGCP| | | Enabled | Enabled | Enabled | Enabled | | NetworkSegmentation| | | Enabled | Enabled | Enabled | Enabled | | NewOLM| | | Enabled | Enabled | Enabled | Enabled | | NodeSwap| | | Enabled | Enabled | Enabled | Enabled | @@ -40,15 +36,21 @@ | PersistentIPsForVirtualization| | | Enabled | Enabled | Enabled | Enabled | | PinnedImages| | | Enabled | Enabled | Enabled | Enabled | | PlatformOperators| | | Enabled | Enabled | Enabled | Enabled | +| ProcMountType| | | Enabled | Enabled | Enabled | Enabled | +| RouteAdvertisements| | | Enabled | Enabled | Enabled | Enabled | | RouteExternalCertificate| | | Enabled | Enabled | Enabled | Enabled | | ServiceAccountTokenNodeBinding| | | Enabled | Enabled | Enabled | Enabled | | SignatureStores| | | Enabled | Enabled | Enabled | Enabled | | SigstoreImageVerification| | | Enabled | Enabled | Enabled | Enabled | | TranslateStreamCloseWebsocketRequests| | | Enabled | Enabled | Enabled | Enabled | | UpgradeStatus| | | Enabled | Enabled | Enabled | Enabled | +| UserNamespacesPodSecurityStandards| | | Enabled | Enabled | Enabled | Enabled | +| UserNamespacesSupport| | | Enabled | Enabled | Enabled | Enabled | +| VSphereMultiNetworks| | | Enabled | Enabled | Enabled | Enabled | | VSphereMultiVCenters| | | Enabled | Enabled | Enabled | Enabled | | VolumeGroupSnapshot| | | Enabled | Enabled | Enabled | Enabled | | ExternalOIDC| Enabled | | Enabled | Enabled | Enabled | Enabled | +| AWSEFSDriverVolumeMetrics| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | AdminNetworkPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | AlibabaPlatform| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | @@ -56,21 +58,15 @@ | BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ChunkSizeMiB| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | CloudDualStackNodeIPs| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ClusterAPIInstallAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ClusterAPIInstallGCP| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ClusterAPIInstallNutanix| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ClusterAPIInstallOpenStack| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ClusterAPIInstallVSphere| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | DisableKubeletCloudCredentialProviders| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ExternalCloudProvider| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ExternalCloudProviderAzure| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ExternalCloudProviderExternal| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ExternalCloudProviderGCP| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| GCPLabelsTags| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | HardwareSpeed| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | IngressControllerLBSubnetsAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ManagedBootImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MetricsServer| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| MultiArchInstallAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| MultiArchInstallGCP| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | NetworkDiagnosticsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | NetworkLiveMigration| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | NodeDisruptionPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/vendor/github.com/openshift/api/features/features.go b/vendor/github.com/openshift/api/features/features.go index 7982291868..7f49623954 100644 --- a/vendor/github.com/openshift/api/features/features.go +++ b/vendor/github.com/openshift/api/features/features.go @@ -66,35 +66,7 @@ var ( FeatureGateOpenShiftPodSecurityAdmission = newFeatureGate("OpenShiftPodSecurityAdmission"). reportProblemsToJiraComponent("auth"). - contactPerson("stlaz"). - productScope(ocpSpecific). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateExternalCloudProvider = newFeatureGate("ExternalCloudProvider"). - reportProblemsToJiraComponent("cloud-provider"). - contactPerson("jspeed"). - productScope(ocpSpecific). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateExternalCloudProviderAzure = newFeatureGate("ExternalCloudProviderAzure"). - reportProblemsToJiraComponent("cloud-provider"). - contactPerson("jspeed"). - productScope(ocpSpecific). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateExternalCloudProviderGCP = newFeatureGate("ExternalCloudProviderGCP"). - reportProblemsToJiraComponent("cloud-provider"). - contactPerson("jspeed"). - productScope(ocpSpecific). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateExternalCloudProviderExternal = newFeatureGate("ExternalCloudProviderExternal"). - reportProblemsToJiraComponent("cloud-provider"). - contactPerson("elmiko"). + contactPerson("ibihim"). productScope(ocpSpecific). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -134,6 +106,13 @@ var ( enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + FeatureGateInsightsRuntimeExtractor = newFeatureGate("InsightsRuntimeExtractor"). + reportProblemsToJiraComponent("insights"). + contactPerson("jmesnil"). + productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + FeatureGateDynamicResourceAllocation = newFeatureGate("DynamicResourceAllocation"). reportProblemsToJiraComponent("scheduling"). contactPerson("jchaloup"). @@ -179,7 +158,7 @@ var ( reportProblemsToJiraComponent("Installer"). contactPerson("bhb"). productScope(ocpSpecific). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateAlibabaPlatform = newFeatureGate("AlibabaPlatform"). @@ -231,6 +210,20 @@ var ( enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + FeatureGateAdditionalRoutingCapabilities = newFeatureGate("AdditionalRoutingCapabilities"). + reportProblemsToJiraComponent("Networking/cluster-network-operator"). + contactPerson("jcaamano"). + productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateRouteAdvertisements = newFeatureGate("RouteAdvertisements"). + reportProblemsToJiraComponent("Networking/ovn-kubernetes"). + contactPerson("jcaamano"). + productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + FeatureGateNetworkLiveMigration = newFeatureGate("NetworkLiveMigration"). reportProblemsToJiraComponent("Networking/ovn-kubernetes"). contactPerson("pliu"). @@ -313,13 +306,6 @@ var ( enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() - FeatureGateInstallAlternateInfrastructureAWS = newFeatureGate("InstallAlternateInfrastructureAWS"). - reportProblemsToJiraComponent("Installer"). - contactPerson("padillon"). - productScope(ocpSpecific). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - FeatureGateGCPClusterHostedDNS = newFeatureGate("GCPClusterHostedDNS"). reportProblemsToJiraComponent("Installer"). contactPerson("barbacbd"). @@ -413,7 +399,7 @@ var ( FeatureGateExternalOIDC = newFeatureGate("ExternalOIDC"). reportProblemsToJiraComponent("authentication"). - contactPerson("stlaz"). + contactPerson("liouk"). productScope(ocpSpecific). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). enableForClusterProfile(Hypershift, configv1.Default, configv1.TechPreviewNoUpgrade). @@ -440,13 +426,6 @@ var ( enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() - FeatureGateExternalRouteCertificate = newFeatureGate("ExternalRouteCertificate"). - reportProblemsToJiraComponent("network-edge"). - contactPerson("miciah"). - productScope(ocpSpecific). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - FeatureGateInsightsOnDemandDataGather = newFeatureGate("InsightsOnDemandDataGather"). reportProblemsToJiraComponent("insights"). contactPerson("tremes"). @@ -489,61 +468,12 @@ var ( enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() - FeatureGateClusterAPIInstallAWS = newFeatureGate("ClusterAPIInstallAWS"). - reportProblemsToJiraComponent("Installer"). - contactPerson("r4f4"). - productScope(ocpSpecific). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateClusterAPIInstallAzure = newFeatureGate("ClusterAPIInstallAzure"). - reportProblemsToJiraComponent("Installer"). - contactPerson("jhixson74"). - productScope(ocpSpecific). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateClusterAPIInstallGCP = newFeatureGate("ClusterAPIInstallGCP"). - reportProblemsToJiraComponent("Installer"). - contactPerson("bfournie"). - productScope(ocpSpecific). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - FeatureGateClusterAPIInstallIBMCloud = newFeatureGate("ClusterAPIInstallIBMCloud"). reportProblemsToJiraComponent("Installer"). contactPerson("cjschaef"). productScope(ocpSpecific). mustRegister() - FeatureGateClusterAPIInstallNutanix = newFeatureGate("ClusterAPIInstallNutanix"). - reportProblemsToJiraComponent("Installer"). - contactPerson("yanhua121"). - productScope(ocpSpecific). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateClusterAPIInstallOpenStack = newFeatureGate("ClusterAPIInstallOpenStack"). - reportProblemsToJiraComponent("Installer"). - contactPerson("stephenfin"). - productScope(ocpSpecific). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateClusterAPIInstallPowerVS = newFeatureGate("ClusterAPIInstallPowerVS"). - reportProblemsToJiraComponent("Installer"). - contactPerson("mjturek"). - productScope(ocpSpecific). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - - FeatureGateClusterAPIInstallVSphere = newFeatureGate("ClusterAPIInstallVSphere"). - reportProblemsToJiraComponent("Installer"). - contactPerson("rvanderp3"). - productScope(ocpSpecific). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - FeatureGateChunkSizeMiB = newFeatureGate("ChunkSizeMiB"). reportProblemsToJiraComponent("Image Registry"). contactPerson("flavianmissi"). @@ -575,7 +505,7 @@ var ( reportProblemsToJiraComponent("Installer"). contactPerson("r4f4"). productScope(ocpSpecific). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateMultiArchInstallAzure = newFeatureGate("MultiArchInstallAzure"). @@ -588,7 +518,7 @@ var ( reportProblemsToJiraComponent("Installer"). contactPerson("r4f4"). productScope(ocpSpecific). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateIngressControllerLBSubnetsAWS = newFeatureGate("IngressControllerLBSubnetsAWS"). @@ -597,4 +527,46 @@ var ( productScope(ocpSpecific). enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + + FeatureGateAWSEFSDriverVolumeMetrics = newFeatureGate("AWSEFSDriverVolumeMetrics"). + reportProblemsToJiraComponent("Storage / Kubernetes External Components"). + contactPerson("fbertina"). + productScope(ocpSpecific). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateImageStreamImportMode = newFeatureGate("ImageStreamImportMode"). + reportProblemsToJiraComponent("Multi-Arch"). + contactPerson("psundara"). + productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateUserNamespacesSupport = newFeatureGate("UserNamespacesSupport"). + reportProblemsToJiraComponent("Node"). + contactPerson("haircommander"). + productScope(kubernetes). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateUserNamespacesPodSecurityStandards = newFeatureGate("UserNamespacesPodSecurityStandards"). + reportProblemsToJiraComponent("Node"). + contactPerson("haircommander"). + productScope(kubernetes). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateProcMountType = newFeatureGate("ProcMountType"). + reportProblemsToJiraComponent("Node"). + contactPerson("haircommander"). + productScope(kubernetes). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateVSphereMultiNetworks = newFeatureGate("VSphereMultiNetworks"). + reportProblemsToJiraComponent("SPLAT"). + contactPerson("rvanderp"). + productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() ) diff --git a/vendor/github.com/openshift/api/image/v1/generated.proto b/vendor/github.com/openshift/api/image/v1/generated.proto index 0b7ae71822..6b5f24cb21 100644 --- a/vendor/github.com/openshift/api/image/v1/generated.proto +++ b/vendor/github.com/openshift/api/image/v1/generated.proto @@ -45,7 +45,7 @@ message DockerImageReference { message Image { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // DockerImageReference is the string that can be used to pull this image. optional string dockerImageReference = 2; @@ -53,7 +53,7 @@ message Image { // DockerImageMetadata contains metadata about this image // +patchStrategy=replace // +kubebuilder:pruning:PreserveUnknownFields - optional k8s.io.apimachinery.pkg.runtime.RawExtension dockerImageMetadata = 3; + optional .k8s.io.apimachinery.pkg.runtime.RawExtension dockerImageMetadata = 3; // DockerImageMetadataVersion conveys the version of the object, which if empty defaults to "1.0" optional string dockerImageMetadataVersion = 4; @@ -115,10 +115,10 @@ message ImageBlobReferences { // ImageImportSpec describes a request to import a specific image. message ImageImportSpec { // From is the source of an image to import; only kind DockerImage is allowed - optional k8s.io.api.core.v1.ObjectReference from = 1; + optional .k8s.io.api.core.v1.ObjectReference from = 1; // To is a tag in the current image stream to assign the imported image to, if name is not specified the default tag from from.name will be used - optional k8s.io.api.core.v1.LocalObjectReference to = 2; + optional .k8s.io.api.core.v1.LocalObjectReference to = 2; // ImportPolicy is the policy controlling how the image is imported optional TagImportPolicy importPolicy = 3; @@ -133,7 +133,7 @@ message ImageImportSpec { // ImageImportStatus describes the result of an image import. message ImageImportStatus { // Status is the status of the image import, including errors encountered while retrieving the image - optional k8s.io.apimachinery.pkg.apis.meta.v1.Status status = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Status status = 1; // Image is the metadata of that image, if the image was located optional Image image = 2; @@ -174,7 +174,7 @@ message ImageLayerData { message ImageList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is a list of images repeated Image items = 2; @@ -226,7 +226,7 @@ message ImageManifest { message ImageSignature { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Required: Describes a type of stored blob. optional string type = 2; @@ -247,7 +247,7 @@ message ImageSignature { map signedClaims = 6; // If specified, it is the time of signature's creation. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time created = 7; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time created = 7; // If specified, it holds information about an issuer of signing certificate or key (a person or entity // who signed the signing certificate or key). @@ -278,7 +278,7 @@ message ImageSignature { message ImageStream { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Spec describes the desired state of this stream // +optional @@ -307,7 +307,7 @@ message ImageStream { message ImageStreamImage { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Image associated with the ImageStream and image name. optional Image image = 2; @@ -327,7 +327,7 @@ message ImageStreamImage { message ImageStreamImport { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Spec is a description of the images that the user wishes to import optional ImageStreamImportSpec spec = 2; @@ -370,7 +370,7 @@ message ImageStreamImportStatus { message ImageStreamLayers { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // blobs is a map of blob name to metadata about the blob. map blobs = 2; @@ -387,7 +387,7 @@ message ImageStreamLayers { message ImageStreamList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is a list of imageStreams repeated ImageStream items = 2; @@ -407,7 +407,7 @@ message ImageStreamList { message ImageStreamMapping { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Image is a container image. optional Image image = 2; @@ -464,7 +464,7 @@ message ImageStreamStatus { message ImageStreamTag { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // tag is the spec tag associated with this image stream tag, and it may be null // if only pushes have occurred to this image stream. @@ -494,7 +494,7 @@ message ImageStreamTag { message ImageStreamTagList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of image stream tags repeated ImageStreamTag items = 2; @@ -514,7 +514,7 @@ message ImageStreamTagList { message ImageTag { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // spec is the spec tag associated with this image stream tag, and it may be null // if only pushes have occurred to this image stream. @@ -541,7 +541,7 @@ message ImageTag { message ImageTagList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of image stream tags repeated ImageTag items = 2; @@ -562,7 +562,7 @@ message NamedTagEventList { // RepositoryImportSpec describes a request to import images from a container image repository. message RepositoryImportSpec { // From is the source for the image repository to import; only kind DockerImage and a name of a container image repository is allowed - optional k8s.io.api.core.v1.ObjectReference from = 1; + optional .k8s.io.api.core.v1.ObjectReference from = 1; // ImportPolicy is the policy controlling how the image is imported optional TagImportPolicy importPolicy = 2; @@ -577,7 +577,7 @@ message RepositoryImportSpec { // RepositoryImportStatus describes the result of an image repository import message RepositoryImportStatus { // Status reflects whether any failure occurred during import - optional k8s.io.apimachinery.pkg.apis.meta.v1.Status status = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Status status = 1; // Images is a list of images successfully retrieved by the import of the repository. repeated ImageImportStatus images = 2; @@ -593,11 +593,11 @@ message SecretList { // Standard list metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds // +optional - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is a list of secret objects. // More info: https://kubernetes.io/docs/concepts/configuration/secret - repeated k8s.io.api.core.v1.Secret items = 2; + repeated .k8s.io.api.core.v1.Secret items = 2; } // SignatureCondition describes an image signature condition of particular kind at particular probe time. @@ -609,10 +609,10 @@ message SignatureCondition { optional string status = 2; // Last time the condition was checked. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastProbeTime = 3; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastProbeTime = 3; // Last time the condition transit from one status to another. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4; // (brief) reason for the condition's last transition. optional string reason = 5; @@ -649,7 +649,7 @@ message SignatureSubject { // TagEvent is used by ImageStreamStatus to keep a historical record of images associated with a tag. message TagEvent { // Created holds the time the TagEvent was created - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time created = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time created = 1; // DockerImageReference is the string that can be used to pull this image optional string dockerImageReference = 2; @@ -670,7 +670,7 @@ message TagEventCondition { optional string status = 2; // LastTransitionTIme is the time the condition transitioned from one status to another. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; // Reason is a brief machine readable explanation for the condition's last transition. optional string reason = 4; @@ -706,7 +706,7 @@ message TagReference { // Optional; if specified, a reference to another image that this tag should point to. Valid values // are ImageStreamTag, ImageStreamImage, and DockerImage. ImageStreamTag references // can only reference a tag within this same ImageStream. - optional k8s.io.api.core.v1.ObjectReference from = 3; + optional .k8s.io.api.core.v1.ObjectReference from = 3; // Reference states if the tag will be imported. Default value is false, which means the tag will // be imported. diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go b/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go index 66b76ec8f9..b2c66b7072 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go @@ -91,6 +91,10 @@ type AWSMachineProviderConfig struct { // +kubebuilder:validation:Maximum:=7 // +optional PlacementGroupPartition *int32 `json:"placementGroupPartition,omitempty"` + // capacityReservationId specifies the target Capacity Reservation into which the instance should be launched. + // The field size should be greater than 0 and the field input must start with cr-*** + // +optional + CapacityReservationID string `json:"capacityReservationId"` } // BlockDeviceMappingSpec describes a block device mapping diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go b/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go index 066717fa6a..c8fcb192bd 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go @@ -267,8 +267,8 @@ type MachineSpec struct { // Currently the authoritative API determines which controller will manage the resource, this will change in a future release. // To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`. // +kubebuilder:validation:Enum=MachineAPI;ClusterAPI - // +kubebuilder:validation:Default:=MachineAPI - // +default:=MachineAPI + // +kubebuilder:validation:Default=MachineAPI + // +default="MachineAPI" // +openshift:enable:FeatureGate=MachineAPIMigration // +optional AuthoritativeAPI MachineAuthority `json:"authoritativeAPI,omitempty"` @@ -299,8 +299,8 @@ type LifecycleHook struct { // it may be namespaced, eg. foo.example.com/CamelCase. // Names must be unique and should only be managed by a single entity. // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MinLength:=3 - // +kubebuilder:validation:MaxLength:=256 + // +kubebuilder:validation:MinLength=3 + // +kubebuilder:validation:MaxLength=256 // +kubebuilder:validation:Required Name string `json:"name"` @@ -309,8 +309,8 @@ type LifecycleHook struct { // who/what is responsible for blocking the lifecycle. // This could be the name of a controller (e.g. clusteroperator/etcd) // or an administrator managing the hook. - // +kubebuilder:validation:MinLength:=3 - // +kubebuilder:validation:MaxLength:=512 + // +kubebuilder:validation:MinLength=3 + // +kubebuilder:validation:MaxLength=512 // +kubebuilder:validation:Required Owner string `json:"owner"` } diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go b/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go index 8e7810deb0..a14d50eb78 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go @@ -69,8 +69,8 @@ type MachineSetSpec struct { // Currently the authoritative API determines which controller will manage the resource, this will change in a future release. // To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`. // +kubebuilder:validation:Enum=MachineAPI;ClusterAPI - // +kubebuilder:validation:Default:=MachineAPI - // +default:=MachineAPI + // +kubebuilder:validation:Default=MachineAPI + // +default="MachineAPI" // +openshift:enable:FeatureGate=MachineAPIMigration // +optional AuthoritativeAPI MachineAuthority `json:"authoritativeAPI,omitempty"` diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_vsphereprovider.go b/vendor/github.com/openshift/api/machine/v1beta1/types_vsphereprovider.go index b726931982..f458cbf6ef 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_vsphereprovider.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_vsphereprovider.go @@ -53,8 +53,8 @@ type VSphereMachineProviderSpec struct { DiskGiB int32 `json:"diskGiB,omitempty"` // tagIDs is an optional set of tags to add to an instance. Specified tagIDs // must use URN-notation instead of display names. A maximum of 10 tag IDs may be specified. - // +kubebuilder:validation:Pattern:="^(urn):(vmomi):(InventoryServiceTag):([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}):([^:]+)$" - // +kubebuilder:example=urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9578:GLOBAL + // +kubebuilder:validation:Pattern="^(urn):(vmomi):(InventoryServiceTag):([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}):([^:]+)$" + // +kubebuilder:example="urn:vmomi:InventoryServiceTag:5736bf56-49f5-4667-b38c-b97e09dc9578:GLOBAL" // +optional TagIDs []string `json:"tagIDs,omitempty"` // Snapshot is the name of the snapshot from which the VM was cloned @@ -99,19 +99,19 @@ type AddressesFromPool struct { // group of the IP address pool type known to an external IPAM controller. // This should be a fully qualified domain name, for example, externalipam.controller.io. // +kubebuilder:example=externalipam.controller.io - // +kubebuilder:validation:Pattern:="^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" + // +kubebuilder:validation:Pattern="^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$" // +kubebuilder:validation:Required Group string `json:"group"` // resource of the IP address pool type known to an external IPAM controller. // It is normally the plural form of the resource kind in lowercase, for example, // ippools. // +kubebuilder:example=ippools - // +kubebuilder:validation:Pattern:="^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + // +kubebuilder:validation:Pattern="^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" // +kubebuilder:validation:Required Resource string `json:"resource"` // name of an IP address pool, for example, pool-config-1. // +kubebuilder:example=pool-config-1 - // +kubebuilder:validation:Pattern:="^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" + // +kubebuilder:validation:Pattern="^[a-z0-9]([-a-z0-9]*[a-z0-9])?$" // +kubebuilder:validation:Required Name string `json:"name"` } @@ -132,8 +132,8 @@ type NetworkDeviceSpec struct { // for example, 192.168.1.1. // +kubebuilder:validation:Format=ipv4 // +kubebuilder:validation:Format=ipv6 - // +kubebuilder:example=192.168.1.1 - // +kubebuilder:example=2001:DB8:0000:0000:244:17FF:FEB6:D37D + // +kubebuilder:example="192.168.1.1" + // +kubebuilder:example="2001:DB8:0000:0000:244:17FF:FEB6:D37D" // +optional Gateway string `json:"gateway,omitempty"` @@ -146,8 +146,8 @@ type NetworkDeviceSpec struct { // ipAddrs will be applied first followed by IP addresses from addressesFromPools. // +kubebuilder:validation:Format=ipv4 // +kubebuilder:validation:Format=ipv6 - // +kubebuilder:example=192.168.1.100/24 - // +kubebuilder:example=2001:DB8:0000:0000:244:17FF:FEB6:D37D/64 + // +kubebuilder:example="192.168.1.100/24" + // +kubebuilder:example="2001:DB8:0000:0000:244:17FF:FEB6:D37D/64" // +optional IPAddrs []string `json:"ipAddrs,omitempty"` @@ -156,7 +156,7 @@ type NetworkDeviceSpec struct { // source of IP addresses for this network device, nameservers should include a valid nameserver. // +kubebuilder:validation:Format=ipv4 // +kubebuilder:validation:Format=ipv6 - // +kubebuilder:example=8.8.8.8 + // +kubebuilder:example="8.8.8.8" // +optional Nameservers []string `json:"nameservers,omitempty"` diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go index f2173537c9..5bba232bf7 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go @@ -32,6 +32,7 @@ var map_AWSMachineProviderConfig = map[string]string{ "metadataServiceOptions": "MetadataServiceOptions allows users to configure instance metadata service interaction options. If nothing specified, default AWS IMDS settings will be applied. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", "placementGroupName": "PlacementGroupName specifies the name of the placement group in which to launch the instance. The placement group must already be created and may use any placement strategy. When omitted, no placement group is used when creating the EC2 instance.", "placementGroupPartition": "placementGroupPartition is the partition number within the placement group in which to launch the instance. This must be an integer value between 1 and 7. It is only valid if the placement group, referred in `PlacementGroupName` was created with strategy set to partition.", + "capacityReservationId": "capacityReservationId specifies the target Capacity Reservation into which the instance should be launched. The field size should be greater than 0 and the field input must start with cr-***", } func (AWSMachineProviderConfig) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/network/v1/generated.proto b/vendor/github.com/openshift/api/network/v1/generated.proto index b7016bfb25..a429f04c02 100644 --- a/vendor/github.com/openshift/api/network/v1/generated.proto +++ b/vendor/github.com/openshift/api/network/v1/generated.proto @@ -11,9 +11,9 @@ import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; // Package-wide variables from generator "generated". option go_package = "github.com/openshift/api/network/v1"; -// ClusterNetwork describes the cluster network. There is normally only one object of this type, -// named "default", which is created by the SDN network plugin based on the master configuration -// when the cluster is brought up for the first time. +// ClusterNetwork was used by OpenShift SDN. +// DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in +// any way by OpenShift. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:object:root=true @@ -27,7 +27,7 @@ option go_package = "github.com/openshift/api/network/v1"; message ClusterNetwork { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Network is a CIDR string specifying the global overlay network's L3 space // +kubebuilder:validation:Pattern=`^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$` @@ -85,17 +85,15 @@ message ClusterNetworkEntry { message ClusterNetworkList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of cluster networks repeated ClusterNetwork items = 2; } -// EgressNetworkPolicy describes the current egress network policy for a Namespace. When using -// the 'redhat/openshift-ovs-multitenant' network plugin, traffic from a pod to an IP address -// outside the cluster will be checked against each EgressNetworkPolicyRule in the pod's -// namespace's EgressNetworkPolicy, in order. If no rule matches (or no EgressNetworkPolicy -// is present) then the traffic will be allowed by default. +// EgressNetworkPolicy was used by OpenShift SDN. +// DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in +// any way by OpenShift. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:object:root=true @@ -106,7 +104,7 @@ message ClusterNetworkList { message EgressNetworkPolicy { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // spec is the specification of the current egress network policy optional EgressNetworkPolicySpec spec = 2; @@ -119,7 +117,7 @@ message EgressNetworkPolicy { message EgressNetworkPolicyList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // items is the list of policies repeated EgressNetworkPolicy items = 2; @@ -154,8 +152,9 @@ message EgressNetworkPolicySpec { repeated EgressNetworkPolicyRule egress = 1; } -// HostSubnet describes the container subnet network on a node. The HostSubnet object must have the -// same name as the Node object it corresponds to. +// HostSubnet was used by OpenShift SDN. +// DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in +// any way by OpenShift. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:object:root=true @@ -171,7 +170,7 @@ message EgressNetworkPolicySpec { message HostSubnet { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Host is the name of the node. (This is the same as the object's name, but both fields must be set.) // +kubebuilder:validation:Pattern=`^[a-z0-9.-]+$` @@ -205,15 +204,15 @@ message HostSubnet { message HostSubnetList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of host subnets repeated HostSubnet items = 2; } -// NetNamespace describes a single isolated network. When using the redhat/openshift-ovs-multitenant -// plugin, every Namespace will have a corresponding NetNamespace object with the same name. -// (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.) +// NetNamespace was used by OpenShift SDN. +// DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in +// any way by OpenShift. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:object:root=true @@ -226,7 +225,7 @@ message HostSubnetList { message NetNamespace { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // NetName is the name of the network namespace. (This is the same as the object's name, but both fields must be set.) // +kubebuilder:validation:Pattern=`^[a-z0-9.-]+$` @@ -250,7 +249,7 @@ message NetNamespace { message NetNamespaceList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of net namespaces repeated NetNamespace items = 2; diff --git a/vendor/github.com/openshift/api/network/v1/types.go b/vendor/github.com/openshift/api/network/v1/types.go index f39e786c20..89015cf6b1 100644 --- a/vendor/github.com/openshift/api/network/v1/types.go +++ b/vendor/github.com/openshift/api/network/v1/types.go @@ -12,9 +12,9 @@ const ( // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// ClusterNetwork describes the cluster network. There is normally only one object of this type, -// named "default", which is created by the SDN network plugin based on the master configuration -// when the cluster is brought up for the first time. +// ClusterNetwork was used by OpenShift SDN. +// DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in +// any way by OpenShift. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:object:root=true @@ -112,8 +112,9 @@ type HostSubnetEgressCIDR string // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// HostSubnet describes the container subnet network on a node. The HostSubnet object must have the -// same name as the Node object it corresponds to. +// HostSubnet was used by OpenShift SDN. +// DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in +// any way by OpenShift. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:object:root=true @@ -184,9 +185,9 @@ type NetNamespaceEgressIP string // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// NetNamespace describes a single isolated network. When using the redhat/openshift-ovs-multitenant -// plugin, every Namespace will have a corresponding NetNamespace object with the same name. -// (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.) +// NetNamespace was used by OpenShift SDN. +// DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in +// any way by OpenShift. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:object:root=true @@ -274,11 +275,9 @@ type EgressNetworkPolicySpec struct { // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// EgressNetworkPolicy describes the current egress network policy for a Namespace. When using -// the 'redhat/openshift-ovs-multitenant' network plugin, traffic from a pod to an IP address -// outside the cluster will be checked against each EgressNetworkPolicyRule in the pod's -// namespace's EgressNetworkPolicy, in order. If no rule matches (or no EgressNetworkPolicy -// is present) then the traffic will be allowed by default. +// EgressNetworkPolicy was used by OpenShift SDN. +// DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in +// any way by OpenShift. // // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +kubebuilder:object:root=true diff --git a/vendor/github.com/openshift/api/network/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/network/v1/zz_generated.swagger_doc_generated.go index f92172acaf..743ddeab57 100644 --- a/vendor/github.com/openshift/api/network/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/network/v1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_ClusterNetwork = map[string]string{ - "": "ClusterNetwork describes the cluster network. There is normally only one object of this type, named \"default\", which is created by the SDN network plugin based on the master configuration when the cluster is brought up for the first time.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "": "ClusterNetwork was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "network": "Network is a CIDR string specifying the global overlay network's L3 space", "hostsubnetlength": "HostSubnetLength is the number of bits of network to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods", @@ -48,7 +48,7 @@ func (ClusterNetworkList) SwaggerDoc() map[string]string { } var map_EgressNetworkPolicy = map[string]string{ - "": "EgressNetworkPolicy describes the current egress network policy for a Namespace. When using the 'redhat/openshift-ovs-multitenant' network plugin, traffic from a pod to an IP address outside the cluster will be checked against each EgressNetworkPolicyRule in the pod's namespace's EgressNetworkPolicy, in order. If no rule matches (or no EgressNetworkPolicy is present) then the traffic will be allowed by default.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "": "EgressNetworkPolicy was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "spec": "spec is the specification of the current egress network policy", } @@ -97,7 +97,7 @@ func (EgressNetworkPolicySpec) SwaggerDoc() map[string]string { } var map_HostSubnet = map[string]string{ - "": "HostSubnet describes the container subnet network on a node. The HostSubnet object must have the same name as the Node object it corresponds to.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "": "HostSubnet was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "host": "Host is the name of the node. (This is the same as the object's name, but both fields must be set.)", "hostIP": "HostIP is the IP address to be used as a VTEP by other nodes in the overlay network", @@ -121,7 +121,7 @@ func (HostSubnetList) SwaggerDoc() map[string]string { } var map_NetNamespace = map[string]string{ - "": "NetNamespace describes a single isolated network. When using the redhat/openshift-ovs-multitenant plugin, every Namespace will have a corresponding NetNamespace object with the same name. (When using redhat/openshift-ovs-subnet, NetNamespaces are not used.)\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "": "NetNamespace was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "netname": "NetName is the name of the network namespace. (This is the same as the object's name, but both fields must be set.)", "netid": "NetID is the network identifier of the network namespace assigned to each overlay network packet. This can be manipulated with the \"oc adm pod-network\" commands.", diff --git a/vendor/github.com/openshift/api/networkoperator/v1/generated.proto b/vendor/github.com/openshift/api/networkoperator/v1/generated.proto index 2f813e2a5e..37c374557d 100644 --- a/vendor/github.com/openshift/api/networkoperator/v1/generated.proto +++ b/vendor/github.com/openshift/api/networkoperator/v1/generated.proto @@ -40,7 +40,7 @@ option go_package = "github.com/openshift/api/networkoperator/v1"; message EgressRouter { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Specification of the desired egress router. // +kubebuilder:validation:Required @@ -75,7 +75,7 @@ message EgressRouterInterface { message EgressRouterList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; repeated EgressRouter items = 2; } @@ -133,7 +133,7 @@ message EgressRouterStatusCondition { // +kubebuilder:validation:Required // +required // +nullable - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; // Reason is the CamelCase reason for the condition's current status. optional string reason = 4; diff --git a/vendor/github.com/openshift/api/oauth/v1/generated.proto b/vendor/github.com/openshift/api/oauth/v1/generated.proto index 829025a83f..7630d896da 100644 --- a/vendor/github.com/openshift/api/oauth/v1/generated.proto +++ b/vendor/github.com/openshift/api/oauth/v1/generated.proto @@ -35,7 +35,7 @@ message ClusterRoleScopeRestriction { message OAuthAccessToken { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // ClientName references the client that created this token. optional string clientName = 2; @@ -74,7 +74,7 @@ message OAuthAccessToken { message OAuthAccessTokenList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of OAuth access tokens repeated OAuthAccessToken items = 2; @@ -87,7 +87,7 @@ message OAuthAccessTokenList { message OAuthAuthorizeToken { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // ClientName references the client that created this token. optional string clientName = 2; @@ -125,7 +125,7 @@ message OAuthAuthorizeToken { message OAuthAuthorizeTokenList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of OAuth authorization tokens repeated OAuthAuthorizeToken items = 2; @@ -138,7 +138,7 @@ message OAuthAuthorizeTokenList { message OAuthClient { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Secret is the unique secret associated with a client optional string secret = 2; @@ -192,7 +192,7 @@ message OAuthClient { message OAuthClientAuthorization { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // ClientName references the client that created this authorization optional string clientName = 2; @@ -215,7 +215,7 @@ message OAuthClientAuthorization { message OAuthClientAuthorizationList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of OAuth client authorizations repeated OAuthClientAuthorization items = 2; @@ -228,7 +228,7 @@ message OAuthClientAuthorizationList { message OAuthClientList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of OAuth clients repeated OAuthClient items = 2; @@ -241,7 +241,7 @@ message OAuthClientList { message OAuthRedirectReference { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // The reference to an redirect object in the current namespace. optional RedirectReference reference = 2; @@ -274,7 +274,7 @@ message ScopeRestriction { message UserOAuthAccessToken { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // ClientName references the client that created this token. optional string clientName = 2; @@ -314,7 +314,7 @@ message UserOAuthAccessToken { message UserOAuthAccessTokenList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; repeated UserOAuthAccessToken items = 2; } diff --git a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go index f077f98ab0..33e3cf2912 100644 --- a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go +++ b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/types.go @@ -117,6 +117,23 @@ type RoutingConfig struct { Subdomain string `json:"subdomain"` } +// ImportModeType describes how to import an image manifest. +// +enum +// +kubebuilder:validation:Enum:="";Legacy;PreserveOriginal +type ImportModeType string + +const ( + // ImportModeLegacy indicates that the legacy behaviour should be used. + // For manifest lists, the legacy behaviour will discard the manifest list and import a single + // sub-manifest. In this case, the platform is chosen in the following order of priority: + // 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. + // This mode is the default. + ImportModeLegacy ImportModeType = "Legacy" + // ImportModePreserveOriginal indicates that the original manifest will be preserved. + // For manifest lists, the manifest list and all its sub-manifests will be imported. + ImportModePreserveOriginal ImportModeType = "PreserveOriginal" +) + type ImagePolicyConfig struct { // maxImagesBulkImportedPerRepository controls the number of images that are imported when a user // does a bulk import of a container repository. This number is set low to prevent users from @@ -142,6 +159,19 @@ type ImagePolicyConfig struct { // additionalTrustedCA is a path to a pem bundle file containing additional CAs that // should be trusted during imagestream import. AdditionalTrustedCA string `json:"additionalTrustedCA"` + + // imageStreamImportMode provides the import mode value for imagestreams. + // It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour + // should be used. For manifest lists, the legacy behaviour will discard the manifest list + // and import a single sub-manifest. In this case, the platform is chosen in the following + // order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first + // manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. + // For manifest lists, the manifest list and all its sub-manifests will be imported.If this value + // is specified, this setting is applied to all newly created imagestreams which do not have the + // value set. + // +openshift:enable:FeatureGate=ImageStreamImportMode + // +optional + ImageStreamImportMode ImportModeType `json:"imageStreamImportMode"` } // AllowedRegistries represents a list of registries allowed for the image import. diff --git a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go index 25a9333bbf..5162e46ba0 100644 --- a/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go @@ -114,6 +114,7 @@ var map_ImagePolicyConfig = map[string]string{ "internalRegistryHostname": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", "externalRegistryHostnames": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", "additionalTrustedCA": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted during imagestream import.", + "imageStreamImportMode": "imageStreamImportMode provides the import mode value for imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set.", } func (ImagePolicyConfig) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/operator/v1/types.go b/vendor/github.com/openshift/api/operator/v1/types.go index 19bc5a359b..8d6f4b7484 100644 --- a/vendor/github.com/openshift/api/operator/v1/types.go +++ b/vendor/github.com/openshift/api/operator/v1/types.go @@ -127,8 +127,17 @@ type OperatorStatus struct { // readyReplicas indicates how many replicas are ready and at the desired state ReadyReplicas int32 `json:"readyReplicas"` + // latestAvailableRevision is the deploymentID of the most recent deployment + // +optional + // +kubebuilder:validation:XValidation:rule="self >= oldSelf",message="must only increase" + LatestAvailableRevision int32 `json:"latestAvailableRevision,omitempty"` + // generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction. - // +listType=atomic + // +listType=map + // +listMapKey=group + // +listMapKey=resource + // +listMapKey=namespace + // +listMapKey=name // +optional Generations []GenerationStatus `json:"generations,omitempty"` } @@ -136,12 +145,16 @@ type OperatorStatus struct { // GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made. type GenerationStatus struct { // group is the group of the thing you're tracking + // +kubebuilder:validation:Required Group string `json:"group"` // resource is the resource type of the thing you're tracking + // +kubebuilder:validation:Required Resource string `json:"resource"` // namespace is where the thing you're tracking is + // +kubebuilder:validation:Required Namespace string `json:"namespace"` // name is the name of the thing you're tracking + // +kubebuilder:validation:Required Name string `json:"name"` // lastGeneration is the last generation of the workload controller involved LastGeneration int64 `json:"lastGeneration"` @@ -165,12 +178,34 @@ var ( // OperatorCondition is just the standard condition fields. type OperatorCondition struct { + // type of condition in CamelCase or in foo.example.com/CamelCase. + // --- + // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + // useful (see .node.status.conditions), the ability to deconflict is important. + // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + // +required // +kubebuilder:validation:Required - Type string `json:"type"` - Status ConditionStatus `json:"status"` - LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` - Reason string `json:"reason,omitempty"` - Message string `json:"message,omitempty"` + // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` + // +kubebuilder:validation:MaxLength=316 + Type string `json:"type" protobuf:"bytes,1,opt,name=type"` + + // status of the condition, one of True, False, Unknown. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum=True;False;Unknown + Status ConditionStatus `json:"status"` + + // lastTransitionTime is the last time the condition transitioned from one status to another. + // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Format=date-time + LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` + + Reason string `json:"reason,omitempty"` + + Message string `json:"message,omitempty"` } type ConditionStatus string @@ -203,10 +238,6 @@ type StaticPodOperatorSpec struct { type StaticPodOperatorStatus struct { OperatorStatus `json:",inline"` - // latestAvailableRevision is the deploymentID of the most recent deployment - // +optional - LatestAvailableRevision int32 `json:"latestAvailableRevision,omitempty"` - // latestAvailableRevisionReason describe the detailed reason for the most recent deployment // +optional LatestAvailableRevisionReason string `json:"latestAvailableRevisionReason,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_console.go b/vendor/github.com/openshift/api/operator/v1/types_console.go index 74dd8f4b07..aa39b2f950 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_console.go +++ b/vendor/github.com/openshift/api/operator/v1/types_console.go @@ -105,6 +105,9 @@ type ConsoleCapabilityName string const ( // lightspeedButton is the name for the Lightspeed button HTML element. LightspeedButton ConsoleCapabilityName = "LightspeedButton" + + // gettingStartedBanner is the name of the 'Getting started resources' banner in the console UI Overview page. + GettingStartedBanner ConsoleCapabilityName = "GettingStartedBanner" ) // CapabilityState defines the state of the capability in the console UI. @@ -132,8 +135,8 @@ type CapabilityVisibility struct { // Capabilities contains set of UI capabilities and their state in the console UI. type Capability struct { // name is the unique name of a capability. - // Available capabilities are LightspeedButton. - // +kubebuilder:validation:Enum:="LightspeedButton"; + // Available capabilities are LightspeedButton and GettingStartedBanner. + // +kubebuilder:validation:Enum:="LightspeedButton";"GettingStartedBanner" // +kubebuilder:validation:Required Name ConsoleCapabilityName `json:"name"` // visibility defines the visibility state of the capability. @@ -145,10 +148,10 @@ type Capability struct { type ConsoleCustomization struct { // capabilities defines an array of capabilities that can be interacted with in the console UI. // Each capability defines a visual state that can be interacted with the console to render in the UI. - // Available capabilities are LightspeedButton. + // Available capabilities are LightspeedButton and GettingStartedBanner. // Each of the available capabilities may appear only once in the list. // +kubebuilder:validation:MinItems=1 - // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:validation:MaxItems=2 // +listType=map // +listMapKey=name // +optional diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index 4fccecb9f6..0644b6a93c 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -168,6 +168,65 @@ type AWSCSIDriverConfigSpec struct { // +kubebuilder:validation:Pattern:=`^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$` // +optional KMSKeyARN string `json:"kmsKeyARN,omitempty"` + + // efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver. + // +openshift:enable:FeatureGate=AWSEFSDriverVolumeMetrics + // +optional + EFSVolumeMetrics *AWSEFSVolumeMetrics `json:"efsVolumeMetrics,omitempty"` +} + +// AWSEFSVolumeMetricsState defines the modes for collecting volume metrics in the AWS EFS CSI Driver. +// This can either enable recursive collection of volume metrics or disable metric collection entirely. +// +kubebuilder:validation:Enum:="RecursiveWalk";"Disabled" +type AWSEFSVolumeMetricsState string + +const ( + // AWSEFSVolumeMetricsRecursiveWalk indicates that volume metrics collection in the AWS EFS CSI Driver + // is performed by recursively walking through the files in the volume. + AWSEFSVolumeMetricsRecursiveWalk AWSEFSVolumeMetricsState = "RecursiveWalk" + + // AWSEFSVolumeMetricsDisabled indicates that volume metrics collection in the AWS EFS CSI Driver is disabled. + AWSEFSVolumeMetricsDisabled AWSEFSVolumeMetricsState = "Disabled" +) + +// AWSEFSVolumeMetrics defines the configuration for volume metrics in the EFS CSI Driver. +// +union +type AWSEFSVolumeMetrics struct { + // state defines the state of metric collection in the AWS EFS CSI Driver. + // This field is required and must be set to one of the following values: Disabled or RecursiveWalk. + // Disabled means no metrics collection will be performed. This is the default value. + // RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics. + // This process may result in high CPU and memory usage, depending on the volume size. + // +unionDiscriminator + // +kubebuilder:validation:Required + State AWSEFSVolumeMetricsState `json:"state"` + + // recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver + // when the state is set to RecursiveWalk. + // +unionMember + // +optional + RecursiveWalk *AWSEFSVolumeMetricsRecursiveWalkConfig `json:"recursiveWalk,omitempty"` +} + +// AWSEFSVolumeMetricsRecursiveWalkConfig defines options for volume metrics in the EFS CSI Driver. +type AWSEFSVolumeMetricsRecursiveWalkConfig struct { + // refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed. + // When omitted, this means no opinion and the platform is left to choose a reasonable + // default, which is subject to change over time. The current default is 240. + // The valid range is from 1 to 43200 minutes (30 days). + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=43200 + // +optional + RefreshPeriodMinutes int32 `json:"refreshPeriodMinutes,omitempty"` + + // fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics. + // When omitted, this means no opinion and the platform is left to choose a reasonable + // default, which is subject to change over time. The current default is 5. + // The valid range is from 1 to 100 goroutines. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=100 + // +optional + FSRateLimit int32 `json:"fsRateLimit,omitempty"` } // AzureDiskEncryptionSet defines the configuration for a disk encryption set. diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 51970cea99..1f56643456 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -392,6 +392,7 @@ type CIDR string // LoadBalancerStrategy holds parameters for a load balancer. // +openshift:validation:FeatureGateAwareXValidation:featureGate=SetEIPForNLBIngressController,rule="!has(self.scope) || self.scope != 'Internal' || !has(self.providerParameters) || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)",message="eipAllocations are forbidden when the scope is Internal." +// +kubebuilder:validation:XValidation:rule=`!has(self.scope) || self.scope != 'Internal' || !has(self.providerParameters) || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) || self.providerParameters.openstack.floatingIP == ""`,message="cannot specify a floating ip when scope is internal" type LoadBalancerStrategy struct { // scope indicates the scope at which the load balancer is exposed. // Possible values are "External" and "Internal". @@ -455,6 +456,7 @@ const ( // ProviderLoadBalancerParameters holds desired load balancer information // specific to the underlying infrastructure provider. +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'OpenStack' ? true : !has(self.openstack)",message="openstack is not permitted when type is not OpenStack" // +union type ProviderLoadBalancerParameters struct { // type is the underlying infrastructure provider for the load balancer. @@ -492,6 +494,15 @@ type ProviderLoadBalancerParameters struct { // // +optional IBM *IBMLoadBalancerParameters `json:"ibm,omitempty"` + + // openstack provides configuration settings that are specific to OpenStack + // load balancers. + // + // If empty, defaults will be applied. See specific openstack fields for + // details about their defaults. + // + // +optional + OpenStack *OpenStackLoadBalancerParameters `json:"openstack,omitempty"` } // LoadBalancerProviderType is the underlying infrastructure provider for the @@ -665,6 +676,33 @@ type IBMLoadBalancerParameters struct { Protocol IngressControllerProtocol `json:"protocol,omitempty"` } +// OpenStackLoadBalancerParameters provides configuration settings that are +// specific to OpenStack load balancers. +type OpenStackLoadBalancerParameters struct { + // loadBalancerIP is tombstoned since the field was replaced by floatingIP. + // LoadBalancerIP string `json:"loadBalancerIP,omitempty"` + + // floatingIP specifies the IP address that the load balancer will use. + // When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + // When specified, the floating IP has to be pre-created. If the + // specified value is not a floating IP or is already claimed, the + // OpenStack cloud provider won't be able to provision the load + // balancer. + // This field may only be used if the IngressController has External scope. + // This value must be a valid IPv4 or IPv6 address. + // + --- + // + Note: this field is meant to be set by the ingress controller + // + to populate the `Service.Spec.LoadBalancerIP` field which has been + // + deprecated in Kubernetes: + // + https://github.com/kubernetes/kubernetes/pull/107235 + // + However, the field is still used by cloud-provider-openstack to reconcile + // + the floating IP that we attach to the external load balancer. + // + // +kubebuilder:validation:XValidation:rule="isIP(self)",message="floatingIP must be a valid IPv4 or IPv6 address" + // +optional + FloatingIP string `json:"floatingIP,omitempty"` +} + // AWSClassicLoadBalancerParameters holds configuration parameters for an // AWS Classic load balancer. type AWSClassicLoadBalancerParameters struct { diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index 35bb5ada36..9b1588bc25 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -9,6 +9,7 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:object:root=true // +kubebuilder:resource:path=networks,scope=Cluster +// +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 // +openshift:file-pattern=cvoRunLevel=0000_70,operatorName=network,operatorOrdering=01 @@ -53,17 +54,20 @@ type NetworkList struct { // NetworkSpec is the top-level network configuration object. // +kubebuilder:validation:XValidation:rule="!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Restricted' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding == 'Global'",message="invalid value for IPForwarding, valid values are 'Restricted' or 'Global'" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=AdditionalRoutingCapabilities,rule="(has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != 'Enabled'",message="Route advertisements cannot be Enabled if 'FRR' routing capability provider is not available" type NetworkSpec struct { OperatorSpec `json:",inline"` // clusterNetwork is the IP address pool to use for pod IPs. - // Some network providers, e.g. OpenShift SDN, support multiple ClusterNetworks. + // Some network providers support multiple ClusterNetworks. // Others only support one. This is equivalent to the cluster-cidr. + // +listType=atomic ClusterNetwork []ClusterNetworkEntry `json:"clusterNetwork"` // serviceNetwork is the ip address pool to use for Service IPs // Currently, all existing network providers only support a single value // here, but this is an array to allow for growth. + // +listType=atomic ServiceNetwork []string `json:"serviceNetwork"` // defaultNetwork is the "default" network that all pods will receive @@ -71,6 +75,8 @@ type NetworkSpec struct { // additionalNetworks is a list of extra networks to make available to pods // when multiple networks are enabled. + // +listType=map + // +listMapKey=name AdditionalNetworks []AdditionalNetworkDefinition `json:"additionalNetworks,omitempty"` // disableMultiNetwork specifies whether or not multiple pod network @@ -91,8 +97,8 @@ type NetworkSpec struct { // deployKubeProxy specifies whether or not a standalone kube-proxy should // be deployed by the operator. Some network providers include kube-proxy // or similar functionality. If unset, the plugin will attempt to select - // the correct value, which is false when OpenShift SDN and ovn-kubernetes are - // used and true otherwise. + // the correct value, which is false when ovn-kubernetes is used and true + // otherwise. // +optional DeployKubeProxy *bool `json:"deployKubeProxy,omitempty"` @@ -104,9 +110,9 @@ type NetworkSpec struct { // +kubebuilder:default:=false DisableNetworkDiagnostics bool `json:"disableNetworkDiagnostics"` - // kubeProxyConfig lets us configure desired proxy configuration. - // If not specified, sensible defaults will be chosen by OpenShift directly. - // Not consumed by all network providers - currently only openshift-sdn. + // kubeProxyConfig lets us configure desired proxy configuration, if + // deployKubeProxy is true. If not specified, sensible defaults will be chosen by + // OpenShift directly. KubeProxyConfig *ProxyConfig `json:"kubeProxyConfig,omitempty"` // exportNetworkFlows enables and configures the export of network flow metadata from the pod network @@ -115,79 +121,91 @@ type NetworkSpec struct { // +optional ExportNetworkFlows *ExportNetworkFlows `json:"exportNetworkFlows,omitempty"` - // migration enables and configures the cluster network migration. The - // migration procedure allows to change the network type and the MTU. + // migration enables and configures cluster network migration, for network changes + // that cannot be made instantly. // +optional Migration *NetworkMigration `json:"migration,omitempty"` + + // additionalRoutingCapabilities describes components and relevant + // configuration providing additional routing capabilities. When set, it + // enables such components and the usage of the routing capabilities they + // provide for the machine network. Upstream operators, like MetalLB + // operator, requiring these capabilities may rely on, or automatically set + // this attribute. Network plugins may leverage advanced routing + // capabilities acquired through the enablement of these components but may + // require specific configuration on their side to do so; refer to their + // respective documentation and configuration options. + // +openshift:enable:FeatureGate=AdditionalRoutingCapabilities + // +optional + AdditionalRoutingCapabilities *AdditionalRoutingCapabilities `json:"additionalRoutingCapabilities,omitempty"` } // NetworkMigrationMode is an enumeration of the possible mode of the network migration // Valid values are "Live", "Offline" and omitted. +// DEPRECATED: network type migration is no longer supported. // +kubebuilder:validation:Enum:=Live;Offline;"" type NetworkMigrationMode string const ( // A "Live" migration operation will not cause service interruption by migrating the CNI of each node one by one. The cluster network will work as normal during the network migration. + // DEPRECATED: network type migration is no longer supported. LiveNetworkMigrationMode NetworkMigrationMode = "Live" // An "Offline" migration operation will cause service interruption. During an "Offline" migration, two rounds of node reboots are required. The cluster network will be malfunctioning during the network migration. + // DEPRECATED: network type migration is no longer supported. OfflineNetworkMigrationMode NetworkMigrationMode = "Offline" ) -// NetworkMigration represents the cluster network configuration. +// NetworkMigration represents the cluster network migration configuration. // +openshift:validation:FeatureGateAwareXValidation:featureGate=NetworkLiveMigration,rule="!has(self.mtu) || !has(self.networkType) || self.networkType == \"\" || has(self.mode) && self.mode == 'Live'",message="networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" type NetworkMigration struct { - // networkType is the target type of network migration. Set this to the - // target network type to allow changing the default network. If unset, the - // operation of changing cluster default network plugin will be rejected. - // The supported values are OpenShiftSDN, OVNKubernetes - // +optional - NetworkType string `json:"networkType,omitempty"` - // mtu contains the MTU migration configuration. Set this to allow changing // the MTU values for the default network. If unset, the operation of // changing the MTU for the default network will be rejected. // +optional MTU *MTUMigration `json:"mtu,omitempty"` - // features contains the features migration configuration. Set this to migrate - // feature configuration when changing the cluster default network provider. - // if unset, the default operation is to migrate all the configuration of - // supported features. + // networkType was previously used when changing the default network type. + // DEPRECATED: network type migration is no longer supported, and setting + // this to a non-empty value will result in the network operator rejecting + // the configuration. + // +optional + NetworkType string `json:"networkType,omitempty"` + + // features was previously used to configure which network plugin features + // would be migrated in a network type migration. + // DEPRECATED: network type migration is no longer supported, and setting + // this to a non-empty value will result in the network operator rejecting + // the configuration. // +optional Features *FeaturesMigration `json:"features,omitempty"` - // mode indicates the mode of network migration. - // The supported values are "Live", "Offline" and omitted. - // A "Live" migration operation will not cause service interruption by migrating the CNI of each node one by one. The cluster network will work as normal during the network migration. - // An "Offline" migration operation will cause service interruption. During an "Offline" migration, two rounds of node reboots are required. The cluster network will be malfunctioning during the network migration. - // When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. - // The current default value is "Offline". + // mode indicates the mode of network type migration. + // DEPRECATED: network type migration is no longer supported, and setting + // this to a non-empty value will result in the network operator rejecting + // the configuration. // +optional - Mode NetworkMigrationMode `json:"mode"` + Mode NetworkMigrationMode `json:"mode,omitempty"` } type FeaturesMigration struct { - // egressIP specifies whether or not the Egress IP configuration is migrated - // automatically when changing the cluster default network provider. - // If unset, this property defaults to 'true' and Egress IP configure is migrated. + // egressIP specified whether or not the Egress IP configuration was migrated. + // DEPRECATED: network type migration is no longer supported. // +optional // +kubebuilder:default:=true EgressIP bool `json:"egressIP,omitempty"` - // egressFirewall specifies whether or not the Egress Firewall configuration is migrated - // automatically when changing the cluster default network provider. - // If unset, this property defaults to 'true' and Egress Firewall configure is migrated. + // egressFirewall specified whether or not the Egress Firewall configuration was migrated. + // DEPRECATED: network type migration is no longer supported. // +optional // +kubebuilder:default:=true EgressFirewall bool `json:"egressFirewall,omitempty"` - // multicast specifies whether or not the multicast configuration is migrated - // automatically when changing the cluster default network provider. - // If unset, this property defaults to 'true' and multicast configure is migrated. + // multicast specified whether or not the multicast configuration was migrated. + // DEPRECATED: network type migration is no longer supported. // +optional // +kubebuilder:default:=true Multicast bool `json:"multicast,omitempty"` } -// MTUMigration MTU contains infomation about MTU migration. +// MTUMigration contains infomation about MTU migration. type MTUMigration struct { // network contains information about MTU migration for the default network. // Migrations are only allowed to MTU values lower than the machine's uplink @@ -232,7 +250,8 @@ type DefaultNetworkDefinition struct { // All NetworkTypes are supported except for NetworkTypeRaw Type NetworkType `json:"type"` - // openShiftSDNConfig configures the openshift-sdn plugin + // openShiftSDNConfig was previously used to configure the openshift-sdn plugin. + // DEPRECATED: OpenShift SDN is no longer supported. // +optional OpenShiftSDNConfig *OpenShiftSDNConfig `json:"openshiftSDNConfig,omitempty"` @@ -287,12 +306,14 @@ type StaticIPAMRoutes struct { type StaticIPAMDNS struct { // Nameservers points DNS servers for IP lookup // +optional + // +listType=atomic Nameservers []string `json:"nameservers,omitempty"` // Domain configures the domainname the local domain used for short hostname lookups // +optional Domain string `json:"domain,omitempty"` // Search configures priority ordered search domains for short hostname lookups // +optional + // +listType=atomic Search []string `json:"search,omitempty"` } @@ -300,9 +321,11 @@ type StaticIPAMDNS struct { type StaticIPAMConfig struct { // Addresses configures IP address for the interface // +optional + // +listType=atomic Addresses []StaticIPAMAddresses `json:"addresses,omitempty"` // Routes configures IP routes for the interface // +optional + // +listType=atomic Routes []StaticIPAMRoutes `json:"routes,omitempty"` // DNS configures DNS for the interface // +optional @@ -330,6 +353,7 @@ type AdditionalNetworkDefinition struct { // name is the name of the network. This will be populated in the resulting CRD // This must be unique. + // +kubebuilder:validation:Required Name string `json:"name"` // namespace is the namespace of the network. This will be populated in the resulting CRD @@ -345,7 +369,7 @@ type AdditionalNetworkDefinition struct { SimpleMacvlanConfig *SimpleMacvlanConfig `json:"simpleMacvlanConfig,omitempty"` } -// OpenShiftSDNConfig configures the three openshift-sdn plugins +// OpenShiftSDNConfig was used to configure the OpenShift SDN plugin. It is no longer used. type OpenShiftSDNConfig struct { // mode is one of "Multitenant", "Subnet", or "NetworkPolicy" Mode SDNMode `json:"mode"` @@ -364,7 +388,6 @@ type OpenShiftSDNConfig struct { // useExternalOpenvswitch used to control whether the operator would deploy an OVS // DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always // run as a system service, and this flag is ignored. - // DEPRECATED: non-functional as of 4.6 // +optional UseExternalOpenvswitch *bool `json:"useExternalOpenvswitch,omitempty"` @@ -433,6 +456,19 @@ type OVNKubernetesConfig struct { // fields within ipv4 for details of default values. // +optional IPv6 *IPv6OVNKubernetesConfig `json:"ipv6,omitempty"` + + // routeAdvertisements determines if the functionality to advertise cluster + // network routes through a dynamic routing protocol, such as BGP, is + // enabled or not. This functionality is configured through the + // ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + // capability provider to be enabled as an additional routing capability. + // Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + // means the user has no opinion and the platform is left to choose + // reasonable defaults. These defaults are subject to change over time. The + // current default is "Disabled". + // +openshift:enable:FeatureGate=RouteAdvertisements + // +optional + RouteAdvertisements RouteAdvertisementsEnablement `json:"routeAdvertisements,omitempty"` } type IPv4OVNKubernetesConfig struct { @@ -505,6 +541,7 @@ type IPv6OVNKubernetesConfig struct { type HybridOverlayConfig struct { // HybridClusterNetwork defines a network space given to nodes on an additional overlay network. + // +listType=atomic HybridClusterNetwork []ClusterNetworkEntry `json:"hybridClusterNetwork"` // HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. // Default is 4789 @@ -617,6 +654,7 @@ type NetFlowConfig struct { // It is a list of strings formatted as ip:port with a maximum of ten items // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=10 + // +listType=atomic Collectors []IPPort `json:"collectors,omitempty"` } @@ -624,6 +662,7 @@ type SFlowConfig struct { // sFlowCollectors is list of strings formatted as ip:port with a maximum of ten items // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=10 + // +listType=atomic Collectors []IPPort `json:"collectors,omitempty"` } @@ -631,6 +670,7 @@ type IPFIXConfig struct { // ipfixCollectors is list of strings formatted as ip:port with a maximum of ten items // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=10 + // +listType=atomic Collectors []IPPort `json:"collectors,omitempty"` } @@ -684,6 +724,7 @@ type PolicyAuditConfig struct { type NetworkType string // ProxyArgumentList is a list of arguments to pass to the kubeproxy process +// +listType=atomic type ProxyArgumentList []string // ProxyConfig defines the configuration knobs for kubeproxy @@ -719,11 +760,11 @@ type EgressIPConfig struct { } const ( - // NetworkTypeOpenShiftSDN means the openshift-sdn plugin will be configured + // NetworkTypeOpenShiftSDN means the openshift-sdn plugin will be configured. + // DEPRECATED: OpenShift SDN is no longer supported NetworkTypeOpenShiftSDN NetworkType = "OpenShiftSDN" - // NetworkTypeOVNKubernetes means the ovn-kubernetes project will be configured. - // This is currently not implemented. + // NetworkTypeOVNKubernetes means the ovn-kubernetes plugin will be configured. NetworkTypeOVNKubernetes NetworkType = "OVNKubernetes" // NetworkTypeRaw @@ -733,19 +774,23 @@ const ( NetworkTypeSimpleMacvlan NetworkType = "SimpleMacvlan" ) -// SDNMode is the Mode the openshift-sdn plugin is in +// SDNMode is the Mode the openshift-sdn plugin is in. +// DEPRECATED: OpenShift SDN is no longer supported type SDNMode string const ( // SDNModeSubnet is a simple mode that offers no isolation between pods + // DEPRECATED: OpenShift SDN is no longer supported SDNModeSubnet SDNMode = "Subnet" // SDNModeMultitenant is a special "multitenant" mode that offers limited // isolation configuration between namespaces + // DEPRECATED: OpenShift SDN is no longer supported SDNModeMultitenant SDNMode = "Multitenant" // SDNModeNetworkPolicy is a full NetworkPolicy implementation that allows // for sophisticated network isolation and segmenting. This is the default. + // DEPRECATED: OpenShift SDN is no longer supported SDNModeNetworkPolicy SDNMode = "NetworkPolicy" ) @@ -788,3 +833,38 @@ const ( // between pods on the cluster network. IPsecModeFull IPsecMode = "Full" ) + +// +kubebuilder:validation:Enum:="";"Enabled";"Disabled" +type RouteAdvertisementsEnablement string + +var ( + // RouteAdvertisementsEnabled enables route advertisements for ovn-kubernetes + RouteAdvertisementsEnabled RouteAdvertisementsEnablement = "Enabled" + // RouteAdvertisementsDisabled disables route advertisements for ovn-kubernetes + RouteAdvertisementsDisabled RouteAdvertisementsEnablement = "Disabled" +) + +// RoutingCapabilitiesProvider is a component providing routing capabilities. +// +kubebuilder:validation:Enum=FRR +type RoutingCapabilitiesProvider string + +const ( + // RoutingCapabilitiesProviderFRR determines FRR is providing advanced + // routing capabilities. + RoutingCapabilitiesProviderFRR RoutingCapabilitiesProvider = "FRR" +) + +// AdditionalRoutingCapabilities describes components and relevant configuration providing +// advanced routing capabilities. +type AdditionalRoutingCapabilities struct { + // providers is a set of enabled components that provide additional routing + // capabilities. Entries on this list must be unique. The only valid value + // is currrently "FRR" which provides FRR routing capabilities through the + // deployment of FRR. + // +listType=atomic + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))" + Providers []RoutingCapabilitiesProvider `json:"providers"` +} diff --git a/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go b/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go index 3ae83e6948..cd2c8a588f 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go @@ -40,13 +40,6 @@ type OpenShiftAPIServerSpec struct { type OpenShiftAPIServerStatus struct { OperatorStatus `json:",inline"` - - // latestAvailableRevision is the latest revision used as suffix of revisioned - // secrets like encryption-config. A new revision causes a new deployment of - // pods. - // +optional - // +kubebuilder:validation:Minimum=0 - LatestAvailableRevision int32 `json:"latestAvailableRevision,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_10_config-operator_01_configs.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_10_config-operator_01_configs.crd.yaml index e22cf83ee2..323ba46879 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_10_config-operator_01_configs.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_10_config-operator_01_configs.crd.yaml @@ -21,22 +21,26 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "Config specifies the behavior of the config operator which is - responsible for creating the initial configuration of other components on - the cluster. The operator also handles installation, migration or synchronization - of cloud configurations for AWS and Azure cloud based clusters \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." + description: |- + Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components + on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -46,11 +50,12 @@ spec: properties: logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -64,19 +69,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -85,13 +91,12 @@ spec: - TraceAll type: string unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -105,6 +110,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -112,10 +120,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -152,9 +170,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf observedGeneration: description: observedGeneration is the last generation change you've dealt with diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml index c80b66824c..b68cce4db3 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml @@ -22,19 +22,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "Etcd provides information to configure an operator to manage - etcd. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." + description: |- + Etcd provides information to configure an operator to manage etcd. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -42,9 +48,10 @@ spec: properties: backendQuotaGiB: default: 8 - description: backendQuotaGiB sets the etcd backend storage size limit - in gibibytes. The value should be an integer not less than 8 and - not more than 32. When not specified, the default value is 8. + description: |- + backendQuotaGiB sets the etcd backend storage size limit in gibibytes. + The value should be an integer not less than 8 and not more than 32. + When not specified, the default value is 8. format: int32 maximum: 32 minimum: 8 @@ -53,37 +60,38 @@ spec: - message: etcd backendQuotaGiB may not be decreased rule: self>=oldSelf controlPlaneHardwareSpeed: - description: HardwareSpeed allows user to change the etcd tuning profile - which configures the latency parameters for heartbeat interval and - leader election timeouts allowing the cluster to tolerate longer - round-trip-times between etcd members. Valid values are "", "Standard" - and "Slower". "" means no opinion and the platform is left to choose - a reasonable default which is subject to change without notice. + description: "HardwareSpeed allows user to change the etcd tuning + profile which configures\nthe latency parameters for heartbeat interval + and leader election timeouts\nallowing the cluster to tolerate longer + round-trip-times between etcd members.\nValid values are \"\", \"Standard\" + and \"Slower\".\n\t\"\" means no opinion and the platform is left + to choose a reasonable default\n\twhich is subject to change without + notice." enum: - "" - Standard - Slower type: string failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. type: string logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -97,19 +105,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -118,19 +127,18 @@ spec: - TraceAll type: string succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -143,6 +151,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -150,10 +161,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -198,14 +219,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map latestAvailableRevision: description: latestAvailableRevision is the deploymentID of the most recent deployment format: int32 type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf latestAvailableRevisionReason: description: latestAvailableRevisionReason describe the detailed reason for the most recent deployment diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-Default.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-Default.crd.yaml index 37f198c4d4..ebe2486ef5 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-Default.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-Default.crd.yaml @@ -22,56 +22,63 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "Etcd provides information to configure an operator to manage - etcd. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." + description: |- + Etcd provides information to configure an operator to manage etcd. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: properties: controlPlaneHardwareSpeed: - description: HardwareSpeed allows user to change the etcd tuning profile - which configures the latency parameters for heartbeat interval and - leader election timeouts allowing the cluster to tolerate longer - round-trip-times between etcd members. Valid values are "", "Standard" - and "Slower". "" means no opinion and the platform is left to choose - a reasonable default which is subject to change without notice. + description: "HardwareSpeed allows user to change the etcd tuning + profile which configures\nthe latency parameters for heartbeat interval + and leader election timeouts\nallowing the cluster to tolerate longer + round-trip-times between etcd members.\nValid values are \"\", \"Standard\" + and \"Slower\".\n\t\"\" means no opinion and the platform is left + to choose a reasonable default\n\twhich is subject to change without + notice." enum: - "" - Standard - Slower type: string failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. type: string logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -85,19 +92,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -106,19 +114,18 @@ spec: - TraceAll type: string succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -131,6 +138,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -138,10 +148,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -186,14 +206,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map latestAvailableRevision: description: latestAvailableRevision is the deploymentID of the most recent deployment format: int32 type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf latestAvailableRevisionReason: description: latestAvailableRevisionReason describe the detailed reason for the most recent deployment diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml index 7b181f78ec..bc49df765d 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml @@ -22,19 +22,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "Etcd provides information to configure an operator to manage - etcd. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." + description: |- + Etcd provides information to configure an operator to manage etcd. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -42,9 +48,10 @@ spec: properties: backendQuotaGiB: default: 8 - description: backendQuotaGiB sets the etcd backend storage size limit - in gibibytes. The value should be an integer not less than 8 and - not more than 32. When not specified, the default value is 8. + description: |- + backendQuotaGiB sets the etcd backend storage size limit in gibibytes. + The value should be an integer not less than 8 and not more than 32. + When not specified, the default value is 8. format: int32 maximum: 32 minimum: 8 @@ -53,37 +60,38 @@ spec: - message: etcd backendQuotaGiB may not be decreased rule: self>=oldSelf controlPlaneHardwareSpeed: - description: HardwareSpeed allows user to change the etcd tuning profile - which configures the latency parameters for heartbeat interval and - leader election timeouts allowing the cluster to tolerate longer - round-trip-times between etcd members. Valid values are "", "Standard" - and "Slower". "" means no opinion and the platform is left to choose - a reasonable default which is subject to change without notice. + description: "HardwareSpeed allows user to change the etcd tuning + profile which configures\nthe latency parameters for heartbeat interval + and leader election timeouts\nallowing the cluster to tolerate longer + round-trip-times between etcd members.\nValid values are \"\", \"Standard\" + and \"Slower\".\n\t\"\" means no opinion and the platform is left + to choose a reasonable default\n\twhich is subject to change without + notice." enum: - "" - Standard - Slower type: string failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. type: string logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -97,19 +105,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -118,19 +127,18 @@ spec: - TraceAll type: string succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -143,6 +151,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -150,10 +161,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -198,14 +219,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map latestAvailableRevision: description: latestAvailableRevision is the deploymentID of the most recent deployment format: int32 type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf latestAvailableRevisionReason: description: latestAvailableRevisionReason describe the detailed reason for the most recent deployment diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml index 28cbf7edb6..8449c20a6c 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml @@ -22,19 +22,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "Etcd provides information to configure an operator to manage - etcd. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." + description: |- + Etcd provides information to configure an operator to manage etcd. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -42,9 +48,10 @@ spec: properties: backendQuotaGiB: default: 8 - description: backendQuotaGiB sets the etcd backend storage size limit - in gibibytes. The value should be an integer not less than 8 and - not more than 32. When not specified, the default value is 8. + description: |- + backendQuotaGiB sets the etcd backend storage size limit in gibibytes. + The value should be an integer not less than 8 and not more than 32. + When not specified, the default value is 8. format: int32 maximum: 32 minimum: 8 @@ -53,37 +60,38 @@ spec: - message: etcd backendQuotaGiB may not be decreased rule: self>=oldSelf controlPlaneHardwareSpeed: - description: HardwareSpeed allows user to change the etcd tuning profile - which configures the latency parameters for heartbeat interval and - leader election timeouts allowing the cluster to tolerate longer - round-trip-times between etcd members. Valid values are "", "Standard" - and "Slower". "" means no opinion and the platform is left to choose - a reasonable default which is subject to change without notice. + description: "HardwareSpeed allows user to change the etcd tuning + profile which configures\nthe latency parameters for heartbeat interval + and leader election timeouts\nallowing the cluster to tolerate longer + round-trip-times between etcd members.\nValid values are \"\", \"Standard\" + and \"Slower\".\n\t\"\" means no opinion and the platform is left + to choose a reasonable default\n\twhich is subject to change without + notice." enum: - "" - Standard - Slower type: string failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. type: string logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -97,19 +105,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -118,19 +127,18 @@ spec: - TraceAll type: string succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -143,6 +151,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -150,10 +161,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -198,14 +219,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map latestAvailableRevision: description: latestAvailableRevision is the deploymentID of the most recent deployment format: int32 type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf latestAvailableRevisionReason: description: latestAvailableRevisionReason describe the detailed reason for the most recent deployment diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml index 8e8092e660..435a8a81ee 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers.crd.yaml @@ -21,19 +21,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "KubeAPIServer provides information to configure an operator - to manage kube-apiserver. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." + description: |- + KubeAPIServer provides information to configure an operator to manage kube-apiserver. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -42,25 +48,25 @@ spec: Kubernetes API Server properties: failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. type: string logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -74,19 +80,20 @@ spec: pattern: ^(Managed|Force)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -95,19 +102,18 @@ spec: - TraceAll type: string succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -122,6 +128,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -129,10 +138,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -169,14 +188,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map latestAvailableRevision: description: latestAvailableRevision is the deploymentID of the most recent deployment format: int32 type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf latestAvailableRevisionReason: description: latestAvailableRevisionReason describe the detailed reason for the most recent deployment @@ -248,23 +280,22 @@ spec: format: int32 type: integer serviceAccountIssuers: - description: 'serviceAccountIssuers tracks history of used service - account issuers. The item without expiration time represents the - currently used service account issuer. The other items represents - service account issuers that were used previously and are still - being trusted. The default expiration for the items is set by the - platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection' + description: |- + serviceAccountIssuers tracks history of used service account issuers. + The item without expiration time represents the currently used service account issuer. + The other items represents service account issuers that were used previously and are still being trusted. + The default expiration for the items is set by the platform and it defaults to 24h. + see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection items: properties: expirationTime: - description: expirationTime is the time after which this service - account issuer will be pruned and removed from the trusted - list of service account issuers. + description: |- + expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list + of service account issuers. format: date-time type: string name: description: name is the name of the service account issuer - --- type: string type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers.crd.yaml index 53d23595a4..7cd18e09b5 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-controller-manager_01_kubecontrollermanagers.crd.yaml @@ -21,20 +21,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "KubeControllerManager provides information to configure an operator - to manage kube-controller-manager. \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." + description: |- + KubeControllerManager provides information to configure an operator to manage kube-controller-manager. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -43,25 +48,25 @@ spec: Kubernetes Controller Manager properties: failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. type: string logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -75,19 +80,20 @@ spec: pattern: ^(Managed|Force)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -96,30 +102,29 @@ spec: - TraceAll type: string succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true useMoreSecureServiceCA: default: false - description: useMoreSecureServiceCA indicates that the service-ca.crt - provided in SA token volumes should include only enough certificates - to validate service serving certificates. Once set to true, it cannot - be set to false. Even if someone finds a way to set it back to false, - the service-ca.crt files that previously existed will only have - the more secure content. + description: |- + useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only + enough certificates to validate service serving certificates. + Once set to true, it cannot be set to false. + Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will + only have the more secure content. type: boolean type: object status: @@ -132,6 +137,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -139,10 +147,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -179,14 +197,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map latestAvailableRevision: description: latestAvailableRevision is the deploymentID of the most recent deployment format: int32 type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf latestAvailableRevisionReason: description: latestAvailableRevisionReason describe the detailed reason for the most recent deployment diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml index 0d9e983d77..9654facc4d 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_25_kube-scheduler_01_kubeschedulers.crd.yaml @@ -21,19 +21,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "KubeScheduler provides information to configure an operator - to manage scheduler. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." + description: |- + KubeScheduler provides information to configure an operator to manage scheduler. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -42,25 +48,25 @@ spec: Kubernetes Scheduler properties: failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. type: string logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -74,19 +80,20 @@ spec: pattern: ^(Managed|Force)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -95,19 +102,18 @@ spec: - TraceAll type: string succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -122,6 +128,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -129,10 +138,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -169,14 +188,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map latestAvailableRevision: description: latestAvailableRevision is the deploymentID of the most recent deployment format: int32 type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf latestAvailableRevisionReason: description: latestAvailableRevisionReason describe the detailed reason for the most recent deployment diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml index 2cf95765f7..bb9b904fc5 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_30_openshift-apiserver_01_openshiftapiservers.crd.yaml @@ -21,20 +21,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "OpenShiftAPIServer provides information to configure an operator - to manage openshift-apiserver. \n Compatibility level 1: Stable within a - major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." + description: |- + OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -44,11 +49,12 @@ spec: properties: logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -62,19 +68,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -83,13 +90,12 @@ spec: - TraceAll type: string unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -103,6 +109,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -110,10 +119,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -150,16 +169,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map latestAvailableRevision: - description: latestAvailableRevision is the latest revision used as - suffix of revisioned secrets like encryption-config. A new revision - causes a new deployment of pods. + description: latestAvailableRevision is the deploymentID of the most + recent deployment format: int32 - minimum: 0 type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf observedGeneration: description: observedGeneration is the last generation change you've dealt with diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_cloud-credential_00_cloudcredentials.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_cloud-credential_00_cloudcredentials.crd.yaml index 824107e5df..bf6c616afc 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_cloud-credential_00_cloudcredentials.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_cloud-credential_00_cloudcredentials.crd.yaml @@ -20,19 +20,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "CloudCredential provides a means to configure an operator to - manage CredentialsRequests. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." + description: |- + CloudCredential provides a means to configure an operator to manage CredentialsRequests. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,15 +47,16 @@ spec: of the cloud-credential-operator. properties: credentialsMode: - description: 'CredentialsMode allows informing CCO that it should - not attempt to dynamically determine the root cloud credentials - capabilities, and it should just run in the specified mode. It also - allows putting the operator into "manual" mode if desired. Leaving - the field in default mode runs CCO so that the cluster''s cloud - credentials will be dynamically probed for capabilities (on supported - clouds/platforms). Supported modes: AWS/Azure/GCP: "" (Default), - "Mint", "Passthrough", "Manual" Others: Do not set value as other - platforms only support running in "Passthrough"' + description: |- + CredentialsMode allows informing CCO that it should not attempt to dynamically + determine the root cloud credentials capabilities, and it should just run in + the specified mode. + It also allows putting the operator into "manual" mode if desired. + Leaving the field in default mode runs CCO so that the cluster's cloud credentials + will be dynamically probed for capabilities (on supported clouds/platforms). + Supported modes: + AWS/Azure/GCP: "" (Default), "Mint", "Passthrough", "Manual" + Others: Do not set value as other platforms only support running in "Passthrough" enum: - "" - Manual @@ -58,11 +65,12 @@ spec: type: string logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -76,19 +84,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -97,13 +106,12 @@ spec: - TraceAll type: string unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -118,6 +126,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -125,10 +136,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -165,9 +186,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf observedGeneration: description: observedGeneration is the last generation change you've dealt with diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_kube-storage-version-migrator_00_kubestorageversionmigrators.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_kube-storage-version-migrator_00_kubestorageversionmigrators.crd.yaml index 1fce4a4522..30d1f90558 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_kube-storage-version-migrator_00_kubestorageversionmigrators.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_40_kube-storage-version-migrator_00_kubestorageversionmigrators.crd.yaml @@ -19,20 +19,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "KubeStorageVersionMigrator provides information to configure - an operator to manage kube-storage-version-migrator. \n Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." + description: |- + KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -40,11 +45,12 @@ spec: properties: logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -58,19 +64,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -79,13 +86,12 @@ spec: - TraceAll type: string unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -98,6 +104,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -105,10 +114,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -145,9 +164,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf observedGeneration: description: observedGeneration is the last generation change you've dealt with diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml index bde860827a..3fab2ff1f5 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_authentication_01_authentications.crd.yaml @@ -18,19 +18,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "Authentication provides information to configure an operator - to manage authentication. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." + description: |- + Authentication provides information to configure an operator to manage authentication. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -38,11 +44,12 @@ spec: properties: logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -56,19 +63,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -77,13 +85,12 @@ spec: - TraceAll type: string unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -96,6 +103,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -103,10 +113,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -143,16 +163,34 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf oauthAPIServer: description: OAuthAPIServer holds status specific only to oauth-apiserver properties: latestAvailableRevision: - description: LatestAvailableRevision is the latest revision used - as suffix of revisioned secrets like encryption-config. A new - revision causes a new deployment of pods. + description: |- + LatestAvailableRevision is the latest revision used as suffix of revisioned + secrets like encryption-config. A new revision causes a new deployment of pods. format: int32 minimum: 0 type: integer diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_console_01_consoles.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_console_01_consoles.crd.yaml index 2ad47de592..505332e4b5 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_console_01_consoles.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_console_01_consoles.crd.yaml @@ -19,19 +19,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "Console provides a means to configure an operator to manage - the console. \n Compatibility level 1: Stable within a major release for - a minimum of 12 months or 3 minor releases (whichever is longer)." + description: |- + Console provides a means to configure an operator to manage the console. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -40,28 +46,29 @@ spec: of the Console. properties: customization: - description: customization is used to optionally provide a small set - of customization options to the web console. + description: |- + customization is used to optionally provide a small set of + customization options to the web console. properties: addPage: description: addPage allows customizing actions on the Add page in developer perspective. properties: disabledActions: - description: disabledActions is a list of actions that are - not shown to users. Each action in the list is represented - by its ID. + description: |- + disabledActions is a list of actions that are not shown to users. + Each action in the list is represented by its ID. items: type: string minItems: 1 type: array type: object brand: - description: brand is the default branding of the web console - which can be overridden by providing the brand field. There - is a limited set of specific brand options. This field controls - elements of the console such as the logo. Invalid value will - prevent a console rollout. + description: |- + brand is the default branding of the web console which can be overridden by + providing the brand field. There is a limited set of specific brand options. + This field controls elements of the console such as the logo. + Invalid value will prevent a console rollout. enum: - openshift - okd @@ -78,31 +85,32 @@ spec: - ROSA type: string capabilities: - description: capabilities defines an array of capabilities that - can be interacted with in the console UI. Each capability defines - a visual state that can be interacted with the console to render - in the UI. Available capabilities are LightspeedButton. Each - of the available capabilities may appear only once in the list. + description: |- + capabilities defines an array of capabilities that can be interacted with in the console UI. + Each capability defines a visual state that can be interacted with the console to render in the UI. + Available capabilities are LightspeedButton and GettingStartedBanner. + Each of the available capabilities may appear only once in the list. items: description: Capabilities contains set of UI capabilities and their state in the console UI. properties: name: - description: name is the unique name of a capability. Available - capabilities are LightspeedButton. + description: |- + name is the unique name of a capability. + Available capabilities are LightspeedButton and GettingStartedBanner. enum: - LightspeedButton + - GettingStartedBanner type: string visibility: description: visibility defines the visibility state of the capability. properties: state: - description: state defines if the capability is enabled - or disabled in the console UI. Enabling the capability - in the console UI is represented by the "Enabled" - value. Disabling the capability in the console UI - is represented by the "Disabled" value. + description: |- + state defines if the capability is enabled or disabled in the console UI. + Enabling the capability in the console UI is represented by the "Enabled" value. + Disabling the capability in the console UI is represented by the "Disabled" value. enum: - Enabled - Disabled @@ -114,23 +122,23 @@ spec: - name - visibility type: object - maxItems: 1 + maxItems: 2 minItems: 1 type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map customLogoFile: - description: 'customLogoFile replaces the default OpenShift logo - in the masthead and about dialog. It is a reference to a ConfigMap - in the openshift-config namespace. This can be created with - a command like ''oc create configmap custom-logo --from-file=/path/to/file - -n openshift-config''. Image size must be less than 1 MB due - to constraints on the ConfigMap size. The ConfigMap key should - include a file extension so that the console serves the file - with the correct MIME type. Recommended logo specifications: - Dimensions: Max height of 68px and max width of 200px SVG format - preferred' + description: |- + customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a + ConfigMap in the openshift-config namespace. This can be created with a command like + 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. + Image size must be less than 1 MB due to constraints on the ConfigMap size. + The ConfigMap key should include a file extension so that the console serves the file + with the correct MIME type. + Recommended logo specifications: + Dimensions: Max height of 68px and max width of 200px + SVG format preferred properties: key: description: Key allows pointing to a specific key/value inside @@ -140,9 +148,9 @@ spec: type: string type: object customProductName: - description: customProductName is the name that will be displayed - in page titles, logo alt text, and the about dialog instead - of the normal OpenShift product name. + description: |- + customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog + instead of the normal OpenShift product name. type: string developerCatalog: description: developerCatalog allows to configure the shown developer @@ -155,9 +163,9 @@ spec: console catalog. properties: id: - description: ID is an identifier used in the URL to - enable deep linking in console. ID is required and - must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. + description: |- + ID is an identifier used in the URL to enable deep linking in console. + ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. maxLength: 32 minLength: 1 pattern: ^[A-Za-z0-9-_]+$ @@ -175,10 +183,9 @@ spec: the key identifiers of a developer catalog category. properties: id: - description: ID is an identifier used in the URL - to enable deep linking in console. ID is required - and must have 1-32 URL safe (A-Z, a-z, 0-9, - - and _) characters. + description: |- + ID is an identifier used in the URL to enable deep linking in console. + ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. maxLength: 32 minLength: 1 pattern: ^[A-Za-z0-9-_]+$ @@ -190,10 +197,9 @@ spec: minLength: 1 type: string tags: - description: tags is a list of strings that will - match the category. A selected category show - all items which has at least one overlapping - tag between category and item. + description: |- + tags is a list of strings that will match the category. A selected category + show all items which has at least one overlapping tag between category and item. items: type: string type: array @@ -203,10 +209,9 @@ spec: type: object type: array tags: - description: tags is a list of strings that will match - the category. A selected category show all items which - has at least one overlapping tag between category - and item. + description: |- + tags is a list of strings that will match the category. A selected category + show all items which has at least one overlapping tag between category and item. items: type: string type: array @@ -216,35 +221,29 @@ spec: type: object type: array types: - description: types allows enabling or disabling of sub-catalog - types that user can see in the Developer catalog. When omitted, - all the sub-catalog types will be shown. + description: |- + types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. + When omitted, all the sub-catalog types will be shown. properties: disabled: - description: 'disabled is a list of developer catalog - types (sub-catalogs IDs) that are not shown to users. - Types (sub-catalogs) are added via console plugins, - the available types (sub-catalog IDs) are available - in the console on the cluster configuration page, or - when editing the YAML in the console. Example: "Devfile", - "HelmChart", "BuilderImage" If the list is empty or - all the available sub-catalog types are added, then - the complete developer catalog should be hidden.' + description: |- + disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users. + Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available + in the console on the cluster configuration page, or when editing the YAML in the console. + Example: "Devfile", "HelmChart", "BuilderImage" + If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden. items: type: string type: array x-kubernetes-list-type: set enabled: - description: 'enabled is a list of developer catalog types - (sub-catalogs IDs) that will be shown to users. Types - (sub-catalogs) are added via console plugins, the available - types (sub-catalog IDs) are available in the console - on the cluster configuration page, or when editing the - YAML in the console. Example: "Devfile", "HelmChart", - "BuilderImage" If the list is non-empty, a new type - will not be shown to the user until it is added to list. - If the list is empty the complete developer catalog - will be shown.' + description: |- + enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users. + Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available + in the console on the cluster configuration page, or when editing the YAML in the console. + Example: "Devfile", "HelmChart", "BuilderImage" + If the list is non-empty, a new type will not be shown to the user until it is added to list. + If the list is empty the complete developer catalog will be shown. items: type: string type: array @@ -267,10 +266,11 @@ spec: rule: 'self.state == ''Disabled'' ? true : !has(self.disabled)' type: object documentationBaseURL: - description: documentationBaseURL links to external documentation - are shown in various sections of the web console. Providing - documentationBaseURL will override the default documentation - URL. Invalid value will prevent a console rollout. + description: |- + documentationBaseURL links to external documentation are shown in various sections + of the web console. Providing documentationBaseURL will override the default + documentation URL. + Invalid value will prevent a console rollout. pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))\/$ type: string perspectives: @@ -281,45 +281,43 @@ spec: admins want to show/hide in the perspective switcher dropdown properties: id: - description: 'id defines the id of the perspective. Example: - "dev", "admin". The available perspective ids can be found - in the code snippet section next to the yaml editor. Incorrect - or unknown ids will be ignored.' + description: |- + id defines the id of the perspective. + Example: "dev", "admin". + The available perspective ids can be found in the code snippet section next to the yaml editor. + Incorrect or unknown ids will be ignored. type: string pinnedResources: - description: pinnedResources defines the list of default - pinned resources that users will see on the perspective - navigation if they have not customized these pinned resources - themselves. The list of available Kubernetes resources - could be read via `kubectl api-resources`. The console - will also provide a configuration UI and a YAML snippet - that will list the available resources that can be pinned - to the navigation. Incorrect or unknown resources will - be ignored. + description: |- + pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. + The list of available Kubernetes resources could be read via `kubectl api-resources`. + The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. + Incorrect or unknown resources will be ignored. items: description: PinnedResourceReference includes the group, version and type of resource properties: group: - description: 'group is the API Group of the Resource. - Enter empty string for the core group. This value - should consist of only lowercase alphanumeric characters, - hyphens and periods. Example: "", "apps", "build.openshift.io", - etc.' + description: |- + group is the API Group of the Resource. + Enter empty string for the core group. + This value should consist of only lowercase alphanumeric characters, hyphens and periods. + Example: "", "apps", "build.openshift.io", etc. pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string resource: - description: 'resource is the type that is being referenced. - It is normally the plural form of the resource kind - in lowercase. This value should consist of only - lowercase alphanumeric characters and hyphens. Example: - "deployments", "deploymentconfigs", "pods", etc.' + description: |- + resource is the type that is being referenced. + It is normally the plural form of the resource kind in lowercase. + This value should consist of only lowercase alphanumeric characters and hyphens. + Example: "deployments", "deploymentconfigs", "pods", etc. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string version: - description: 'version is the API Version of the Resource. - This value should consist of only lowercase alphanumeric - characters. Example: "v1", "v1beta1", etc.' + description: |- + version is the API Version of the Resource. + This value should consist of only lowercase alphanumeric characters. + Example: "v1", "v1beta1", etc. pattern: ^[a-z0-9]+$ type: string required: @@ -351,25 +349,124 @@ spec: attributes available for resource requests to the Authorizer interface properties: + fieldSelector: + description: |- + fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it. + + This field is alpha-level. To use this field, you must enable the + `AuthorizeWithSelectors` feature gate (disabled by default). + properties: + rawSelector: + description: |- + rawSelector is the serialization of a field selector that would be included in a query parameter. + Webhook implementations are encouraged to ignore rawSelector. + The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present. + type: string + requirements: + description: |- + requirements is the parsed interpretation of a field selector. + All requirements must be met for a resource instance to match the selector. + Webhook implementations should handle requirements, but how to handle them is up to the webhook. + Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements + are not understood. + items: + description: |- + FieldSelectorRequirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the field selector + key that the requirement applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. + The list of operators may grow in the future. + type: string + values: + description: |- + values is an array of string values. + If the operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values array must be empty. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object group: description: Group is the API Group of the Resource. "*" means all. type: string + labelSelector: + description: |- + labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it. + + This field is alpha-level. To use this field, you must enable the + `AuthorizeWithSelectors` feature gate (disabled by default). + properties: + rawSelector: + description: |- + rawSelector is the serialization of a field selector that would be included in a query parameter. + Webhook implementations are encouraged to ignore rawSelector. + The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present. + type: string + requirements: + description: |- + requirements is the parsed interpretation of a label selector. + All requirements must be met for a resource instance to match the selector. + Webhook implementations should handle requirements, but how to handle them is up to the webhook. + Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements + are not understood. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object name: description: Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. type: string namespace: - description: Namespace is the namespace of - the action being requested. Currently, - there is no distinction between no namespace - and all namespaces "" (empty) is defaulted - for LocalSubjectAccessReviews "" (empty) - is empty for cluster-scoped resources "" - (empty) means "all" for namespace scoped - resources from a SubjectAccessReview or - SelfSubjectAccessReview + description: |- + Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces + "" (empty) is defaulted for LocalSubjectAccessReviews + "" (empty) is empty for cluster-scoped resources + "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview type: string resource: description: Resource is one of the existing @@ -403,25 +500,124 @@ spec: attributes available for resource requests to the Authorizer interface properties: + fieldSelector: + description: |- + fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it. + + This field is alpha-level. To use this field, you must enable the + `AuthorizeWithSelectors` feature gate (disabled by default). + properties: + rawSelector: + description: |- + rawSelector is the serialization of a field selector that would be included in a query parameter. + Webhook implementations are encouraged to ignore rawSelector. + The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present. + type: string + requirements: + description: |- + requirements is the parsed interpretation of a field selector. + All requirements must be met for a resource instance to match the selector. + Webhook implementations should handle requirements, but how to handle them is up to the webhook. + Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements + are not understood. + items: + description: |- + FieldSelectorRequirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the field selector + key that the requirement applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. + The list of operators may grow in the future. + type: string + values: + description: |- + values is an array of string values. + If the operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values array must be empty. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object group: description: Group is the API Group of the Resource. "*" means all. type: string + labelSelector: + description: |- + labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it. + + This field is alpha-level. To use this field, you must enable the + `AuthorizeWithSelectors` feature gate (disabled by default). + properties: + rawSelector: + description: |- + rawSelector is the serialization of a field selector that would be included in a query parameter. + Webhook implementations are encouraged to ignore rawSelector. + The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present. + type: string + requirements: + description: |- + requirements is the parsed interpretation of a label selector. + All requirements must be met for a resource instance to match the selector. + Webhook implementations should handle requirements, but how to handle them is up to the webhook. + Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements + are not understood. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + type: object name: description: Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. type: string namespace: - description: Namespace is the namespace of - the action being requested. Currently, - there is no distinction between no namespace - and all namespaces "" (empty) is defaulted - for LocalSubjectAccessReviews "" (empty) - is empty for cluster-scoped resources "" - (empty) means "all" for namespace scoped - resources from a SubjectAccessReview or - SelfSubjectAccessReview + description: |- + Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces + "" (empty) is defaulted for LocalSubjectAccessReviews + "" (empty) is empty for cluster-scoped resources + "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview type: string resource: description: Resource is one of the existing @@ -473,16 +669,15 @@ spec: - id x-kubernetes-list-type: map projectAccess: - description: projectAccess allows customizing the available list - of ClusterRoles in the Developer perspective Project access - page which can be used by a project admin to specify roles to - other users and restrict access within the project. If set, - the list will replace the default ClusterRole options. + description: |- + projectAccess allows customizing the available list of ClusterRoles in the Developer perspective + Project access page which can be used by a project admin to specify roles to other users and + restrict access within the project. If set, the list will replace the default ClusterRole options. properties: availableClusterRoles: - description: availableClusterRoles is the list of ClusterRole - names that are assignable to users through the project access - tab. + description: |- + availableClusterRoles is the list of ClusterRole names that are assignable to users + through the project access tab. items: type: string type: array @@ -500,18 +695,20 @@ spec: type: object type: object ingress: - description: ingress allows to configure the alternative ingress for - the console. This field is intended for clusters without ingress - capability, where access to routes is not possible. + description: |- + ingress allows to configure the alternative ingress for the console. + This field is intended for clusters without ingress capability, + where access to routes is not possible. properties: clientDownloadsURL: - description: clientDownloadsURL is a URL to be used as the address - to download client binaries. If not specified, the downloads - route hostname will be used. This field is required for clusters - without ingress capability, where access to routes is not possible. + description: |- + clientDownloadsURL is a URL to be used as the address to download client binaries. + If not specified, the downloads route hostname will be used. + This field is required for clusters without ingress capability, + where access to routes is not possible. The console operator will monitor the URL and may go degraded - if it's unreachable for an extended period. Must use the HTTPS - scheme. + if it's unreachable for an extended period. + Must use the HTTPS scheme. maxLength: 1024 type: string x-kubernetes-validations: @@ -520,13 +717,15 @@ spec: - message: client downloads url scheme must be https rule: size(self) == 0 || url(self).getScheme() == 'https' consoleURL: - description: consoleURL is a URL to be used as the base console - address. If not specified, the console route hostname will be - used. This field is required for clusters without ingress capability, - where access to routes is not possible. Make sure that appropriate - ingress is set up at this URL. The console operator will monitor - the URL and may go degraded if it's unreachable for an extended - period. Must use the HTTPS scheme. + description: |- + consoleURL is a URL to be used as the base console address. + If not specified, the console route hostname will be used. + This field is required for clusters without ingress capability, + where access to routes is not possible. + Make sure that appropriate ingress is set up at this URL. + The console operator will monitor the URL and may go degraded + if it's unreachable for an extended period. + Must use the HTTPS scheme. maxLength: 1024 type: string x-kubernetes-validations: @@ -537,11 +736,12 @@ spec: type: object logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -555,19 +755,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -595,30 +796,31 @@ spec: type: object type: object route: - description: route contains hostname and secret reference that contains - the serving certificate. If a custom route is specified, a new route - will be created with the provided hostname, under which console - will be available. In case of custom hostname uses the default routing - suffix of the cluster, the Secret specification for a serving certificate - will not be needed. In case of custom hostname points to an arbitrary - domain, manual DNS configurations steps are necessary. The default - console route will be maintained to reserve the default hostname - for console if the custom route is removed. If not specified, default - route will be used. DEPRECATED + description: |- + route contains hostname and secret reference that contains the serving certificate. + If a custom route is specified, a new route will be created with the + provided hostname, under which console will be available. + In case of custom hostname uses the default routing suffix of the cluster, + the Secret specification for a serving certificate will not be needed. + In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. + The default console route will be maintained to reserve the default hostname + for console if the custom route is removed. + If not specified, default route will be used. + DEPRECATED properties: hostname: description: hostname is the desired custom domain under which console will be available. type: string secret: - description: 'secret points to secret in the openshift-config - namespace that contains custom certificate and key and needs - to be created manually by the cluster admin. Referenced Secret - is required to contain following key value pairs: - "tls.crt" - - to specifies custom certificate - "tls.key" - to specifies - private key of the custom certificate If the custom hostname - uses the default routing suffix of the cluster, the Secret specification - for a serving certificate will not be needed.' + description: |- + secret points to secret in the openshift-config namespace that contains custom + certificate and key and needs to be created manually by the cluster admin. + Referenced Secret is required to contain following key value pairs: + - "tls.crt" - to specifies custom certificate + - "tls.key" - to specifies private key of the custom certificate + If the custom hostname uses the default routing suffix of the cluster, + the Secret specification for a serving certificate will not be needed. properties: name: description: name is the metadata.name of the referenced secret @@ -628,13 +830,12 @@ spec: type: object type: object unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -648,6 +849,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -655,10 +859,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -695,9 +909,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf observedGeneration: description: observedGeneration is the last generation change you've dealt with diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml index 6adf7cd357..2524b5a84a 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml @@ -20,26 +20,37 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "IngressController describes a managed ingress controller for - the cluster. The controller can service OpenShift Route and Kubernetes Ingress - resources. \n When an IngressController is created, a new ingress controller - deployment is created to allow external traffic to reach the services that - expose Ingress or Route resources. Updating this resource may lead to disruption - for public facing network connections as a new ingress controller revision - may be rolled out. \n https://kubernetes.io/docs/concepts/services-networking/ingress-controllers - \n Whenever possible, sensible defaults for the platform are used. See each - field for more details. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." + description: |- + IngressController describes a managed ingress controller for the cluster. The + controller can service OpenShift Route and Kubernetes Ingress resources. + + When an IngressController is created, a new ingress controller deployment is + created to allow external traffic to reach the services that expose Ingress + or Route resources. Updating this resource may lead to disruption for public + facing network connections as a new ingress controller revision may be rolled + out. + + https://kubernetes.io/docs/concepts/services-networking/ingress-controllers + + Whenever possible, sensible defaults for the platform are used. See each + field for more details. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -48,28 +59,30 @@ spec: IngressController. properties: clientTLS: - description: clientTLS specifies settings for requesting and verifying - client certificates, which can be used to enable mutual TLS for + description: |- + clientTLS specifies settings for requesting and verifying client + certificates, which can be used to enable mutual TLS for edge-terminated and reencrypt routes. properties: allowedSubjectPatterns: - description: allowedSubjectPatterns specifies a list of regular - expressions that should be matched against the distinguished - name on a valid client certificate to filter requests. The - regular expressions must use PCRE syntax. If this list is empty, - no filtering is performed. If the list is nonempty, then at - least one pattern must match a client certificate's distinguished - name or else the ingress controller rejects the certificate - and denies the connection. + description: |- + allowedSubjectPatterns specifies a list of regular expressions that + should be matched against the distinguished name on a valid client + certificate to filter requests. The regular expressions must use + PCRE syntax. If this list is empty, no filtering is performed. If + the list is nonempty, then at least one pattern must match a client + certificate's distinguished name or else the ingress controller + rejects the certificate and denies the connection. items: type: string type: array x-kubernetes-list-type: atomic clientCA: - description: clientCA specifies a configmap containing the PEM-encoded - CA certificate bundle that should be used to verify a client's - certificate. The administrator must create this configmap in - the openshift-config namespace. + description: |- + clientCA specifies a configmap containing the PEM-encoded CA + certificate bundle that should be used to verify a client's + certificate. The administrator must create this configmap in the + openshift-config namespace. properties: name: description: name is the metadata.name of the referenced config @@ -79,12 +92,14 @@ spec: - name type: object clientCertificatePolicy: - description: "clientCertificatePolicy specifies whether the ingress - controller requires clients to provide certificates. This field - accepts the values \"Required\" or \"Optional\". \n Note that - the ingress controller only checks client certificates for edge-terminated - and reencrypt TLS routes; it cannot check certificates for cleartext - HTTP or passthrough TLS routes." + description: |- + clientCertificatePolicy specifies whether the ingress controller + requires clients to provide certificates. This field accepts the + values "Required" or "Optional". + + Note that the ingress controller only checks client certificates for + edge-terminated and reencrypt TLS routes; it cannot check + certificates for cleartext HTTP or passthrough TLS routes. enum: - "" - Required @@ -95,103 +110,133 @@ spec: - clientCertificatePolicy type: object defaultCertificate: - description: "defaultCertificate is a reference to a secret containing - the default certificate served by the ingress controller. When Routes - don't specify their own certificate, defaultCertificate is used. - \n The secret must contain the following keys and data: \n tls.crt: - certificate file contents tls.key: key file contents \n If unset, - a wildcard certificate is automatically generated and used. The - certificate is valid for the ingress controller domain (and subdomains) - and the generated certificate's CA will be automatically integrated - with the cluster's trust store. \n If a wildcard certificate is - used and shared by multiple HTTP/2 enabled routes (which implies - ALPN) then clients (i.e., notably browsers) are at liberty to reuse - open connections. This means a client can reuse a connection to - another route and that is likely to fail. This behaviour is generally - known as connection coalescing. \n The in-use certificate (whether - generated or user-specified) will be automatically integrated with - OpenShift's built-in OAuth server." + description: |- + defaultCertificate is a reference to a secret containing the default + certificate served by the ingress controller. When Routes don't specify + their own certificate, defaultCertificate is used. + + The secret must contain the following keys and data: + + tls.crt: certificate file contents + tls.key: key file contents + + If unset, a wildcard certificate is automatically generated and used. The + certificate is valid for the ingress controller domain (and subdomains) and + the generated certificate's CA will be automatically integrated with the + cluster's trust store. + + If a wildcard certificate is used and shared by multiple + HTTP/2 enabled routes (which implies ALPN) then clients + (i.e., notably browsers) are at liberty to reuse open + connections. This means a client can reuse a connection to + another route and that is likely to fail. This behaviour is + generally known as connection coalescing. + + The in-use certificate (whether generated or user-specified) will be + automatically integrated with OpenShift's built-in OAuth server. properties: name: default: "" - description: 'Name of the referent. This field is effectively - required, but due to backwards compatibility is allowed to be - empty. Instances of this type with an empty value here are almost - certainly wrong. TODO: Add other useful fields. apiVersion, - kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn''t - need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic domain: - description: "domain is a DNS name serviced by the ingress controller - and is used to configure multiple features: \n * For the LoadBalancerService - endpoint publishing strategy, domain is used to configure DNS records. - See endpointPublishingStrategy. \n * When using a generated default - certificate, the certificate will be valid for domain and its subdomains. - See defaultCertificate. \n * The value is published to individual - Route statuses so that end-users know where to target external DNS - records. \n domain must be unique among all IngressControllers, - and cannot be updated. \n If empty, defaults to ingress.config.openshift.io/cluster - .spec.domain." + description: |- + domain is a DNS name serviced by the ingress controller and is used to + configure multiple features: + + * For the LoadBalancerService endpoint publishing strategy, domain is + used to configure DNS records. See endpointPublishingStrategy. + + * When using a generated default certificate, the certificate will be valid + for domain and its subdomains. See defaultCertificate. + + * The value is published to individual Route statuses so that end-users + know where to target external DNS records. + + domain must be unique among all IngressControllers, and cannot be + updated. + + If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. type: string endpointPublishingStrategy: - description: "endpointPublishingStrategy is used to publish the ingress - controller endpoints to other networks, enable load balancer integrations, - etc. \n If unset, the default is based on infrastructure.config.openshift.io/cluster - .status.platform: \n AWS: LoadBalancerService (with External - scope) Azure: LoadBalancerService (with External scope) GCP: - \ LoadBalancerService (with External scope) IBMCloud: LoadBalancerService - (with External scope) AlibabaCloud: LoadBalancerService (with External - scope) Libvirt: HostNetwork \n Any other platform types (including - None) default to HostNetwork. \n endpointPublishingStrategy cannot - be updated." + description: |- + endpointPublishingStrategy is used to publish the ingress controller + endpoints to other networks, enable load balancer integrations, etc. + + If unset, the default is based on + infrastructure.config.openshift.io/cluster .status.platform: + + AWS: LoadBalancerService (with External scope) + Azure: LoadBalancerService (with External scope) + GCP: LoadBalancerService (with External scope) + IBMCloud: LoadBalancerService (with External scope) + AlibabaCloud: LoadBalancerService (with External scope) + Libvirt: HostNetwork + + Any other platform types (including None) default to HostNetwork. + + endpointPublishingStrategy cannot be updated. properties: hostNetwork: - description: hostNetwork holds parameters for the HostNetwork - endpoint publishing strategy. Present only if type is HostNetwork. + description: |- + hostNetwork holds parameters for the HostNetwork endpoint publishing + strategy. Present only if type is HostNetwork. properties: httpPort: default: 80 - description: httpPort is the port on the host which should - be used to listen for HTTP requests. This field should be - set when port 80 is already in use. The value should not - coincide with the NodePort range of the cluster. When the - value is 0 or is not specified it defaults to 80. + description: |- + httpPort is the port on the host which should be used to listen for + HTTP requests. This field should be set when port 80 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 80. format: int32 maximum: 65535 minimum: 0 type: integer httpsPort: default: 443 - description: httpsPort is the port on the host which should - be used to listen for HTTPS requests. This field should - be set when port 443 is already in use. The value should - not coincide with the NodePort range of the cluster. When - the value is 0 or is not specified it defaults to 443. + description: |- + httpsPort is the port on the host which should be used to listen for + HTTPS requests. This field should be set when port 443 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 443. format: int32 maximum: 65535 minimum: 0 type: integer protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. enum: - "" - TCP @@ -199,49 +244,49 @@ spec: type: string statsPort: default: 1936 - description: statsPort is the port on the host where the stats - from the router are published. The value should not coincide - with the NodePort range of the cluster. If an external load - balancer is configured to forward connections to this IngressController, - the load balancer should use this port for health checks. - The load balancer can send HTTP probes on this port on a - given node, with the path /healthz/ready to determine if - the ingress controller is ready to receive traffic on the - node. For proper operation the load balancer must not forward - traffic to a node until the health check reports ready. - The load balancer should also stop forwarding requests within - a maximum of 45 seconds after /healthz/ready starts reporting - not-ready. Probing every 5 to 10 seconds, with a 5-second - timeout and with a threshold of two successful or failed - requests to become healthy or unhealthy respectively, are - well-tested values. When the value is 0 or is not specified - it defaults to 1936. + description: |- + statsPort is the port on the host where the stats from the router are + published. The value should not coincide with the NodePort range of the + cluster. If an external load balancer is configured to forward connections + to this IngressController, the load balancer should use this port for + health checks. The load balancer can send HTTP probes on this port on a + given node, with the path /healthz/ready to determine if the ingress + controller is ready to receive traffic on the node. For proper operation + the load balancer must not forward traffic to a node until the health + check reports ready. The load balancer should also stop forwarding requests + within a maximum of 45 seconds after /healthz/ready starts reporting + not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + a threshold of two successful or failed requests to become healthy or + unhealthy respectively, are well-tested values. When the value is 0 or + is not specified it defaults to 1936. format: int32 maximum: 65535 minimum: 0 type: integer type: object loadBalancer: - description: loadBalancer holds parameters for the load balancer. - Present only if type is LoadBalancerService. + description: |- + loadBalancer holds parameters for the load balancer. Present only if + type is LoadBalancerService. properties: allowedSourceRanges: - description: "allowedSourceRanges specifies an allowlist of - IP address ranges to which access to the load balancer should - be restricted. Each range must be specified using CIDR - notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range - is specified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 - are used by default, which allows all source addresses. - \n To facilitate migration from earlier versions of OpenShift - that did not have the allowedSourceRanges field, you may - set the service.beta.kubernetes.io/load-balancer-source-ranges - annotation on the \"router-\" service - in the \"openshift-ingress\" namespace, and this annotation - will take effect if allowedSourceRanges is empty on OpenShift - 4.12." + description: |- + allowedSourceRanges specifies an allowlist of IP address ranges to which + access to the load balancer should be restricted. Each range must be + specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + which allows all source addresses. + + To facilitate migration from earlier versions of OpenShift that did + not have the allowedSourceRanges field, you may set the + service.beta.kubernetes.io/load-balancer-source-ranges annotation on + the "router-" service in the + "openshift-ingress" namespace, and this annotation will take + effect if allowedSourceRanges is empty on OpenShift 4.12. items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). + description: |- + CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" + or "fd00::/8"). pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) type: string nullable: true @@ -249,66 +294,69 @@ spec: x-kubernetes-list-type: atomic dnsManagementPolicy: default: Managed - description: 'dnsManagementPolicy indicates if the lifecycle - of the wildcard DNS record associated with the load balancer - service will be managed by the ingress operator. It defaults - to Managed. Valid values are: Managed and Unmanaged.' + description: |- + dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + associated with the load balancer service will be managed by + the ingress operator. It defaults to Managed. + Valid values are: Managed and Unmanaged. enum: - Managed - Unmanaged type: string providerParameters: - description: "providerParameters holds desired load balancer - information specific to the underlying infrastructure provider. - \n If empty, defaults will be applied. See specific providerParameters - fields for details about their defaults." + description: |- + providerParameters holds desired load balancer information specific to + the underlying infrastructure provider. + + If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults. properties: aws: - description: "aws provides configuration settings that - are specific to AWS load balancers. \n If empty, defaults - will be applied. See specific aws fields for details - about their defaults." + description: |- + aws provides configuration settings that are specific to AWS + load balancers. + + If empty, defaults will be applied. See specific aws fields for + details about their defaults. properties: classicLoadBalancer: - description: classicLoadBalancerParameters holds configuration - parameters for an AWS classic load balancer. Present - only if type is Classic. + description: |- + classicLoadBalancerParameters holds configuration parameters for an AWS + classic load balancer. Present only if type is Classic. properties: connectionIdleTimeout: - description: connectionIdleTimeout specifies the - maximum time period that a connection may be - idle before the load balancer closes the connection. The - value must be parseable as a time duration value; - see . A - nil or zero value means no opinion, in which - case a default value is used. The default value - for this field is 60s. This default is subject - to change. + description: |- + connectionIdleTimeout specifies the maximum time period that a + connection may be idle before the load balancer closes the + connection. The value must be parseable as a time duration value; + see . A nil or zero value + means no opinion, in which case a default value is used. The default + value for this field is 60s. This default is subject to change. format: duration type: string subnets: - description: "subnets specifies the subnets to - which the load balancer will attach. The subnets - may be specified by either their ID or name. - The total number of subnets is limited to 10. - \n In order for the load balancer to be provisioned - with subnets, each subnet must exist, each subnet - must be from a different availability zone, - and the load balancer service must be recreated - to pick up new values. \n When omitted from - the spec, the subnets will be auto-discovered - for each availability zone. Auto-discovered - subnets are not reported in the status of the - IngressController object." + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. properties: ids: - description: ids specifies a list of AWS subnets - by subnet ID. Subnet IDs must start with - "subnet-", consist only of alphanumeric - characters, must be exactly 24 characters - long, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. items: description: AWSSubnetID is a reference to an AWS subnet ID. @@ -324,13 +372,12 @@ spec: rule: self.all(x, self.exists_one(y, x == y)) names: - description: names specifies a list of AWS - subnets by subnet name. Subnet names must - not start with "subnet-", must not include - commas, must be under 256 characters in - length, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. items: description: AWSSubnetName is a reference to an AWS subnet name. @@ -363,31 +410,28 @@ spec: has(self.names) && self.names.size() > 0 type: object networkLoadBalancer: - description: networkLoadBalancerParameters holds configuration - parameters for an AWS network load balancer. Present - only if type is NLB. + description: |- + networkLoadBalancerParameters holds configuration parameters for an AWS + network load balancer. Present only if type is NLB. properties: eipAllocations: - description: "eipAllocations is a list of IDs - for Elastic IP (EIP) addresses that are assigned - to the Network Load Balancer. The following - restrictions apply: \n eipAllocations can only - be used with external scope, not internal. An - EIP can be allocated to only a single IngressController. - The number of EIP allocations must match the - number of subnets that are used for the load - balancer. Each EIP allocation must be unique. + description: |- + eipAllocations is a list of IDs for Elastic IP (EIP) addresses that + are assigned to the Network Load Balancer. + The following restrictions apply: + + eipAllocations can only be used with external scope, not internal. + An EIP can be allocated to only a single IngressController. + The number of EIP allocations must match the number of subnets that are used for the load balancer. + Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted. - \n See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html - for general information about configuration, - characteristics, and limitations of Elastic - IP addresses." + + See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general + information about configuration, characteristics, and limitations of Elastic IP addresses. items: - description: EIPAllocation is an ID for an Elastic - IP (EIP) address that can be allocated to - an ELB in the AWS environment. Values must - begin with `eipalloc-` followed by exactly - 17 hexadecimal (`[0-9a-fA-F]`) characters. + description: |- + EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment. + Values must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters. maxLength: 26 minLength: 26 type: string @@ -406,28 +450,28 @@ spec: - message: eipAllocations cannot contain duplicates rule: self.all(x, self.exists_one(y, x == y)) subnets: - description: "subnets specifies the subnets to - which the load balancer will attach. The subnets - may be specified by either their ID or name. - The total number of subnets is limited to 10. - \n In order for the load balancer to be provisioned - with subnets, each subnet must exist, each subnet - must be from a different availability zone, - and the load balancer service must be recreated - to pick up new values. \n When omitted from - the spec, the subnets will be auto-discovered - for each availability zone. Auto-discovered - subnets are not reported in the status of the - IngressController object." + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. properties: ids: - description: ids specifies a list of AWS subnets - by subnet ID. Subnet IDs must start with - "subnet-", consist only of alphanumeric - characters, must be exactly 24 characters - long, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. items: description: AWSSubnetID is a reference to an AWS subnet ID. @@ -443,13 +487,12 @@ spec: rule: self.all(x, self.exists_one(y, x == y)) names: - description: names specifies a list of AWS - subnets by subnet name. Subnet names must - not start with "subnet-", must not include - commas, must be under 256 characters in - length, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. items: description: AWSSubnetName is a reference to an AWS subnet name. @@ -501,15 +544,21 @@ spec: ? size(self.subnets.names) == size(self.eipAllocations) : true' type: - description: "type is the type of AWS load balancer - to instantiate for an ingresscontroller. \n Valid - values are: \n * \"Classic\": A Classic Load Balancer - that makes routing decisions at either the transport - layer (TCP/SSL) or the application layer (HTTP/HTTPS). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - \n * \"NLB\": A Network Load Balancer that makes - routing decisions at the transport layer (TCP/SSL). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" + description: |- + type is the type of AWS load balancer to instantiate for an ingresscontroller. + + Valid values are: + + * "Classic": A Classic Load Balancer that makes routing decisions at either + the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + + * "NLB": A Network Load Balancer that makes routing decisions at the + transport layer (TCP/SSL). See the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb enum: - Classic - NLB @@ -518,67 +567,99 @@ spec: - type type: object gcp: - description: "gcp provides configuration settings that - are specific to GCP load balancers. \n If empty, defaults - will be applied. See specific gcp fields for details - about their defaults." + description: |- + gcp provides configuration settings that are specific to GCP + load balancers. + + If empty, defaults will be applied. See specific gcp fields for + details about their defaults. properties: clientAccess: - description: "clientAccess describes how client access - is restricted for internal load balancers. \n Valid - values are: * \"Global\": Specifying an internal - load balancer with Global client access allows clients - from any region within the VPC to communicate with - the load balancer. \n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access - \n * \"Local\": Specifying an internal load balancer - with Local client access means only clients within - the same region (and VPC) as the GCP load balancer - can communicate with the load balancer. Note that - this is the default behavior. \n https://cloud.google.com/load-balancing/docs/internal#client_access" + description: |- + clientAccess describes how client access is restricted for internal + load balancers. + + Valid values are: + * "Global": Specifying an internal load balancer with Global client access + allows clients from any region within the VPC to communicate with the load + balancer. + + https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + + * "Local": Specifying an internal load balancer with Local client access + means only clients within the same region (and VPC) as the GCP load balancer + can communicate with the load balancer. Note that this is the default behavior. + + https://cloud.google.com/load-balancing/docs/internal#client_access enum: - Global - Local type: string type: object ibm: - description: "ibm provides configuration settings that - are specific to IBM Cloud load balancers. \n If empty, - defaults will be applied. See specific ibm fields for - details about their defaults." + description: |- + ibm provides configuration settings that are specific to IBM Cloud + load balancers. + + If empty, defaults will be applied. See specific ibm fields for + details about their defaults. properties: protocol: - description: "protocol specifies whether the load - balancer uses PROXY protocol to forward connections - to the IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: - \"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\" - \n PROXY protocol can be used with load balancers - that support it to communicate the source addresses - of client connections when forwarding those connections - to the IngressController. Using PROXY protocol - enables the IngressController to report those source - addresses instead of reporting the load balancer's - address in HTTP headers and logs. Note that enabling - PROXY protocol on the IngressController will cause - connections to fail if you are not using a load - balancer that uses PROXY protocol to forward connections - to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n Valid values - for protocol are TCP, PROXY and omitted. When omitted, - this means no opinion and the platform is left to - choose a reasonable default, which is subject to - change over time. The current default is TCP, without - the proxy protocol enabled." + description: |- + protocol specifies whether the load balancer uses PROXY protocol to forward connections to + the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + Valid values for protocol are TCP, PROXY and omitted. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is TCP, without the proxy protocol enabled. enum: - "" - TCP - PROXY type: string type: object + openstack: + description: |- + openstack provides configuration settings that are specific to OpenStack + load balancers. + + If empty, defaults will be applied. See specific openstack fields for + details about their defaults. + properties: + floatingIP: + description: |- + floatingIP specifies the IP address that the load balancer will use. + When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. + This value must be a valid IPv4 or IPv6 address. + type: string + x-kubernetes-validations: + - message: floatingIP must be a valid IPv4 or IPv6 + address + rule: isIP(self) + type: object type: - description: type is the underlying infrastructure provider - for the load balancer. Allowed values are "AWS", "Azure", - "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and - "VSphere". + description: |- + type is the underlying infrastructure provider for the load balancer. + Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + "OpenStack", and "VSphere". enum: - AWS - Azure @@ -592,9 +673,14 @@ spec: required: - type type: object + x-kubernetes-validations: + - message: openstack is not permitted when type is not OpenStack + rule: 'has(self.type) && self.type == ''OpenStack'' ? true + : !has(self.openstack)' scope: - description: scope indicates the scope at which the load balancer - is exposed. Possible values are "External" and "Internal". + description: |- + scope indicates the scope at which the load balancer is exposed. + Possible values are "External" and "Internal". enum: - Internal - External @@ -608,28 +694,41 @@ spec: rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)' + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' nodePort: - description: nodePort holds parameters for the NodePortService - endpoint publishing strategy. Present only if type is NodePortService. + description: |- + nodePort holds parameters for the NodePortService endpoint publishing strategy. + Present only if type is NodePortService. properties: protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. enum: - "" - TCP @@ -637,27 +736,36 @@ spec: type: string type: object private: - description: private holds parameters for the Private endpoint - publishing strategy. Present only if type is Private. + description: |- + private holds parameters for the Private endpoint publishing + strategy. Present only if type is Private. properties: protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. enum: - "" - TCP @@ -665,33 +773,53 @@ spec: type: string type: object type: - description: "type is the publishing strategy to use. Valid values - are: \n * LoadBalancerService \n Publishes the ingress controller - using a Kubernetes LoadBalancer Service. \n In this configuration, - the ingress controller deployment uses container networking. - A LoadBalancer Service is created to publish the deployment. - \n See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - \n If domain is set, a wildcard DNS record will be managed to - point at the LoadBalancer Service's external name. DNS records - are managed only in DNS zones defined by dns.config.openshift.io/cluster - .spec.publicZone and .spec.privateZone. \n Wildcard DNS management - is currently supported only on the AWS, Azure, and GCP platforms. - \n * HostNetwork \n Publishes the ingress controller on node - ports where the ingress controller is deployed. \n In this configuration, - the ingress controller deployment uses host networking, bound - to node ports 80 and 443. The user is responsible for configuring - an external load balancer to publish the ingress controller - via the node ports. \n * Private \n Does not publish the ingress - controller. \n In this configuration, the ingress controller - deployment uses container networking, and is not explicitly - published. The user must manually publish the ingress controller. - \n * NodePortService \n Publishes the ingress controller using - a Kubernetes NodePort Service. \n In this configuration, the - ingress controller deployment uses container networking. A NodePort - Service is created to publish the deployment. The specific node - ports are dynamically allocated by OpenShift; however, to support - static port allocations, user changes to the node port field - of the managed NodePort Service will preserved." + description: |- + type is the publishing strategy to use. Valid values are: + + * LoadBalancerService + + Publishes the ingress controller using a Kubernetes LoadBalancer Service. + + In this configuration, the ingress controller deployment uses container + networking. A LoadBalancer Service is created to publish the deployment. + + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + If domain is set, a wildcard DNS record will be managed to point at the + LoadBalancer Service's external name. DNS records are managed only in DNS + zones defined by dns.config.openshift.io/cluster .spec.publicZone and + .spec.privateZone. + + Wildcard DNS management is currently supported only on the AWS, Azure, + and GCP platforms. + + * HostNetwork + + Publishes the ingress controller on node ports where the ingress controller + is deployed. + + In this configuration, the ingress controller deployment uses host + networking, bound to node ports 80 and 443. The user is responsible for + configuring an external load balancer to publish the ingress controller via + the node ports. + + * Private + + Does not publish the ingress controller. + + In this configuration, the ingress controller deployment uses container + networking, and is not explicitly published. The user must manually publish + the ingress controller. + + * NodePortService + + Publishes the ingress controller using a Kubernetes NodePort Service. + + In this configuration, the ingress controller deployment uses container + networking. A NodePort Service is created to publish the deployment. The + specific node ports are dynamically allocated by OpenShift; however, to + support static port allocations, user changes to the node port + field of the managed NodePort Service will preserved. enum: - LoadBalancerService - HostNetwork @@ -702,39 +830,40 @@ spec: - type type: object httpCompression: - description: httpCompression defines a policy for HTTP traffic compression. + description: |- + httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression. properties: mimeTypes: - description: "mimeTypes is a list of MIME types that should have - compression applied. This list can be empty, in which case the - ingress controller does not apply compression. \n Note: Not - all MIME types benefit from compression, but HAProxy will still - use resources to try to compress if instructed to. Generally - speaking, text (html, css, js, etc.) formats benefit from compression, - but formats that are already compressed (image, audio, video, - etc.) benefit little in exchange for the time and cpu spent - on compressing again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2" + description: |- + mimeTypes is a list of MIME types that should have compression applied. + This list can be empty, in which case the ingress controller does not apply compression. + + Note: Not all MIME types benefit from compression, but HAProxy will still use resources + to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) + formats benefit from compression, but formats that are already compressed (image, + audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing + again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2 items: - description: "CompressionMIMEType defines the format of a single - MIME type. E.g. \"text/css; charset=utf-8\", \"text/html\", - \"text/*\", \"image/svg+xml\", \"application/octet-stream\", - \"X-custom/customsub\", etc. \n The format should follow the - Content-Type definition in RFC 1341: Content-Type := type - \"/\" subtype *[\";\" parameter] - The type in Content-Type - can be one of: application, audio, image, message, multipart, - text, video, or a custom type preceded by \"X-\" and followed - by a token as defined below. - The token is a string of at - least one character, and not containing white space, control - characters, or any of the characters in the tspecials set. - - The tspecials set contains the characters ()<>@,;:\\\"/[]?.= - - The subtype in Content-Type is also a token. - The optional - parameter/s following the subtype are defined as: token \"=\" - (token / quoted-string) - The quoted-string, as defined in - RFC 822, is surrounded by double quotes and can contain white - space plus any character EXCEPT \\, \", and CR. It can also - contain any single ASCII character as long as it is escaped - by \\." + description: |- + CompressionMIMEType defines the format of a single MIME type. + E.g. "text/css; charset=utf-8", "text/html", "text/*", "image/svg+xml", + "application/octet-stream", "X-custom/customsub", etc. + + The format should follow the Content-Type definition in RFC 1341: + Content-Type := type "/" subtype *[";" parameter] + - The type in Content-Type can be one of: + application, audio, image, message, multipart, text, video, or a custom + type preceded by "X-" and followed by a token as defined below. + - The token is a string of at least one character, and not containing white + space, control characters, or any of the characters in the tspecials set. + - The tspecials set contains the characters ()<>@,;:\"/[]?.= + - The subtype in Content-Type is also a token. + - The optional parameter/s following the subtype are defined as: + token "=" (token / quoted-string) + - The quoted-string, as defined in RFC 822, is surrounded by double quotes + and can contain white space plus any character EXCEPT \, ", and CR. + It can also contain any single ASCII character as long as it is escaped by \. pattern: ^(?i)(x-[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|application|audio|image|message|multipart|text|video)/[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+(; *[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+=([^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|"(\\[\x00-\x7F]|[^\x0D"\\])*"))*$ @@ -744,37 +873,39 @@ spec: type: object httpEmptyRequestsPolicy: default: Respond - description: "httpEmptyRequestsPolicy describes how HTTP connections - should be handled if the connection times out before a request is - received. Allowed values for this field are \"Respond\" and \"Ignore\". - \ If the field is set to \"Respond\", the ingress controller sends - an HTTP 400 or 408 response, logs the connection (if access logging - is enabled), and counts the connection in the appropriate metrics. - \ If the field is set to \"Ignore\", the ingress controller closes - the connection without sending a response, logging the connection, - or incrementing metrics. The default value is \"Respond\". \n Typically, - these connections come from load balancers' health probes or Web - browsers' speculative connections (\"preconnect\") and can be safely - ignored. However, these requests may also be caused by network - errors, and so setting this field to \"Ignore\" may impede detection - and diagnosis of problems. In addition, these requests may be caused - by port scans, in which case logging empty requests may aid in detecting - intrusion attempts." + description: |- + httpEmptyRequestsPolicy describes how HTTP connections should be + handled if the connection times out before a request is received. + Allowed values for this field are "Respond" and "Ignore". If the + field is set to "Respond", the ingress controller sends an HTTP 400 + or 408 response, logs the connection (if access logging is enabled), + and counts the connection in the appropriate metrics. If the field + is set to "Ignore", the ingress controller closes the connection + without sending a response, logging the connection, or incrementing + metrics. The default value is "Respond". + + Typically, these connections come from load balancers' health probes + or Web browsers' speculative connections ("preconnect") and can be + safely ignored. However, these requests may also be caused by + network errors, and so setting this field to "Ignore" may impede + detection and diagnosis of problems. In addition, these requests may + be caused by port scans, in which case logging empty requests may aid + in detecting intrusion attempts. enum: - Respond - Ignore type: string httpErrorCodePages: - description: httpErrorCodePages specifies a configmap with custom - error pages. The administrator must create this configmap in the - openshift-config namespace. This configmap should have keys in the - format "error-page-.http", where is an - HTTP error code. For example, "error-page-503.http" defines an error - page for HTTP 503 responses. Currently only error pages for 503 - and 404 responses can be customized. Each value in the configmap - should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http - If this field is empty, the ingress controller uses the default - error pages. + description: |- + httpErrorCodePages specifies a configmap with custom error pages. + The administrator must create this configmap in the openshift-config namespace. + This configmap should have keys in the format "error-page-.http", + where is an HTTP error code. + For example, "error-page-503.http" defines an error page for HTTP 503 responses. + Currently only error pages for 503 and 404 responses can be customized. + Each value in the configmap should be the full response, including HTTP headers. + Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http + If this field is empty, the ingress controller uses the default error pages. properties: name: description: name is the metadata.name of the referenced config @@ -784,52 +915,50 @@ spec: - name type: object httpHeaders: - description: "httpHeaders defines policy for HTTP headers. \n If this - field is empty, the default values are used." + description: |- + httpHeaders defines policy for HTTP headers. + + If this field is empty, the default values are used. properties: actions: - description: 'actions specifies options for modifying headers - and their values. Note that this option only applies to cleartext - HTTP connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). Headers cannot be modified for TLS - passthrough connections. Setting the HSTS (`Strict-Transport-Security`) - header is not supported via actions. `Strict-Transport-Security` - may only be configured using the "haproxy.router.openshift.io/hsts_header" - route annotation, and only in accordance with the policy specified - in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here - are applied after any actions related to the following other - fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, - spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. - In case of HTTP request headers, the actions specified in spec.httpHeaders.actions - on the Route will be executed after the actions specified in - the IngressController''s spec.httpHeaders.actions field. In - case of HTTP response headers, the actions specified in spec.httpHeaders.actions - on the IngressController will be executed after the actions - specified in the Route''s spec.httpHeaders.actions field. Headers - set using this API cannot be captured for use in access logs. - The following header names are reserved and may not be modified - via this API: Strict-Transport-Security, Proxy, Host, Cookie, - Set-Cookie. Note that the total size of all net added headers - *after* interpolating dynamic values must not exceed the value - of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. - Please refer to the documentation for that API field for more - details.' + description: |- + actions specifies options for modifying headers and their values. + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be modified for TLS passthrough + connections. + Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` + may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in + accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + Any actions defined here are applied after any actions related to the following other fields: + cache-control, spec.clientTLS, + spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + and spec.httpHeaders.headerNameCaseAdjustments. + In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + the actions specified in the IngressController's spec.httpHeaders.actions field. + In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + executed after the actions specified in the Route's spec.httpHeaders.actions field. + Headers set using this API cannot be captured for use in access logs. + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. Please refer to the documentation + for that API field for more details. properties: request: - description: 'request is a list of HTTP request headers to - modify. Actions defined here will modify the request headers - of all requests passing through an ingress controller. These - actions are applied to all Routes i.e. for all connections - handled by the ingress controller defined within a cluster. - IngressController actions for request headers will be executed - before Route actions. Currently, actions may define to either - `Set` or `Delete` headers values. Actions are applied in - sequence as defined in this list. A maximum of 20 request - header actions may be configured. Sample fetchers allowed - are "req.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[req.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]".' + description: |- + request is a list of HTTP request headers to modify. + Actions defined here will modify the request headers of all requests passing through an ingress controller. + These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + IngressController actions for request headers will be executed before Route actions. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions are applied in sequence as defined in this list. + A maximum of 20 request header actions may be configured. + Sample fetchers allowed are "req.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". items: description: IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. @@ -839,24 +968,20 @@ spec: headers, such as setting or deleting headers. properties: set: - description: set specifies how the HTTP header should - be set. This field is required when type is Set - and forbidden otherwise. + description: |- + set specifies how the HTTP header should be set. + This field is required when type is Set and forbidden otherwise. properties: value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and - may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. maxLength: 16384 minLength: 1 type: string @@ -864,11 +989,11 @@ spec: - value type: object type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. enum: - Set - Delete @@ -882,16 +1007,14 @@ spec: rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Host, Cookie, Set-Cookie. It must be no more - than 255 characters in length. Header name must be - unique.' + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. maxLength: 255 minLength: 1 pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ @@ -933,19 +1056,17 @@ spec: rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) response: - description: 'response is a list of HTTP response headers - to modify. Actions defined here will modify the response - headers of all requests passing through an ingress controller. - These actions are applied to all Routes i.e. for all connections - handled by the ingress controller defined within a cluster. - IngressController actions for response headers will be executed - after Route actions. Currently, actions may define to either - `Set` or `Delete` headers values. Actions are applied in - sequence as defined in this list. A maximum of 20 response - header actions may be configured. Sample fetchers allowed - are "res.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[res.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]".' + description: |- + response is a list of HTTP response headers to modify. + Actions defined here will modify the response headers of all requests passing through an ingress controller. + These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + IngressController actions for response headers will be executed after Route actions. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions are applied in sequence as defined in this list. + A maximum of 20 response header actions may be configured. + Sample fetchers allowed are "res.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". items: description: IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header. @@ -955,24 +1076,20 @@ spec: headers, such as setting or deleting headers. properties: set: - description: set specifies how the HTTP header should - be set. This field is required when type is Set - and forbidden otherwise. + description: |- + set specifies how the HTTP header should be set. + This field is required when type is Set and forbidden otherwise. properties: value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and - may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. maxLength: 16384 minLength: 1 type: string @@ -980,11 +1097,11 @@ spec: - value type: object type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. enum: - Set - Delete @@ -998,16 +1115,14 @@ spec: rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) : !has(self.set)' name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Host, Cookie, Set-Cookie. It must be no more - than 255 characters in length. Header name must be - unique.' + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. maxLength: 255 minLength: 1 pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ @@ -1050,18 +1165,25 @@ spec: && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) type: object forwardedHeaderPolicy: - description: "forwardedHeaderPolicy specifies when and how the - IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, + description: |- + forwardedHeaderPolicy specifies when and how the IngressController + sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version - HTTP headers. The value may be one of the following: \n * \"Append\", - which specifies that the IngressController appends the headers, - preserving existing headers. \n * \"Replace\", which specifies - that the IngressController sets the headers, replacing any existing - Forwarded or X-Forwarded-* headers. \n * \"IfNone\", which specifies - that the IngressController sets the headers if they are not - already set. \n * \"Never\", which specifies that the IngressController - never sets the headers, preserving any existing headers. \n - By default, the policy is \"Append\"." + HTTP headers. The value may be one of the following: + + * "Append", which specifies that the IngressController appends the + headers, preserving existing headers. + + * "Replace", which specifies that the IngressController sets the + headers, replacing any existing Forwarded or X-Forwarded-* headers. + + * "IfNone", which specifies that the IngressController sets the + headers if they are not already set. + + * "Never", which specifies that the IngressController never sets the + headers, preserving any existing headers. + + By default, the policy is "Append". enum: - Append - Replace @@ -1069,23 +1191,27 @@ spec: - Never type: string headerNameCaseAdjustments: - description: "headerNameCaseAdjustments specifies case adjustments - that can be applied to HTTP header names. Each adjustment is - specified as an HTTP header name with the desired capitalization. - \ For example, specifying \"X-Forwarded-For\" indicates that - the \"x-forwarded-for\" HTTP header should be adjusted to have - the specified capitalization. \n These adjustments are only - applied to cleartext, edge-terminated, and re-encrypt routes, - and only when using HTTP/1. \n For request headers, these adjustments - are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true - annotation. For response headers, these adjustments are applied - to all HTTP responses. \n If this field is empty, no request - headers are adjusted." + description: |- + headerNameCaseAdjustments specifies case adjustments that can be + applied to HTTP header names. Each adjustment is specified as an + HTTP header name with the desired capitalization. For example, + specifying "X-Forwarded-For" indicates that the "x-forwarded-for" + HTTP header should be adjusted to have the specified capitalization. + + These adjustments are only applied to cleartext, edge-terminated, and + re-encrypt routes, and only when using HTTP/1. + + For request headers, these adjustments are applied only for routes + that have the haproxy.router.openshift.io/h1-adjust-case=true + annotation. For response headers, these adjustments are applied to + all HTTP responses. + + If this field is empty, no request headers are adjusted. items: - description: IngressControllerHTTPHeaderNameCaseAdjustment is - the name of an HTTP header (for example, "X-Forwarded-For") - in the desired capitalization. The value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. + description: |- + IngressControllerHTTPHeaderNameCaseAdjustment is the name of an HTTP header + (for example, "X-Forwarded-For") in the desired capitalization. The value + must be a valid HTTP header name as defined in RFC 2616 section 4.2. maxLength: 1024 minLength: 0 pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ @@ -1094,32 +1220,35 @@ spec: type: array x-kubernetes-list-type: atomic uniqueId: - description: "uniqueId describes configuration for a custom HTTP - header that the ingress controller should inject into incoming - HTTP requests. Typically, this header is configured to have - a value that is unique to the HTTP request. The header can - be used by applications or included in access logs to facilitate - tracing individual HTTP requests. \n If this field is empty, - no such header is injected into requests." + description: |- + uniqueId describes configuration for a custom HTTP header that the + ingress controller should inject into incoming HTTP requests. + Typically, this header is configured to have a value that is unique + to the HTTP request. The header can be used by applications or + included in access logs to facilitate tracing individual HTTP + requests. + + If this field is empty, no such header is injected into requests. properties: format: - description: 'format specifies the format for the injected - HTTP header''s value. This field has no effect unless name - is specified. For the HAProxy-based ingress controller - implementation, this format uses the same syntax as the - HTTP log format. If the field is empty, the default value - is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the corresponding - HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3' + description: |- + format specifies the format for the injected HTTP header's value. + This field has no effect unless name is specified. For the + HAProxy-based ingress controller implementation, this format uses the + same syntax as the HTTP log format. If the field is empty, the + default value is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the + corresponding HAProxy documentation: + http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 maxLength: 1024 minLength: 0 pattern: ^(%(%|(\{[-+]?[QXE](,[-+]?[QXE])*\})?([A-Za-z]+|\[[.0-9A-Z_a-z]+(\([^)]+\))?(,[.0-9A-Z_a-z]+(\([^)]+\))?)*\]))|[^%[:cntrl:]])*$ type: string name: - description: name specifies the name of the HTTP header (for - example, "unique-id") that the ingress controller should - inject into HTTP requests. The field's value must be a - valid HTTP header name as defined in RFC 2616 section 4.2. If - the field is empty, no header is injected. + description: |- + name specifies the name of the HTTP header (for example, "unique-id") + that the ingress controller should inject into HTTP requests. The + field's value must be a valid HTTP header name as defined in RFC 2616 + section 4.2. If the field is empty, no header is injected. maxLength: 1024 minLength: 0 pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ @@ -1127,35 +1256,42 @@ spec: type: object type: object logging: - description: logging defines parameters for what should be logged - where. If this field is empty, operational logs are enabled but - access logs are disabled. + description: |- + logging defines parameters for what should be logged where. If this + field is empty, operational logs are enabled but access logs are + disabled. properties: access: - description: "access describes how the client requests should - be logged. \n If this field is empty, access logging is disabled." + description: |- + access describes how the client requests should be logged. + + If this field is empty, access logging is disabled. properties: destination: description: destination is where access logs go. properties: container: - description: container holds parameters for the Container - logging destination. Present only if type is Container. + description: |- + container holds parameters for the Container logging destination. + Present only if type is Container. properties: maxLength: default: 1024 - description: "maxLength is the maximum length of the - log message. \n Valid values are integers in the - range 480 to 8192, inclusive. \n When omitted, the - default value is 1024." + description: |- + maxLength is the maximum length of the log message. + + Valid values are integers in the range 480 to 8192, inclusive. + + When omitted, the default value is 1024. format: int32 maximum: 8192 minimum: 480 type: integer type: object syslog: - description: syslog holds parameters for a syslog endpoint. Present - only if type is Syslog. + description: |- + syslog holds parameters for a syslog endpoint. Present only if + type is Syslog. oneOf: - properties: address: @@ -1165,13 +1301,15 @@ spec: format: ipv6 properties: address: - description: address is the IP address of the syslog - endpoint that receives log messages. + description: |- + address is the IP address of the syslog endpoint that receives log + messages. type: string facility: - description: "facility specifies the syslog facility - of log messages. \n If this field is empty, the - facility is \"local1\"." + description: |- + facility specifies the syslog facility of log messages. + + If this field is empty, the facility is "local1". enum: - kern - user @@ -1200,17 +1338,20 @@ spec: type: string maxLength: default: 1024 - description: "maxLength is the maximum length of the - log message. \n Valid values are integers in the - range 480 to 4096, inclusive. \n When omitted, the - default value is 1024." + description: |- + maxLength is the maximum length of the log message. + + Valid values are integers in the range 480 to 4096, inclusive. + + When omitted, the default value is 1024. format: int32 maximum: 4096 minimum: 480 type: integer port: - description: port is the UDP port number of the syslog - endpoint that receives log messages. + description: |- + port is the UDP port number of the syslog endpoint that receives log + messages. format: int32 maximum: 65535 minimum: 1 @@ -1220,21 +1361,26 @@ spec: - port type: object type: - description: "type is the type of destination for logs. - \ It must be one of the following: \n * Container \n - The ingress operator configures the sidecar container - named \"logs\" on the ingress controller pod and configures - the ingress controller to write logs to the sidecar. - \ The logs are then available as container logs. The - expectation is that the administrator configures a custom - logging solution that reads logs from this sidecar. - \ Note that using container logs means that logs may - be dropped if the rate of logs exceeds the container - runtime's or the custom logging solution's capacity. - \n * Syslog \n Logs are sent to a syslog endpoint. The - administrator must specify an endpoint that can receive - syslog messages. The expectation is that the administrator - has configured a custom syslog instance." + description: |- + type is the type of destination for logs. It must be one of the + following: + + * Container + + The ingress operator configures the sidecar container named "logs" on + the ingress controller pod and configures the ingress controller to + write logs to the sidecar. The logs are then available as container + logs. The expectation is that the administrator configures a custom + logging solution that reads logs from this sidecar. Note that using + container logs means that logs may be dropped if the rate of logs + exceeds the container runtime's or the custom logging solution's + capacity. + + * Syslog + + Logs are sent to a syslog endpoint. The administrator must specify + an endpoint that can receive syslog messages. The expectation is + that the administrator has configured a custom syslog instance. enum: - Container - Syslog @@ -1243,51 +1389,51 @@ spec: - type type: object httpCaptureCookies: - description: httpCaptureCookies specifies HTTP cookies that - should be captured in access logs. If this field is empty, - no cookies are captured. + description: |- + httpCaptureCookies specifies HTTP cookies that should be captured in + access logs. If this field is empty, no cookies are captured. items: - description: IngressControllerCaptureHTTPCookie describes - an HTTP cookie that should be captured. + description: |- + IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be + captured. properties: matchType: - description: matchType specifies the type of match to - be performed on the cookie name. Allowed values are - "Exact" for an exact string match and "Prefix" for - a string prefix match. If "Exact" is specified, a - name must be specified in the name field. If "Prefix" - is provided, a prefix must be specified in the namePrefix - field. For example, specifying matchType "Prefix" - and namePrefix "foo" will capture a cookie named "foo" - or "foobar" but not one named "bar". The first matching - cookie is captured. + description: |- + matchType specifies the type of match to be performed on the cookie + name. Allowed values are "Exact" for an exact string match and + "Prefix" for a string prefix match. If "Exact" is specified, a name + must be specified in the name field. If "Prefix" is provided, a + prefix must be specified in the namePrefix field. For example, + specifying matchType "Prefix" and namePrefix "foo" will capture a + cookie named "foo" or "foobar" but not one named "bar". The first + matching cookie is captured. enum: - Exact - Prefix type: string maxLength: - description: maxLength specifies a maximum length of - the string that will be logged, which includes the - cookie name, cookie value, and one-character delimiter. If - the log entry exceeds this length, the value will - be truncated in the log message. Note that the ingress - controller may impose a separate bound on the total - length of HTTP headers in a request. + description: |- + maxLength specifies a maximum length of the string that will be + logged, which includes the cookie name, cookie value, and + one-character delimiter. If the log entry exceeds this length, the + value will be truncated in the log message. Note that the ingress + controller may impose a separate bound on the total length of HTTP + headers in a request. maximum: 1024 minimum: 1 type: integer name: - description: name specifies a cookie name. Its value - must be a valid HTTP cookie name as defined in RFC - 6265 section 4.1. + description: |- + name specifies a cookie name. Its value must be a valid HTTP cookie + name as defined in RFC 6265 section 4.1. maxLength: 1024 minLength: 0 pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ type: string namePrefix: - description: namePrefix specifies a cookie name prefix. Its - value must be a valid HTTP cookie name as defined - in RFC 6265 section 4.1. + description: |- + namePrefix specifies a cookie name prefix. Its value must be a valid + HTTP cookie name as defined in RFC 6265 section 4.1. maxLength: 1024 minLength: 0 pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ @@ -1301,35 +1447,38 @@ spec: type: array x-kubernetes-list-type: atomic httpCaptureHeaders: - description: "httpCaptureHeaders defines HTTP headers that - should be captured in access logs. If this field is empty, - no headers are captured. \n Note that this option only applies - to cleartext HTTP connections and to secure HTTP connections - for which the ingress controller terminates encryption (that - is, edge-terminated or reencrypt connections). Headers - cannot be captured for TLS passthrough connections." + description: |- + httpCaptureHeaders defines HTTP headers that should be captured in + access logs. If this field is empty, no headers are captured. + + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be captured for TLS passthrough + connections. properties: request: - description: "request specifies which HTTP request headers - to capture. \n If this field is empty, no request headers - are captured." + description: |- + request specifies which HTTP request headers to capture. + + If this field is empty, no request headers are captured. items: - description: IngressControllerCaptureHTTPHeader describes - an HTTP header that should be captured. + description: |- + IngressControllerCaptureHTTPHeader describes an HTTP header that should be + captured. properties: maxLength: - description: maxLength specifies a maximum length - for the header value. If a header value exceeds - this length, the value will be truncated in the - log message. Note that the ingress controller - may impose a separate bound on the total length - of HTTP headers in a request. + description: |- + maxLength specifies a maximum length for the header value. If a + header value exceeds this length, the value will be truncated in the + log message. Note that the ingress controller may impose a separate + bound on the total length of HTTP headers in a request. minimum: 1 type: integer name: - description: name specifies a header name. Its - value must be a valid HTTP header name as defined - in RFC 2616 section 4.2. + description: |- + name specifies a header name. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ type: string required: @@ -1340,26 +1489,27 @@ spec: type: array x-kubernetes-list-type: atomic response: - description: "response specifies which HTTP response headers - to capture. \n If this field is empty, no response headers - are captured." + description: |- + response specifies which HTTP response headers to capture. + + If this field is empty, no response headers are captured. items: - description: IngressControllerCaptureHTTPHeader describes - an HTTP header that should be captured. + description: |- + IngressControllerCaptureHTTPHeader describes an HTTP header that should be + captured. properties: maxLength: - description: maxLength specifies a maximum length - for the header value. If a header value exceeds - this length, the value will be truncated in the - log message. Note that the ingress controller - may impose a separate bound on the total length - of HTTP headers in a request. + description: |- + maxLength specifies a maximum length for the header value. If a + header value exceeds this length, the value will be truncated in the + log message. Note that the ingress controller may impose a separate + bound on the total length of HTTP headers in a request. minimum: 1 type: integer name: - description: name specifies a header name. Its - value must be a valid HTTP header name as defined - in RFC 2616 section 4.2. + description: |- + name specifies a header name. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ type: string required: @@ -1371,30 +1521,34 @@ spec: x-kubernetes-list-type: atomic type: object httpLogFormat: - description: "httpLogFormat specifies the format of the log - message for an HTTP request. \n If this field is empty, - log messages use the implementation's default HTTP log format. - \ For HAProxy's default HTTP log format, see the HAProxy - documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 - \n Note that this format only applies to cleartext HTTP - connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). It does not affect the log format - for TLS passthrough connections." + description: |- + httpLogFormat specifies the format of the log message for an HTTP + request. + + If this field is empty, log messages use the implementation's default + HTTP log format. For HAProxy's default HTTP log format, see the + HAProxy documentation: + http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + + Note that this format only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). It does not affect the log format for TLS passthrough + connections. type: string logEmptyRequests: default: Log - description: logEmptyRequests specifies how connections on - which no request is received should be logged. Typically, - these empty requests come from load balancers' health probes - or Web browsers' speculative connections ("preconnect"), - in which case logging these requests may be undesirable. However, - these requests may also be caused by network errors, in - which case logging empty requests may be useful for diagnosing - the errors. In addition, these requests may be caused by - port scans, in which case logging empty requests may aid - in detecting intrusion attempts. Allowed values for this - field are "Log" and "Ignore". The default value is "Log". + description: |- + logEmptyRequests specifies how connections on which no request is + received should be logged. Typically, these empty requests come from + load balancers' health probes or Web browsers' speculative + connections ("preconnect"), in which case logging these requests may + be undesirable. However, these requests may also be caused by + network errors, in which case logging empty requests may be useful + for diagnosing the errors. In addition, these requests may be caused + by port scans, in which case logging empty requests may aid in + detecting intrusion attempts. Allowed values for this field are + "Log" and "Ignore". The default value is "Log". enum: - Log - Ignore @@ -1404,32 +1558,34 @@ spec: type: object type: object namespaceSelector: - description: "namespaceSelector is used to filter the set of namespaces - serviced by the ingress controller. This is useful for implementing - shards. \n If unset, the default is no filtering." + description: |- + namespaceSelector is used to filter the set of namespaces serviced by the + ingress controller. This is useful for implementing shards. + + If unset, the default is no filtering. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -1444,56 +1600,70 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic nodePlacement: - description: "nodePlacement enables explicit control over the scheduling - of the ingress controller. \n If unset, defaults are used. See NodePlacement - for more details." + description: |- + nodePlacement enables explicit control over the scheduling of the ingress + controller. + + If unset, defaults are used. See NodePlacement for more details. properties: nodeSelector: - description: "nodeSelector is the node selector applied to ingress - controller deployments. \n If set, the specified selector is - used and replaces the default. \n If unset, the default depends - on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses - status. \n When defaultPlacement is Workers, the default is: - \n kubernetes.io/os: linux node-role.kubernetes.io/worker: '' - \n When defaultPlacement is ControlPlane, the default is: \n - kubernetes.io/os: linux node-role.kubernetes.io/master: '' \n - These defaults are subject to change. \n Note that using nodeSelector.matchExpressions - is not supported. Only nodeSelector.matchLabels may be used. - \ This is a limitation of the Kubernetes API: the pod spec does - not allow complex expressions for node selectors." + description: |- + nodeSelector is the node selector applied to ingress controller + deployments. + + If set, the specified selector is used and replaces the default. + + If unset, the default depends on the value of the defaultPlacement + field in the cluster config.openshift.io/v1/ingresses status. + + When defaultPlacement is Workers, the default is: + + kubernetes.io/os: linux + node-role.kubernetes.io/worker: '' + + When defaultPlacement is ControlPlane, the default is: + + kubernetes.io/os: linux + node-role.kubernetes.io/master: '' + + These defaults are subject to change. + + Note that using nodeSelector.matchExpressions is not supported. Only + nodeSelector.matchLabels may be used. This is a limitation of the + Kubernetes API: the pod spec does not allow complex expressions for + node selectors. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1507,132 +1677,152 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic tolerations: - description: "tolerations is a list of tolerations applied to - ingress controller deployments. \n The default is an empty list. - \n See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/" + description: |- + tolerations is a list of tolerations applied to ingress controller + deployments. + + The default is an empty list. + + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array x-kubernetes-list-type: atomic type: object replicas: - description: "replicas is the desired number of ingress controller - replicas. If unset, the default depends on the value of the defaultPlacement - field in the cluster config.openshift.io/v1/ingresses status. \n - The value of replicas is set based on the value of a chosen field - in the Infrastructure CR. If defaultPlacement is set to ControlPlane, - the chosen field will be controlPlaneTopology. If it is set to Workers - the chosen field will be infrastructureTopology. Replicas will then - be set to 1 or 2 based whether the chosen field's value is SingleReplica - or HighlyAvailable, respectively. \n These defaults are subject - to change." + description: |- + replicas is the desired number of ingress controller replicas. If unset, + the default depends on the value of the defaultPlacement field in the + cluster config.openshift.io/v1/ingresses status. + + The value of replicas is set based on the value of a chosen field in the + Infrastructure CR. If defaultPlacement is set to ControlPlane, the + chosen field will be controlPlaneTopology. If it is set to Workers the + chosen field will be infrastructureTopology. Replicas will then be set to 1 + or 2 based whether the chosen field's value is SingleReplica or + HighlyAvailable, respectively. + + These defaults are subject to change. format: int32 type: integer routeAdmission: - description: "routeAdmission defines a policy for handling new route - claims (for example, to allow or deny claims across namespaces). - \n If empty, defaults will be applied. See specific routeAdmission - fields for details about their defaults." + description: |- + routeAdmission defines a policy for handling new route claims (for example, + to allow or deny claims across namespaces). + + If empty, defaults will be applied. See specific routeAdmission fields + for details about their defaults. properties: namespaceOwnership: - description: "namespaceOwnership describes how host name claims - across namespaces should be handled. \n Value must be one of: - \n - Strict: Do not allow routes in different namespaces to - claim the same host. \n - InterNamespaceAllowed: Allow routes - to claim different paths of the same host name across namespaces. - \n If empty, the default is Strict." + description: |- + namespaceOwnership describes how host name claims across namespaces should + be handled. + + Value must be one of: + + - Strict: Do not allow routes in different namespaces to claim the same host. + + - InterNamespaceAllowed: Allow routes to claim different paths of the same + host name across namespaces. + + If empty, the default is Strict. enum: - InterNamespaceAllowed - Strict type: string wildcardPolicy: - description: "wildcardPolicy describes how routes with wildcard - policies should be handled for the ingress controller. WildcardPolicy - controls use of routes [1] exposed by the ingress controller - based on the route's wildcard policy. \n [1] https://github.com/openshift/api/blob/master/route/v1/types.go - \n Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed - will cause admitted routes with a wildcard policy of Subdomain - to stop working. These routes must be updated to a wildcard - policy of None to be readmitted by the ingress controller. \n - WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed - values. \n If empty, defaults to \"WildcardsDisallowed\"." + description: |- + wildcardPolicy describes how routes with wildcard policies should + be handled for the ingress controller. WildcardPolicy controls use + of routes [1] exposed by the ingress controller based on the route's + wildcard policy. + + [1] https://github.com/openshift/api/blob/master/route/v1/types.go + + Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed + will cause admitted routes with a wildcard policy of Subdomain to stop + working. These routes must be updated to a wildcard policy of None to be + readmitted by the ingress controller. + + WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values. + + If empty, defaults to "WildcardsDisallowed". enum: - WildcardsAllowed - WildcardsDisallowed type: string type: object routeSelector: - description: "routeSelector is used to filter the set of Routes serviced - by the ingress controller. This is useful for implementing shards. - \n If unset, the default is no filtering." + description: |- + routeSelector is used to filter the set of Routes serviced by the ingress + controller. This is useful for implementing shards. + + If unset, the default is no filtering. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -1647,49 +1837,65 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections - for ingresscontrollers. \n If unset, the default is based on the - apiservers.config.openshift.io/cluster resource. \n Note that when - using the Old, Intermediate, and Modern profile types, the effective - profile configuration is subject to change between releases. For - example, given a specification to use the Intermediate profile deployed - on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new - profile configuration to be applied to the ingress controller, resulting - in a rollout." + description: |- + tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. + + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + + Note that when using the Old, Intermediate, and Modern profile types, the effective + profile configuration is subject to change between releases. For example, given + a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade + to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress + controller, resulting in a rollout. properties: custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - ECDHE-RSA-AES128-GCM-SHA256 \n - ECDHE-ECDSA-AES128-GCM-SHA256 - \n minTLSVersion: VersionTLS11" + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. An example custom profile + looks like this: + + ciphers: + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + minTLSVersion: VersionTLS11 nullable: true properties: ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators - may remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic minTLSVersion: - description: "minTLSVersion is used to specify the minimal - version of the TLS protocol that is negotiated during the - TLS handshake. For example, to use TLS versions 1.1, 1.2 - and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: - currently the highest minTLSVersion allowed is VersionTLS12" + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + + NOTE: currently the highest minTLSVersion allowed is VersionTLS12 enum: - VersionTLS10 - VersionTLS11 @@ -1698,52 +1904,144 @@ spec: type: string type: object intermediate: - description: "intermediate is a TLS security profile based on: - \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n - ECDHE-ECDSA-AES128-GCM-SHA256 \n - ECDHE-RSA-AES128-GCM-SHA256 - \n - ECDHE-ECDSA-AES256-GCM-SHA384 \n - ECDHE-RSA-AES256-GCM-SHA384 - \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - DHE-RSA-AES128-GCM-SHA256 \n - DHE-RSA-AES256-GCM-SHA384 - \n minTLSVersion: VersionTLS12" + description: |- + intermediate is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + - ECDHE-RSA-AES256-GCM-SHA384 + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - DHE-RSA-AES128-GCM-SHA256 + + - DHE-RSA-AES256-GCM-SHA384 + + minTLSVersion: VersionTLS12 nullable: true type: object modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n minTLSVersion: VersionTLS13" + description: |- + modern is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + minTLSVersion: VersionTLS13 nullable: true type: object old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n - ECDHE-ECDSA-AES128-GCM-SHA256 \n - ECDHE-RSA-AES128-GCM-SHA256 - \n - ECDHE-ECDSA-AES256-GCM-SHA384 \n - ECDHE-RSA-AES256-GCM-SHA384 - \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - DHE-RSA-AES128-GCM-SHA256 \n - DHE-RSA-AES256-GCM-SHA384 - \n - DHE-RSA-CHACHA20-POLY1305 \n - ECDHE-ECDSA-AES128-SHA256 - \n - ECDHE-RSA-AES128-SHA256 \n - ECDHE-ECDSA-AES128-SHA \n - - ECDHE-RSA-AES128-SHA \n - ECDHE-ECDSA-AES256-SHA384 \n - ECDHE-RSA-AES256-SHA384 - \n - ECDHE-ECDSA-AES256-SHA \n - ECDHE-RSA-AES256-SHA \n - DHE-RSA-AES128-SHA256 - \n - DHE-RSA-AES256-SHA256 \n - AES128-GCM-SHA256 \n - AES256-GCM-SHA384 - \n - AES128-SHA256 \n - AES256-SHA256 \n - AES128-SHA \n - AES256-SHA - \n - DES-CBC3-SHA \n minTLSVersion: VersionTLS10" + description: |- + old is a TLS security profile based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + + and looks like this (yaml): + + ciphers: + + - TLS_AES_128_GCM_SHA256 + + - TLS_AES_256_GCM_SHA384 + + - TLS_CHACHA20_POLY1305_SHA256 + + - ECDHE-ECDSA-AES128-GCM-SHA256 + + - ECDHE-RSA-AES128-GCM-SHA256 + + - ECDHE-ECDSA-AES256-GCM-SHA384 + + - ECDHE-RSA-AES256-GCM-SHA384 + + - ECDHE-ECDSA-CHACHA20-POLY1305 + + - ECDHE-RSA-CHACHA20-POLY1305 + + - DHE-RSA-AES128-GCM-SHA256 + + - DHE-RSA-AES256-GCM-SHA384 + + - DHE-RSA-CHACHA20-POLY1305 + + - ECDHE-ECDSA-AES128-SHA256 + + - ECDHE-RSA-AES128-SHA256 + + - ECDHE-ECDSA-AES128-SHA + + - ECDHE-RSA-AES128-SHA + + - ECDHE-ECDSA-AES256-SHA384 + + - ECDHE-RSA-AES256-SHA384 + + - ECDHE-ECDSA-AES256-SHA + + - ECDHE-RSA-AES256-SHA + + - DHE-RSA-AES128-SHA256 + + - DHE-RSA-AES256-SHA256 + + - AES128-GCM-SHA256 + + - AES256-GCM-SHA384 + + - AES128-SHA256 + + - AES256-SHA256 + + - AES128-SHA + + - AES256-SHA + + - DES-CBC3-SHA + + minTLSVersion: VersionTLS10 nullable: true type: object type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found - to be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides + the ability to specify individual TLS security profile parameters. + Old, Intermediate and Modern are TLS security profiles based on: + + https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + + The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers + are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be + reduced. + + Note that the Modern profile is currently not supported because it is not + yet well adopted by common software libraries. enum: - Old - Intermediate @@ -1763,197 +2061,238 @@ spec: format: int32 maximum: 2000000 minimum: 2000 - description: "tuningOptions defines parameters for adjusting the performance - of ingress controller pods. All fields are optional and will use - their respective defaults if not set. See specific tuningOptions - fields for more details. \n Setting fields within tuningOptions - is generally not recommended. The default values are suitable for - most configurations." + description: |- + tuningOptions defines parameters for adjusting the performance of + ingress controller pods. All fields are optional and will use their + respective defaults if not set. See specific tuningOptions fields for + more details. + + Setting fields within tuningOptions is generally not recommended. The + default values are suitable for most configurations. properties: clientFinTimeout: - description: "clientFinTimeout defines how long a connection will - be held open while waiting for the client response to the server/backend - closing the connection. \n If unset, the default timeout is - 1s" + description: |- + clientFinTimeout defines how long a connection will be held open while + waiting for the client response to the server/backend closing the + connection. + + If unset, the default timeout is 1s format: duration type: string clientTimeout: - description: "clientTimeout defines how long a connection will - be held open while waiting for a client response. \n If unset, - the default timeout is 30s" + description: |- + clientTimeout defines how long a connection will be held open while + waiting for a client response. + + If unset, the default timeout is 30s format: duration type: string connectTimeout: - description: "ConnectTimeout defines the maximum time to wait - for a connection attempt to a server/backend to succeed. \n - This field expects an unsigned duration string of decimal numbers, - each with optional fraction and a unit suffix, e.g. \"300ms\", - \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or - \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\". - \n When omitted, this means the user has no opinion and the - platform is left to choose a reasonable default. This default - is subject to change over time. The current default is 5s." + description: |- + ConnectTimeout defines the maximum time to wait for + a connection attempt to a server/backend to succeed. + + This field expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + When omitted, this means the user has no opinion and the platform is left + to choose a reasonable default. This default is subject to change over time. + The current default is 5s. pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ type: string headerBufferBytes: - description: "headerBufferBytes describes how much memory should - be reserved (in bytes) for IngressController connection sessions. - Note that this value must be at least 16384 if HTTP/2 is enabled - for the IngressController (https://tools.ietf.org/html/rfc7540). - If this field is empty, the IngressController will use a default - value of 32768 bytes. \n Setting this field is generally not - recommended as headerBufferBytes values that are too small may - break the IngressController and headerBufferBytes values that - are too large could cause the IngressController to use significantly - more memory than necessary." + description: |- + headerBufferBytes describes how much memory should be reserved + (in bytes) for IngressController connection sessions. + Note that this value must be at least 16384 if HTTP/2 is + enabled for the IngressController (https://tools.ietf.org/html/rfc7540). + If this field is empty, the IngressController will use a default value + of 32768 bytes. + + Setting this field is generally not recommended as headerBufferBytes + values that are too small may break the IngressController and + headerBufferBytes values that are too large could cause the + IngressController to use significantly more memory than necessary. format: int32 minimum: 16384 type: integer headerBufferMaxRewriteBytes: - description: "headerBufferMaxRewriteBytes describes how much memory - should be reserved (in bytes) from headerBufferBytes for HTTP - header rewriting and appending for IngressController connection - sessions. Note that incoming HTTP requests will be limited to + description: |- + headerBufferMaxRewriteBytes describes how much memory should be reserved + (in bytes) from headerBufferBytes for HTTP header rewriting + and appending for IngressController connection sessions. + Note that incoming HTTP requests will be limited to (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning headerBufferBytes must be greater than headerBufferMaxRewriteBytes. - If this field is empty, the IngressController will use a default - value of 8192 bytes. \n Setting this field is generally not - recommended as headerBufferMaxRewriteBytes values that are too - small may break the IngressController and headerBufferMaxRewriteBytes - values that are too large could cause the IngressController - to use significantly more memory than necessary." + If this field is empty, the IngressController will use a default value + of 8192 bytes. + + Setting this field is generally not recommended as + headerBufferMaxRewriteBytes values that are too small may break the + IngressController and headerBufferMaxRewriteBytes values that are too + large could cause the IngressController to use significantly more memory + than necessary. format: int32 minimum: 4096 type: integer healthCheckInterval: - description: "healthCheckInterval defines how long the router - waits between two consecutive health checks on its configured - backends. This value is applied globally as a default for all - routes, but may be overridden per-route by the route annotation - \"router.openshift.io/haproxy.health.check.interval\". \n Expects - an unsigned duration string of decimal numbers, each with optional - fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". - Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" - U+03BC), \"ms\", \"s\", \"m\", \"h\". \n Setting this to less - than 5s can cause excess traffic due to too frequent TCP health - checks and accompanying SYN packet storms. Alternatively, setting - this too high can result in increased latency, due to backend - servers that are no longer available, but haven't yet been detected - as such. \n An empty or zero healthCheckInterval means no opinion - and IngressController chooses a default, which is subject to - change over time. Currently the default healthCheckInterval - value is 5s. \n Currently the minimum allowed value is 1s and - the maximum allowed value is 2147483647ms (24.85 days). Both - are subject to change over time." + description: |- + healthCheckInterval defines how long the router waits between two consecutive + health checks on its configured backends. This value is applied globally as + a default for all routes, but may be overridden per-route by the route annotation + "router.openshift.io/haproxy.health.check.interval". + + Expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + Setting this to less than 5s can cause excess traffic due to too frequent + TCP health checks and accompanying SYN packet storms. Alternatively, setting + this too high can result in increased latency, due to backend servers that are no + longer available, but haven't yet been detected as such. + + An empty or zero healthCheckInterval means no opinion and IngressController chooses + a default, which is subject to change over time. + Currently the default healthCheckInterval value is 5s. + + Currently the minimum allowed value is 1s and the maximum allowed value is + 2147483647ms (24.85 days). Both are subject to change over time. pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ type: string maxConnections: - description: "maxConnections defines the maximum number of simultaneous - connections that can be established per HAProxy process. Increasing - this value allows each ingress controller pod to handle more - connections but at the cost of additional system resources being - consumed. \n Permitted values are: empty, 0, -1, and the range - 2000-2000000. \n If this field is empty or 0, the IngressController - will use the default value of 50000, but the default is subject - to change in future releases. \n If the value is -1 then HAProxy - will dynamically compute a maximum value based on the available - ulimits in the running container. Selecting -1 (i.e., auto) - will result in a large value being computed (~520000 on OpenShift - >=4.10 clusters) and therefore each HAProxy process will incur - significant memory usage compared to the current default of - 50000. \n Setting a value that is greater than the current operating - system limit will prevent the HAProxy process from starting. - \n If you choose a discrete value (e.g., 750000) and the router - pod is migrated to a new node, there's no guarantee that that - new node has identical ulimits configured. In such a scenario - the pod would fail to start. If you have nodes with different - ulimits configured (e.g., different tuned profiles) and you - choose a discrete value then the guidance is to use -1 and let - the value be computed dynamically at runtime. \n You can monitor - memory usage for router containers with the following metric: - 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'. - \n You can monitor memory usage of individual HAProxy processes - in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'." + description: |- + maxConnections defines the maximum number of simultaneous + connections that can be established per HAProxy process. + Increasing this value allows each ingress controller pod to + handle more connections but at the cost of additional + system resources being consumed. + + Permitted values are: empty, 0, -1, and the range + 2000-2000000. + + If this field is empty or 0, the IngressController will use + the default value of 50000, but the default is subject to + change in future releases. + + If the value is -1 then HAProxy will dynamically compute a + maximum value based on the available ulimits in the running + container. Selecting -1 (i.e., auto) will result in a large + value being computed (~520000 on OpenShift >=4.10 clusters) + and therefore each HAProxy process will incur significant + memory usage compared to the current default of 50000. + + Setting a value that is greater than the current operating + system limit will prevent the HAProxy process from + starting. + + If you choose a discrete value (e.g., 750000) and the + router pod is migrated to a new node, there's no guarantee + that that new node has identical ulimits configured. In + such a scenario the pod would fail to start. If you have + nodes with different ulimits configured (e.g., different + tuned profiles) and you choose a discrete value then the + guidance is to use -1 and let the value be computed + dynamically at runtime. + + You can monitor memory usage for router containers with the + following metric: + 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}'. + + You can monitor memory usage of individual HAProxy + processes in router containers with the following metric: + 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. format: int32 type: integer reloadInterval: - description: "reloadInterval defines the minimum interval at which - the router is allowed to reload to accept new changes. Increasing - this value can prevent the accumulation of HAProxy processes, - depending on the scenario. Increasing this interval can also - lessen load imbalance on a backend's servers when using the - roundrobin balancing algorithm. Alternatively, decreasing this - value may decrease latency since updates to HAProxy's configuration - can take effect more quickly. \n The value must be a time duration - value; see . Currently, - the minimum value allowed is 1s, and the maximum allowed value - is 120s. Minimum and maximum allowed values may change in future - versions of OpenShift. Note that if a duration outside of these - bounds is provided, the value of reloadInterval will be capped/floored - and not rejected (e.g. a duration of over 120s will be capped - to 120s; the IngressController will not reject and replace this - disallowed value with the default). \n A zero value for reloadInterval - tells the IngressController to choose the default, which is - currently 5s and subject to change without notice. \n This field - expects an unsigned duration string of decimal numbers, each - with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" - or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" - U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\". \n Note: - Setting a value significantly larger than the default of 5s - can cause latency in observing updates to routes and their endpoints. - HAProxy's configuration will be reloaded less frequently, and - newly created routes will not be served until the subsequent - reload." + description: |- + reloadInterval defines the minimum interval at which the router is allowed to reload + to accept new changes. Increasing this value can prevent the accumulation of + HAProxy processes, depending on the scenario. Increasing this interval can + also lessen load imbalance on a backend's servers when using the roundrobin + balancing algorithm. Alternatively, decreasing this value may decrease latency + since updates to HAProxy's configuration can take effect more quickly. + + The value must be a time duration value; see . + Currently, the minimum value allowed is 1s, and the maximum allowed value is + 120s. Minimum and maximum allowed values may change in future versions of OpenShift. + Note that if a duration outside of these bounds is provided, the value of reloadInterval + will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to + 120s; the IngressController will not reject and replace this disallowed value with + the default). + + A zero value for reloadInterval tells the IngressController to choose the default, + which is currently 5s and subject to change without notice. + + This field expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + Note: Setting a value significantly larger than the default of 5s can cause latency + in observing updates to routes and their endpoints. HAProxy's configuration will + be reloaded less frequently, and newly created routes will not be served until the + subsequent reload. pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ type: string serverFinTimeout: - description: "serverFinTimeout defines how long a connection will - be held open while waiting for the server/backend response to - the client closing the connection. \n If unset, the default - timeout is 1s" + description: |- + serverFinTimeout defines how long a connection will be held open while + waiting for the server/backend response to the client closing the + connection. + + If unset, the default timeout is 1s format: duration type: string serverTimeout: - description: "serverTimeout defines how long a connection will - be held open while waiting for a server/backend response. \n - If unset, the default timeout is 30s" + description: |- + serverTimeout defines how long a connection will be held open while + waiting for a server/backend response. + + If unset, the default timeout is 30s format: duration type: string threadCount: - description: "threadCount defines the number of threads created - per HAProxy process. Creating more threads allows each ingress - controller pod to handle more connections, at the cost of more - system resources being used. HAProxy currently supports up to - 64 threads. If this field is empty, the IngressController will - use the default value. The current default is 4 threads, but - this may change in future releases. \n Setting this field is - generally not recommended. Increasing the number of HAProxy - threads allows ingress controller pods to utilize more CPU time - under load, potentially starving other pods if set too high. - Reducing the number of threads may cause the ingress controller - to perform poorly." + description: |- + threadCount defines the number of threads created per HAProxy process. + Creating more threads allows each ingress controller pod to handle more + connections, at the cost of more system resources being used. HAProxy + currently supports up to 64 threads. If this field is empty, the + IngressController will use the default value. The current default is 4 + threads, but this may change in future releases. + + Setting this field is generally not recommended. Increasing the number + of HAProxy threads allows ingress controller pods to utilize more CPU + time under load, potentially starving other pods if set too high. + Reducing the number of threads may cause the ingress controller to + perform poorly. format: int32 maximum: 64 minimum: 1 type: integer tlsInspectDelay: - description: "tlsInspectDelay defines how long the router can - hold data to find a matching route. \n Setting this too short - can cause the router to fall back to the default certificate - for edge-terminated or reencrypt routes even when a better matching - certificate could be used. \n If unset, the default inspect - delay is 5s" + description: |- + tlsInspectDelay defines how long the router can hold data to find a + matching route. + + Setting this too short can cause the router to fall back to the default + certificate for edge-terminated or reencrypt routes even when a better + matching certificate could be used. + + If unset, the default inspect delay is 5s format: duration type: string tunnelTimeout: - description: "tunnelTimeout defines how long a tunnel connection - (including websockets) will be held open while the tunnel is - idle. \n If unset, the default timeout is 1h" + description: |- + tunnelTimeout defines how long a tunnel connection (including + websockets) will be held open while the tunnel is idle. + + If unset, the default timeout is 1h format: duration type: string type: object unsupportedConfigOverrides: - description: unsupportedConfigOverrides allows specifying unsupported + description: |- + unsupportedConfigOverrides allows specifying unsupported configuration options. Its use is unsupported. nullable: true type: object @@ -1963,33 +2302,52 @@ spec: description: status is the most recently observed status of the IngressController. properties: availableReplicas: - description: availableReplicas is number of observed available replicas - according to the ingress controller deployment. + description: |- + availableReplicas is number of observed available replicas according to the + ingress controller deployment. format: int32 type: integer conditions: - description: "conditions is a list of conditions and their status. - \n Available means the ingress controller deployment is available - and servicing route and ingress resources (i.e, .status.availableReplicas - equals .spec.replicas) \n There are additional conditions which - indicate the status of other ingress controller features and capabilities. - \n * LoadBalancerManaged - True if the following conditions are - met: * The endpoint publishing strategy requires a service load - balancer. - False if any of those conditions are unsatisfied. \n - * LoadBalancerReady - True if the following conditions are met: - * A load balancer is managed. * The load balancer is ready. - False - if any of those conditions are unsatisfied. \n * DNSManaged - True - if the following conditions are met: * The endpoint publishing strategy - and platform support DNS. * The ingress controller domain is set. - * dns.config.openshift.io/cluster configures DNS zones. - False - if any of those conditions are unsatisfied. \n * DNSReady - True - if the following conditions are met: * DNS is managed. * DNS records - have been successfully created. - False if any of those conditions - are unsatisfied." + description: |- + conditions is a list of conditions and their status. + + Available means the ingress controller deployment is available and + servicing route and ingress resources (i.e, .status.availableReplicas + equals .spec.replicas) + + There are additional conditions which indicate the status of other + ingress controller features and capabilities. + + * LoadBalancerManaged + - True if the following conditions are met: + * The endpoint publishing strategy requires a service load balancer. + - False if any of those conditions are unsatisfied. + + * LoadBalancerReady + - True if the following conditions are met: + * A load balancer is managed. + * The load balancer is ready. + - False if any of those conditions are unsatisfied. + + * DNSManaged + - True if the following conditions are met: + * The endpoint publishing strategy and platform support DNS. + * The ingress controller domain is set. + * dns.config.openshift.io/cluster configures DNS zones. + - False if any of those conditions are unsatisfied. + + * DNSReady + - True if the following conditions are met: + * DNS is managed. + * DNS records have been successfully created. + - False if any of those conditions are unsatisfied. items: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -1997,10 +2355,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -2015,49 +2383,58 @@ spec: use. properties: hostNetwork: - description: hostNetwork holds parameters for the HostNetwork - endpoint publishing strategy. Present only if type is HostNetwork. + description: |- + hostNetwork holds parameters for the HostNetwork endpoint publishing + strategy. Present only if type is HostNetwork. properties: httpPort: default: 80 - description: httpPort is the port on the host which should - be used to listen for HTTP requests. This field should be - set when port 80 is already in use. The value should not - coincide with the NodePort range of the cluster. When the - value is 0 or is not specified it defaults to 80. + description: |- + httpPort is the port on the host which should be used to listen for + HTTP requests. This field should be set when port 80 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 80. format: int32 maximum: 65535 minimum: 0 type: integer httpsPort: default: 443 - description: httpsPort is the port on the host which should - be used to listen for HTTPS requests. This field should - be set when port 443 is already in use. The value should - not coincide with the NodePort range of the cluster. When - the value is 0 or is not specified it defaults to 443. + description: |- + httpsPort is the port on the host which should be used to listen for + HTTPS requests. This field should be set when port 443 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 443. format: int32 maximum: 65535 minimum: 0 type: integer protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. enum: - "" - TCP @@ -2065,49 +2442,49 @@ spec: type: string statsPort: default: 1936 - description: statsPort is the port on the host where the stats - from the router are published. The value should not coincide - with the NodePort range of the cluster. If an external load - balancer is configured to forward connections to this IngressController, - the load balancer should use this port for health checks. - The load balancer can send HTTP probes on this port on a - given node, with the path /healthz/ready to determine if - the ingress controller is ready to receive traffic on the - node. For proper operation the load balancer must not forward - traffic to a node until the health check reports ready. - The load balancer should also stop forwarding requests within - a maximum of 45 seconds after /healthz/ready starts reporting - not-ready. Probing every 5 to 10 seconds, with a 5-second - timeout and with a threshold of two successful or failed - requests to become healthy or unhealthy respectively, are - well-tested values. When the value is 0 or is not specified - it defaults to 1936. + description: |- + statsPort is the port on the host where the stats from the router are + published. The value should not coincide with the NodePort range of the + cluster. If an external load balancer is configured to forward connections + to this IngressController, the load balancer should use this port for + health checks. The load balancer can send HTTP probes on this port on a + given node, with the path /healthz/ready to determine if the ingress + controller is ready to receive traffic on the node. For proper operation + the load balancer must not forward traffic to a node until the health + check reports ready. The load balancer should also stop forwarding requests + within a maximum of 45 seconds after /healthz/ready starts reporting + not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + a threshold of two successful or failed requests to become healthy or + unhealthy respectively, are well-tested values. When the value is 0 or + is not specified it defaults to 1936. format: int32 maximum: 65535 minimum: 0 type: integer type: object loadBalancer: - description: loadBalancer holds parameters for the load balancer. - Present only if type is LoadBalancerService. + description: |- + loadBalancer holds parameters for the load balancer. Present only if + type is LoadBalancerService. properties: allowedSourceRanges: - description: "allowedSourceRanges specifies an allowlist of - IP address ranges to which access to the load balancer should - be restricted. Each range must be specified using CIDR - notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range - is specified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 - are used by default, which allows all source addresses. - \n To facilitate migration from earlier versions of OpenShift - that did not have the allowedSourceRanges field, you may - set the service.beta.kubernetes.io/load-balancer-source-ranges - annotation on the \"router-\" service - in the \"openshift-ingress\" namespace, and this annotation - will take effect if allowedSourceRanges is empty on OpenShift - 4.12." + description: |- + allowedSourceRanges specifies an allowlist of IP address ranges to which + access to the load balancer should be restricted. Each range must be + specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + which allows all source addresses. + + To facilitate migration from earlier versions of OpenShift that did + not have the allowedSourceRanges field, you may set the + service.beta.kubernetes.io/load-balancer-source-ranges annotation on + the "router-" service in the + "openshift-ingress" namespace, and this annotation will take + effect if allowedSourceRanges is empty on OpenShift 4.12. items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). + description: |- + CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" + or "fd00::/8"). pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) type: string nullable: true @@ -2115,66 +2492,69 @@ spec: x-kubernetes-list-type: atomic dnsManagementPolicy: default: Managed - description: 'dnsManagementPolicy indicates if the lifecycle - of the wildcard DNS record associated with the load balancer - service will be managed by the ingress operator. It defaults - to Managed. Valid values are: Managed and Unmanaged.' + description: |- + dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + associated with the load balancer service will be managed by + the ingress operator. It defaults to Managed. + Valid values are: Managed and Unmanaged. enum: - Managed - Unmanaged type: string providerParameters: - description: "providerParameters holds desired load balancer - information specific to the underlying infrastructure provider. - \n If empty, defaults will be applied. See specific providerParameters - fields for details about their defaults." + description: |- + providerParameters holds desired load balancer information specific to + the underlying infrastructure provider. + + If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults. properties: aws: - description: "aws provides configuration settings that - are specific to AWS load balancers. \n If empty, defaults - will be applied. See specific aws fields for details - about their defaults." + description: |- + aws provides configuration settings that are specific to AWS + load balancers. + + If empty, defaults will be applied. See specific aws fields for + details about their defaults. properties: classicLoadBalancer: - description: classicLoadBalancerParameters holds configuration - parameters for an AWS classic load balancer. Present - only if type is Classic. + description: |- + classicLoadBalancerParameters holds configuration parameters for an AWS + classic load balancer. Present only if type is Classic. properties: connectionIdleTimeout: - description: connectionIdleTimeout specifies the - maximum time period that a connection may be - idle before the load balancer closes the connection. The - value must be parseable as a time duration value; - see . A - nil or zero value means no opinion, in which - case a default value is used. The default value - for this field is 60s. This default is subject - to change. + description: |- + connectionIdleTimeout specifies the maximum time period that a + connection may be idle before the load balancer closes the + connection. The value must be parseable as a time duration value; + see . A nil or zero value + means no opinion, in which case a default value is used. The default + value for this field is 60s. This default is subject to change. format: duration type: string subnets: - description: "subnets specifies the subnets to - which the load balancer will attach. The subnets - may be specified by either their ID or name. - The total number of subnets is limited to 10. - \n In order for the load balancer to be provisioned - with subnets, each subnet must exist, each subnet - must be from a different availability zone, - and the load balancer service must be recreated - to pick up new values. \n When omitted from - the spec, the subnets will be auto-discovered - for each availability zone. Auto-discovered - subnets are not reported in the status of the - IngressController object." + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. properties: ids: - description: ids specifies a list of AWS subnets - by subnet ID. Subnet IDs must start with - "subnet-", consist only of alphanumeric - characters, must be exactly 24 characters - long, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. items: description: AWSSubnetID is a reference to an AWS subnet ID. @@ -2190,13 +2570,12 @@ spec: rule: self.all(x, self.exists_one(y, x == y)) names: - description: names specifies a list of AWS - subnets by subnet name. Subnet names must - not start with "subnet-", must not include - commas, must be under 256 characters in - length, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. items: description: AWSSubnetName is a reference to an AWS subnet name. @@ -2229,31 +2608,28 @@ spec: has(self.names) && self.names.size() > 0 type: object networkLoadBalancer: - description: networkLoadBalancerParameters holds configuration - parameters for an AWS network load balancer. Present - only if type is NLB. + description: |- + networkLoadBalancerParameters holds configuration parameters for an AWS + network load balancer. Present only if type is NLB. properties: eipAllocations: - description: "eipAllocations is a list of IDs - for Elastic IP (EIP) addresses that are assigned - to the Network Load Balancer. The following - restrictions apply: \n eipAllocations can only - be used with external scope, not internal. An - EIP can be allocated to only a single IngressController. - The number of EIP allocations must match the - number of subnets that are used for the load - balancer. Each EIP allocation must be unique. + description: |- + eipAllocations is a list of IDs for Elastic IP (EIP) addresses that + are assigned to the Network Load Balancer. + The following restrictions apply: + + eipAllocations can only be used with external scope, not internal. + An EIP can be allocated to only a single IngressController. + The number of EIP allocations must match the number of subnets that are used for the load balancer. + Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted. - \n See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html - for general information about configuration, - characteristics, and limitations of Elastic - IP addresses." + + See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general + information about configuration, characteristics, and limitations of Elastic IP addresses. items: - description: EIPAllocation is an ID for an Elastic - IP (EIP) address that can be allocated to - an ELB in the AWS environment. Values must - begin with `eipalloc-` followed by exactly - 17 hexadecimal (`[0-9a-fA-F]`) characters. + description: |- + EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment. + Values must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters. maxLength: 26 minLength: 26 type: string @@ -2272,28 +2648,28 @@ spec: - message: eipAllocations cannot contain duplicates rule: self.all(x, self.exists_one(y, x == y)) subnets: - description: "subnets specifies the subnets to - which the load balancer will attach. The subnets - may be specified by either their ID or name. - The total number of subnets is limited to 10. - \n In order for the load balancer to be provisioned - with subnets, each subnet must exist, each subnet - must be from a different availability zone, - and the load balancer service must be recreated - to pick up new values. \n When omitted from - the spec, the subnets will be auto-discovered - for each availability zone. Auto-discovered - subnets are not reported in the status of the - IngressController object." + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. properties: ids: - description: ids specifies a list of AWS subnets - by subnet ID. Subnet IDs must start with - "subnet-", consist only of alphanumeric - characters, must be exactly 24 characters - long, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. items: description: AWSSubnetID is a reference to an AWS subnet ID. @@ -2309,13 +2685,12 @@ spec: rule: self.all(x, self.exists_one(y, x == y)) names: - description: names specifies a list of AWS - subnets by subnet name. Subnet names must - not start with "subnet-", must not include - commas, must be under 256 characters in - length, must be unique, and the total number - of subnets specified by ids and names must - not exceed 10. + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. items: description: AWSSubnetName is a reference to an AWS subnet name. @@ -2367,15 +2742,21 @@ spec: ? size(self.subnets.names) == size(self.eipAllocations) : true' type: - description: "type is the type of AWS load balancer - to instantiate for an ingresscontroller. \n Valid - values are: \n * \"Classic\": A Classic Load Balancer - that makes routing decisions at either the transport - layer (TCP/SSL) or the application layer (HTTP/HTTPS). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - \n * \"NLB\": A Network Load Balancer that makes - routing decisions at the transport layer (TCP/SSL). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" + description: |- + type is the type of AWS load balancer to instantiate for an ingresscontroller. + + Valid values are: + + * "Classic": A Classic Load Balancer that makes routing decisions at either + the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + + * "NLB": A Network Load Balancer that makes routing decisions at the + transport layer (TCP/SSL). See the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb enum: - Classic - NLB @@ -2384,67 +2765,99 @@ spec: - type type: object gcp: - description: "gcp provides configuration settings that - are specific to GCP load balancers. \n If empty, defaults - will be applied. See specific gcp fields for details - about their defaults." + description: |- + gcp provides configuration settings that are specific to GCP + load balancers. + + If empty, defaults will be applied. See specific gcp fields for + details about their defaults. properties: clientAccess: - description: "clientAccess describes how client access - is restricted for internal load balancers. \n Valid - values are: * \"Global\": Specifying an internal - load balancer with Global client access allows clients - from any region within the VPC to communicate with - the load balancer. \n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access - \n * \"Local\": Specifying an internal load balancer - with Local client access means only clients within - the same region (and VPC) as the GCP load balancer - can communicate with the load balancer. Note that - this is the default behavior. \n https://cloud.google.com/load-balancing/docs/internal#client_access" + description: |- + clientAccess describes how client access is restricted for internal + load balancers. + + Valid values are: + * "Global": Specifying an internal load balancer with Global client access + allows clients from any region within the VPC to communicate with the load + balancer. + + https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + + * "Local": Specifying an internal load balancer with Local client access + means only clients within the same region (and VPC) as the GCP load balancer + can communicate with the load balancer. Note that this is the default behavior. + + https://cloud.google.com/load-balancing/docs/internal#client_access enum: - Global - Local type: string type: object ibm: - description: "ibm provides configuration settings that - are specific to IBM Cloud load balancers. \n If empty, - defaults will be applied. See specific ibm fields for - details about their defaults." + description: |- + ibm provides configuration settings that are specific to IBM Cloud + load balancers. + + If empty, defaults will be applied. See specific ibm fields for + details about their defaults. properties: protocol: - description: "protocol specifies whether the load - balancer uses PROXY protocol to forward connections - to the IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: - \"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\" - \n PROXY protocol can be used with load balancers - that support it to communicate the source addresses - of client connections when forwarding those connections - to the IngressController. Using PROXY protocol - enables the IngressController to report those source - addresses instead of reporting the load balancer's - address in HTTP headers and logs. Note that enabling - PROXY protocol on the IngressController will cause - connections to fail if you are not using a load - balancer that uses PROXY protocol to forward connections - to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n Valid values - for protocol are TCP, PROXY and omitted. When omitted, - this means no opinion and the platform is left to - choose a reasonable default, which is subject to - change over time. The current default is TCP, without - the proxy protocol enabled." + description: |- + protocol specifies whether the load balancer uses PROXY protocol to forward connections to + the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + Valid values for protocol are TCP, PROXY and omitted. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is TCP, without the proxy protocol enabled. enum: - "" - TCP - PROXY type: string type: object + openstack: + description: |- + openstack provides configuration settings that are specific to OpenStack + load balancers. + + If empty, defaults will be applied. See specific openstack fields for + details about their defaults. + properties: + floatingIP: + description: |- + floatingIP specifies the IP address that the load balancer will use. + When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. + This value must be a valid IPv4 or IPv6 address. + type: string + x-kubernetes-validations: + - message: floatingIP must be a valid IPv4 or IPv6 + address + rule: isIP(self) + type: object type: - description: type is the underlying infrastructure provider - for the load balancer. Allowed values are "AWS", "Azure", - "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and - "VSphere". + description: |- + type is the underlying infrastructure provider for the load balancer. + Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + "OpenStack", and "VSphere". enum: - AWS - Azure @@ -2458,9 +2871,14 @@ spec: required: - type type: object + x-kubernetes-validations: + - message: openstack is not permitted when type is not OpenStack + rule: 'has(self.type) && self.type == ''OpenStack'' ? true + : !has(self.openstack)' scope: - description: scope indicates the scope at which the load balancer - is exposed. Possible values are "External" and "Internal". + description: |- + scope indicates the scope at which the load balancer is exposed. + Possible values are "External" and "Internal". enum: - Internal - External @@ -2474,28 +2892,41 @@ spec: rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)' + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' nodePort: - description: nodePort holds parameters for the NodePortService - endpoint publishing strategy. Present only if type is NodePortService. + description: |- + nodePort holds parameters for the NodePortService endpoint publishing strategy. + Present only if type is NodePortService. properties: protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. enum: - "" - TCP @@ -2503,27 +2934,36 @@ spec: type: string type: object private: - description: private holds parameters for the Private endpoint - publishing strategy. Present only if type is Private. + description: |- + private holds parameters for the Private endpoint publishing + strategy. Present only if type is Private. properties: protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. enum: - "" - TCP @@ -2531,33 +2971,53 @@ spec: type: string type: object type: - description: "type is the publishing strategy to use. Valid values - are: \n * LoadBalancerService \n Publishes the ingress controller - using a Kubernetes LoadBalancer Service. \n In this configuration, - the ingress controller deployment uses container networking. - A LoadBalancer Service is created to publish the deployment. - \n See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - \n If domain is set, a wildcard DNS record will be managed to - point at the LoadBalancer Service's external name. DNS records - are managed only in DNS zones defined by dns.config.openshift.io/cluster - .spec.publicZone and .spec.privateZone. \n Wildcard DNS management - is currently supported only on the AWS, Azure, and GCP platforms. - \n * HostNetwork \n Publishes the ingress controller on node - ports where the ingress controller is deployed. \n In this configuration, - the ingress controller deployment uses host networking, bound - to node ports 80 and 443. The user is responsible for configuring - an external load balancer to publish the ingress controller - via the node ports. \n * Private \n Does not publish the ingress - controller. \n In this configuration, the ingress controller - deployment uses container networking, and is not explicitly - published. The user must manually publish the ingress controller. - \n * NodePortService \n Publishes the ingress controller using - a Kubernetes NodePort Service. \n In this configuration, the - ingress controller deployment uses container networking. A NodePort - Service is created to publish the deployment. The specific node - ports are dynamically allocated by OpenShift; however, to support - static port allocations, user changes to the node port field - of the managed NodePort Service will preserved." + description: |- + type is the publishing strategy to use. Valid values are: + + * LoadBalancerService + + Publishes the ingress controller using a Kubernetes LoadBalancer Service. + + In this configuration, the ingress controller deployment uses container + networking. A LoadBalancer Service is created to publish the deployment. + + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + If domain is set, a wildcard DNS record will be managed to point at the + LoadBalancer Service's external name. DNS records are managed only in DNS + zones defined by dns.config.openshift.io/cluster .spec.publicZone and + .spec.privateZone. + + Wildcard DNS management is currently supported only on the AWS, Azure, + and GCP platforms. + + * HostNetwork + + Publishes the ingress controller on node ports where the ingress controller + is deployed. + + In this configuration, the ingress controller deployment uses host + networking, bound to node ports 80 and 443. The user is responsible for + configuring an external load balancer to publish the ingress controller via + the node ports. + + * Private + + Does not publish the ingress controller. + + In this configuration, the ingress controller deployment uses container + networking, and is not explicitly published. The user must manually publish + the ingress controller. + + * NodePortService + + Publishes the ingress controller using a Kubernetes NodePort Service. + + In this configuration, the ingress controller deployment uses container + networking. A NodePort Service is created to publish the deployment. The + specific node ports are dynamically allocated by OpenShift; however, to + support static port allocations, user changes to the node port + field of the managed NodePort Service will preserved. enum: - LoadBalancerService - HostNetwork @@ -2575,24 +3035,24 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -2607,11 +3067,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -2626,24 +3085,24 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -2658,38 +3117,44 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic selector: - description: selector is a label selector, in string format, for ingress - controller pods corresponding to the IngressController. The number - of matching pods should equal the value of availableReplicas. + description: |- + selector is a label selector, in string format, for ingress controller pods + corresponding to the IngressController. The number of matching pods should + equal the value of availableReplicas. type: string tlsProfile: description: tlsProfile is the TLS connection configuration that is in effect. properties: ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators may - remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic minTLSVersion: - description: "minTLSVersion is used to specify the minimal version - of the TLS protocol that is negotiated during the TLS handshake. - For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n - minTLSVersion: VersionTLS11 \n NOTE: currently the highest minTLSVersion - allowed is VersionTLS12" + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + + NOTE: currently the highest minTLSVersion allowed is VersionTLS12 enum: - VersionTLS10 - VersionTLS11 diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_insights_00_insightsoperators.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_insights_00_insightsoperators.crd.yaml index b2f695eba3..b7ce165e3f 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_insights_00_insightsoperators.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_insights_00_insightsoperators.crd.yaml @@ -19,19 +19,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "InsightsOperator holds cluster-wide information about the Insights - Operator. \n Compatibility level 1: Stable within a major release for a - minimum of 12 months or 3 minor releases (whichever is longer)." + description: |- + InsightsOperator holds cluster-wide information about the Insights Operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,11 +47,12 @@ spec: properties: logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -59,19 +66,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -80,13 +88,12 @@ spec: - TraceAll type: string unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -101,6 +108,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -108,10 +118,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -119,65 +139,52 @@ spec: - type x-kubernetes-list-type: map gatherStatus: - description: gatherStatus provides basic information about the last - Insights data gathering. When omitted, this means no data gathering - has taken place yet. + description: |- + gatherStatus provides basic information about the last Insights data gathering. + When omitted, this means no data gathering has taken place yet. properties: gatherers: description: gatherers is a list of active gatherers (and their statuses) in the last gathering. items: - description: gathererStatus represents information about a particular + description: |- + gathererStatus represents information about a particular data gatherer. properties: conditions: description: conditions provide details on the status of each gatherer. items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This - struct is intended for direct use as an array at the - field path .status.conditions. For example, \n type - FooStatus struct{ // Represents the observations of - a foo's current state. // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\" - // +patchMergeKey=type // +patchStrategy=merge // +listType=map - // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" + description: Condition contains details for one aspect + of the current state of this API Resource. properties: lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the - API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the - .status.conditions[x].observedGeneration is 9, the - condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define - expected values and meanings for this field, and - whether the values are considered a guaranteed API. - The value should be a CamelCase string. This field - may not be empty. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ @@ -192,11 +199,7 @@ spec: type: string type: description: type of condition in CamelCase or in - foo.example.com/CamelCase. --- Many .condition.type - values are consistent across resources like Available, - but because arbitrary conditions can be useful (see - .node.status.conditions), the ability to deconflict - is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -228,14 +231,15 @@ spec: type: array x-kubernetes-list-type: atomic lastGatherDuration: - description: lastGatherDuration is the total time taken to process + description: |- + lastGatherDuration is the total time taken to process all gatherers during the last gather event. pattern: ^0|([1-9][0-9]*(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ type: string lastGatherTime: - description: lastGatherTime is the last time when Insights data - gathering finished. An empty value means that no data has been - gathered yet. + description: |- + lastGatherTime is the last time when Insights data gathering finished. + An empty value means that no data has been gathered yet. format: date-time type: string type: object @@ -269,24 +273,35 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map insightsReport: - description: insightsReport provides general Insights analysis results. + description: |- + insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet. properties: downloadedAt: - description: downloadedAt is the time when the last Insights report - was downloaded. An empty value means that there has not been - any Insights report downloaded yet and it usually appears in - disconnected clusters (or clusters when the Insights data gathering - is disabled). + description: |- + downloadedAt is the time when the last Insights report was downloaded. + An empty value means that there has not been any Insights report downloaded yet and + it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled). format: date-time type: string healthChecks: - description: healthChecks provides basic information about active - Insights health checks in a cluster. + description: |- + healthChecks provides basic information about active Insights health checks + in a cluster. items: description: healthCheck represents an Insights health check attributes. @@ -303,19 +318,19 @@ spec: minLength: 10 type: string state: - description: state determines what the current state of - the health check is. Health check is enabled by default - and can be disabled by the user in the Insights advisor - user interface. + description: |- + state determines what the current state of the health check is. + Health check is enabled by default and can be disabled + by the user in the Insights advisor user interface. enum: - Enabled - Disabled type: string totalRisk: - description: totalRisk of the healthcheck. Indicator of - the total risk posed by the detected issue; combination - of impact and likelihood. The values can be from 1 to - 4, and the higher the number, the more important the issue. + description: |- + totalRisk of the healthcheck. Indicator of the total risk posed + by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, + and the higher the number, the more important the issue. format: int32 maximum: 4 minimum: 1 @@ -329,6 +344,14 @@ spec: type: array x-kubernetes-list-type: atomic type: object + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf observedGeneration: description: observedGeneration is the last generation change you've dealt with diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers.crd.yaml index 723785d33f..d6dabdda07 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_openshift-controller-manager_02_openshiftcontrollermanagers.crd.yaml @@ -21,20 +21,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "OpenShiftControllerManager provides information to configure - an operator to manage openshift-controller-manager. \n Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." + description: |- + OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -42,11 +47,12 @@ spec: properties: logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -60,19 +66,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -81,13 +88,12 @@ spec: - TraceAll type: string unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -100,6 +106,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -107,10 +116,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -147,9 +166,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf observedGeneration: description: observedGeneration is the last generation change you've dealt with diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_service-ca_02_servicecas.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_service-ca_02_servicecas.crd.yaml index ce25973f70..16fba0d6d3 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_service-ca_02_servicecas.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_service-ca_02_servicecas.crd.yaml @@ -19,19 +19,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "ServiceCA provides information to configure an operator to manage - the service cert controllers \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." + description: |- + ServiceCA provides information to configure an operator to manage the service cert controllers + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -40,11 +46,12 @@ spec: properties: logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -58,19 +65,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -79,13 +87,12 @@ spec: - TraceAll type: string unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -100,6 +107,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -107,10 +117,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -147,9 +167,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf observedGeneration: description: observedGeneration is the last generation change you've dealt with diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_storage_01_storages.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_storage_01_storages.crd.yaml index bd14ee8c42..e0f8418814 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_storage_01_storages.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_storage_01_storages.crd.yaml @@ -19,20 +19,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "Storage provides a means to configure an operator to manage - the cluster storage operator. `cluster` is the canonical name. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." + description: |- + Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,11 +46,12 @@ spec: properties: logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -59,19 +65,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -80,23 +87,23 @@ spec: - TraceAll type: string unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true vsphereStorageDriver: - description: 'VSphereStorageDriver indicates the storage driver to - use on VSphere clusters. Once this field is set to CSIWithMigrationDriver, - it can not be changed. If this is empty, the platform will choose - a good default, which may change over time without notice. The current - default is CSIWithMigrationDriver and may not be changed. DEPRECATED: - This field will be removed in a future release.' + description: |- + VSphereStorageDriver indicates the storage driver to use on VSphere clusters. + Once this field is set to CSIWithMigrationDriver, it can not be changed. + If this is empty, the platform will choose a good default, + which may change over time without notice. + The current default is CSIWithMigrationDriver and may not be changed. + DEPRECATED: This field will be removed in a future release. enum: - "" - LegacyDeprecatedInTreeDriver @@ -116,6 +123,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -123,10 +133,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -163,9 +183,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf observedGeneration: description: observedGeneration is the last generation change you've dealt with diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_dns_00_dnses.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_dns_00_dnses.crd.yaml index 8810d71bb3..7d2acd004f 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_dns_00_dnses.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_dns_00_dnses.crd.yaml @@ -19,22 +19,31 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "DNS manages the CoreDNS component to provide a name resolution - service for pods and services in the cluster. \n This supports the DNS-based - service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md - \n More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." + description: |- + DNS manages the CoreDNS component to provide a name resolution service + for pods and services in the cluster. + + This supports the DNS-based service discovery specification: + https://github.com/kubernetes/dns/blob/master/docs/specification.md + + More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -43,229 +52,235 @@ spec: DNS. properties: cache: - description: 'cache describes the caching configuration that applies - to all server blocks listed in the Corefile. This field allows a - cluster admin to optionally configure: * positiveTTL which is a - duration for which positive responses should be cached. * negativeTTL - which is a duration for which negative responses should be cached. - If this is not configured, OpenShift will configure positive and - negative caching with a default value that is subject to change. - At the time of writing, the default positiveTTL is 900 seconds and - the default negativeTTL is 30 seconds or as noted in the respective - Corefile for your version of OpenShift.' + description: |- + cache describes the caching configuration that applies to all server blocks listed in the Corefile. + This field allows a cluster admin to optionally configure: + * positiveTTL which is a duration for which positive responses should be cached. + * negativeTTL which is a duration for which negative responses should be cached. + If this is not configured, OpenShift will configure positive and negative caching with a default value that is + subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is + 30 seconds or as noted in the respective Corefile for your version of OpenShift. properties: negativeTTL: - description: "negativeTTL is optional and specifies the amount - of time that a negative response should be cached. \n If configured, - it must be a value of 1s (1 second) or greater up to a theoretical - maximum of several years. This field expects an unsigned duration - string of decimal numbers, each with optional fraction and a - unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values - that are fractions of a second are rounded down to the nearest - second. If the configured value is less than 1s, the default - value will be used. If not configured, the value will be 0s - and OpenShift will use a default value of 30 seconds unless - noted otherwise in the respective Corefile for your version - of OpenShift. The default value of 30 seconds is subject to - change." + description: |- + negativeTTL is optional and specifies the amount of time that a negative response should be cached. + + If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This + field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, + e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. + If the configured value is less than 1s, the default value will be used. + If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted + otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject + to change. pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ type: string positiveTTL: - description: "positiveTTL is optional and specifies the amount - of time that a positive response should be cached. \n If configured, - it must be a value of 1s (1 second) or greater up to a theoretical - maximum of several years. This field expects an unsigned duration - string of decimal numbers, each with optional fraction and a - unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values - that are fractions of a second are rounded down to the nearest - second. If the configured value is less than 1s, the default - value will be used. If not configured, the value will be 0s - and OpenShift will use a default value of 900 seconds unless - noted otherwise in the respective Corefile for your version - of OpenShift. The default value of 900 seconds is subject to - change." + description: |- + positiveTTL is optional and specifies the amount of time that a positive response should be cached. + + If configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This + field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, + e.g. "100s", "1m30s", "12h30m10s". Values that are fractions of a second are rounded down to the nearest second. + If the configured value is less than 1s, the default value will be used. + If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted + otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject + to change. pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ type: string type: object logLevel: default: Normal - description: 'logLevel describes the desired logging verbosity for - CoreDNS. Any one of the following values may be specified: * Normal - logs errors from upstream resolvers. * Debug logs errors, NXDOMAIN - responses, and NODATA responses. * Trace logs errors and all responses. - Setting logLevel: Trace will produce extremely verbose logs. Valid - values are: "Normal", "Debug", "Trace". Defaults to "Normal".' + description: |- + logLevel describes the desired logging verbosity for CoreDNS. + Any one of the following values may be specified: + * Normal logs errors from upstream resolvers. + * Debug logs errors, NXDOMAIN responses, and NODATA responses. + * Trace logs errors and all responses. + Setting logLevel: Trace will produce extremely verbose logs. + Valid values are: "Normal", "Debug", "Trace". + Defaults to "Normal". enum: - Normal - Debug - Trace type: string managementState: - description: managementState indicates whether the DNS operator should - manage cluster DNS + description: |- + managementState indicates whether the DNS operator should manage cluster + DNS pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string nodePlacement: - description: "nodePlacement provides explicit control over the scheduling - of DNS pods. \n Generally, it is useful to run a DNS pod on every - node so that DNS queries are always handled by a local DNS pod instead - of going over the network to a DNS pod on another node. However, - security policies may require restricting the placement of DNS pods - to specific nodes. For example, if a security policy prohibits pods - on arbitrary nodes from communicating with the API, a node selector - can be specified to restrict DNS pods to nodes that are permitted - to communicate with the API. Conversely, if running DNS pods on - nodes with a particular taint is desired, a toleration can be specified - for that taint. \n If unset, defaults are used. See nodePlacement - for more details." + description: |- + nodePlacement provides explicit control over the scheduling of DNS + pods. + + Generally, it is useful to run a DNS pod on every node so that DNS + queries are always handled by a local DNS pod instead of going over + the network to a DNS pod on another node. However, security policies + may require restricting the placement of DNS pods to specific nodes. + For example, if a security policy prohibits pods on arbitrary nodes + from communicating with the API, a node selector can be specified to + restrict DNS pods to nodes that are permitted to communicate with the + API. Conversely, if running DNS pods on nodes with a particular + taint is desired, a toleration can be specified for that taint. + + If unset, defaults are used. See nodePlacement for more details. properties: nodeSelector: additionalProperties: type: string - description: "nodeSelector is the node selector applied to DNS - pods. \n If empty, the default is used, which is currently the - following: \n kubernetes.io/os: linux \n This default is subject - to change. \n If set, the specified selector is used and replaces - the default." + description: |- + nodeSelector is the node selector applied to DNS pods. + + If empty, the default is used, which is currently the following: + + kubernetes.io/os: linux + + This default is subject to change. + + If set, the specified selector is used and replaces the default. type: object tolerations: - description: "tolerations is a list of tolerations applied to - DNS pods. \n If empty, the DNS operator sets a toleration for - the \"node-role.kubernetes.io/master\" taint. This default - is subject to change. Specifying tolerations without including - a toleration for the \"node-role.kubernetes.io/master\" taint - may be risky as it could lead to an outage if all worker nodes - become unavailable. \n Note that the daemon controller adds - some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/" + description: |- + tolerations is a list of tolerations applied to DNS pods. + + If empty, the DNS operator sets a toleration for the + "node-role.kubernetes.io/master" taint. This default is subject to + change. Specifying tolerations without including a toleration for + the "node-role.kubernetes.io/master" taint may be risky as it could + lead to an outage if all worker nodes become unavailable. + + Note that the daemon controller adds some tolerations as well. See + https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array type: object operatorLogLevel: default: Normal - description: 'operatorLogLevel controls the logging level of the DNS - Operator. Valid values are: "Normal", "Debug", "Trace". Defaults - to "Normal". setting operatorLogLevel: Trace will produce extremely - verbose logs.' + description: |- + operatorLogLevel controls the logging level of the DNS Operator. + Valid values are: "Normal", "Debug", "Trace". + Defaults to "Normal". + setting operatorLogLevel: Trace will produce extremely verbose logs. enum: - Normal - Debug - Trace type: string servers: - description: "servers is a list of DNS resolvers that provide name - query delegation for one or more subdomains outside the scope of - the cluster domain. If servers consists of more than one Server, - longest suffix match will be used to determine the Server. \n For - example, if there are two Servers, one for \"foo.com\" and another - for \"a.foo.com\", and the name query is for \"www.a.foo.com\", - it will be routed to the Server with Zone \"a.foo.com\". \n If this - field is nil, no servers are created." + description: |- + servers is a list of DNS resolvers that provide name query delegation for one or + more subdomains outside the scope of the cluster domain. If servers consists of + more than one Server, longest suffix match will be used to determine the Server. + + For example, if there are two Servers, one for "foo.com" and another for "a.foo.com", + and the name query is for "www.a.foo.com", it will be routed to the Server with Zone + "a.foo.com". + + If this field is nil, no servers are created. items: description: Server defines the schema for a server that runs per instance of CoreDNS. properties: forwardPlugin: - description: forwardPlugin defines a schema for configuring - CoreDNS to proxy DNS messages to upstream resolvers. + description: |- + forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages + to upstream resolvers. properties: policy: default: Random - description: "policy is used to determine the order in which - upstream servers are selected for querying. Any one of - the following values may be specified: \n * \"Random\" - picks a random upstream server for each query. * \"RoundRobin\" - picks upstream servers in a round-robin order, moving - to the next server for each new query. * \"Sequential\" - tries querying upstream servers in a sequential order - until one responds, starting with the first server for - each new query. \n The default value is \"Random\"" + description: |- + policy is used to determine the order in which upstream servers are selected for querying. + Any one of the following values may be specified: + + * "Random" picks a random upstream server for each query. + * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. + * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. + + The default value is "Random" enum: - Random - RoundRobin - Sequential type: string protocolStrategy: - description: protocolStrategy specifies the protocol to - use for upstream DNS requests. Valid values for protocolStrategy - are "TCP" and omitted. When omitted, this means no opinion - and the platform is left to choose a reasonable default, - which is subject to change over time. The current default - is to use the protocol of the original client request. - "TCP" specifies that the platform should use TCP for all - upstream DNS requests, even if the client request uses - UDP. "TCP" is useful for UDP-specific issues such as those - created by non-compliant upstream resolvers, but may consume - more bandwidth or increase DNS response time. Note that - protocolStrategy only affects the protocol of DNS requests - that CoreDNS makes to upstream resolvers. It does not - affect the protocol of DNS requests between clients and + description: |- + protocolStrategy specifies the protocol to use for upstream DNS + requests. + Valid values for protocolStrategy are "TCP" and omitted. + When omitted, this means no opinion and the platform is left to choose + a reasonable default, which is subject to change over time. + The current default is to use the protocol of the original client request. + "TCP" specifies that the platform should use TCP for all upstream DNS requests, + even if the client request uses UDP. + "TCP" is useful for UDP-specific issues such as those created by + non-compliant upstream resolvers, but may consume more bandwidth or + increase DNS response time. Note that protocolStrategy only affects + the protocol of DNS requests that CoreDNS makes to upstream resolvers. + It does not affect the protocol of DNS requests between clients and CoreDNS. enum: - TCP - "" type: string transportConfig: - description: "transportConfig is used to configure the transport - type, server name, and optional custom CA or CA bundle - to use when forwarding DNS requests to an upstream resolver. - \n The default value is \"\" (empty) which results in - a standard cleartext connection being used when forwarding - DNS requests to an upstream resolver." + description: |- + transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use + when forwarding DNS requests to an upstream resolver. + + The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS + requests to an upstream resolver. properties: tls: description: tls contains the additional configuration options to use when Transport is set to "TLS". properties: caBundle: - description: "caBundle references a ConfigMap that - must contain either a single CA Certificate or - a CA Bundle. This allows cluster administrators - to provide their own CA or CA bundle for validating - the certificate of upstream resolvers. \n 1. The - configmap must contain a `ca-bundle.crt` key. - 2. The value must be a PEM encoded CA certificate - or CA bundle. 3. The administrator must create - this configmap in the openshift-config namespace. - 4. The upstream server certificate must contain - a Subject Alternative Name (SAN) that matches - ServerName." + description: |- + caBundle references a ConfigMap that must contain either a single + CA Certificate or a CA Bundle. This allows cluster administrators to provide their + own CA or CA bundle for validating the certificate of upstream resolvers. + + 1. The configmap must contain a `ca-bundle.crt` key. + 2. The value must be a PEM encoded CA certificate or CA bundle. + 3. The administrator must create this configmap in the openshift-config namespace. + 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. properties: name: description: name is the metadata.name of the @@ -275,12 +290,10 @@ spec: - name type: object serverName: - description: serverName is the upstream server to - connect to when forwarding DNS queries. This is - required when Transport is set to "TLS". ServerName - will be validated against the DNS naming conventions - in RFC 1123 and should match the TLS certificate - installed in the upstream resolver(s). + description: |- + serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is + set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the + TLS certificate installed in the upstream resolver(s). maxLength: 253 pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ type: string @@ -288,26 +301,22 @@ spec: - serverName type: object transport: - description: "transport allows cluster administrators - to opt-in to using a DNS-over-TLS connection between - cluster DNS and an upstream resolver(s). Configuring - TLS as the transport at this level without configuring - a CABundle will result in the system certificates - being used to verify the serving certificate of the - upstream resolver(s). \n Possible values: \"\" (empty) - - This means no explicit choice has been made and - the platform chooses the default which is subject - to change over time. The current default is \"Cleartext\". - \"Cleartext\" - Cluster admin specified cleartext - option. This results in the same functionality as - an empty value but may be useful when a cluster admin - wants to be more explicit about the transport, or - wants to switch from \"TLS\" to \"Cleartext\" explicitly. - \"TLS\" - This indicates that DNS queries should be - sent over a TLS connection. If Transport is set to - TLS, you MUST also set ServerName. If a port is not - included with the upstream IP, port 853 will be tried - by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1." + description: |- + transport allows cluster administrators to opt-in to using a DNS-over-TLS + connection between cluster DNS and an upstream resolver(s). Configuring + TLS as the transport at this level without configuring a CABundle will + result in the system certificates being used to verify the serving + certificate of the upstream resolver(s). + + Possible values: + "" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject + to change over time. The current default is "Cleartext". + "Cleartext" - Cluster admin specified cleartext option. This results in the same functionality + as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, + or wants to switch from "TLS" to "Cleartext" explicitly. + "TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, + you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default + per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1. enum: - TLS - Cleartext @@ -315,30 +324,29 @@ spec: type: string type: object upstreams: - description: "upstreams is a list of resolvers to forward - name queries for subdomains of Zones. Each instance of - CoreDNS performs health checking of Upstreams. When a - healthy upstream returns an error during the exchange, - another resolver is tried from Upstreams. The Upstreams - are selected in the order specified in Policy. Each upstream - is represented by an IP address or IP:port if the upstream - listens on a port other than 53. \n A maximum of 15 upstreams - is allowed per ForwardPlugin." + description: |- + upstreams is a list of resolvers to forward name queries for subdomains of Zones. + Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream + returns an error during the exchange, another resolver is tried from Upstreams. The + Upstreams are selected in the order specified in Policy. Each upstream is represented + by an IP address or IP:port if the upstream listens on a port other than 53. + + A maximum of 15 upstreams is allowed per ForwardPlugin. items: type: string maxItems: 15 type: array type: object name: - description: name is required and specifies a unique name for - the server. Name must comply with the Service Name Syntax - of rfc6335. + description: |- + name is required and specifies a unique name for the server. Name must comply + with the Service Name Syntax of rfc6335. type: string zones: - description: zones is required and specifies the subdomains - that Server is authoritative for. Zones must conform to the - rfc1123 definition of a subdomain. Specifying the cluster - domain (i.e., "cluster.local") is invalid. + description: |- + zones is required and specifies the subdomains that Server is authoritative for. + Zones must conform to the rfc1123 definition of a subdomain. Specifying the + cluster domain (i.e., "cluster.local") is invalid. items: type: string type: array @@ -346,67 +354,72 @@ spec: type: array upstreamResolvers: default: {} - description: "upstreamResolvers defines a schema for configuring CoreDNS + description: |- + upstreamResolvers defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers for the case of the - default (\".\") server \n If this field is not specified, the upstream - used will default to /etc/resolv.conf, with policy \"sequential\"" + default (".") server + + If this field is not specified, the upstream used will default to + /etc/resolv.conf, with policy "sequential" properties: policy: default: Sequential - description: "Policy is used to determine the order in which upstream - servers are selected for querying. Any one of the following - values may be specified: \n * \"Random\" picks a random upstream - server for each query. * \"RoundRobin\" picks upstream servers - in a round-robin order, moving to the next server for each new - query. * \"Sequential\" tries querying upstream servers in a - sequential order until one responds, starting with the first - server for each new query. \n The default value is \"Sequential\"" + description: |- + Policy is used to determine the order in which upstream servers are selected for querying. + Any one of the following values may be specified: + + * "Random" picks a random upstream server for each query. + * "RoundRobin" picks upstream servers in a round-robin order, moving to the next server for each new query. + * "Sequential" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query. + + The default value is "Sequential" enum: - Random - RoundRobin - Sequential type: string protocolStrategy: - description: protocolStrategy specifies the protocol to use for - upstream DNS requests. Valid values for protocolStrategy are - "TCP" and omitted. When omitted, this means no opinion and the - platform is left to choose a reasonable default, which is subject - to change over time. The current default is to use the protocol - of the original client request. "TCP" specifies that the platform - should use TCP for all upstream DNS requests, even if the client - request uses UDP. "TCP" is useful for UDP-specific issues such - as those created by non-compliant upstream resolvers, but may - consume more bandwidth or increase DNS response time. Note that - protocolStrategy only affects the protocol of DNS requests that - CoreDNS makes to upstream resolvers. It does not affect the - protocol of DNS requests between clients and CoreDNS. + description: |- + protocolStrategy specifies the protocol to use for upstream DNS + requests. + Valid values for protocolStrategy are "TCP" and omitted. + When omitted, this means no opinion and the platform is left to choose + a reasonable default, which is subject to change over time. + The current default is to use the protocol of the original client request. + "TCP" specifies that the platform should use TCP for all upstream DNS requests, + even if the client request uses UDP. + "TCP" is useful for UDP-specific issues such as those created by + non-compliant upstream resolvers, but may consume more bandwidth or + increase DNS response time. Note that protocolStrategy only affects + the protocol of DNS requests that CoreDNS makes to upstream resolvers. + It does not affect the protocol of DNS requests between clients and + CoreDNS. enum: - TCP - "" type: string transportConfig: - description: "transportConfig is used to configure the transport - type, server name, and optional custom CA or CA bundle to use - when forwarding DNS requests to an upstream resolver. \n The - default value is \"\" (empty) which results in a standard cleartext - connection being used when forwarding DNS requests to an upstream - resolver." + description: |- + transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use + when forwarding DNS requests to an upstream resolver. + + The default value is "" (empty) which results in a standard cleartext connection being used when forwarding DNS + requests to an upstream resolver. properties: tls: description: tls contains the additional configuration options to use when Transport is set to "TLS". properties: caBundle: - description: "caBundle references a ConfigMap that must - contain either a single CA Certificate or a CA Bundle. - This allows cluster administrators to provide their - own CA or CA bundle for validating the certificate of - upstream resolvers. \n 1. The configmap must contain - a `ca-bundle.crt` key. 2. The value must be a PEM encoded - CA certificate or CA bundle. 3. The administrator must - create this configmap in the openshift-config namespace. - 4. The upstream server certificate must contain a Subject - Alternative Name (SAN) that matches ServerName." + description: |- + caBundle references a ConfigMap that must contain either a single + CA Certificate or a CA Bundle. This allows cluster administrators to provide their + own CA or CA bundle for validating the certificate of upstream resolvers. + + 1. The configmap must contain a `ca-bundle.crt` key. + 2. The value must be a PEM encoded CA certificate or CA bundle. + 3. The administrator must create this configmap in the openshift-config namespace. + 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName. properties: name: description: name is the metadata.name of the referenced @@ -416,12 +429,10 @@ spec: - name type: object serverName: - description: serverName is the upstream server to connect - to when forwarding DNS queries. This is required when - Transport is set to "TLS". ServerName will be validated - against the DNS naming conventions in RFC 1123 and should - match the TLS certificate installed in the upstream - resolver(s). + description: |- + serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is + set to "TLS". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the + TLS certificate installed in the upstream resolver(s). maxLength: 253 pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ type: string @@ -429,24 +440,22 @@ spec: - serverName type: object transport: - description: "transport allows cluster administrators to opt-in - to using a DNS-over-TLS connection between cluster DNS and - an upstream resolver(s). Configuring TLS as the transport - at this level without configuring a CABundle will result - in the system certificates being used to verify the serving - certificate of the upstream resolver(s). \n Possible values: - \"\" (empty) - This means no explicit choice has been made - and the platform chooses the default which is subject to - change over time. The current default is \"Cleartext\". - \"Cleartext\" - Cluster admin specified cleartext option. - This results in the same functionality as an empty value - but may be useful when a cluster admin wants to be more - explicit about the transport, or wants to switch from \"TLS\" - to \"Cleartext\" explicitly. \"TLS\" - This indicates that - DNS queries should be sent over a TLS connection. If Transport - is set to TLS, you MUST also set ServerName. If a port is - not included with the upstream IP, port 853 will be tried - by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1." + description: |- + transport allows cluster administrators to opt-in to using a DNS-over-TLS + connection between cluster DNS and an upstream resolver(s). Configuring + TLS as the transport at this level without configuring a CABundle will + result in the system certificates being used to verify the serving + certificate of the upstream resolver(s). + + Possible values: + "" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject + to change over time. The current default is "Cleartext". + "Cleartext" - Cluster admin specified cleartext option. This results in the same functionality + as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, + or wants to switch from "TLS" to "Cleartext" explicitly. + "TLS" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, + you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default + per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1. enum: - TLS - Cleartext @@ -456,13 +465,14 @@ spec: upstreams: default: - type: SystemResolvConf - description: "Upstreams is a list of resolvers to forward name - queries for the \".\" domain. Each instance of CoreDNS performs - health checking of Upstreams. When a healthy upstream returns - an error during the exchange, another resolver is tried from - Upstreams. The Upstreams are selected in the order specified - in Policy. \n A maximum of 15 upstreams is allowed per ForwardPlugin. - If no Upstreams are specified, /etc/resolv.conf is used by default" + description: |- + Upstreams is a list of resolvers to forward name queries for the "." domain. + Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream + returns an error during the exchange, another resolver is tried from Upstreams. The + Upstreams are selected in the order specified in Policy. + + A maximum of 15 upstreams is allowed per ForwardPlugin. + If no Upstreams are specified, /etc/resolv.conf is used by default items: anyOf: - not: @@ -482,37 +492,39 @@ spec: - Network required: - address - description: "Upstream can either be of type SystemResolvConf, - or of type Network. \n - For an Upstream of type SystemResolvConf, - no further fields are necessary: The upstream will be configured - to use /etc/resolv.conf. - For an Upstream of type Network, - a NetworkResolver field needs to be defined with an IP address - or IP:port if the upstream listens on a port other than 53." + description: |- + Upstream can either be of type SystemResolvConf, or of type Network. + + - For an Upstream of type SystemResolvConf, no further fields are necessary: + The upstream will be configured to use /etc/resolv.conf. + - For an Upstream of type Network, a NetworkResolver field needs to be defined + with an IP address or IP:port if the upstream listens on a port other than 53. properties: address: anyOf: - format: ipv4 - format: ipv6 - description: Address must be defined when Type is set to - Network. It will be ignored otherwise. It must be a valid - ipv4 or ipv6 address. + description: |- + Address must be defined when Type is set to Network. It will be ignored otherwise. + It must be a valid ipv4 or ipv6 address. type: string port: default: 53 - description: Port may be defined when Type is set to Network. - It will be ignored otherwise. Port must be between 65535 + description: |- + Port may be defined when Type is set to Network. It will be ignored otherwise. + Port must be between 65535 format: int32 maximum: 65535 minimum: 1 type: integer type: - description: "Type defines whether this upstream contains - an IP/IP:port resolver or the local /etc/resolv.conf. + description: |- + Type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. Type accepts 2 possible values: SystemResolvConf or Network. - \n * When SystemResolvConf is used, the Upstream structure - does not require any further fields to be defined: /etc/resolv.conf - will be used * When Network is used, the Upstream structure - must contain at least an Address" + + * When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined: + /etc/resolv.conf will be used + * When Network is used, the Upstream structure must contain at least an Address enum: - SystemResolvConf - Network @@ -529,29 +541,44 @@ spec: description: status is the most recently observed status of the DNS. properties: clusterDomain: - description: "clusterDomain is the local cluster DNS domain suffix - for DNS services. This will be a subdomain as defined in RFC 1034, - section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: - \"cluster.local\" \n More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service" + description: |- + clusterDomain is the local cluster DNS domain suffix for DNS services. + This will be a subdomain as defined in RFC 1034, + section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 + Example: "cluster.local" + + More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service type: string clusterIP: - description: "clusterIP is the service IP through which this DNS is - made available. \n In the case of the default DNS, this will be - a well known IP that is used as the default nameserver for pods - that are using the default ClusterFirst DNS policy. \n In general, - this IP can be specified in a pod's spec.dnsConfig.nameservers list - or used explicitly when performing name resolution from within the - cluster. Example: dig foo.com @ \n More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + clusterIP is the service IP through which this DNS is made available. + + In the case of the default DNS, this will be a well known IP that is used + as the default nameserver for pods that are using the default ClusterFirst DNS policy. + + In general, this IP can be specified in a pod's spec.dnsConfig.nameservers list + or used explicitly when performing name resolution from within the cluster. + Example: dig foo.com @ + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string conditions: - description: "conditions provide information about the state of the - DNS on the cluster. \n These are the supported DNS conditions: \n - * Available - True if the following conditions are met: * DNS controller - daemonset is available. - False if any of those conditions are unsatisfied." + description: |- + conditions provide information about the state of the DNS on the cluster. + + These are the supported DNS conditions: + + * Available + - True if the following conditions are met: + * DNS controller daemonset is available. + - False if any of those conditions are unsatisfied. items: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -559,10 +586,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml new file mode 100644 index 0000000000..146c684056 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml @@ -0,0 +1,1025 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: CustomNoUpgrade + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: SimpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: IPAMConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: StaticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: Addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: Address is the IP address in + CIDR format + type: string + gateway: + description: Gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: DNS configures DNS for the interface + properties: + domain: + description: Domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: Nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: Search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: Routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: Destination points the IP route + destination + type: string + gateway: + description: |- + Gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + Type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openShiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.169.0/29 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/125 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + HybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: HybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default value is fd98::/48 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is fd98::/48 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork specifies whether or not multiple pod network + support should be disabled. If unset, this property defaults to + 'false' and multiple network support is enabled. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml new file mode 100644 index 0000000000..3f150defe7 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml @@ -0,0 +1,969 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: Default + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: SimpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: IPAMConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: StaticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: Addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: Address is the IP address in + CIDR format + type: string + gateway: + description: Gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: DNS configures DNS for the interface + properties: + domain: + description: Domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: Nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: Search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: Routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: Destination points the IP route + destination + type: string + gateway: + description: |- + Gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + Type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openShiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.169.0/29 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/125 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + HybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: HybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default value is fd98::/48 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is fd98::/48 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork specifies whether or not multiple pod network + support should be disabled. If unset, this property defaults to + 'false' and multiple network support is enabled. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 0000000000..fd06797632 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,1025 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: SimpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: IPAMConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: StaticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: Addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: Address is the IP address in + CIDR format + type: string + gateway: + description: Gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: DNS configures DNS for the interface + properties: + domain: + description: Domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: Nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: Search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: Routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: Destination points the IP route + destination + type: string + gateway: + description: |- + Gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + Type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openShiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.169.0/29 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/125 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + HybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: HybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default value is fd98::/48 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is fd98::/48 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork specifies whether or not multiple pod network + support should be disabled. If unset, this property defaults to + 'false' and multiple network support is enabled. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 0000000000..e55b94afc3 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,1025 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: SimpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: IPAMConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: StaticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: Addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: Address is the IP address in + CIDR format + type: string + gateway: + description: Gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: DNS configures DNS for the interface + properties: + domain: + description: Domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: Nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: Search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: Routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: Destination points the IP route + destination + type: string + gateway: + description: |- + Gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + Type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openShiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + IPForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.169.0/29 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/125 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + HybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: HybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accomadate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default value is fd98::/48 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + The value cannot be changed after installation. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accomadate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. The value cannot be changed + after installation. + Default is fd98::/48 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork specifies whether or not multiple pod network + support should be disabled. If unset, this property defaults to + 'false' and multiple network support is enabled. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks.crd.yaml deleted file mode 100644 index 07c0b1a010..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks.crd.yaml +++ /dev/null @@ -1,931 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - name: networks.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: Network - listKind: NetworkList - plural: networks - singular: network - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Network describes the cluster's desired network configuration. - It is consumed by the cluster-network-operator. \n Compatibility level 1: - Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NetworkSpec is the top-level network configuration object. - properties: - additionalNetworks: - description: additionalNetworks is a list of extra networks to make - available to pods when multiple networks are enabled. - items: - description: AdditionalNetworkDefinition configures an extra network - that is available but not created by default. Instead, pods must - request them by name. type must be specified, along with exactly - one "Config" that matches the type. - properties: - name: - description: name is the name of the network. This will be populated - in the resulting CRD This must be unique. - type: string - namespace: - description: namespace is the namespace of the network. This - will be populated in the resulting CRD If not given the network - will be created in the default namespace. - type: string - rawCNIConfig: - description: rawCNIConfig is the raw CNI configuration json - to create in the NetworkAttachmentDefinition CRD - type: string - simpleMacvlanConfig: - description: SimpleMacvlanConfig configures the macvlan interface - in case of type:NetworkTypeSimpleMacvlan - properties: - ipamConfig: - description: IPAMConfig configures IPAM module will be used - for IP Address Management (IPAM). - properties: - staticIPAMConfig: - description: StaticIPAMConfig configures the static - IP address in case of type:IPAMTypeStatic - properties: - addresses: - description: Addresses configures IP address for - the interface - items: - description: StaticIPAMAddresses provides IP address - and Gateway for static IPAM addresses - properties: - address: - description: Address is the IP address in - CIDR format - type: string - gateway: - description: Gateway is IP inside of subnet - to designate as the gateway - type: string - type: object - type: array - dns: - description: DNS configures DNS for the interface - properties: - domain: - description: Domain configures the domainname - the local domain used for short hostname lookups - type: string - nameservers: - description: Nameservers points DNS servers - for IP lookup - items: - type: string - type: array - search: - description: Search configures priority ordered - search domains for short hostname lookups - items: - type: string - type: array - type: object - routes: - description: Routes configures IP routes for the - interface - items: - description: StaticIPAMRoutes provides Destination/Gateway - pairs for static IPAM routes - properties: - destination: - description: Destination points the IP route - destination - type: string - gateway: - description: Gateway is the route's next-hop - IP address If unset, a default gateway is - assumed (as determined by the CNI plugin). - type: string - type: object - type: array - type: object - type: - description: Type is the type of IPAM module will be - used for IP Address Management(IPAM). The supported - values are IPAMTypeDHCP, IPAMTypeStatic - type: string - type: object - master: - description: master is the host interface to create the - macvlan interface from. If not specified, it will be default - route interface - type: string - mode: - description: 'mode is the macvlan mode: bridge, private, - vepa, passthru. The default is bridge' - type: string - mtu: - description: mtu is the mtu to use for the macvlan interface. - if unset, host's kernel will select the value. - format: int32 - minimum: 0 - type: integer - type: object - type: - description: type is the type of network The supported values - are NetworkTypeRaw, NetworkTypeSimpleMacvlan - type: string - type: object - type: array - clusterNetwork: - description: clusterNetwork is the IP address pool to use for pod - IPs. Some network providers, e.g. OpenShift SDN, support multiple - ClusterNetworks. Others only support one. This is equivalent to - the cluster-cidr. - items: - description: ClusterNetworkEntry is a subnet from which to allocate - PodIPs. A network of size HostPrefix (in CIDR notation) will be - allocated when nodes join the cluster. If the HostPrefix field - is not used by the plugin, it can be left unset. Not all network - providers support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - defaultNetwork: - description: defaultNetwork is the "default" network that all pods - will receive - properties: - openshiftSDNConfig: - description: openShiftSDNConfig configures the openshift-sdn plugin - properties: - enableUnidling: - description: enableUnidling controls whether or not the service - proxy will support idling and unidling of services. By default, - unidling is enabled. - type: boolean - mode: - description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" - type: string - mtu: - description: mtu is the mtu to use for the tunnel interface. - Defaults to 1450 if unset. This must be 50 bytes smaller - than the machine's uplink. - format: int32 - minimum: 0 - type: integer - useExternalOpenvswitch: - description: 'useExternalOpenvswitch used to control whether - the operator would deploy an OVS DaemonSet itself or expect - someone else to start OVS. As of 4.6, OVS is always run - as a system service, and this flag is ignored. DEPRECATED: - non-functional as of 4.6' - type: boolean - vxlanPort: - description: vxlanPort is the port to use for all vxlan packets. - The default is 4789. - format: int32 - minimum: 0 - type: integer - type: object - ovnKubernetesConfig: - description: ovnKubernetesConfig configures the ovn-kubernetes - plugin. - properties: - egressIPConfig: - description: egressIPConfig holds the configuration for EgressIP - options. - properties: - reachabilityTotalTimeoutSeconds: - description: reachabilityTotalTimeout configures the EgressIP - node reachability check total timeout in seconds. If - the EgressIP node cannot be reached within this timeout, - the node is declared down. Setting a large value may - cause the EgressIP feature to react slowly to node changes. - In particular, it may react slowly for EgressIP nodes - that really have a genuine problem and are unreachable. - When omitted, this means the user has no opinion and - the platform is left to choose a reasonable default, - which is subject to change over time. The current default - is 1 second. A value of 0 disables the EgressIP node's - reachability check. - format: int32 - maximum: 60 - minimum: 0 - type: integer - type: object - gatewayConfig: - description: gatewayConfig holds the configuration for node - gateway options. - properties: - ipForwarding: - description: IPForwarding controls IP forwarding for all - traffic on OVN-Kubernetes managed interfaces (such as - br-ex). By default this is set to Restricted, and Kubernetes - related traffic is still forwarded appropriately, but - other IP traffic will not be routed by the OCP node. - If there is a desire to allow the host to forward traffic - across OVN-Kubernetes managed interfaces, then set this - field to "Global". The supported values are "Restricted" - and "Global". - type: string - ipv4: - description: ipv4 allows users to configure IP settings - for IPv4 connections. When omitted, this means no opinion - and the default configuration is used. Check individual - members fields within ipv4 for details of default values. - properties: - internalMasqueradeSubnet: - description: internalMasqueradeSubnet contains the - masquerade addresses in IPV4 CIDR format used internally - by ovn-kubernetes to enable host to service traffic. - Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge - interface. The values can be changed after installation. - The subnet chosen should not overlap with other - networks specified for OVN-Kubernetes as well as - other networks used on the host. Additionally the - subnet must be large enough to accommodate 6 IPs - (maximum prefix length /29). When omitted, this - means no opinion and the platform is left to choose - a reasonable default which is subject to change - over time. The current default subnet is 169.254.169.0/29 - The value must be in proper IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV4 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == - 4 - - message: subnet must be in the range /0 to /29 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() - <= 29 - - message: first IP address octet must not be 0 - rule: isCIDR(self) && int(self.split('.')[0]) > - 0 - type: object - ipv6: - description: ipv6 allows users to configure IP settings - for IPv6 connections. When omitted, this means no opinion - and the default configuration is used. Check individual - members fields within ipv6 for details of default values. - properties: - internalMasqueradeSubnet: - description: internalMasqueradeSubnet contains the - masquerade addresses in IPV6 CIDR format used internally - by ovn-kubernetes to enable host to service traffic. - Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge - interface. The values can be changed after installation. - The subnet chosen should not overlap with other - networks specified for OVN-Kubernetes as well as - other networks used on the host. Additionally the - subnet must be large enough to accommodate 6 IPs - (maximum prefix length /125). When omitted, this - means no opinion and the platform is left to choose - a reasonable default which is subject to change - over time. The current default subnet is fd69::/125 - Note that IPV6 dual addresses are not permitted - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV6 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == - 6 - - message: subnet must be in the range /0 to /125 - inclusive - rule: isCIDR(self) && cidr(self).prefixLength() - <= 125 - type: object - routingViaHost: - default: false - description: RoutingViaHost allows pod egress traffic - to exit via the ovn-k8s-mp0 management port into the - host before sending it out. If this is not set, traffic - will always egress directly from OVN to outside without - touching the host stack. Setting this to true means - hardware offload will not be supported. Default is false - if GatewayConfig is specified. - type: boolean - type: object - genevePort: - description: geneve port is the UDP port to be used by geneve - encapulation. Default is 6081 - format: int32 - minimum: 1 - type: integer - hybridOverlayConfig: - description: HybridOverlayConfig configures an additional - overlay network for peers that are not using OVN. - properties: - hybridClusterNetwork: - description: HybridClusterNetwork defines a network space - given to nodes on an additional overlay network. - items: - description: ClusterNetworkEntry is a subnet from which - to allocate PodIPs. A network of size HostPrefix (in - CIDR notation) will be allocated when nodes join the - cluster. If the HostPrefix field is not used by the - plugin, it can be left unset. Not all network providers - support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - hybridOverlayVXLANPort: - description: HybridOverlayVXLANPort defines the VXLAN - port number to be used by the additional overlay network. - Default is 4789 - format: int32 - type: integer - type: object - ipsecConfig: - default: - mode: Disabled - description: ipsecConfig enables and configures IPsec for - pods on the pod network within the cluster. - properties: - mode: - description: mode defines the behaviour of the ipsec configuration - within the platform. Valid values are `Disabled`, `External` - and `Full`. When 'Disabled', ipsec will not be enabled - at the node level. When 'External', ipsec is enabled - on the node level but requires the user to configure - the secure communication parameters. This mode is for - external secure communications and the configuration - can be done using the k8s-nmstate operator. When 'Full', - ipsec is configured on the node level and inter-pod - secure communication within the cluster is configured. - Note with `Full`, if ipsec is desired for communication - with external (to the cluster) entities (such as storage - arrays), this is left to the user to configure. - enum: - - Disabled - - External - - Full - type: string - type: object - x-kubernetes-validations: - - message: ipsecConfig.mode is required - rule: self == oldSelf || has(self.mode) - ipv4: - description: ipv4 allows users to configure IP settings for - IPv4 connections. When ommitted, this means no opinions - and the default configuration is used. Check individual - fields within ipv4 for details of default values. - properties: - internalJoinSubnet: - description: internalJoinSubnet is a v4 subnet used internally - by ovn-kubernetes in case the default one is being already - used by something else. It must not overlap with any - other subnet being used by OpenShift or by the node - network. The size of the subnet must be larger than - the number of nodes. The value cannot be changed after - installation. The current default value is 100.64.0.0/16 - The subnet must be large enough to accomadate one IP - per node in your cluster The value must be in proper - IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV4 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 4 - - message: subnet must be in the range /0 to /30 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 30 - - message: first IP address octet must not be 0 - rule: isCIDR(self) && int(self.split('.')[0]) > 0 - internalTransitSwitchSubnet: - description: internalTransitSwitchSubnet is a v4 subnet - in IPV4 CIDR format used internally by OVN-Kubernetes - for the distributed transit switch in the OVN Interconnect - architecture that connects the cluster routers on each - node together to enable east west traffic. The subnet - chosen should not overlap with other networks specified - for OVN-Kubernetes as well as other networks used on - the host. The value cannot be changed after installation. - When ommitted, this means no opinion and the platform - is left to choose a reasonable default which is subject - to change over time. The current default subnet is 100.88.0.0/16 - The subnet must be large enough to accomadate one IP - per node in your cluster The value must be in proper - IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV4 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 4 - - message: subnet must be in the range /0 to /30 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 30 - - message: first IP address octet must not be 0 - rule: isCIDR(self) && int(self.split('.')[0]) > 0 - type: object - ipv6: - description: ipv6 allows users to configure IP settings for - IPv6 connections. When ommitted, this means no opinions - and the default configuration is used. Check individual - fields within ipv4 for details of default values. - properties: - internalJoinSubnet: - description: internalJoinSubnet is a v6 subnet used internally - by ovn-kubernetes in case the default one is being already - used by something else. It must not overlap with any - other subnet being used by OpenShift or by the node - network. The size of the subnet must be larger than - the number of nodes. The value cannot be changed after - installation. The subnet must be large enough to accomadate - one IP per node in your cluster The current default - value is fd98::/48 The value must be in proper IPV6 - CIDR format Note that IPV6 dual addresses are not permitted - maxLength: 48 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV6 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 6 - - message: subnet must be in the range /0 to /125 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 125 - internalTransitSwitchSubnet: - description: internalTransitSwitchSubnet is a v4 subnet - in IPV4 CIDR format used internally by OVN-Kubernetes - for the distributed transit switch in the OVN Interconnect - architecture that connects the cluster routers on each - node together to enable east west traffic. The subnet - chosen should not overlap with other networks specified - for OVN-Kubernetes as well as other networks used on - the host. The value cannot be changed after installation. - When ommitted, this means no opinion and the platform - is left to choose a reasonable default which is subject - to change over time. The subnet must be large enough - to accomadate one IP per node in your cluster The current - default subnet is fd97::/64 The value must be in proper - IPV6 CIDR format Note that IPV6 dual addresses are not - permitted - maxLength: 48 - type: string - x-kubernetes-validations: - - message: Subnet must be in valid IPV6 CIDR format - rule: isCIDR(self) && cidr(self).ip().family() == 6 - - message: subnet must be in the range /0 to /125 inclusive - rule: isCIDR(self) && cidr(self).prefixLength() <= 125 - type: object - mtu: - description: mtu is the MTU to use for the tunnel interface. - This must be 100 bytes smaller than the uplink mtu. Default - is 1400 - format: int32 - minimum: 0 - type: integer - policyAuditConfig: - description: policyAuditConfig is the configuration for network - policy audit events. If unset, reported defaults are used. - properties: - destination: - default: "null" - description: 'destination is the location for policy log - messages. Regardless of this config, persistent logs - will always be dumped to the host at /var/log/ovn/ however - Additionally syslog output may be configured as follows. - Valid values are: - "libc" -> to use the libc syslog() - function of the host node''s journdald process - "udp:host:port" - -> for sending syslog over UDP - "unix:file" -> for - using the UNIX domain socket directly - "null" -> to - discard all messages logged to syslog The default is - "null"' - type: string - maxFileSize: - default: 50 - description: maxFilesSize is the max size an ACL_audit - log file is allowed to reach before rotation occurs - Units are in MB and the Default is 50MB - format: int32 - minimum: 1 - type: integer - maxLogFiles: - default: 5 - description: maxLogFiles specifies the maximum number - of ACL_audit log files that can be present. - format: int32 - minimum: 1 - type: integer - rateLimit: - default: 20 - description: rateLimit is the approximate maximum number - of messages to generate per-second per-node. If unset - the default of 20 msg/sec is used. - format: int32 - minimum: 1 - type: integer - syslogFacility: - default: local0 - description: syslogFacility the RFC5424 facility for generated - messages, e.g. "kern". Default is "local0" - type: string - type: object - v4InternalSubnet: - description: v4InternalSubnet is a v4 subnet used internally - by ovn-kubernetes in case the default one is being already - used by something else. It must not overlap with any other - subnet being used by OpenShift or by the node network. The - size of the subnet must be larger than the number of nodes. - The value cannot be changed after installation. Default - is 100.64.0.0/16 - type: string - v6InternalSubnet: - description: v6InternalSubnet is a v6 subnet used internally - by ovn-kubernetes in case the default one is being already - used by something else. It must not overlap with any other - subnet being used by OpenShift or by the node network. The - size of the subnet must be larger than the number of nodes. - The value cannot be changed after installation. Default - is fd98::/48 - type: string - type: object - type: - description: type is the type of network All NetworkTypes are - supported except for NetworkTypeRaw - type: string - type: object - deployKubeProxy: - description: deployKubeProxy specifies whether or not a standalone - kube-proxy should be deployed by the operator. Some network providers - include kube-proxy or similar functionality. If unset, the plugin - will attempt to select the correct value, which is false when OpenShift - SDN and ovn-kubernetes are used and true otherwise. - type: boolean - disableMultiNetwork: - description: disableMultiNetwork specifies whether or not multiple - pod network support should be disabled. If unset, this property - defaults to 'false' and multiple network support is enabled. - type: boolean - disableNetworkDiagnostics: - default: false - description: disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck - CRs from a test pod to every node, apiserver and LB should be disabled - or not. If unset, this property defaults to 'false' and network - diagnostics is enabled. Setting this to 'true' would reduce the - additional load of the pods performing the checks. - type: boolean - exportNetworkFlows: - description: exportNetworkFlows enables and configures the export - of network flow metadata from the pod network by using protocols - NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes - plugin. If unset, flows will not be exported to any collector. - properties: - ipfix: - description: ipfix defines IPFIX configuration. - properties: - collectors: - description: ipfixCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - netFlow: - description: netFlow defines the NetFlow configuration. - properties: - collectors: - description: netFlow defines the NetFlow collectors that will - consume the flow data exported from OVS. It is a list of - strings formatted as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - sFlow: - description: sFlow defines the SFlow configuration. - properties: - collectors: - description: sFlowCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - type: object - kubeProxyConfig: - description: kubeProxyConfig lets us configure desired proxy configuration. - If not specified, sensible defaults will be chosen by OpenShift - directly. Not consumed by all network providers - currently only - openshift-sdn. - properties: - bindAddress: - description: The address to "bind" on Defaults to 0.0.0.0 - type: string - iptablesSyncPeriod: - description: 'An internal kube-proxy parameter. In older releases - of OCP, this sometimes needed to be adjusted in large clusters - for performance reasons, but this is no longer necessary, and - there is no reason to change this from the default value. Default: - 30s' - type: string - proxyArguments: - additionalProperties: - description: ProxyArgumentList is a list of arguments to pass - to the kubeproxy process - items: - type: string - type: array - description: Any additional arguments to pass to the kubeproxy - process - type: object - type: object - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - migration: - description: migration enables and configures the cluster network - migration. The migration procedure allows to change the network - type and the MTU. - properties: - features: - description: features contains the features migration configuration. - Set this to migrate feature configuration when changing the - cluster default network provider. if unset, the default operation - is to migrate all the configuration of supported features. - properties: - egressFirewall: - default: true - description: egressFirewall specifies whether or not the Egress - Firewall configuration is migrated automatically when changing - the cluster default network provider. If unset, this property - defaults to 'true' and Egress Firewall configure is migrated. - type: boolean - egressIP: - default: true - description: egressIP specifies whether or not the Egress - IP configuration is migrated automatically when changing - the cluster default network provider. If unset, this property - defaults to 'true' and Egress IP configure is migrated. - type: boolean - multicast: - default: true - description: multicast specifies whether or not the multicast - configuration is migrated automatically when changing the - cluster default network provider. If unset, this property - defaults to 'true' and multicast configure is migrated. - type: boolean - type: object - mode: - description: mode indicates the mode of network migration. The - supported values are "Live", "Offline" and omitted. A "Live" - migration operation will not cause service interruption by migrating - the CNI of each node one by one. The cluster network will work - as normal during the network migration. An "Offline" migration - operation will cause service interruption. During an "Offline" - migration, two rounds of node reboots are required. The cluster - network will be malfunctioning during the network migration. - When omitted, this means no opinion and the platform is left - to choose a reasonable default which is subject to change over - time. The current default value is "Offline". - enum: - - Live - - Offline - - "" - type: string - mtu: - description: mtu contains the MTU migration configuration. Set - this to allow changing the MTU values for the default network. - If unset, the operation of changing the MTU for the default - network will be rejected. - properties: - machine: - description: machine contains MTU migration configuration - for the machine's uplink. Needs to be migrated along with - the default network MTU unless the current uplink MTU already - accommodates the default network MTU. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: network contains information about MTU migration - for the default network. Migrations are only allowed to - MTU values lower than the machine's uplink MTU by the minimum - appropriate offset. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - networkType: - description: networkType is the target type of network migration. - Set this to the target network type to allow changing the default - network. If unset, the operation of changing cluster default - network plugin will be rejected. The supported values are OpenShiftSDN, - OVNKubernetes - type: string - type: object - x-kubernetes-validations: - - message: networkType migration in mode other than 'Live' may not - be configured at the same time as mtu migration - rule: '!has(self.mtu) || !has(self.networkType) || self.networkType - == "" || has(self.mode) && self.mode == ''Live''' - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - serviceNetwork: - description: serviceNetwork is the ip address pool to use for Service - IPs Currently, all existing network providers only support a single - value here, but this is an array to allow for growth. - items: - type: string - type: array - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - useMultiNetworkPolicy: - description: useMultiNetworkPolicy enables a controller which allows - for MultiNetworkPolicy objects to be used on additional networks - as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy - objects, but NetworkPolicy objects only apply to the primary interface. - With MultiNetworkPolicy, you can control the traffic that a pod - can receive over the secondary interfaces. If unset, this property - defaults to 'false' and MultiNetworkPolicy objects are ignored. - If 'disableMultiNetwork' is 'true' then the value of this field - is ignored. - type: boolean - type: object - x-kubernetes-validations: - - message: invalid value for IPForwarding, valid values are 'Restricted' - or 'Global' - rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) - || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || - !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) - || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == ''Global''' - status: - description: NetworkStatus is detailed operator status, which is distilled - up to the Network clusteroperator object. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_csi-snapshot-controller_01_csisnapshotcontrollers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_csi-snapshot-controller_01_csisnapshotcontrollers.crd.yaml index ed15b82c73..a166e4c3a7 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_csi-snapshot-controller_01_csisnapshotcontrollers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_csi-snapshot-controller_01_csisnapshotcontrollers.crd.yaml @@ -19,20 +19,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "CSISnapshotController provides a means to configure an operator - to manage the CSI snapshots. `cluster` is the canonical name. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." + description: |- + CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,11 +46,12 @@ spec: properties: logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -59,19 +65,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -80,13 +87,12 @@ spec: - TraceAll type: string unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -101,6 +107,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -108,10 +117,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -148,9 +167,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf observedGeneration: description: observedGeneration is the last generation change you've dealt with diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations.crd.yaml index 09463d1971..073cb45f3d 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations.crd.yaml @@ -19,20 +19,25 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "MachineConfiguration provides information to configure an operator - to manage Machine Configuration. \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." + description: |- + MachineConfiguration provides information to configure an operator to manage Machine Configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -41,25 +46,25 @@ spec: Machine Config Operator properties: failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. type: string logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -68,39 +73,35 @@ spec: - TraceAll type: string managedBootImages: - description: managedBootImages allows configuration for the management - of boot images for machine resources within the cluster. This configuration - allows users to select resources that should be updated to the latest - boot images during cluster upgrades, ensuring that new machines - always boot with the current cluster version's boot image. When - omitted, no boot images will be updated. + description: |- + managedBootImages allows configuration for the management of boot images for machine + resources within the cluster. This configuration allows users to select resources that should + be updated to the latest boot images during cluster upgrades, ensuring that new machines + always boot with the current cluster version's boot image. When omitted, no boot images + will be updated. properties: machineManagers: - description: machineManagers can be used to register machine management - resources for boot image updates. The Machine Config Operator - will watch for changes to this list. Only one entry is permitted - per type of machine management resource. + description: |- + machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator + will watch for changes to this list. Only one entry is permitted per type of machine management resource. items: - description: MachineManager describes a target machine resource - that is registered for boot image updates. It stores identifying - information such as the resource type and the API Group of - the resource. It also provides granular control via the selection - field. + description: |- + MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information + such as the resource type and the API Group of the resource. It also provides granular control via the selection field. properties: apiGroup: - description: apiGroup is name of the APIGroup that the machine - management resource belongs to. The only current valid - value is machine.openshift.io. machine.openshift.io means - that the machine manager will only register resources - that belong to OpenShift machine API group. + description: |- + apiGroup is name of the APIGroup that the machine management resource belongs to. + The only current valid value is machine.openshift.io. + machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group. enum: - machine.openshift.io type: string resource: - description: resource is the machine management resource's - type. The only current valid value is machinesets. machinesets - means that the machine manager will only register resources - of the kind MachineSet. + description: |- + resource is the machine management resource's type. + The only current valid value is machinesets. + machinesets means that the machine manager will only register resources of the kind MachineSet. enum: - machinesets type: string @@ -110,20 +111,18 @@ spec: image updates. properties: mode: - description: mode determines how machine managers will - be selected for updates. Valid values are All and - Partial. All means that every resource matched by - the machine manager will be updated. Partial requires - specified selector(s) and allows customisation of - which resources matched by the machine manager will - be updated. + description: |- + mode determines how machine managers will be selected for updates. + Valid values are All and Partial. + All means that every resource matched by the machine manager will be updated. + Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. enum: - All - Partial type: string partial: - description: partial provides label selector(s) that - can be used to match machine management resources. + description: |- + partial provides label selector(s) that can be used to match machine management resources. Only permitted when mode is set to "Partial". properties: machineResourceSelector: @@ -136,28 +135,24 @@ spec: selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -172,12 +167,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic @@ -209,32 +202,29 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string nodeDisruptionPolicy: - description: nodeDisruptionPolicy allows an admin to set granular - node disruption actions for MachineConfig-based updates, such as - drains, service reloads, etc. Specifying this will allow for less - downtime when doing small configuration updates to the cluster. - This configuration has no effect on cluster upgrades which will - still incur node disruption where required. + description: |- + nodeDisruptionPolicy allows an admin to set granular node disruption actions for + MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow + for less downtime when doing small configuration updates to the cluster. This configuration + has no effect on cluster upgrades which will still incur node disruption where required. properties: files: - description: files is a list of MachineConfig file definitions - and actions to take to changes on those paths This list supports - a maximum of 50 entries. + description: |- + files is a list of MachineConfig file definitions and actions to take to changes on those paths + This list supports a maximum of 50 entries. items: description: NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object properties: actions: - description: actions represents the series of commands to - be executed on changes to the file at the corresponding - file path. Actions will be applied in the order that they - are set in this list. If there are other incoming changes - to other MachineConfig entries in the same update that - require a reboot, the reboot will supercede these actions. - Valid actions are Reboot, Drain, Reload, DaemonReload - and None. The Reboot action and the None action cannot - be used in conjunction with any of the other actions. + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries. items: properties: @@ -243,16 +233,11 @@ spec: only valid if type is reload properties: serviceName: - description: serviceName is the full name (e.g. - crio.service) of the service to be reloaded - Service names should be of the format ${NAME}${SERVICETYPE} - and can up to 255 characters long. ${NAME} must - be atleast 1 character long and can only consist - of alphabets, digits, ":", "-", "_", ".", and - "\". ${SERVICETYPE} must be one of ".service", - ".socket", ".device", ".mount", ".automount", - ".swap", ".target", ".path", ".timer", ".snapshot", - ".slice" or ".scope". + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". maxLength: 255 type: string x-kubernetes-validations: @@ -277,16 +262,11 @@ spec: only valid if type is restart properties: serviceName: - description: serviceName is the full name (e.g. - crio.service) of the service to be restarted - Service names should be of the format ${NAME}${SERVICETYPE} - and can up to 255 characters long. ${NAME} must - be atleast 1 character long and can only consist - of alphabets, digits, ":", "-", "_", ".", and - "\". ${SERVICETYPE} must be one of ".service", - ".socket", ".device", ".mount", ".automount", - ".swap", ".target", ".path", ".timer", ".snapshot", - ".slice" or ".scope". + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". maxLength: 255 type: string x-kubernetes-validations: @@ -307,13 +287,11 @@ spec: - serviceName type: object type: - description: type represents the commands that will - be carried out if this NodeDisruptionPolicySpecActionType - is executed Valid values are Reboot, Drain, Reload, - Restart, DaemonReload and None. reload/restart requires - a corresponding service target specified in the - reload/restart field. Other values require no further - configuration + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration enum: - Reboot - Drain @@ -347,9 +325,9 @@ spec: rule: 'self.exists(x, x.type==''None'') ? size(self) == 1 : true' path: - description: path is the location of a file being managed - through a MachineConfig. The Actions in the policy will - apply to changes to the file at this path. + description: |- + path is the location of a file being managed through a MachineConfig. + The Actions in the policy will apply to changes to the file at this path. type: string required: - actions @@ -361,21 +339,19 @@ spec: - path x-kubernetes-list-type: map sshkey: - description: sshkey maps to the ignition.sshkeys field in the - MachineConfig object, definition an action for this will apply - to all sshkey changes in the cluster + description: |- + sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this + will apply to all sshkey changes in the cluster properties: actions: - description: actions represents the series of commands to - be executed on changes to the file at the corresponding - file path. Actions will be applied in the order that they - are set in this list. If there are other incoming changes - to other MachineConfig entries in the same update that require - a reboot, the reboot will supercede these actions. Valid - actions are Reboot, Drain, Reload, DaemonReload and None. - The Reboot action and the None action cannot be used in - conjunction with any of the other actions. This list supports - a maximum of 10 entries. + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. items: properties: reload: @@ -383,16 +359,11 @@ spec: only valid if type is reload properties: serviceName: - description: serviceName is the full name (e.g. - crio.service) of the service to be reloaded Service - names should be of the format ${NAME}${SERVICETYPE} - and can up to 255 characters long. ${NAME} must - be atleast 1 character long and can only consist - of alphabets, digits, ":", "-", "_", ".", and - "\". ${SERVICETYPE} must be one of ".service", - ".socket", ".device", ".mount", ".automount", - ".swap", ".target", ".path", ".timer", ".snapshot", - ".slice" or ".scope". + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". maxLength: 255 type: string x-kubernetes-validations: @@ -417,16 +388,11 @@ spec: only valid if type is restart properties: serviceName: - description: serviceName is the full name (e.g. - crio.service) of the service to be restarted Service - names should be of the format ${NAME}${SERVICETYPE} - and can up to 255 characters long. ${NAME} must - be atleast 1 character long and can only consist - of alphabets, digits, ":", "-", "_", ".", and - "\". ${SERVICETYPE} must be one of ".service", - ".socket", ".device", ".mount", ".automount", - ".swap", ".target", ".path", ".timer", ".snapshot", - ".slice" or ".scope". + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". maxLength: 255 type: string x-kubernetes-validations: @@ -447,12 +413,11 @@ spec: - serviceName type: object type: - description: type represents the commands that will - be carried out if this NodeDisruptionPolicySpecActionType - is executed Valid values are Reboot, Drain, Reload, - Restart, DaemonReload and None. reload/restart requires - a corresponding service target specified in the reload/restart - field. Other values require no further configuration + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration enum: - Reboot - Drain @@ -489,24 +454,22 @@ spec: - actions type: object units: - description: units is a list MachineConfig unit definitions and - actions to take on changes to those services This list supports - a maximum of 50 entries. + description: |- + units is a list MachineConfig unit definitions and actions to take on changes to those services + This list supports a maximum of 50 entries. items: description: NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object properties: actions: - description: actions represents the series of commands to - be executed on changes to the file at the corresponding - file path. Actions will be applied in the order that they - are set in this list. If there are other incoming changes - to other MachineConfig entries in the same update that - require a reboot, the reboot will supercede these actions. - Valid actions are Reboot, Drain, Reload, DaemonReload - and None. The Reboot action and the None action cannot - be used in conjunction with any of the other actions. + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries. items: properties: @@ -515,16 +478,11 @@ spec: only valid if type is reload properties: serviceName: - description: serviceName is the full name (e.g. - crio.service) of the service to be reloaded - Service names should be of the format ${NAME}${SERVICETYPE} - and can up to 255 characters long. ${NAME} must - be atleast 1 character long and can only consist - of alphabets, digits, ":", "-", "_", ".", and - "\". ${SERVICETYPE} must be one of ".service", - ".socket", ".device", ".mount", ".automount", - ".swap", ".target", ".path", ".timer", ".snapshot", - ".slice" or ".scope". + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". maxLength: 255 type: string x-kubernetes-validations: @@ -549,16 +507,11 @@ spec: only valid if type is restart properties: serviceName: - description: serviceName is the full name (e.g. - crio.service) of the service to be restarted - Service names should be of the format ${NAME}${SERVICETYPE} - and can up to 255 characters long. ${NAME} must - be atleast 1 character long and can only consist - of alphabets, digits, ":", "-", "_", ".", and - "\". ${SERVICETYPE} must be one of ".service", - ".socket", ".device", ".mount", ".automount", - ".swap", ".target", ".path", ".timer", ".snapshot", - ".slice" or ".scope". + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". maxLength: 255 type: string x-kubernetes-validations: @@ -579,13 +532,11 @@ spec: - serviceName type: object type: - description: type represents the commands that will - be carried out if this NodeDisruptionPolicySpecActionType - is executed Valid values are Reboot, Drain, Reload, - Restart, DaemonReload and None. reload/restart requires - a corresponding service target specified in the - reload/restart field. Other values require no further - configuration + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration enum: - Reboot - Drain @@ -619,16 +570,12 @@ spec: rule: 'self.exists(x, x.type==''None'') ? size(self) == 1 : true' name: - description: name represents the service name of a systemd - service managed through a MachineConfig Actions specified - will be applied for changes to the named service. Service - names should be of the format ${NAME}${SERVICETYPE} and - can up to 255 characters long. ${NAME} must be atleast - 1 character long and can only consist of alphabets, digits, - ":", "-", "_", ".", and "\". ${SERVICETYPE} must be one - of ".service", ".socket", ".device", ".mount", ".automount", - ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" - or ".scope". + description: |- + name represents the service name of a systemd service managed through a MachineConfig + Actions specified will be applied for changes to the named service. + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". maxLength: 255 type: string x-kubernetes-validations: @@ -654,19 +601,20 @@ spec: x-kubernetes-list-type: map type: object observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -675,19 +623,18 @@ spec: - TraceAll type: string succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) format: int32 type: integer unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -699,43 +646,35 @@ spec: conditions: description: conditions is a list of conditions and their status items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -750,10 +689,6 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -769,9 +704,9 @@ spec: - type x-kubernetes-list-type: map nodeDisruptionPolicyStatus: - description: nodeDisruptionPolicyStatus status reflects what the latest - cluster-validated policies are, and will be used by the Machine - Config Daemon during future node updates. + description: |- + nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, + and will be used by the Machine Config Daemon during future node updates. properties: clusterPolicies: description: clusterPolicies is a merge of cluster default and @@ -786,17 +721,14 @@ spec: object properties: actions: - description: actions represents the series of commands - to be executed on changes to the file at the corresponding - file path. Actions will be applied in the order that - they are set in this list. If there are other incoming - changes to other MachineConfig entries in the same - update that require a reboot, the reboot will supercede - these actions. Valid actions are Reboot, Drain, Reload, - DaemonReload and None. The Reboot action and the None - action cannot be used in conjunction with any of the - other actions. This list supports a maximum of 10 - entries. + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. items: properties: reload: @@ -804,17 +736,11 @@ spec: only valid if type is reload properties: serviceName: - description: serviceName is the full name - (e.g. crio.service) of the service to be - reloaded Service names should be of the - format ${NAME}${SERVICETYPE} and can up - to 255 characters long. ${NAME} must be - atleast 1 character long and can only consist - of alphabets, digits, ":", "-", "_", ".", - and "\". ${SERVICETYPE} must be one of ".service", - ".socket", ".device", ".mount", ".automount", - ".swap", ".target", ".path", ".timer", ".snapshot", - ".slice" or ".scope". + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". maxLength: 255 type: string x-kubernetes-validations: @@ -839,17 +765,11 @@ spec: restart, only valid if type is restart properties: serviceName: - description: serviceName is the full name - (e.g. crio.service) of the service to be - restarted Service names should be of the - format ${NAME}${SERVICETYPE} and can up - to 255 characters long. ${NAME} must be - atleast 1 character long and can only consist - of alphabets, digits, ":", "-", "_", ".", - and "\". ${SERVICETYPE} must be one of ".service", - ".socket", ".device", ".mount", ".automount", - ".swap", ".target", ".path", ".timer", ".snapshot", - ".slice" or ".scope". + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". maxLength: 255 type: string x-kubernetes-validations: @@ -870,12 +790,10 @@ spec: - serviceName type: object type: - description: type represents the commands that - will be carried out if this NodeDisruptionPolicyStatusActionType - is executed Valid values are Reboot, Drain, - Reload, Restart, DaemonReload, None and Special. - reload/restart requires a corresponding service - target specified in the reload/restart field. + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. + reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration enum: - Reboot @@ -911,9 +829,9 @@ spec: rule: 'self.exists(x, x.type==''None'') ? size(self) == 1 : true' path: - description: path is the location of a file being managed - through a MachineConfig. The Actions in the policy - will apply to changes to the file at this path. + description: |- + path is the location of a file being managed through a MachineConfig. + The Actions in the policy will apply to changes to the file at this path. type: string required: - actions @@ -928,15 +846,13 @@ spec: description: sshkey is the overall sshkey MachineConfig definition properties: actions: - description: actions represents the series of commands - to be executed on changes to the file at the corresponding - file path. Actions will be applied in the order that - they are set in this list. If there are other incoming - changes to other MachineConfig entries in the same update - that require a reboot, the reboot will supercede these - actions. Valid actions are Reboot, Drain, Reload, DaemonReload - and None. The Reboot action and the None action cannot - be used in conjunction with any of the other actions. + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries. items: properties: @@ -945,16 +861,11 @@ spec: only valid if type is reload properties: serviceName: - description: serviceName is the full name (e.g. - crio.service) of the service to be reloaded - Service names should be of the format ${NAME}${SERVICETYPE} - and can up to 255 characters long. ${NAME} - must be atleast 1 character long and can only - consist of alphabets, digits, ":", "-", "_", - ".", and "\". ${SERVICETYPE} must be one of - ".service", ".socket", ".device", ".mount", - ".automount", ".swap", ".target", ".path", - ".timer", ".snapshot", ".slice" or ".scope". + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". maxLength: 255 type: string x-kubernetes-validations: @@ -979,16 +890,11 @@ spec: only valid if type is restart properties: serviceName: - description: serviceName is the full name (e.g. - crio.service) of the service to be restarted - Service names should be of the format ${NAME}${SERVICETYPE} - and can up to 255 characters long. ${NAME} - must be atleast 1 character long and can only - consist of alphabets, digits, ":", "-", "_", - ".", and "\". ${SERVICETYPE} must be one of - ".service", ".socket", ".device", ".mount", - ".automount", ".swap", ".target", ".path", - ".timer", ".snapshot", ".slice" or ".scope". + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". maxLength: 255 type: string x-kubernetes-validations: @@ -1009,13 +915,11 @@ spec: - serviceName type: object type: - description: type represents the commands that will - be carried out if this NodeDisruptionPolicyStatusActionType - is executed Valid values are Reboot, Drain, Reload, - Restart, DaemonReload, None and Special. reload/restart - requires a corresponding service target specified - in the reload/restart field. Other values require - no further configuration + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration enum: - Reboot - Drain @@ -1061,17 +965,14 @@ spec: in the NodeDisruptionPolicyClusterStatus object properties: actions: - description: actions represents the series of commands - to be executed on changes to the file at the corresponding - file path. Actions will be applied in the order that - they are set in this list. If there are other incoming - changes to other MachineConfig entries in the same - update that require a reboot, the reboot will supercede - these actions. Valid actions are Reboot, Drain, Reload, - DaemonReload and None. The Reboot action and the None - action cannot be used in conjunction with any of the - other actions. This list supports a maximum of 10 - entries. + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. items: properties: reload: @@ -1079,17 +980,11 @@ spec: only valid if type is reload properties: serviceName: - description: serviceName is the full name - (e.g. crio.service) of the service to be - reloaded Service names should be of the - format ${NAME}${SERVICETYPE} and can up - to 255 characters long. ${NAME} must be - atleast 1 character long and can only consist - of alphabets, digits, ":", "-", "_", ".", - and "\". ${SERVICETYPE} must be one of ".service", - ".socket", ".device", ".mount", ".automount", - ".swap", ".target", ".path", ".timer", ".snapshot", - ".slice" or ".scope". + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". maxLength: 255 type: string x-kubernetes-validations: @@ -1114,17 +1009,11 @@ spec: restart, only valid if type is restart properties: serviceName: - description: serviceName is the full name - (e.g. crio.service) of the service to be - restarted Service names should be of the - format ${NAME}${SERVICETYPE} and can up - to 255 characters long. ${NAME} must be - atleast 1 character long and can only consist - of alphabets, digits, ":", "-", "_", ".", - and "\". ${SERVICETYPE} must be one of ".service", - ".socket", ".device", ".mount", ".automount", - ".swap", ".target", ".path", ".timer", ".snapshot", - ".slice" or ".scope". + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". maxLength: 255 type: string x-kubernetes-validations: @@ -1145,12 +1034,10 @@ spec: - serviceName type: object type: - description: type represents the commands that - will be carried out if this NodeDisruptionPolicyStatusActionType - is executed Valid values are Reboot, Drain, - Reload, Restart, DaemonReload, None and Special. - reload/restart requires a corresponding service - target specified in the reload/restart field. + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. + reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration enum: - Reboot @@ -1186,16 +1073,12 @@ spec: rule: 'self.exists(x, x.type==''None'') ? size(self) == 1 : true' name: - description: name represents the service name of a systemd - service managed through a MachineConfig Actions specified - will be applied for changes to the named service. - Service names should be of the format ${NAME}${SERVICETYPE} - and can up to 255 characters long. ${NAME} must be - atleast 1 character long and can only consist of alphabets, - digits, ":", "-", "_", ".", and "\". ${SERVICETYPE} - must be one of ".service", ".socket", ".device", ".mount", - ".automount", ".swap", ".target", ".path", ".timer", - ".snapshot", ".slice" or ".scope". + description: |- + name represents the service name of a systemd service managed through a MachineConfig + Actions specified will be applied for changes to the named service. + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". maxLength: 255 type: string x-kubernetes-validations: diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers.crd.yaml index 96c6bdc01a..9a65a695ac 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_90_csi-driver_01_clustercsidrivers.crd.yaml @@ -19,21 +19,27 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "ClusterCSIDriver object allows management and configuration - of a CSI driver operator installed by default in OpenShift. Name of the - object must be name of the CSI driver it operates. See CSIDriverName type - for list of allowed values. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." + description: |- + ClusterCSIDriver object allows management and configuration of a CSI driver operator + installed by default in OpenShift. Name of the object must be name of the CSI driver + it operates. See CSIDriverName type for list of allowed values. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: properties: @@ -62,19 +68,63 @@ spec: description: spec holds user settable values for configuration properties: driverConfig: - description: driverConfig can be used to specify platform specific - driver configuration. When omitted, this means no opinion and the - platform is left to choose reasonable defaults. These defaults are - subject to change over time. + description: |- + driverConfig can be used to specify platform specific driver configuration. + When omitted, this means no opinion and the platform is left to choose reasonable + defaults. These defaults are subject to change over time. properties: aws: description: aws is used to configure the AWS CSI driver. properties: + efsVolumeMetrics: + description: efsVolumeMetrics sets the configuration for collecting + metrics from EFS volumes used by the EFS CSI Driver. + properties: + recursiveWalk: + description: |- + recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver + when the state is set to RecursiveWalk. + properties: + fsRateLimit: + description: |- + fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is 5. + The valid range is from 1 to 100 goroutines. + format: int32 + maximum: 100 + minimum: 1 + type: integer + refreshPeriodMinutes: + description: |- + refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is 240. + The valid range is from 1 to 43200 minutes (30 days). + format: int32 + maximum: 43200 + minimum: 1 + type: integer + type: object + state: + description: |- + state defines the state of metric collection in the AWS EFS CSI Driver. + This field is required and must be set to one of the following values: Disabled or RecursiveWalk. + Disabled means no metrics collection will be performed. This is the default value. + RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics. + This process may result in high CPU and memory usage, depending on the volume size. + enum: + - RecursiveWalk + - Disabled + type: string + required: + - state + type: object kmsKeyARN: - description: kmsKeyARN sets the cluster default storage class - to encrypt volumes with a user-defined KMS key, rather than - the default KMS key used by AWS. The value may be either - the ARN or Alias ARN of a KMS key. + description: |- + kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, + rather than the default KMS key used by AWS. + The value may be either the ARN or Alias ARN of a KMS key. pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$ type: string type: object @@ -82,39 +132,39 @@ spec: description: azure is used to configure the Azure CSI driver. properties: diskEncryptionSet: - description: diskEncryptionSet sets the cluster default storage - class to encrypt volumes with a customer-managed encryption - set, rather than the default platform-managed keys. + description: |- + diskEncryptionSet sets the cluster default storage class to encrypt volumes with a + customer-managed encryption set, rather than the default platform-managed keys. properties: name: - description: name is the name of the disk encryption set - that will be set on the default storage class. The value - should consist of only alphanumberic characters, underscores - (_), hyphens, and be at most 80 characters in length. + description: |- + name is the name of the disk encryption set that will be set on the default storage class. + The value should consist of only alphanumberic characters, + underscores (_), hyphens, and be at most 80 characters in length. maxLength: 80 pattern: ^[a-zA-Z0-9\_-]+$ type: string resourceGroup: - description: resourceGroup defines the Azure resource - group that contains the disk encryption set. The value - should consist of only alphanumberic characters, underscores - (_), parentheses, hyphens and periods. The value should - not end in a period and be at most 90 characters in + description: |- + resourceGroup defines the Azure resource group that contains the disk encryption set. + The value should consist of only alphanumberic characters, + underscores (_), parentheses, hyphens and periods. + The value should not end in a period and be at most 90 characters in length. maxLength: 90 pattern: ^[\w\.\-\(\)]*[\w\-\(\)]$ type: string subscriptionID: - description: 'subscriptionID defines the Azure subscription - that contains the disk encryption set. The value should - meet the following conditions: 1. It should be a 128-bit - number. 2. It should be 36 characters (32 hexadecimal - characters and 4 hyphens) long. 3. It should be displayed - in five groups separated by hyphens (-). 4. The first - group should be 8 characters long. 5. The second, third, - and fourth groups should be 4 characters long. 6. The - fifth group should be 12 characters long. An Example - SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378' + description: |- + subscriptionID defines the Azure subscription that contains the disk encryption set. + The value should meet the following conditions: + 1. It should be a 128-bit number. + 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. + 3. It should be displayed in five groups separated by hyphens (-). + 4. The first group should be 8 characters long. + 5. The second, third, and fourth groups should be 4 characters long. + 6. The fifth group should be 12 characters long. + An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378 maxLength: 36 pattern: ^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$ type: string @@ -125,10 +175,11 @@ spec: type: object type: object driverType: - description: 'driverType indicates type of CSI driver for which - the driverConfig is being applied to. Valid values are: AWS, - Azure, GCP, IBMCloud, vSphere and omitted. Consumers should - treat unknown values as a NO-OP.' + description: |- + driverType indicates type of CSI driver for which the + driverConfig is being applied to. + Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. + Consumers should treat unknown values as a NO-OP. enum: - "" - AWS @@ -141,42 +192,42 @@ spec: description: gcp is used to configure the GCP CSI driver. properties: kmsKey: - description: kmsKey sets the cluster default storage class - to encrypt volumes with customer-supplied encryption keys, - rather than the default keys managed by GCP. + description: |- + kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied + encryption keys, rather than the default keys managed by GCP. properties: keyRing: - description: keyRing is the name of the KMS Key Ring which - the KMS Key belongs to. The value should correspond - to an existing KMS key ring and should consist of only - alphanumeric characters, hyphens (-) and underscores - (_), and be at most 63 characters in length. + description: |- + keyRing is the name of the KMS Key Ring which the KMS Key belongs to. + The value should correspond to an existing KMS key ring and should + consist of only alphanumeric characters, hyphens (-) and underscores (_), + and be at most 63 characters in length. maxLength: 63 minLength: 1 pattern: ^[a-zA-Z0-9\_-]+$ type: string location: - description: location is the GCP location in which the - Key Ring exists. The value must match an existing GCP - location, or "global". Defaults to global, if not set. + description: |- + location is the GCP location in which the Key Ring exists. + The value must match an existing GCP location, or "global". + Defaults to global, if not set. pattern: ^[a-zA-Z0-9\_-]+$ type: string name: - description: name is the name of the customer-managed - encryption key to be used for disk encryption. The value - should correspond to an existing KMS key and should - consist of only alphanumeric characters, hyphens (-) - and underscores (_), and be at most 63 characters in - length. + description: |- + name is the name of the customer-managed encryption key to be used for disk encryption. + The value should correspond to an existing KMS key and should + consist of only alphanumeric characters, hyphens (-) and underscores (_), + and be at most 63 characters in length. maxLength: 63 minLength: 1 pattern: ^[a-zA-Z0-9\_-]+$ type: string projectID: - description: projectID is the ID of the Project in which - the KMS Key Ring exists. It must be 6 to 30 lowercase - letters, digits, or hyphens. It must start with a letter. - Trailing hyphens are prohibited. + description: |- + projectID is the ID of the Project in which the KMS Key Ring exists. + It must be 6 to 30 lowercase letters, digits, or hyphens. + It must start with a letter. Trailing hyphens are prohibited. maxLength: 30 minLength: 6 pattern: ^[a-z][a-z0-9-]+[a-z0-9]$ @@ -191,9 +242,9 @@ spec: description: ibmcloud is used to configure the IBM Cloud CSI driver. properties: encryptionKeyCRN: - description: encryptionKeyCRN is the IBM Cloud CRN of the - customer-managed root key to use for disk encryption of - volumes for the default storage classes. + description: |- + encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use + for disk encryption of volumes for the default storage classes. maxLength: 154 minLength: 144 pattern: ^crn:v[0-9]+:bluemix:(public|private):(kms|hs-crypto):[a-z-]+:a/[0-9a-f]+:[0-9a-f-]{36}:key:[0-9a-f-]{36}$ @@ -205,45 +256,41 @@ spec: description: vsphere is used to configure the vsphere CSI driver. properties: globalMaxSnapshotsPerBlockVolume: - description: 'globalMaxSnapshotsPerBlockVolume is a global - configuration parameter that applies to volumes on all kinds - of datastores. If omitted, the platform chooses a default, - which is subject to change over time, currently that default - is 3. Snapshots can not be disabled using this parameter. - Increasing number of snapshots above 3 can have negative - impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 - Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html' + description: |- + globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of + datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. + Snapshots can not be disabled using this parameter. + Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 + Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html format: int32 maximum: 32 minimum: 1 type: integer granularMaxSnapshotsPerBlockVolumeInVSAN: - description: granularMaxSnapshotsPerBlockVolumeInVSAN is a - granular configuration parameter on vSAN datastore only. - It overrides GlobalMaxSnapshotsPerBlockVolume if set, while - it falls back to the global constraint if unset. Snapshots - for VSAN can not be disabled using this parameter. + description: |- + granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It + overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. + Snapshots for VSAN can not be disabled using this parameter. format: int32 maximum: 32 minimum: 1 type: integer granularMaxSnapshotsPerBlockVolumeInVVOL: - description: granularMaxSnapshotsPerBlockVolumeInVVOL is a - granular configuration parameter on Virtual Volumes datastore - only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, - while it falls back to the global constraint if unset. Snapshots - for VVOL can not be disabled using this parameter. + description: |- + granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. + It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. + Snapshots for VVOL can not be disabled using this parameter. format: int32 maximum: 32 minimum: 1 type: integer topologyCategories: - description: topologyCategories indicates tag categories with - which vcenter resources such as hostcluster or datacenter - were tagged with. If cluster Infrastructure object has a - topology, values specified in Infrastructure object will - be used and modifications to topologyCategories will be - rejected. + description: |- + topologyCategories indicates tag categories with which + vcenter resources such as hostcluster or datacenter were tagged with. + If cluster Infrastructure object has a topology, values specified in + Infrastructure object will be used and modifications to topologyCategories + will be rejected. items: type: string type: array @@ -259,11 +306,12 @@ spec: has(self.ibmcloud) : !has(self.ibmcloud)' logLevel: default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -277,19 +325,20 @@ spec: pattern: ^(Managed|Unmanaged|Force|Removed)$ type: string observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator nullable: true type: object x-kubernetes-preserve-unknown-fields: true operatorLogLevel: default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". enum: - "" - Normal @@ -298,15 +347,16 @@ spec: - TraceAll type: string storageClassState: - description: StorageClassState determines if CSI operator should create - and manage storage classes. If this field value is empty or Managed - - CSI operator will continuously reconcile storage class and create - if necessary. If this field value is Unmanaged - CSI operator will - not reconcile any previously created storage class. If this field - value is Removed - CSI operator will delete the storage class it - created previously. When omitted, this means the user has no opinion - and the platform chooses a reasonable default, which is subject - to change over time. The current default behaviour is Managed. + description: |- + StorageClassState determines if CSI operator should create and manage storage classes. + If this field value is empty or Managed - CSI operator will continuously reconcile + storage class and create if necessary. + If this field value is Unmanaged - CSI operator will not reconcile any previously created + storage class. + If this field value is Removed - CSI operator will delete the storage class it created previously. + When omitted, this means the user has no opinion and the platform chooses a reasonable default, + which is subject to change over time. + The current default behaviour is Managed. enum: - "" - Managed @@ -314,13 +364,12 @@ spec: - Removed type: string unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. nullable: true type: object x-kubernetes-preserve-unknown-fields: true @@ -335,6 +384,9 @@ spec: description: OperatorCondition is just the standard condition fields. properties: lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: @@ -342,10 +394,20 @@ spec: reason: type: string status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: + - lastTransitionTime + - status - type type: object type: array @@ -382,9 +444,27 @@ spec: description: resource is the resource type of the thing you're tracking type: string + required: + - group + - name + - namespace + - resource type: object type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf observedGeneration: description: observedGeneration is the last generation change you've dealt with diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index 9a37e8e385..84edc0cab3 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -16,6 +16,11 @@ import ( // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AWSCSIDriverConfigSpec) DeepCopyInto(out *AWSCSIDriverConfigSpec) { *out = *in + if in.EFSVolumeMetrics != nil { + in, out := &in.EFSVolumeMetrics, &out.EFSVolumeMetrics + *out = new(AWSEFSVolumeMetrics) + (*in).DeepCopyInto(*out) + } return } @@ -51,6 +56,43 @@ func (in *AWSClassicLoadBalancerParameters) DeepCopy() *AWSClassicLoadBalancerPa return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSEFSVolumeMetrics) DeepCopyInto(out *AWSEFSVolumeMetrics) { + *out = *in + if in.RecursiveWalk != nil { + in, out := &in.RecursiveWalk, &out.RecursiveWalk + *out = new(AWSEFSVolumeMetricsRecursiveWalkConfig) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSEFSVolumeMetrics. +func (in *AWSEFSVolumeMetrics) DeepCopy() *AWSEFSVolumeMetrics { + if in == nil { + return nil + } + out := new(AWSEFSVolumeMetrics) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSEFSVolumeMetricsRecursiveWalkConfig) DeepCopyInto(out *AWSEFSVolumeMetricsRecursiveWalkConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSEFSVolumeMetricsRecursiveWalkConfig. +func (in *AWSEFSVolumeMetricsRecursiveWalkConfig) DeepCopy() *AWSEFSVolumeMetricsRecursiveWalkConfig { + if in == nil { + return nil + } + out := new(AWSEFSVolumeMetricsRecursiveWalkConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AWSLoadBalancerParameters) DeepCopyInto(out *AWSLoadBalancerParameters) { *out = *in @@ -194,6 +236,27 @@ func (in *AdditionalNetworkDefinition) DeepCopy() *AdditionalNetworkDefinition { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AdditionalRoutingCapabilities) DeepCopyInto(out *AdditionalRoutingCapabilities) { + *out = *in + if in.Providers != nil { + in, out := &in.Providers, &out.Providers + *out = make([]RoutingCapabilitiesProvider, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalRoutingCapabilities. +func (in *AdditionalRoutingCapabilities) DeepCopy() *AdditionalRoutingCapabilities { + if in == nil { + return nil + } + out := new(AdditionalRoutingCapabilities) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Authentication) DeepCopyInto(out *Authentication) { *out = *in @@ -333,7 +396,7 @@ func (in *CSIDriverConfigSpec) DeepCopyInto(out *CSIDriverConfigSpec) { if in.AWS != nil { in, out := &in.AWS, &out.AWS *out = new(AWSCSIDriverConfigSpec) - **out = **in + (*in).DeepCopyInto(*out) } if in.Azure != nil { in, out := &in.Azure, &out.Azure @@ -3382,6 +3445,11 @@ func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { *out = new(NetworkMigration) (*in).DeepCopyInto(*out) } + if in.AdditionalRoutingCapabilities != nil { + in, out := &in.AdditionalRoutingCapabilities, &out.AdditionalRoutingCapabilities + *out = new(AdditionalRoutingCapabilities) + (*in).DeepCopyInto(*out) + } return } @@ -4049,6 +4117,22 @@ func (in *OpenShiftSDNConfig) DeepCopy() *OpenShiftSDNConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OpenStackLoadBalancerParameters) DeepCopyInto(out *OpenStackLoadBalancerParameters) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenStackLoadBalancerParameters. +func (in *OpenStackLoadBalancerParameters) DeepCopy() *OpenStackLoadBalancerParameters { + if in == nil { + return nil + } + out := new(OpenStackLoadBalancerParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OperatorCondition) DeepCopyInto(out *OperatorCondition) { *out = *in @@ -4282,6 +4366,11 @@ func (in *ProviderLoadBalancerParameters) DeepCopyInto(out *ProviderLoadBalancer *out = new(IBMLoadBalancerParameters) **out = **in } + if in.OpenStack != nil { + in, out := &in.OpenStack, &out.OpenStack + *out = new(OpenStackLoadBalancerParameters) + **out = **in + } return } @@ -4389,12 +4478,16 @@ func (in *ResourceAttributesAccessReview) DeepCopyInto(out *ResourceAttributesAc if in.Required != nil { in, out := &in.Required, &out.Required *out = make([]authorizationv1.ResourceAttributes, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } if in.Missing != nil { in, out := &in.Missing, &out.Missing *out = make([]authorizationv1.ResourceAttributes, len(*in)) - copy(*out, *in) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } return } diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml index 595f49e276..9ed8975177 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -69,6 +69,7 @@ clustercsidrivers.operator.openshift.io: Capability: "" Category: "" FeatureGates: + - AWSEFSDriverVolumeMetrics - VSphereDriverConfiguration FilenameOperatorName: csi-driver FilenameOperatorOrdering: "01" @@ -328,12 +329,14 @@ networks.operator.openshift.io: Capability: "" Category: "" FeatureGates: + - AdditionalRoutingCapabilities - NetworkLiveMigration + - RouteAdvertisements FilenameOperatorName: network FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_70" GroupName: operator.openshift.io - HasStatus: false + HasStatus: true KindName: Network Labels: {} PluralName: networks diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 2c53fdb80b..03d9e16edb 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -52,7 +52,10 @@ func (NodeStatus) SwaggerDoc() map[string]string { } var map_OperatorCondition = map[string]string{ - "": "OperatorCondition is just the standard condition fields.", + "": "OperatorCondition is just the standard condition fields.", + "type": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "status": "status of the condition, one of True, False, Unknown.", + "lastTransitionTime": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", } func (OperatorCondition) SwaggerDoc() map[string]string { @@ -73,11 +76,12 @@ func (OperatorSpec) SwaggerDoc() map[string]string { } var map_OperatorStatus = map[string]string{ - "observedGeneration": "observedGeneration is the last generation change you've dealt with", - "conditions": "conditions is a list of conditions and their status", - "version": "version is the level this availability applies to", - "readyReplicas": "readyReplicas indicates how many replicas are ready and at the desired state", - "generations": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "observedGeneration": "observedGeneration is the last generation change you've dealt with", + "conditions": "conditions is a list of conditions and their status", + "version": "version is the level this availability applies to", + "readyReplicas": "readyReplicas indicates how many replicas are ready and at the desired state", + "latestAvailableRevision": "latestAvailableRevision is the deploymentID of the most recent deployment", + "generations": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", } func (OperatorStatus) SwaggerDoc() map[string]string { @@ -97,7 +101,6 @@ func (StaticPodOperatorSpec) SwaggerDoc() map[string]string { var map_StaticPodOperatorStatus = map[string]string{ "": "StaticPodOperatorStatus is status for controllers that manage static pods. There are different needs because individual node status must be tracked.", - "latestAvailableRevision": "latestAvailableRevision is the deploymentID of the most recent deployment", "latestAvailableRevisionReason": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", "nodeStatuses": "nodeStatuses track the deployment values and errors across individual nodes", } @@ -207,7 +210,7 @@ func (AddPage) SwaggerDoc() map[string]string { var map_Capability = map[string]string{ "": "Capabilities contains set of UI capabilities and their state in the console UI.", - "name": "name is the unique name of a capability. Available capabilities are LightspeedButton.", + "name": "name is the unique name of a capability. Available capabilities are LightspeedButton and GettingStartedBanner.", "visibility": "visibility defines the visibility state of the capability.", } @@ -245,7 +248,7 @@ func (ConsoleConfigRoute) SwaggerDoc() map[string]string { var map_ConsoleCustomization = map[string]string{ "": "ConsoleCustomization defines a list of optional configuration for the console UI.", - "capabilities": "capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton. Each of the available capabilities may appear only once in the list.", + "capabilities": "capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton and GettingStartedBanner. Each of the available capabilities may appear only once in the list.", "brand": "brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.", "documentationBaseURL": "documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout.", "customProductName": "customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name.", @@ -421,14 +424,35 @@ func (StatuspageProvider) SwaggerDoc() map[string]string { } var map_AWSCSIDriverConfigSpec = map[string]string{ - "": "AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver.", - "kmsKeyARN": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.", + "": "AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver.", + "kmsKeyARN": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.", + "efsVolumeMetrics": "efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver.", } func (AWSCSIDriverConfigSpec) SwaggerDoc() map[string]string { return map_AWSCSIDriverConfigSpec } +var map_AWSEFSVolumeMetrics = map[string]string{ + "": "AWSEFSVolumeMetrics defines the configuration for volume metrics in the EFS CSI Driver.", + "state": "state defines the state of metric collection in the AWS EFS CSI Driver. This field is required and must be set to one of the following values: Disabled or RecursiveWalk. Disabled means no metrics collection will be performed. This is the default value. RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics. This process may result in high CPU and memory usage, depending on the volume size.", + "recursiveWalk": "recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver when the state is set to RecursiveWalk.", +} + +func (AWSEFSVolumeMetrics) SwaggerDoc() map[string]string { + return map_AWSEFSVolumeMetrics +} + +var map_AWSEFSVolumeMetricsRecursiveWalkConfig = map[string]string{ + "": "AWSEFSVolumeMetricsRecursiveWalkConfig defines options for volume metrics in the EFS CSI Driver.", + "refreshPeriodMinutes": "refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 240. The valid range is from 1 to 43200 minutes (30 days).", + "fsRateLimit": "fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 5. The valid range is from 1 to 100 goroutines.", +} + +func (AWSEFSVolumeMetricsRecursiveWalkConfig) SwaggerDoc() map[string]string { + return map_AWSEFSVolumeMetricsRecursiveWalkConfig +} + var map_AzureCSIDriverConfigSpec = map[string]string{ "": "AzureCSIDriverConfigSpec defines properties that can be configured for the Azure CSI driver.", "diskEncryptionSet": "diskEncryptionSet sets the cluster default storage class to encrypt volumes with a customer-managed encryption set, rather than the default platform-managed keys.", @@ -1100,6 +1124,15 @@ func (NodePortStrategy) SwaggerDoc() map[string]string { return map_NodePortStrategy } +var map_OpenStackLoadBalancerParameters = map[string]string{ + "": "OpenStackLoadBalancerParameters provides configuration settings that are specific to OpenStack load balancers.", + "floatingIP": "floatingIP specifies the IP address that the load balancer will use. When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. When specified, the floating IP has to be pre-created. If the specified value is not a floating IP or is already claimed, the OpenStack cloud provider won't be able to provision the load balancer. This field may only be used if the IngressController has External scope. This value must be a valid IPv4 or IPv6 address. ", +} + +func (OpenStackLoadBalancerParameters) SwaggerDoc() map[string]string { + return map_OpenStackLoadBalancerParameters +} + var map_PrivateStrategy = map[string]string{ "": "PrivateStrategy holds parameters for the Private endpoint publishing strategy.", "protocol": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", @@ -1110,11 +1143,12 @@ func (PrivateStrategy) SwaggerDoc() map[string]string { } var map_ProviderLoadBalancerParameters = map[string]string{ - "": "ProviderLoadBalancerParameters holds desired load balancer information specific to the underlying infrastructure provider.", - "type": "type is the underlying infrastructure provider for the load balancer. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"IBM\", \"Nutanix\", \"OpenStack\", and \"VSphere\".", - "aws": "aws provides configuration settings that are specific to AWS load balancers.\n\nIf empty, defaults will be applied. See specific aws fields for details about their defaults.", - "gcp": "gcp provides configuration settings that are specific to GCP load balancers.\n\nIf empty, defaults will be applied. See specific gcp fields for details about their defaults.", - "ibm": "ibm provides configuration settings that are specific to IBM Cloud load balancers.\n\nIf empty, defaults will be applied. See specific ibm fields for details about their defaults.", + "": "ProviderLoadBalancerParameters holds desired load balancer information specific to the underlying infrastructure provider.", + "type": "type is the underlying infrastructure provider for the load balancer. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"IBM\", \"Nutanix\", \"OpenStack\", and \"VSphere\".", + "aws": "aws provides configuration settings that are specific to AWS load balancers.\n\nIf empty, defaults will be applied. See specific aws fields for details about their defaults.", + "gcp": "gcp provides configuration settings that are specific to GCP load balancers.\n\nIf empty, defaults will be applied. See specific gcp fields for details about their defaults.", + "ibm": "ibm provides configuration settings that are specific to IBM Cloud load balancers.\n\nIf empty, defaults will be applied. See specific ibm fields for details about their defaults.", + "openstack": "openstack provides configuration settings that are specific to OpenStack load balancers.\n\nIf empty, defaults will be applied. See specific openstack fields for details about their defaults.", } func (ProviderLoadBalancerParameters) SwaggerDoc() map[string]string { @@ -1518,6 +1552,15 @@ func (AdditionalNetworkDefinition) SwaggerDoc() map[string]string { return map_AdditionalNetworkDefinition } +var map_AdditionalRoutingCapabilities = map[string]string{ + "": "AdditionalRoutingCapabilities describes components and relevant configuration providing advanced routing capabilities.", + "providers": "providers is a set of enabled components that provide additional routing capabilities. Entries on this list must be unique. The only valid value is currrently \"FRR\" which provides FRR routing capabilities through the deployment of FRR.", +} + +func (AdditionalRoutingCapabilities) SwaggerDoc() map[string]string { + return map_AdditionalRoutingCapabilities +} + var map_ClusterNetworkEntry = map[string]string{ "": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks", } @@ -1529,7 +1572,7 @@ func (ClusterNetworkEntry) SwaggerDoc() map[string]string { var map_DefaultNetworkDefinition = map[string]string{ "": "DefaultNetworkDefinition represents a single network plugin's configuration. type must be specified, along with exactly one \"Config\" that matches the type.", "type": "type is the type of network All NetworkTypes are supported except for NetworkTypeRaw", - "openshiftSDNConfig": "openShiftSDNConfig configures the openshift-sdn plugin", + "openshiftSDNConfig": "openShiftSDNConfig was previously used to configure the openshift-sdn plugin. DEPRECATED: OpenShift SDN is no longer supported.", "ovnKubernetesConfig": "ovnKubernetesConfig configures the ovn-kubernetes plugin.", } @@ -1557,9 +1600,9 @@ func (ExportNetworkFlows) SwaggerDoc() map[string]string { } var map_FeaturesMigration = map[string]string{ - "egressIP": "egressIP specifies whether or not the Egress IP configuration is migrated automatically when changing the cluster default network provider. If unset, this property defaults to 'true' and Egress IP configure is migrated.", - "egressFirewall": "egressFirewall specifies whether or not the Egress Firewall configuration is migrated automatically when changing the cluster default network provider. If unset, this property defaults to 'true' and Egress Firewall configure is migrated.", - "multicast": "multicast specifies whether or not the multicast configuration is migrated automatically when changing the cluster default network provider. If unset, this property defaults to 'true' and multicast configure is migrated.", + "egressIP": "egressIP specified whether or not the Egress IP configuration was migrated. DEPRECATED: network type migration is no longer supported.", + "egressFirewall": "egressFirewall specified whether or not the Egress Firewall configuration was migrated. DEPRECATED: network type migration is no longer supported.", + "multicast": "multicast specified whether or not the multicast configuration was migrated. DEPRECATED: network type migration is no longer supported.", } func (FeaturesMigration) SwaggerDoc() map[string]string { @@ -1650,7 +1693,7 @@ func (IPv6OVNKubernetesConfig) SwaggerDoc() map[string]string { } var map_MTUMigration = map[string]string{ - "": "MTUMigration MTU contains infomation about MTU migration.", + "": "MTUMigration contains infomation about MTU migration.", "network": "network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine's uplink MTU by the minimum appropriate offset.", "machine": "machine contains MTU migration configuration for the machine's uplink. Needs to be migrated along with the default network MTU unless the current uplink MTU already accommodates the default network MTU.", } @@ -1696,11 +1739,11 @@ func (NetworkList) SwaggerDoc() map[string]string { } var map_NetworkMigration = map[string]string{ - "": "NetworkMigration represents the cluster network configuration.", - "networkType": "networkType is the target type of network migration. Set this to the target network type to allow changing the default network. If unset, the operation of changing cluster default network plugin will be rejected. The supported values are OpenShiftSDN, OVNKubernetes", + "": "NetworkMigration represents the cluster network migration configuration.", "mtu": "mtu contains the MTU migration configuration. Set this to allow changing the MTU values for the default network. If unset, the operation of changing the MTU for the default network will be rejected.", - "features": "features contains the features migration configuration. Set this to migrate feature configuration when changing the cluster default network provider. if unset, the default operation is to migrate all the configuration of supported features.", - "mode": "mode indicates the mode of network migration. The supported values are \"Live\", \"Offline\" and omitted. A \"Live\" migration operation will not cause service interruption by migrating the CNI of each node one by one. The cluster network will work as normal during the network migration. An \"Offline\" migration operation will cause service interruption. During an \"Offline\" migration, two rounds of node reboots are required. The cluster network will be malfunctioning during the network migration. When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default value is \"Offline\".", + "networkType": "networkType was previously used when changing the default network type. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", + "features": "features was previously used to configure which network plugin features would be migrated in a network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", + "mode": "mode indicates the mode of network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", } func (NetworkMigration) SwaggerDoc() map[string]string { @@ -1708,18 +1751,19 @@ func (NetworkMigration) SwaggerDoc() map[string]string { } var map_NetworkSpec = map[string]string{ - "": "NetworkSpec is the top-level network configuration object.", - "clusterNetwork": "clusterNetwork is the IP address pool to use for pod IPs. Some network providers, e.g. OpenShift SDN, support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.", - "serviceNetwork": "serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth.", - "defaultNetwork": "defaultNetwork is the \"default\" network that all pods will receive", - "additionalNetworks": "additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.", - "disableMultiNetwork": "disableMultiNetwork specifies whether or not multiple pod network support should be disabled. If unset, this property defaults to 'false' and multiple network support is enabled.", - "useMultiNetworkPolicy": "useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored.", - "deployKubeProxy": "deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when OpenShift SDN and ovn-kubernetes are used and true otherwise.", - "disableNetworkDiagnostics": "disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks.", - "kubeProxyConfig": "kubeProxyConfig lets us configure desired proxy configuration. If not specified, sensible defaults will be chosen by OpenShift directly. Not consumed by all network providers - currently only openshift-sdn.", - "exportNetworkFlows": "exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector.", - "migration": "migration enables and configures the cluster network migration. The migration procedure allows to change the network type and the MTU.", + "": "NetworkSpec is the top-level network configuration object.", + "clusterNetwork": "clusterNetwork is the IP address pool to use for pod IPs. Some network providers support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.", + "serviceNetwork": "serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth.", + "defaultNetwork": "defaultNetwork is the \"default\" network that all pods will receive", + "additionalNetworks": "additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.", + "disableMultiNetwork": "disableMultiNetwork specifies whether or not multiple pod network support should be disabled. If unset, this property defaults to 'false' and multiple network support is enabled.", + "useMultiNetworkPolicy": "useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored.", + "deployKubeProxy": "deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when ovn-kubernetes is used and true otherwise.", + "disableNetworkDiagnostics": "disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks.", + "kubeProxyConfig": "kubeProxyConfig lets us configure desired proxy configuration, if deployKubeProxy is true. If not specified, sensible defaults will be chosen by OpenShift directly.", + "exportNetworkFlows": "exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector.", + "migration": "migration enables and configures cluster network migration, for network changes that cannot be made instantly.", + "additionalRoutingCapabilities": "additionalRoutingCapabilities describes components and relevant configuration providing additional routing capabilities. When set, it enables such components and the usage of the routing capabilities they provide for the machine network. Upstream operators, like MetalLB operator, requiring these capabilities may rely on, or automatically set this attribute. Network plugins may leverage advanced routing capabilities acquired through the enablement of these components but may require specific configuration on their side to do so; refer to their respective documentation and configuration options.", } func (NetworkSpec) SwaggerDoc() map[string]string { @@ -1747,6 +1791,7 @@ var map_OVNKubernetesConfig = map[string]string{ "egressIPConfig": "egressIPConfig holds the configuration for EgressIP options.", "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", + "routeAdvertisements": "routeAdvertisements determines if the functionality to advertise cluster network routes through a dynamic routing protocol, such as BGP, is enabled or not. This functionality is configured through the ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing capability provider to be enabled as an additional routing capability. Allowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is \"Disabled\".", } func (OVNKubernetesConfig) SwaggerDoc() map[string]string { @@ -1754,11 +1799,11 @@ func (OVNKubernetesConfig) SwaggerDoc() map[string]string { } var map_OpenShiftSDNConfig = map[string]string{ - "": "OpenShiftSDNConfig configures the three openshift-sdn plugins", + "": "OpenShiftSDNConfig was used to configure the OpenShift SDN plugin. It is no longer used.", "mode": "mode is one of \"Multitenant\", \"Subnet\", or \"NetworkPolicy\"", "vxlanPort": "vxlanPort is the port to use for all vxlan packets. The default is 4789.", "mtu": "mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. This must be 50 bytes smaller than the machine's uplink.", - "useExternalOpenvswitch": "useExternalOpenvswitch used to control whether the operator would deploy an OVS DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always run as a system service, and this flag is ignored. DEPRECATED: non-functional as of 4.6", + "useExternalOpenvswitch": "useExternalOpenvswitch used to control whether the operator would deploy an OVS DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always run as a system service, and this flag is ignored.", "enableUnidling": "enableUnidling controls whether or not the service proxy will support idling and unidling of services. By default, unidling is enabled.", } @@ -1872,14 +1917,6 @@ func (OpenShiftAPIServerList) SwaggerDoc() map[string]string { return map_OpenShiftAPIServerList } -var map_OpenShiftAPIServerStatus = map[string]string{ - "latestAvailableRevision": "latestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods.", -} - -func (OpenShiftAPIServerStatus) SwaggerDoc() map[string]string { - return map_OpenShiftAPIServerStatus -} - var map_OpenShiftControllerManager = map[string]string{ "": "OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", diff --git a/vendor/github.com/openshift/api/operatoringress/v1/zz_generated.crd-manifests/0000_50_dns_01_dnsrecords.crd.yaml b/vendor/github.com/openshift/api/operatoringress/v1/zz_generated.crd-manifests/0000_50_dns_01_dnsrecords.crd.yaml index 69bf00ef62..c0a64012d8 100644 --- a/vendor/github.com/openshift/api/operatoringress/v1/zz_generated.crd-manifests/0000_50_dns_01_dnsrecords.crd.yaml +++ b/vendor/github.com/openshift/api/operatoringress/v1/zz_generated.crd-manifests/0000_50_dns_01_dnsrecords.crd.yaml @@ -20,23 +20,32 @@ spec: - name: v1 schema: openAPIV3Schema: - description: "DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster - .spec.publicZone and .spec.privateZone. \n Cluster admin manipulation of - this resource is not supported. This resource is only for internal communication - of OpenShift operators. \n If DNSManagementPolicy is \"Unmanaged\", the - operator will not be responsible for managing the DNS records on the cloud - provider. \n Compatibility level 1: Stable within a major release for a - minimum of 12 months or 3 minor releases (whichever is longer)." + description: |- + DNSRecord is a DNS record managed in the zones defined by + dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone. + + Cluster admin manipulation of this resource is not supported. This resource + is only for internal communication of OpenShift operators. + + If DNSManagementPolicy is "Unmanaged", the operator will not be responsible + for managing the DNS records on the cloud provider. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -46,14 +55,17 @@ spec: properties: dnsManagementPolicy: default: Managed - description: "dnsManagementPolicy denotes the current policy applied - on the DNS record. Records that have policy set as \"Unmanaged\" - are ignored by the ingress operator. This means that the DNS record - on the cloud provider is not managed by the operator, and the \"Published\" - status condition will be updated to \"Unknown\" status, since it - is externally managed. Any existing record on the cloud provider - can be deleted at the discretion of the cluster admin. \n This field - defaults to Managed. Valid values are \"Managed\" and \"Unmanaged\"." + description: |- + dnsManagementPolicy denotes the current policy applied on the DNS + record. Records that have policy set as "Unmanaged" are ignored by + the ingress operator. This means that the DNS record on the cloud + provider is not managed by the operator, and the "Published" status + condition will be updated to "Unknown" status, since it is externally + managed. Any existing record on the cloud provider can be deleted at + the discretion of the cluster admin. + + This field defaults to Managed. Valid values are "Managed" and + "Unmanaged". enum: - Managed - Unmanaged @@ -63,9 +75,10 @@ spec: minLength: 1 type: string recordTTL: - description: recordTTL is the record TTL in seconds. If zero, the - default is 30. RecordTTL will not be used in AWS regions Alias targets, - but will be used in CNAME targets, per AWS API contract. + description: |- + recordTTL is the record TTL in seconds. If zero, the default is 30. + RecordTTL will not be used in AWS regions Alias targets, but + will be used in CNAME targets, per AWS API contract. format: int64 minimum: 0 type: integer @@ -93,12 +106,13 @@ spec: description: status is the most recently observed status of the dnsRecord. properties: observedGeneration: - description: observedGeneration is the most recently observed generation - of the DNSRecord. When the DNSRecord is updated, the controller - updates the corresponding record in each managed zone. If an update - for a particular zone fails, that failure is recorded in the status - condition for the zone so that the controller can determine that - it needs to retry the update for that specific zone. + description: |- + observedGeneration is the most recently observed generation of the + DNSRecord. When the DNSRecord is updated, the controller updates the + corresponding record in each managed zone. If an update for a + particular zone fails, that failure is recorded in the status + condition for the zone so that the controller can determine that it + needs to retry the update for that specific zone. format: int64 type: integer zones: @@ -108,11 +122,12 @@ spec: zone. properties: conditions: - description: "conditions are any conditions associated with - the record in the zone. \n If publishing the record succeeds, - the \"Published\" condition will be set with status \"True\" - and upon failure it will be set to \"False\" along with the - reason and message describing the cause of the failure." + description: |- + conditions are any conditions associated with the record in the zone. + + If publishing the record succeeds, the "Published" condition will be + set with status "True" and upon failure it will be set to "False" along + with the reason and message describing the cause of the failure. items: description: DNSZoneCondition is just the standard condition fields. @@ -139,20 +154,26 @@ spec: description: dnsZone is the zone where the record is published. properties: id: - description: "id is the identifier that can be used to find - the DNS hosted zone. \n on AWS zone can be fetched using - `ID` as id in [1] on Azure zone can be fetched using `ID` - as a pre-determined name in [2], on GCP zone can be fetched - using `ID` as a pre-determined name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options + description: |- + id is the identifier that can be used to find the DNS hosted zone. + + on AWS zone can be fetched using `ID` as id in [1] + on Azure zone can be fetched using `ID` as a pre-determined name in [2], + on GCP zone can be fetched using `ID` as a pre-determined name in [3]. + + [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" + [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get type: string tags: additionalProperties: type: string - description: "tags can be used to query the DNS hosted zone. - \n on AWS, resourcegroupstaggingapi [1] can be used to - fetch a zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" + description: |- + tags can be used to query the DNS hosted zone. + + on AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters, + + [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options type: object type: object type: object diff --git a/vendor/github.com/openshift/api/project/v1/generated.proto b/vendor/github.com/openshift/api/project/v1/generated.proto index c86bd80393..762dc99c65 100644 --- a/vendor/github.com/openshift/api/project/v1/generated.proto +++ b/vendor/github.com/openshift/api/project/v1/generated.proto @@ -30,7 +30,7 @@ option go_package = "github.com/openshift/api/project/v1"; message Project { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Spec defines the behavior of the Namespace. optional ProjectSpec spec = 2; @@ -47,7 +47,7 @@ message Project { message ProjectList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of projects repeated Project items = 2; @@ -60,7 +60,7 @@ message ProjectList { message ProjectRequest { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // DisplayName is the display name to apply to a project optional string displayName = 2; @@ -85,6 +85,6 @@ message ProjectStatus { // +optional // +patchMergeKey=type // +patchStrategy=merge - repeated k8s.io.api.core.v1.NamespaceCondition conditions = 2; + repeated .k8s.io.api.core.v1.NamespaceCondition conditions = 2; } diff --git a/vendor/github.com/openshift/api/quota/v1/generated.proto b/vendor/github.com/openshift/api/quota/v1/generated.proto index 452ce6f29f..d08e8f0f9a 100644 --- a/vendor/github.com/openshift/api/quota/v1/generated.proto +++ b/vendor/github.com/openshift/api/quota/v1/generated.proto @@ -21,7 +21,7 @@ option go_package = "github.com/openshift/api/quota/v1"; message AppliedClusterResourceQuota { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Spec defines the desired quota optional ClusterResourceQuotaSpec spec = 2; @@ -37,7 +37,7 @@ message AppliedClusterResourceQuota { message AppliedClusterResourceQuotaList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is a list of AppliedClusterResourceQuota repeated AppliedClusterResourceQuota items = 2; @@ -57,7 +57,7 @@ message AppliedClusterResourceQuotaList { message ClusterResourceQuota { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Spec defines the desired quota optional ClusterResourceQuotaSpec spec = 2; @@ -73,7 +73,7 @@ message ClusterResourceQuota { message ClusterResourceQuotaList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is a list of ClusterResourceQuotas repeated ClusterResourceQuota items = 2; @@ -86,7 +86,7 @@ message ClusterResourceQuotaSelector { // LabelSelector is used to select projects by label. // +optional // +nullable - optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labels = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labels = 1; // AnnotationSelector is used to select projects by annotation. // +optional @@ -103,13 +103,13 @@ message ClusterResourceQuotaSpec { optional ClusterResourceQuotaSelector selector = 1; // Quota defines the desired quota - optional k8s.io.api.core.v1.ResourceQuotaSpec quota = 2; + optional .k8s.io.api.core.v1.ResourceQuotaSpec quota = 2; } // ClusterResourceQuotaStatus defines the actual enforced quota and its current usage message ClusterResourceQuotaStatus { // Total defines the actual enforced quota and its current usage across all projects - optional k8s.io.api.core.v1.ResourceQuotaStatus total = 1; + optional .k8s.io.api.core.v1.ResourceQuotaStatus total = 1; // Namespaces slices the usage by project. This division allows for quick resolution of // deletion reconciliation inside of a single project without requiring a recalculation @@ -125,6 +125,6 @@ message ResourceQuotaStatusByNamespace { optional string namespace = 1; // Status indicates how many resources have been consumed by this project - optional k8s.io.api.core.v1.ResourceQuotaStatus status = 2; + optional .k8s.io.api.core.v1.ResourceQuotaStatus status = 2; } diff --git a/vendor/github.com/openshift/api/route/v1/generated.proto b/vendor/github.com/openshift/api/route/v1/generated.proto index 621bec09b0..2a79b9a5a0 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.proto +++ b/vendor/github.com/openshift/api/route/v1/generated.proto @@ -54,7 +54,7 @@ message LocalObjectReference { message Route { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // spec is the desired state of the route // +kubebuilder:validation:XValidation:rule="!has(self.tls) || self.tls.termination != 'passthrough' || !has(self.httpHeaders)",message="header actions are not permitted when tls termination is passthrough." @@ -199,6 +199,8 @@ message RouteIngress { optional string routerName = 2; // Conditions is the state of the route, may be empty. + // +listType=map + // +listMapKey=type repeated RouteIngressCondition conditions = 3; // Wildcard policy is the wildcard policy that was allowed where this route is exposed. @@ -228,7 +230,7 @@ message RouteIngressCondition { optional string message = 4; // RFC 3339 date and time when this condition last transitioned - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 5; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 5; } // RouteList is a collection of Routes. @@ -238,7 +240,7 @@ message RouteIngressCondition { message RouteList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // items is a list of routes repeated Route items = 2; @@ -249,7 +251,7 @@ message RoutePort { // The target port on pods selected by the service this route points to. // If this is a string, it will be looked up as a named port in the target // endpoints port list. Required - optional k8s.io.apimachinery.pkg.util.intstr.IntOrString targetPort = 1; + optional .k8s.io.apimachinery.pkg.util.intstr.IntOrString targetPort = 1; } // RouteSetHTTPHeader specifies what value needs to be set on an HTTP header. @@ -331,6 +333,9 @@ message RouteSpec { // Use the weight field in RouteTargetReference object to specify relative preference. // // +kubebuilder:validation:MaxItems=3 + // +listType=map + // +listMapKey=name + // +listMapKey=kind repeated RouteTargetReference alternateBackends = 4; // If specified, the port to be used by the router. Most routers will use all @@ -360,6 +365,7 @@ message RouteStatus { // ingress describes the places where the route may be exposed. The list of // ingress points may contain duplicate Host or RouterName values. Routes // are considered live once they are `Ready` + // +listType=atomic repeated RouteIngress ingress = 1; } @@ -404,7 +410,7 @@ message RouterShard { // TLSConfig defines config used to secure a route and provide termination // // +kubebuilder:validation:XValidation:rule="has(self.termination) && has(self.insecureEdgeTerminationPolicy) ? !((self.termination=='passthrough') && (self.insecureEdgeTerminationPolicy=='Allow')) : true", message="cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow" -// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalRouteCertificate,rule="!(has(self.certificate) && has(self.externalCertificate))", message="cannot have both spec.tls.certificate and spec.tls.externalCertificate" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=RouteExternalCertificate,rule="!(has(self.certificate) && has(self.externalCertificate))", message="cannot have both spec.tls.certificate and spec.tls.externalCertificate" message TLSConfig { // termination indicates termination type. // @@ -453,7 +459,7 @@ message TLSConfig { // be present in the same namespace as that of the Route. // Forbidden when `certificate` is set. // - // +openshift:enable:FeatureGate=ExternalRouteCertificate + // +openshift:enable:FeatureGate=RouteExternalCertificate // +optional optional LocalObjectReference externalCertificate = 7; } diff --git a/vendor/github.com/openshift/api/route/v1/types.go b/vendor/github.com/openshift/api/route/v1/types.go index fadc4b618b..9416199946 100644 --- a/vendor/github.com/openshift/api/route/v1/types.go +++ b/vendor/github.com/openshift/api/route/v1/types.go @@ -136,6 +136,9 @@ type RouteSpec struct { // Use the weight field in RouteTargetReference object to specify relative preference. // // +kubebuilder:validation:MaxItems=3 + // +listType=map + // +listMapKey=name + // +listMapKey=kind AlternateBackends []RouteTargetReference `json:"alternateBackends,omitempty" protobuf:"bytes,4,rep,name=alternateBackends"` // If specified, the port to be used by the router. Most routers will use all @@ -350,6 +353,7 @@ type RouteStatus struct { // ingress describes the places where the route may be exposed. The list of // ingress points may contain duplicate Host or RouterName values. Routes // are considered live once they are `Ready` + // +listType=atomic Ingress []RouteIngress `json:"ingress,omitempty" protobuf:"bytes,1,rep,name=ingress"` } @@ -360,6 +364,8 @@ type RouteIngress struct { // Name is a name chosen by the router to identify itself; this value is required RouterName string `json:"routerName,omitempty" protobuf:"bytes,2,opt,name=routerName"` // Conditions is the state of the route, may be empty. + // +listType=map + // +listMapKey=type Conditions []RouteIngressCondition `json:"conditions,omitempty" protobuf:"bytes,3,rep,name=conditions"` // Wildcard policy is the wildcard policy that was allowed where this route is exposed. WildcardPolicy WildcardPolicyType `json:"wildcardPolicy,omitempty" protobuf:"bytes,4,opt,name=wildcardPolicy"` @@ -415,7 +421,7 @@ type RouterShard struct { // TLSConfig defines config used to secure a route and provide termination // // +kubebuilder:validation:XValidation:rule="has(self.termination) && has(self.insecureEdgeTerminationPolicy) ? !((self.termination=='passthrough') && (self.insecureEdgeTerminationPolicy=='Allow')) : true", message="cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow" -// +openshift:validation:FeatureGateAwareXValidation:featureGate=ExternalRouteCertificate,rule="!(has(self.certificate) && has(self.externalCertificate))", message="cannot have both spec.tls.certificate and spec.tls.externalCertificate" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=RouteExternalCertificate,rule="!(has(self.certificate) && has(self.externalCertificate))", message="cannot have both spec.tls.certificate and spec.tls.externalCertificate" type TLSConfig struct { // termination indicates termination type. // @@ -464,7 +470,7 @@ type TLSConfig struct { // be present in the same namespace as that of the Route. // Forbidden when `certificate` is set. // - // +openshift:enable:FeatureGate=ExternalRouteCertificate + // +openshift:enable:FeatureGate=RouteExternalCertificate // +optional ExternalCertificate *LocalObjectReference `json:"externalCertificate,omitempty" protobuf:"bytes,7,opt,name=externalCertificate"` } diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml index aced0855f4..0277ba2f32 100644 --- a/vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml @@ -5,7 +5,7 @@ routes.route.openshift.io: Capability: "" Category: "" FeatureGates: - - ExternalRouteCertificate + - RouteExternalCertificate FilenameOperatorName: "" FilenameOperatorOrdering: "" FilenameRunLevel: "" diff --git a/vendor/github.com/openshift/api/samples/v1/generated.proto b/vendor/github.com/openshift/api/samples/v1/generated.proto index 28bbf75126..be97c467db 100644 --- a/vendor/github.com/openshift/api/samples/v1/generated.proto +++ b/vendor/github.com/openshift/api/samples/v1/generated.proto @@ -28,7 +28,7 @@ option go_package = "github.com/openshift/api/samples/v1"; message Config { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // +kubebuilder:validation:Required // +required @@ -48,10 +48,10 @@ message ConfigCondition { optional string status = 2; // lastUpdateTime is the last time this condition was updated. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastUpdateTime = 3; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastUpdateTime = 3; // lastTransitionTime is the last time the condition transitioned from one status to another. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 4; // reason is what caused the condition's last transition. optional string reason = 5; @@ -65,7 +65,7 @@ message ConfigCondition { message ConfigList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; repeated Config items = 2; } diff --git a/vendor/github.com/openshift/api/security/v1/generated.pb.go b/vendor/github.com/openshift/api/security/v1/generated.pb.go index d57b162c48..e28b595841 100644 --- a/vendor/github.com/openshift/api/security/v1/generated.pb.go +++ b/vendor/github.com/openshift/api/security/v1/generated.pb.go @@ -10,7 +10,7 @@ import ( proto "github.com/gogo/protobuf/proto" k8s_io_api_core_v1 "k8s.io/api/core/v1" - v1 "k8s.io/api/core/v1" + v11 "k8s.io/api/core/v1" math "math" math_bits "math/bits" @@ -592,117 +592,120 @@ func init() { } var fileDescriptor_af65d9655aa67551 = []byte{ - // 1750 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x58, 0xcd, 0x6f, 0x1c, 0x49, - 0x15, 0x77, 0x7b, 0xfc, 0x35, 0x65, 0xc7, 0x1f, 0x65, 0xc7, 0xe9, 0x35, 0xeb, 0x19, 0xd3, 0x36, - 0xab, 0x08, 0xd8, 0x19, 0x12, 0x2d, 0x6c, 0xd0, 0xb2, 0xd1, 0x4e, 0x7b, 0xd6, 0x59, 0xaf, 0x9c, - 0x64, 0xb6, 0x66, 0xbd, 0x42, 0xab, 0x15, 0xa2, 0xdc, 0x53, 0x33, 0xae, 0xb8, 0xbf, 0xe8, 0xaa, - 0x76, 0x3c, 0xe2, 0x12, 0x89, 0x0b, 0x47, 0x24, 0xae, 0x88, 0x33, 0xfc, 0x03, 0x5c, 0x10, 0x70, - 0x8d, 0x04, 0x12, 0x39, 0xa1, 0x9c, 0x46, 0x64, 0x10, 0x27, 0x8e, 0xdc, 0x72, 0x42, 0x55, 0x53, - 0xf3, 0xd1, 0x3d, 0xdd, 0xe3, 0x4e, 0x48, 0xa2, 0xbd, 0x4d, 0xbf, 0x8f, 0xdf, 0xef, 0xbd, 0xd7, - 0xaf, 0x5f, 0xbd, 0x1a, 0xf0, 0x5e, 0x8b, 0xf2, 0xd3, 0xf0, 0xa4, 0x64, 0x79, 0x4e, 0xd9, 0xf3, - 0x89, 0xcb, 0x4e, 0x69, 0x93, 0x97, 0xb1, 0x4f, 0xcb, 0x8c, 0x58, 0x61, 0x40, 0x79, 0xbb, 0x7c, - 0x7e, 0xa3, 0xdc, 0x22, 0x2e, 0x09, 0x30, 0x27, 0x8d, 0x92, 0x1f, 0x78, 0xdc, 0x83, 0x7b, 0x43, - 0xaf, 0xd2, 0xc0, 0xab, 0x84, 0x7d, 0x5a, 0xea, 0x7b, 0x95, 0xce, 0x6f, 0x6c, 0xbd, 0x3b, 0x82, - 0xdd, 0xf2, 0x5a, 0x5e, 0x59, 0x3a, 0x9f, 0x84, 0x4d, 0xf9, 0x24, 0x1f, 0xe4, 0xaf, 0x1e, 0xe8, - 0x96, 0x71, 0x76, 0x8b, 0x95, 0xa8, 0x27, 0xc9, 0x2d, 0x2f, 0x20, 0x09, 0xc4, 0x5b, 0xef, 0x0d, - 0x6d, 0x1c, 0x6c, 0x9d, 0x52, 0x97, 0x04, 0xed, 0xb2, 0x7f, 0xd6, 0x12, 0x02, 0x56, 0x76, 0x08, - 0xc7, 0x49, 0x5e, 0x3f, 0x48, 0xf3, 0x0a, 0x42, 0x97, 0x53, 0x87, 0x94, 0x99, 0x75, 0x4a, 0x1c, - 0x1c, 0xf7, 0x33, 0x3e, 0x00, 0x6b, 0x15, 0xdb, 0xf6, 0x1e, 0x92, 0xc6, 0x81, 0x4d, 0x2e, 0xbe, - 0xf0, 0xec, 0xd0, 0x21, 0xf0, 0x1d, 0x30, 0xd7, 0x08, 0xe8, 0x39, 0x09, 0x74, 0x6d, 0x47, 0xbb, - 0x9e, 0x37, 0x97, 0x1f, 0x77, 0x8a, 0x53, 0xdd, 0x4e, 0x71, 0xae, 0x2a, 0xa5, 0x48, 0x69, 0x8d, - 0xdf, 0x69, 0x60, 0xf3, 0xa0, 0x7e, 0x27, 0xf0, 0x42, 0xbf, 0xce, 0x05, 0x6a, 0xab, 0x7d, 0xdf, - 0xe7, 0xd4, 0x73, 0x19, 0x7c, 0x1f, 0xcc, 0xf0, 0xb6, 0x4f, 0x14, 0xc0, 0xae, 0x02, 0x98, 0xf9, - 0xbc, 0xed, 0x93, 0xe7, 0x9d, 0xe2, 0x7a, 0xcc, 0x4b, 0x88, 0x91, 0x74, 0x80, 0xc7, 0x60, 0x2e, - 0xc0, 0x6e, 0x8b, 0x30, 0x7d, 0x7a, 0x27, 0x77, 0x7d, 0xf1, 0xe6, 0xbb, 0xa5, 0x2c, 0x2f, 0xa2, - 0x74, 0x58, 0x45, 0xc2, 0x6b, 0x18, 0xaa, 0x7c, 0x64, 0x48, 0x81, 0x19, 0x77, 0xc0, 0xbc, 0x32, - 0x81, 0xdb, 0x20, 0xe7, 0x50, 0x57, 0x46, 0x96, 0x33, 0x17, 0x95, 0x7d, 0xee, 0x2e, 0x75, 0x91, - 0x90, 0x4b, 0x35, 0xbe, 0xd0, 0xa7, 0x63, 0x6a, 0x7c, 0x81, 0x84, 0xdc, 0xf8, 0x8f, 0x06, 0xae, - 0xd5, 0xbc, 0x46, 0x5d, 0x71, 0xd7, 0x3c, 0x9b, 0x5a, 0x6d, 0x44, 0xce, 0x29, 0x79, 0x08, 0x2d, - 0x30, 0xc3, 0x7c, 0x62, 0x49, 0xe8, 0xc5, 0x9b, 0x95, 0x6c, 0x91, 0xa7, 0x80, 0xd5, 0x7d, 0x62, - 0x99, 0x4b, 0xfd, 0xba, 0x89, 0x27, 0x24, 0xc1, 0xe1, 0x19, 0x98, 0x63, 0x1c, 0xf3, 0x90, 0xc9, - 0x10, 0x17, 0x6f, 0xee, 0xff, 0x7f, 0x34, 0x12, 0x6a, 0x58, 0xb6, 0xde, 0x33, 0x52, 0x14, 0xc6, - 0x1f, 0x35, 0xf0, 0x8d, 0x09, 0x01, 0xc2, 0xcf, 0xc0, 0x02, 0x27, 0x8e, 0x6f, 0x63, 0x4e, 0x54, - 0xd6, 0xbb, 0xa5, 0x5e, 0x27, 0xca, 0x00, 0x44, 0x8f, 0x2b, 0xf2, 0xcf, 0x95, 0x99, 0xcc, 0x6b, - 0x55, 0xd1, 0x2d, 0xf4, 0xa5, 0x68, 0x00, 0x03, 0x0f, 0xc1, 0x3a, 0x23, 0xc1, 0x39, 0xb5, 0x48, - 0xc5, 0xb2, 0xbc, 0xd0, 0xe5, 0xf7, 0xb0, 0xa3, 0xba, 0x21, 0x6f, 0x5e, 0xeb, 0x76, 0x8a, 0xeb, - 0xf5, 0x71, 0x35, 0x4a, 0xf2, 0x31, 0xfe, 0xaa, 0x81, 0xed, 0x89, 0x79, 0xc3, 0xdf, 0x6b, 0x60, - 0x13, 0xf7, 0xfa, 0x3f, 0x8a, 0xca, 0x74, 0x4d, 0xb6, 0xdf, 0x67, 0xd9, 0xaa, 0x1b, 0x75, 0x9e, - 0x5c, 0xeb, 0x82, 0x4a, 0x7e, 0xb3, 0x92, 0x48, 0x8c, 0x52, 0x02, 0x32, 0x7e, 0x39, 0x0d, 0x8c, - 0x31, 0xe4, 0x3a, 0xb1, 0x9b, 0xf5, 0xf0, 0xe4, 0x01, 0xb1, 0xb8, 0x6a, 0x42, 0x37, 0xd2, 0x84, - 0x47, 0x2f, 0xd9, 0x1d, 0x63, 0xb8, 0xa9, 0xfd, 0x18, 0xc4, 0xfa, 0xf1, 0xd3, 0x97, 0x65, 0x8c, - 0xb0, 0x4d, 0x6e, 0xcb, 0x9f, 0x83, 0x77, 0xb2, 0x45, 0xfc, 0x1a, 0x1a, 0xd4, 0x78, 0x34, 0x0d, - 0x0a, 0x93, 0xa3, 0x87, 0x0f, 0x22, 0xef, 0xe0, 0x93, 0x57, 0x52, 0x91, 0xaf, 0x53, 0xfd, 0xff, - 0xa4, 0x25, 0xb5, 0xe2, 0x1b, 0x28, 0x3e, 0xdc, 0x01, 0x33, 0x21, 0x23, 0x81, 0xcc, 0x35, 0x3f, - 0xac, 0xc7, 0x31, 0x23, 0x01, 0x92, 0x1a, 0x68, 0x80, 0xb9, 0x96, 0x38, 0x5b, 0x98, 0x9e, 0x93, - 0x23, 0x03, 0x88, 0xf8, 0xe5, 0x69, 0xc3, 0x90, 0xd2, 0x18, 0xff, 0xd5, 0xc0, 0x5e, 0x96, 0x02, - 0xc0, 0x1a, 0xc8, 0xab, 0xaf, 0xd1, 0x6c, 0x4f, 0x4a, 0xe1, 0xbe, 0x72, 0x6d, 0x92, 0x80, 0xb8, - 0x16, 0x31, 0xaf, 0x74, 0x3b, 0xc5, 0x7c, 0xa5, 0xef, 0x89, 0x86, 0x20, 0xe2, 0x6c, 0x0d, 0x08, - 0x66, 0x9e, 0xab, 0x52, 0x18, 0x1e, 0x58, 0x52, 0x8a, 0x94, 0x36, 0x52, 0xbb, 0xdc, 0xab, 0x69, - 0xdc, 0x3f, 0x68, 0x60, 0x45, 0x1e, 0x81, 0x22, 0x30, 0x0b, 0x8b, 0x83, 0x1a, 0xfe, 0x14, 0x2c, - 0x88, 0x95, 0xa2, 0x81, 0x39, 0x56, 0xf9, 0x7d, 0x6f, 0x84, 0x66, 0xb0, 0x4a, 0x94, 0xfc, 0xb3, - 0x96, 0x10, 0xb0, 0x92, 0xb0, 0x1e, 0x66, 0x7c, 0x97, 0x70, 0x6c, 0x42, 0xc5, 0x09, 0x86, 0x32, - 0x34, 0x40, 0x85, 0xbb, 0x60, 0x56, 0x9e, 0xc1, 0x2a, 0xdf, 0x2b, 0xca, 0x78, 0x56, 0x46, 0x82, - 0x7a, 0x3a, 0xf8, 0x36, 0x98, 0x91, 0x21, 0x88, 0x4c, 0x97, 0xcc, 0x05, 0xf1, 0x4a, 0xab, 0x98, - 0x63, 0x24, 0xa5, 0xc6, 0xdf, 0x35, 0xb0, 0x1e, 0x0b, 0xfc, 0x88, 0x32, 0x0e, 0xbf, 0x1a, 0x0b, - 0xbe, 0x94, 0x2d, 0x78, 0xe1, 0x2d, 0x43, 0x1f, 0x94, 0xab, 0x2f, 0x19, 0x09, 0xfc, 0x4b, 0x30, - 0x4b, 0x39, 0x71, 0xfa, 0x8b, 0xc8, 0xf7, 0xb3, 0x7d, 0x57, 0xb1, 0x38, 0x87, 0xf9, 0x1e, 0x0a, - 0x2c, 0xd4, 0x83, 0x34, 0xfe, 0xa1, 0x01, 0x1d, 0x85, 0x6e, 0x85, 0x89, 0xc6, 0x8d, 0xef, 0x4e, - 0x3f, 0x8c, 0xec, 0x4e, 0xdf, 0x8a, 0xed, 0x4e, 0x57, 0xc7, 0xfc, 0x46, 0xb6, 0xa7, 0xb7, 0x40, - 0x2e, 0xa4, 0x0d, 0xb5, 0xbc, 0xcc, 0x8b, 0xc5, 0xe5, 0xf8, 0xb0, 0x8a, 0x84, 0x0c, 0xde, 0x00, - 0x8b, 0x21, 0x6d, 0xc8, 0xf0, 0xee, 0x52, 0x57, 0x56, 0x3a, 0x67, 0xae, 0x74, 0x3b, 0xc5, 0xc5, - 0x63, 0xb5, 0x19, 0x89, 0x15, 0x68, 0xd4, 0x26, 0xe2, 0x82, 0x2f, 0xf4, 0x99, 0x04, 0x17, 0x7c, - 0x81, 0x46, 0x6d, 0x8c, 0xbf, 0x68, 0x60, 0xbb, 0xfe, 0xf1, 0x11, 0x75, 0xc3, 0x8b, 0x7d, 0xcf, - 0xe5, 0xe4, 0x82, 0xc7, 0xb3, 0xbb, 0x1d, 0xc9, 0xee, 0xdb, 0xb1, 0xec, 0xb6, 0x92, 0x9d, 0x47, - 0x52, 0xfc, 0x09, 0x58, 0x66, 0x44, 0xda, 0x28, 0x44, 0x35, 0xf7, 0x8c, 0xa4, 0xcf, 0x43, 0xa1, - 0x29, 0x4b, 0x13, 0x76, 0x3b, 0xc5, 0xe5, 0xa8, 0x0c, 0xc5, 0xd0, 0x8c, 0xdf, 0xac, 0x81, 0xad, - 0xfe, 0x60, 0x50, 0x51, 0xec, 0x7b, 0x2e, 0xe3, 0x01, 0xa6, 0x2e, 0x67, 0x6f, 0xe0, 0x83, 0xb9, - 0x0e, 0x16, 0xfc, 0x80, 0x7a, 0x82, 0x5f, 0xa6, 0x36, 0x6b, 0x2e, 0x89, 0x0e, 0xad, 0x29, 0x19, - 0x1a, 0x68, 0xe1, 0x57, 0x40, 0x97, 0x83, 0xa5, 0x16, 0xd0, 0x73, 0x6a, 0x93, 0x16, 0x69, 0x88, - 0x80, 0xb1, 0x08, 0x40, 0xbe, 0xdf, 0x05, 0x73, 0x47, 0x31, 0xe9, 0x95, 0x14, 0x3b, 0x94, 0x8a, - 0x00, 0x19, 0xd8, 0x6c, 0x90, 0x26, 0x0e, 0x6d, 0x5e, 0x69, 0x34, 0xf6, 0xb1, 0x8f, 0x4f, 0xa8, - 0x4d, 0x39, 0x25, 0x4c, 0x9f, 0x91, 0x83, 0xf5, 0x03, 0xb1, 0xc3, 0x54, 0x13, 0x2d, 0x9e, 0x77, - 0x8a, 0xdb, 0xe3, 0x57, 0x9d, 0xd2, 0xc0, 0xa4, 0x8d, 0x52, 0xa0, 0x61, 0x1b, 0xe8, 0x01, 0xf9, - 0x59, 0x48, 0x03, 0xd2, 0xa8, 0x06, 0x9e, 0x1f, 0xa1, 0x9d, 0x95, 0xb4, 0x1f, 0x8a, 0x74, 0x50, - 0x8a, 0xcd, 0xe5, 0xc4, 0xa9, 0xf0, 0xf0, 0x01, 0x58, 0x57, 0x63, 0x3a, 0xc2, 0x3a, 0x27, 0x59, - 0x6f, 0x89, 0xc5, 0xb3, 0x32, 0xae, 0xbe, 0x9c, 0x30, 0x09, 0x74, 0xf0, 0xe6, 0x3e, 0xf1, 0x18, - 0xaf, 0xd2, 0xa0, 0x77, 0xef, 0xaa, 0xd9, 0x61, 0x8b, 0xba, 0xfa, 0x7c, 0xc2, 0x9b, 0x4b, 0xb0, - 0x43, 0xa9, 0x08, 0xb0, 0x0c, 0xe6, 0xcf, 0xe5, 0x33, 0xd3, 0x17, 0x64, 0xf4, 0x57, 0xbb, 0x9d, - 0xe2, 0x7c, 0xcf, 0x44, 0x44, 0x3c, 0x77, 0x50, 0x97, 0x1f, 0x54, 0xdf, 0x0a, 0xfe, 0x42, 0x03, - 0x10, 0xc7, 0xaf, 0x81, 0x4c, 0xbf, 0x2a, 0x07, 0xdf, 0xfb, 0xd9, 0x06, 0xdf, 0xd8, 0x35, 0xd2, - 0xdc, 0x52, 0x29, 0xc0, 0x31, 0x15, 0x43, 0x09, 0x74, 0xb0, 0x0a, 0x56, 0x07, 0x29, 0xdd, 0x23, - 0xfc, 0xa1, 0x17, 0x9c, 0xe9, 0x79, 0x59, 0x0c, 0x5d, 0x21, 0xad, 0x56, 0x62, 0x7a, 0x34, 0xe6, - 0x01, 0x6f, 0x83, 0xe5, 0x81, 0xac, 0xe6, 0x05, 0x9c, 0xe9, 0x40, 0x62, 0x6c, 0x2a, 0x8c, 0xe5, - 0x4a, 0x44, 0x8b, 0x62, 0xd6, 0xf0, 0x16, 0x58, 0x1a, 0x4a, 0x0e, 0xab, 0xfa, 0xa2, 0xf4, 0xde, - 0x50, 0xde, 0x4b, 0x95, 0x11, 0x1d, 0x8a, 0x58, 0x46, 0x3c, 0x0f, 0x6b, 0xfb, 0xfa, 0x52, 0x8a, - 0xe7, 0x61, 0x6d, 0x1f, 0x45, 0x2c, 0xa1, 0x03, 0x8a, 0xfd, 0xef, 0x21, 0xf2, 0x35, 0x7e, 0xcc, - 0x2c, 0x6c, 0xcb, 0x73, 0x44, 0xdf, 0x94, 0x60, 0xbb, 0xdd, 0x4e, 0xb1, 0x58, 0x9d, 0x6c, 0x8a, - 0x2e, 0xc3, 0x82, 0x3f, 0x8e, 0xcf, 0x8d, 0x11, 0x9e, 0x6b, 0x92, 0xe7, 0xed, 0xf1, 0x99, 0x31, - 0x42, 0x90, 0xea, 0x2d, 0x1a, 0xa9, 0x3f, 0x4f, 0xd5, 0xec, 0xd4, 0xaf, 0xbc, 0xc8, 0x2d, 0x75, - 0xe2, 0xd1, 0x31, 0x7c, 0x85, 0x51, 0x33, 0x14, 0xa3, 0x84, 0x1e, 0xc8, 0x07, 0xfd, 0x43, 0x52, - 0x5f, 0x96, 0xfc, 0xb7, 0x33, 0x9e, 0xde, 0x29, 0x67, 0xb2, 0xb9, 0xa6, 0xa8, 0xf3, 0x03, 0x0b, - 0x34, 0xe4, 0x80, 0xbf, 0xd6, 0x00, 0x64, 0xa1, 0xef, 0xdb, 0xc4, 0x21, 0x2e, 0xc7, 0x76, 0x6f, - 0xdd, 0xd4, 0x57, 0x24, 0xf5, 0x9d, 0x8c, 0xa9, 0x8f, 0xf9, 0xc7, 0x63, 0x18, 0x7c, 0x4f, 0xe3, - 0xa6, 0x28, 0x81, 0x1e, 0xb6, 0xc0, 0x7c, 0x93, 0xc9, 0xdf, 0xfa, 0xaa, 0x8c, 0xe4, 0x47, 0xd9, - 0x22, 0x49, 0xfe, 0x4b, 0xc7, 0x5c, 0x51, 0xf4, 0xf3, 0x4a, 0x8f, 0xfa, 0xe8, 0xf0, 0x0b, 0xb0, - 0x19, 0x10, 0xdc, 0xb8, 0xef, 0xda, 0x6d, 0xe4, 0x79, 0xfc, 0x80, 0xda, 0x84, 0xb5, 0x19, 0x27, - 0x8e, 0xbe, 0x26, 0xbb, 0x69, 0x70, 0xe3, 0x45, 0x89, 0x56, 0x28, 0xc5, 0x1b, 0x16, 0xc1, 0xac, - 0x58, 0xe9, 0x99, 0x0e, 0xe5, 0x14, 0xcb, 0x8b, 0x35, 0x4a, 0xd4, 0x9b, 0xa1, 0x9e, 0x7c, 0x64, - 0xd7, 0x5f, 0x4f, 0xdb, 0xf5, 0xe1, 0x87, 0x60, 0x85, 0x11, 0xcb, 0xf2, 0x1c, 0xbf, 0x16, 0x78, - 0x4d, 0x01, 0xae, 0x6f, 0x48, 0xe3, 0xf5, 0x6e, 0xa7, 0xb8, 0x52, 0x8f, 0xaa, 0x50, 0xdc, 0x16, - 0x1e, 0x81, 0x0d, 0x35, 0xaa, 0x8e, 0x5d, 0x86, 0x9b, 0xa4, 0xde, 0x66, 0x16, 0xb7, 0x99, 0xae, - 0x4b, 0x0c, 0xbd, 0xdb, 0x29, 0x6e, 0x54, 0x12, 0xf4, 0x28, 0xd1, 0x0b, 0x7e, 0x04, 0x56, 0x9b, - 0x5e, 0x70, 0x42, 0x1b, 0x0d, 0xe2, 0xf6, 0x91, 0xde, 0x92, 0x48, 0x1b, 0x62, 0xbc, 0x1d, 0xc4, - 0x74, 0x68, 0xcc, 0xda, 0xf8, 0xb7, 0x06, 0x0a, 0xe9, 0xeb, 0xc9, 0x1b, 0x58, 0x8b, 0x49, 0x74, - 0x2d, 0xfe, 0x28, 0xeb, 0x1f, 0x24, 0x69, 0x21, 0xa7, 0x6c, 0xc8, 0xbf, 0x9d, 0x06, 0xdf, 0x79, - 0x81, 0x7f, 0x55, 0xe0, 0xdf, 0x34, 0xb0, 0xe7, 0x67, 0xb8, 0xd2, 0xa9, 0x8a, 0xbc, 0xca, 0x5b, - 0xf2, 0x77, 0x55, 0x02, 0x99, 0xae, 0x94, 0x28, 0x53, 0x94, 0xe2, 0x9e, 0xeb, 0x62, 0x87, 0xc4, - 0xef, 0xb9, 0xf7, 0xb0, 0x43, 0x90, 0xd4, 0x18, 0x7f, 0xd6, 0xc0, 0x37, 0x2f, 0x9d, 0x19, 0xd0, - 0x8c, 0x6c, 0xdb, 0xa5, 0xd8, 0xb6, 0x5d, 0x48, 0x07, 0x78, 0xed, 0x7f, 0xc9, 0x9a, 0x9f, 0x3e, - 0x7e, 0x56, 0x98, 0x7a, 0xf2, 0xac, 0x30, 0xf5, 0xf4, 0x59, 0x61, 0xea, 0x51, 0xb7, 0xa0, 0x3d, - 0xee, 0x16, 0xb4, 0x27, 0xdd, 0x82, 0xf6, 0xb4, 0x5b, 0xd0, 0xfe, 0xd9, 0x2d, 0x68, 0xbf, 0xfa, - 0x57, 0x61, 0xea, 0xcb, 0xbd, 0x2c, 0xff, 0xde, 0xff, 0x2f, 0x00, 0x00, 0xff, 0xff, 0xc3, 0x31, - 0x4b, 0x4e, 0xe4, 0x17, 0x00, 0x00, + // 1803 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x59, 0xcd, 0x6f, 0x1b, 0xc7, + 0x15, 0xd7, 0x8a, 0xfa, 0xe2, 0x48, 0x96, 0xe4, 0x91, 0x2c, 0x4f, 0xd4, 0x98, 0x54, 0xd7, 0x6e, + 0x60, 0xb4, 0xcd, 0x32, 0x36, 0xd2, 0xc6, 0x45, 0x1a, 0x23, 0x5c, 0x31, 0x72, 0x14, 0xc8, 0x31, + 0x33, 0x8c, 0x82, 0x22, 0x08, 0x8a, 0x8c, 0x96, 0x43, 0x7a, 0xac, 0xe5, 0xee, 0x76, 0x67, 0x56, + 0x16, 0xd1, 0x4b, 0x81, 0xfe, 0x03, 0x05, 0x7a, 0xef, 0xb9, 0xfd, 0x07, 0x7a, 0x29, 0xda, 0x5e, + 0x0d, 0xb4, 0x45, 0x73, 0x2a, 0x72, 0x22, 0x6a, 0x16, 0xbd, 0xf4, 0xda, 0x9b, 0x0f, 0x45, 0x31, + 0xc3, 0xe1, 0xc7, 0x2e, 0x77, 0xe9, 0x4d, 0x6a, 0x0b, 0xbd, 0x69, 0xdf, 0xc7, 0xef, 0xfd, 0xde, + 0xcc, 0xbc, 0x37, 0x6f, 0x28, 0xf0, 0x66, 0x9b, 0x89, 0x87, 0xd1, 0x89, 0xe5, 0xf8, 0x9d, 0x8a, + 0x1f, 0x50, 0x8f, 0x3f, 0x64, 0x2d, 0x51, 0x21, 0x01, 0xab, 0x70, 0xea, 0x44, 0x21, 0x13, 0xdd, + 0xca, 0xd9, 0xad, 0x4a, 0x9b, 0x7a, 0x34, 0x24, 0x82, 0x36, 0xad, 0x20, 0xf4, 0x85, 0x0f, 0x6f, + 0x8c, 0xbd, 0xac, 0x91, 0x97, 0x45, 0x02, 0x66, 0x0d, 0xbd, 0xac, 0xb3, 0x5b, 0xbb, 0xaf, 0x4f, + 0x60, 0xb7, 0xfd, 0xb6, 0x5f, 0x51, 0xce, 0x27, 0x51, 0x4b, 0x7d, 0xa9, 0x0f, 0xf5, 0xd7, 0x00, + 0x74, 0xd7, 0x3c, 0xbd, 0xc3, 0x2d, 0xe6, 0xab, 0xe0, 0x8e, 0x1f, 0xd2, 0x94, 0xc0, 0xbb, 0x6f, + 0x8e, 0x6d, 0x3a, 0xc4, 0x79, 0xc8, 0x3c, 0x1a, 0x76, 0x2b, 0xc1, 0x69, 0x5b, 0x0a, 0x78, 0xa5, + 0x43, 0x05, 0x49, 0xf3, 0xfa, 0x7e, 0x96, 0x57, 0x18, 0x79, 0x82, 0x75, 0x68, 0x85, 0x3b, 0x0f, + 0x69, 0x87, 0x24, 0xfd, 0xcc, 0xb7, 0xc1, 0xe5, 0xaa, 0xeb, 0xfa, 0x8f, 0x69, 0xf3, 0xc0, 0xa5, + 0xe7, 0x9f, 0xf8, 0x6e, 0xd4, 0xa1, 0xf0, 0x35, 0xb0, 0xd4, 0x0c, 0xd9, 0x19, 0x0d, 0x91, 0xb1, + 0x67, 0xdc, 0x2c, 0xda, 0xeb, 0x4f, 0x7a, 0xe5, 0xb9, 0x7e, 0xaf, 0xbc, 0x54, 0x53, 0x52, 0xac, + 0xb5, 0xe6, 0xaf, 0x0d, 0xb0, 0x73, 0xd0, 0xb8, 0x17, 0xfa, 0x51, 0xd0, 0x10, 0x12, 0xb5, 0xdd, + 0x7d, 0x10, 0x08, 0xe6, 0x7b, 0x1c, 0xbe, 0x05, 0x16, 0x44, 0x37, 0xa0, 0x1a, 0xe0, 0xba, 0x06, + 0x58, 0xf8, 0xb8, 0x1b, 0xd0, 0x67, 0xbd, 0xf2, 0x56, 0xc2, 0x4b, 0x8a, 0xb1, 0x72, 0x80, 0xc7, + 0x60, 0x29, 0x24, 0x5e, 0x9b, 0x72, 0x34, 0xbf, 0x57, 0xb8, 0xb9, 0x7a, 0xfb, 0x75, 0x2b, 0xcf, + 0x46, 0x58, 0x87, 0x35, 0x2c, 0xbd, 0xc6, 0x54, 0xd5, 0x27, 0xc7, 0x1a, 0xcc, 0xbc, 0x07, 0x96, + 0xb5, 0x09, 0xbc, 0x06, 0x0a, 0x1d, 0xe6, 0x29, 0x66, 0x05, 0x7b, 0x55, 0xdb, 0x17, 0xee, 0x33, + 0x0f, 0x4b, 0xb9, 0x52, 0x93, 0x73, 0x34, 0x9f, 0x50, 0x93, 0x73, 0x2c, 0xe5, 0xe6, 0x5f, 0xe6, + 0xc1, 0xd5, 0xba, 0xdf, 0x6c, 0xe8, 0xd8, 0x75, 0xdf, 0x65, 0x4e, 0x17, 0xd3, 0x33, 0x46, 0x1f, + 0xc3, 0xcf, 0xc1, 0x8a, 0xdc, 0x9f, 0x26, 0x11, 0x04, 0x15, 0xf6, 0x8c, 0x9b, 0xab, 0xb7, 0xdf, + 0xb0, 0x06, 0xfb, 0x62, 0x4d, 0xee, 0x8b, 0x15, 0x9c, 0xb6, 0xa5, 0x80, 0x5b, 0xd2, 0x5a, 0xb2, + 0x7f, 0x70, 0xf2, 0x88, 0x3a, 0xe2, 0x3e, 0x15, 0xc4, 0x86, 0x3a, 0x22, 0x18, 0xcb, 0xf0, 0x08, + 0x15, 0x3a, 0x60, 0x81, 0x07, 0xd4, 0x51, 0xe4, 0x57, 0x6f, 0x57, 0xf3, 0xad, 0x4d, 0x06, 0xdd, + 0x46, 0x40, 0x1d, 0x7b, 0x6d, 0xb8, 0x33, 0xf2, 0x0b, 0x2b, 0x70, 0x78, 0x0a, 0x96, 0xb8, 0x20, + 0x22, 0xe2, 0x6a, 0x11, 0x56, 0x6f, 0xef, 0xff, 0x6f, 0x61, 0x14, 0xd4, 0x78, 0x63, 0x06, 0xdf, + 0x58, 0x87, 0x30, 0x7f, 0x67, 0x80, 0x6f, 0xcc, 0x20, 0x08, 0x3f, 0x02, 0x2b, 0x82, 0x76, 0x02, + 0x97, 0x08, 0xaa, 0xb3, 0xbe, 0x3e, 0xb1, 0xa6, 0x96, 0xac, 0x22, 0x1d, 0xfc, 0x63, 0x6d, 0xa6, + 0xf2, 0xda, 0xd4, 0xe1, 0x56, 0x86, 0x52, 0x3c, 0x82, 0x81, 0x87, 0x60, 0x8b, 0xd3, 0xf0, 0x8c, + 0x39, 0xb4, 0xea, 0x38, 0x7e, 0xe4, 0x89, 0x0f, 0x49, 0x47, 0x9f, 0xb7, 0xa2, 0x7d, 0xb5, 0xdf, + 0x2b, 0x6f, 0x35, 0xa6, 0xd5, 0x38, 0xcd, 0xc7, 0xfc, 0x93, 0x01, 0xae, 0xcd, 0xcc, 0x1b, 0xfe, + 0xc6, 0x00, 0x3b, 0x64, 0x50, 0x61, 0x71, 0x54, 0x8e, 0x0c, 0x75, 0xc0, 0x3f, 0xca, 0xb7, 0xba, + 0x71, 0xe7, 0xd9, 0x6b, 0x5d, 0xd2, 0xc9, 0xef, 0x54, 0x53, 0x03, 0xe3, 0x0c, 0x42, 0xe6, 0xbf, + 0xe6, 0x81, 0x39, 0x85, 0xdc, 0xa0, 0x6e, 0xab, 0x11, 0xa9, 0xc3, 0x78, 0x61, 0xc7, 0xdc, 0x8b, + 0x1d, 0xf3, 0xa3, 0xaf, 0x79, 0xfe, 0xa6, 0x98, 0x67, 0x9e, 0xf8, 0x30, 0x71, 0xe2, 0x3f, 0xf8, + 0xba, 0x11, 0x63, 0xd1, 0x66, 0x1f, 0xfc, 0x9f, 0x82, 0xd7, 0xf2, 0x31, 0x7e, 0x09, 0x25, 0x60, + 0xf6, 0xe7, 0x41, 0x69, 0x36, 0xfb, 0x0b, 0xd8, 0xe5, 0x47, 0xb1, 0x5d, 0x7e, 0xff, 0x85, 0xac, + 0xf9, 0xff, 0xd3, 0x0e, 0xff, 0xde, 0x48, 0x2b, 0xa7, 0x0b, 0xd8, 0x5e, 0xb8, 0x07, 0x16, 0x22, + 0x4e, 0x43, 0x95, 0x6b, 0x71, 0xbc, 0x1e, 0xc7, 0x9c, 0x86, 0x58, 0x69, 0xa0, 0x09, 0x96, 0xda, + 0xf2, 0x06, 0xe6, 0xa8, 0xa0, 0xda, 0x1e, 0x90, 0xfc, 0xd5, 0x9d, 0xcc, 0xb1, 0xd6, 0x98, 0xff, + 0x36, 0xc0, 0x8d, 0x3c, 0x0b, 0x00, 0xeb, 0xa0, 0xa8, 0x3b, 0x8a, 0xdd, 0x9d, 0x95, 0xc2, 0x03, + 0xed, 0xda, 0xa2, 0x21, 0xf5, 0x1c, 0x6a, 0x5f, 0xea, 0xf7, 0xca, 0xc5, 0xea, 0xd0, 0x13, 0x8f, + 0x41, 0xe4, 0x04, 0x12, 0x52, 0xc2, 0x7d, 0x4f, 0xa7, 0x30, 0xbe, 0xd6, 0x95, 0x14, 0x6b, 0x6d, + 0x6c, 0xed, 0x0a, 0x2f, 0xa6, 0x34, 0x7e, 0x6b, 0x80, 0x0d, 0x35, 0x28, 0x48, 0x62, 0x0e, 0x91, + 0xe3, 0x4c, 0xac, 0x16, 0x8c, 0x97, 0x52, 0x0b, 0xd7, 0xc1, 0xa2, 0x9a, 0x54, 0x74, 0xbe, 0x97, + 0xb4, 0xf1, 0xa2, 0x62, 0x82, 0x07, 0x3a, 0xf8, 0x2a, 0x58, 0x18, 0x95, 0xe3, 0x9a, 0xbd, 0x22, + 0xb7, 0xb4, 0x46, 0x04, 0xc1, 0x4a, 0x6a, 0xfe, 0xd5, 0x00, 0x5b, 0x09, 0xe2, 0x47, 0x8c, 0x0b, + 0xf8, 0xd9, 0x14, 0x79, 0x2b, 0x1f, 0x79, 0xe9, 0xad, 0xa8, 0x8f, 0x96, 0x6b, 0x28, 0x99, 0x20, + 0xfe, 0x29, 0x58, 0x64, 0x82, 0x76, 0x86, 0xe3, 0xda, 0xf7, 0xf2, 0xd5, 0x55, 0x82, 0xe7, 0x38, + 0xdf, 0x43, 0x89, 0x85, 0x07, 0x90, 0xe6, 0xdf, 0x0c, 0x80, 0x70, 0xe4, 0x55, 0xb9, 0x3c, 0xb8, + 0xc9, 0x09, 0xf3, 0x07, 0xb1, 0x09, 0xf3, 0x5b, 0x89, 0x09, 0xf3, 0xca, 0x94, 0xdf, 0xc4, 0x8c, + 0xf9, 0x0a, 0x28, 0x44, 0xac, 0xa9, 0x47, 0xbc, 0x65, 0x39, 0xde, 0x1d, 0x1f, 0xd6, 0xb0, 0x94, + 0xc1, 0x5b, 0x60, 0x35, 0x62, 0x4d, 0x45, 0xef, 0x3e, 0xf3, 0xd4, 0x4a, 0x17, 0xec, 0x8d, 0x7e, + 0xaf, 0xbc, 0x7a, 0xac, 0xe7, 0x47, 0x39, 0x28, 0x4e, 0xda, 0xc4, 0x5c, 0xc8, 0x39, 0x5a, 0x48, + 0x71, 0x21, 0xe7, 0x78, 0xd2, 0xc6, 0xfc, 0xa3, 0x01, 0xae, 0x35, 0xde, 0x3b, 0x62, 0x5e, 0x74, + 0xbe, 0xef, 0x7b, 0x82, 0x9e, 0x8b, 0x64, 0x76, 0x77, 0x63, 0xd9, 0x7d, 0x3b, 0x91, 0xdd, 0x6e, + 0xba, 0xf3, 0x44, 0x8a, 0x3f, 0x06, 0xeb, 0x9c, 0x2a, 0x1b, 0x8d, 0xa8, 0xfb, 0x9e, 0x99, 0x56, + 0x1e, 0x1a, 0x4d, 0x5b, 0xda, 0xb0, 0xdf, 0x2b, 0xaf, 0xc7, 0x65, 0x38, 0x81, 0x66, 0xfe, 0xe7, + 0x32, 0xd8, 0x1d, 0x36, 0x06, 0xcd, 0x62, 0xdf, 0xf7, 0xb8, 0x08, 0x09, 0xf3, 0x04, 0xbf, 0x80, + 0x82, 0xb9, 0x09, 0x56, 0x82, 0x90, 0xf9, 0x32, 0xbe, 0x4a, 0x6d, 0xd1, 0x5e, 0x93, 0x27, 0xb4, + 0xae, 0x65, 0x78, 0xa4, 0x85, 0x9f, 0x01, 0xa4, 0x1a, 0x4b, 0x3d, 0x64, 0x67, 0xcc, 0xa5, 0x6d, + 0xda, 0x94, 0x84, 0x89, 0x24, 0xa0, 0xf6, 0x77, 0xc5, 0xde, 0xd3, 0x91, 0x50, 0x35, 0xc3, 0x0e, + 0x67, 0x22, 0x40, 0x0e, 0x76, 0x9a, 0xb4, 0x45, 0x22, 0x57, 0x54, 0x9b, 0xcd, 0x7d, 0x12, 0x90, + 0x13, 0xe6, 0x32, 0xc1, 0x28, 0x47, 0x0b, 0xaa, 0xb1, 0xbe, 0x2d, 0xe7, 0xb0, 0x5a, 0xaa, 0xc5, + 0xb3, 0x5e, 0xf9, 0xda, 0xf4, 0x83, 0xd0, 0x1a, 0x99, 0x74, 0x71, 0x06, 0x34, 0xec, 0x02, 0x14, + 0xd2, 0x9f, 0x44, 0x2c, 0xa4, 0xcd, 0x5a, 0xe8, 0x07, 0xb1, 0xb0, 0x8b, 0x2a, 0xec, 0x3b, 0x32, + 0x1d, 0x9c, 0x61, 0xf3, 0xfc, 0xc0, 0x99, 0xf0, 0xf0, 0x11, 0xd8, 0xd2, 0x6d, 0x3a, 0x16, 0x75, + 0x49, 0x45, 0xbd, 0x23, 0x87, 0xe7, 0xea, 0xb4, 0xfa, 0xf9, 0x01, 0xd3, 0x40, 0x47, 0x3b, 0xf7, + 0xbe, 0xcf, 0x45, 0x8d, 0x85, 0x83, 0xd7, 0x69, 0xdd, 0x8d, 0xda, 0xcc, 0x43, 0xcb, 0x29, 0x3b, + 0x97, 0x62, 0x87, 0x33, 0x11, 0x60, 0x05, 0x2c, 0x9f, 0xa9, 0x6f, 0x8e, 0x56, 0x14, 0xfb, 0x2b, + 0xfd, 0x5e, 0x79, 0x79, 0x60, 0x22, 0x19, 0x2f, 0x1d, 0x34, 0x54, 0x41, 0x0d, 0xad, 0xe0, 0xcf, + 0x0d, 0x00, 0x49, 0xf2, 0xb1, 0xcc, 0xd1, 0x15, 0xd5, 0xf8, 0xde, 0xca, 0xd7, 0xf8, 0xa6, 0x1e, + 0xdb, 0xf6, 0xae, 0x4e, 0x01, 0x4e, 0xa9, 0x38, 0x4e, 0x09, 0x07, 0x6b, 0x60, 0x73, 0x94, 0xd2, + 0x87, 0x54, 0x3c, 0xf6, 0xc3, 0x53, 0x54, 0x54, 0x8b, 0x81, 0x34, 0xd2, 0x66, 0x35, 0xa1, 0xc7, + 0x53, 0x1e, 0xf0, 0x2e, 0x58, 0x1f, 0xc9, 0xea, 0x7e, 0x28, 0x38, 0x02, 0x0a, 0x63, 0x47, 0x63, + 0xac, 0x57, 0x63, 0x5a, 0x9c, 0xb0, 0x86, 0x77, 0xc0, 0xda, 0x58, 0x72, 0x58, 0x43, 0xab, 0xca, + 0x7b, 0x5b, 0x7b, 0xaf, 0x55, 0x27, 0x74, 0x38, 0x66, 0x19, 0xf3, 0x3c, 0xac, 0xef, 0xa3, 0xb5, + 0x0c, 0xcf, 0xc3, 0xfa, 0x3e, 0x8e, 0x59, 0xc2, 0xcf, 0x01, 0x94, 0xb3, 0x8b, 0x7a, 0x79, 0x05, + 0xc4, 0xa1, 0x47, 0xf4, 0x8c, 0xba, 0x68, 0x57, 0x75, 0xc8, 0x37, 0x86, 0xab, 0x78, 0x3c, 0x65, + 0xf1, 0xac, 0x57, 0x86, 0x71, 0x89, 0xda, 0xd6, 0x14, 0x2c, 0xd8, 0x01, 0xe5, 0x61, 0xc5, 0xc5, + 0xea, 0xfd, 0x3d, 0xee, 0x10, 0x57, 0xdd, 0x54, 0x68, 0x47, 0xd1, 0xbd, 0xde, 0xef, 0x95, 0xcb, + 0xb5, 0xd9, 0xa6, 0xf8, 0x79, 0x58, 0xf0, 0x47, 0xc9, 0xce, 0x34, 0x11, 0xe7, 0xaa, 0x8a, 0xf3, + 0xea, 0x74, 0x57, 0x9a, 0x08, 0x90, 0xe9, 0x2d, 0x8f, 0xea, 0xb0, 0x63, 0xeb, 0xee, 0x8c, 0x2e, + 0x7d, 0x95, 0xb7, 0xfc, 0xcc, 0xcb, 0x69, 0x7c, 0x48, 0xe2, 0x66, 0x38, 0x11, 0x12, 0xfa, 0xa0, + 0x18, 0x0e, 0xaf, 0x61, 0xb4, 0xae, 0xe2, 0xdf, 0xcd, 0x39, 0x1f, 0x64, 0xdc, 0xfa, 0xf6, 0x65, + 0x1d, 0xba, 0x38, 0xb2, 0xc0, 0xe3, 0x18, 0xf0, 0x97, 0x06, 0x80, 0x3c, 0x0a, 0x02, 0x97, 0x76, + 0xa8, 0x27, 0x88, 0x3b, 0x18, 0x68, 0xd1, 0x86, 0x0a, 0x7d, 0x2f, 0x67, 0xea, 0x53, 0xfe, 0x49, + 0x0e, 0xa3, 0x8a, 0x9d, 0x36, 0xc5, 0x29, 0xe1, 0x61, 0x1b, 0x2c, 0xb7, 0xb8, 0xfa, 0x1b, 0x6d, + 0x2a, 0x26, 0x3f, 0xcc, 0xc7, 0x24, 0xfd, 0xa7, 0x35, 0x7b, 0x43, 0x87, 0x5f, 0xd6, 0x7a, 0x3c, + 0x44, 0x87, 0x9f, 0x80, 0x9d, 0x90, 0x92, 0xe6, 0x03, 0xcf, 0xed, 0x62, 0xdf, 0x17, 0x07, 0xcc, + 0xa5, 0xbc, 0xcb, 0x05, 0xed, 0xa0, 0xcb, 0xea, 0x34, 0x8d, 0x7e, 0x17, 0xc0, 0xa9, 0x56, 0x38, + 0xc3, 0x1b, 0x96, 0xc1, 0xa2, 0x2c, 0x16, 0x8e, 0xa0, 0xea, 0x93, 0x45, 0x39, 0xa8, 0xc9, 0xf5, + 0xe6, 0x78, 0x20, 0x9f, 0x78, 0x4d, 0x6c, 0x65, 0xbd, 0x26, 0xe0, 0x3b, 0x60, 0x83, 0x53, 0xc7, + 0xf1, 0x3b, 0x41, 0x3d, 0xf4, 0x5b, 0x12, 0x1c, 0x6d, 0x2b, 0xe3, 0xad, 0x7e, 0xaf, 0xbc, 0xd1, + 0x88, 0xab, 0x70, 0xd2, 0x16, 0x1e, 0x81, 0x6d, 0xdd, 0x0c, 0x8f, 0x3d, 0x4e, 0x5a, 0xb4, 0xd1, + 0xe5, 0x8e, 0x70, 0x39, 0x42, 0x0a, 0x03, 0xf5, 0x7b, 0xe5, 0xed, 0x6a, 0x8a, 0x1e, 0xa7, 0x7a, + 0xc1, 0x77, 0xc1, 0x66, 0xcb, 0x0f, 0x4f, 0x58, 0xb3, 0x49, 0xbd, 0x21, 0xd2, 0x2b, 0x0a, 0x69, + 0x5b, 0x36, 0xd0, 0x83, 0x84, 0x0e, 0x4f, 0x59, 0x9b, 0xff, 0x34, 0x40, 0x29, 0x7b, 0x00, 0xba, + 0x80, 0xc1, 0x9b, 0xc6, 0x07, 0xef, 0x77, 0xf3, 0xfe, 0x8c, 0x94, 0x45, 0x39, 0x63, 0x06, 0xff, + 0xd5, 0x3c, 0xf8, 0xce, 0x57, 0xf8, 0xed, 0x09, 0xfe, 0xd9, 0x00, 0x37, 0x82, 0x1c, 0x8f, 0x46, + 0xbd, 0x22, 0x2f, 0xf2, 0x1d, 0xfe, 0x5d, 0x9d, 0x40, 0xae, 0x47, 0x2b, 0xce, 0xc5, 0x52, 0xbe, + 0xa4, 0x3d, 0xd2, 0xa1, 0xc9, 0x97, 0xb4, 0xbc, 0x37, 0xb0, 0xd2, 0x98, 0x7f, 0x30, 0xc0, 0x37, + 0x9f, 0xdb, 0x33, 0xa0, 0x1d, 0x9b, 0xe7, 0xad, 0xc4, 0x3c, 0x5f, 0xca, 0x06, 0x78, 0xe9, 0x3f, + 0x8d, 0xdb, 0x1f, 0x3c, 0x79, 0x5a, 0x9a, 0xfb, 0xe2, 0x69, 0x69, 0xee, 0xcb, 0xa7, 0xa5, 0xb9, + 0x9f, 0xf5, 0x4b, 0xc6, 0x93, 0x7e, 0xc9, 0xf8, 0xa2, 0x5f, 0x32, 0xbe, 0xec, 0x97, 0x8c, 0xbf, + 0xf7, 0x4b, 0xc6, 0x2f, 0xfe, 0x51, 0x9a, 0xfb, 0xf4, 0x46, 0x9e, 0xff, 0xa2, 0xfc, 0x37, 0x00, + 0x00, 0xff, 0xff, 0xb7, 0xb2, 0xaf, 0x36, 0x6c, 0x19, 0x00, 0x00, } func (m *AllowedFlexVolume) Marshal() (dAtA []byte, err error) { @@ -824,6 +827,16 @@ func (m *PodSecurityPolicyReview) MarshalToSizedBuffer(dAtA []byte) (int, error) _ = i var l int _ = l + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a { size, err := m.Status.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -946,6 +959,16 @@ func (m *PodSecurityPolicySelfSubjectReview) MarshalToSizedBuffer(dAtA []byte) ( _ = i var l int _ = l + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a { size, err := m.Status.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -1022,6 +1045,16 @@ func (m *PodSecurityPolicySubjectReview) MarshalToSizedBuffer(dAtA []byte) (int, _ = i var l int _ = l + { + size, err := m.ObjectMeta.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintGenerated(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a { size, err := m.Status.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -1337,6 +1370,13 @@ func (m *SecurityContextConstraints) MarshalToSizedBuffer(dAtA []byte) (int, err _ = i var l int _ = l + i -= len(m.UserNamespaceLevel) + copy(dAtA[i:], m.UserNamespaceLevel) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.UserNamespaceLevel))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xd2 if len(m.ForbiddenSysctls) > 0 { for iNdEx := len(m.ForbiddenSysctls) - 1; iNdEx >= 0; iNdEx-- { i -= len(m.ForbiddenSysctls[iNdEx]) @@ -1773,6 +1813,8 @@ func (m *PodSecurityPolicyReview) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = m.Status.Size() n += 1 + l + sovGenerated(uint64(l)) + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -1818,6 +1860,8 @@ func (m *PodSecurityPolicySelfSubjectReview) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = m.Status.Size() n += 1 + l + sovGenerated(uint64(l)) + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -1842,6 +1886,8 @@ func (m *PodSecurityPolicySubjectReview) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = m.Status.Size() n += 1 + l + sovGenerated(uint64(l)) + l = m.ObjectMeta.Size() + n += 1 + l + sovGenerated(uint64(l)) return n } @@ -2042,6 +2088,8 @@ func (m *SecurityContextConstraints) Size() (n int) { n += 2 + l + sovGenerated(uint64(l)) } } + l = len(m.UserNamespaceLevel) + n += 2 + l + sovGenerated(uint64(l)) return n } @@ -2142,6 +2190,7 @@ func (this *PodSecurityPolicyReview) String() string { s := strings.Join([]string{`&PodSecurityPolicyReview{`, `Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "PodSecurityPolicyReviewSpec", "PodSecurityPolicyReviewSpec", 1), `&`, ``, 1) + `,`, `Status:` + strings.Replace(strings.Replace(this.Status.String(), "PodSecurityPolicyReviewStatus", "PodSecurityPolicyReviewStatus", 1), `&`, ``, 1) + `,`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -2151,7 +2200,7 @@ func (this *PodSecurityPolicyReviewSpec) String() string { return "nil" } s := strings.Join([]string{`&PodSecurityPolicyReviewSpec{`, - `Template:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Template), "PodTemplateSpec", "v1.PodTemplateSpec", 1), `&`, ``, 1) + `,`, + `Template:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Template), "PodTemplateSpec", "v11.PodTemplateSpec", 1), `&`, ``, 1) + `,`, `ServiceAccountNames:` + fmt.Sprintf("%v", this.ServiceAccountNames) + `,`, `}`, }, "") @@ -2179,6 +2228,7 @@ func (this *PodSecurityPolicySelfSubjectReview) String() string { s := strings.Join([]string{`&PodSecurityPolicySelfSubjectReview{`, `Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "PodSecurityPolicySelfSubjectReviewSpec", "PodSecurityPolicySelfSubjectReviewSpec", 1), `&`, ``, 1) + `,`, `Status:` + strings.Replace(strings.Replace(this.Status.String(), "PodSecurityPolicySubjectReviewStatus", "PodSecurityPolicySubjectReviewStatus", 1), `&`, ``, 1) + `,`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -2188,7 +2238,7 @@ func (this *PodSecurityPolicySelfSubjectReviewSpec) String() string { return "nil" } s := strings.Join([]string{`&PodSecurityPolicySelfSubjectReviewSpec{`, - `Template:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Template), "PodTemplateSpec", "v1.PodTemplateSpec", 1), `&`, ``, 1) + `,`, + `Template:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Template), "PodTemplateSpec", "v11.PodTemplateSpec", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -2200,6 +2250,7 @@ func (this *PodSecurityPolicySubjectReview) String() string { s := strings.Join([]string{`&PodSecurityPolicySubjectReview{`, `Spec:` + strings.Replace(strings.Replace(this.Spec.String(), "PodSecurityPolicySubjectReviewSpec", "PodSecurityPolicySubjectReviewSpec", 1), `&`, ``, 1) + `,`, `Status:` + strings.Replace(strings.Replace(this.Status.String(), "PodSecurityPolicySubjectReviewStatus", "PodSecurityPolicySubjectReviewStatus", 1), `&`, ``, 1) + `,`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -2209,7 +2260,7 @@ func (this *PodSecurityPolicySubjectReviewSpec) String() string { return "nil" } s := strings.Join([]string{`&PodSecurityPolicySubjectReviewSpec{`, - `Template:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Template), "PodTemplateSpec", "v1.PodTemplateSpec", 1), `&`, ``, 1) + `,`, + `Template:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Template), "PodTemplateSpec", "v11.PodTemplateSpec", 1), `&`, ``, 1) + `,`, `User:` + fmt.Sprintf("%v", this.User) + `,`, `Groups:` + fmt.Sprintf("%v", this.Groups) + `,`, `}`, @@ -2221,9 +2272,9 @@ func (this *PodSecurityPolicySubjectReviewStatus) String() string { return "nil" } s := strings.Join([]string{`&PodSecurityPolicySubjectReviewStatus{`, - `AllowedBy:` + strings.Replace(fmt.Sprintf("%v", this.AllowedBy), "ObjectReference", "v1.ObjectReference", 1) + `,`, + `AllowedBy:` + strings.Replace(fmt.Sprintf("%v", this.AllowedBy), "ObjectReference", "v11.ObjectReference", 1) + `,`, `Reason:` + fmt.Sprintf("%v", this.Reason) + `,`, - `Template:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Template), "PodTemplateSpec", "v1.PodTemplateSpec", 1), `&`, ``, 1) + `,`, + `Template:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Template), "PodTemplateSpec", "v11.PodTemplateSpec", 1), `&`, ``, 1) + `,`, `}`, }, "") return s @@ -2233,7 +2284,7 @@ func (this *RangeAllocation) String() string { return "nil" } s := strings.Join([]string{`&RangeAllocation{`, - `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v11.ObjectMeta", 1), `&`, ``, 1) + `,`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, `Range:` + fmt.Sprintf("%v", this.Range) + `,`, `Data:` + valueToStringGenerated(this.Data) + `,`, `}`, @@ -2250,7 +2301,7 @@ func (this *RangeAllocationList) String() string { } repeatedStringForItems += "}" s := strings.Join([]string{`&RangeAllocationList{`, - `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v11.ListMeta", 1), `&`, ``, 1) + `,`, + `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`, `Items:` + repeatedStringForItems + `,`, `}`, }, "") @@ -2275,7 +2326,7 @@ func (this *SELinuxContextStrategyOptions) String() string { } s := strings.Join([]string{`&SELinuxContextStrategyOptions{`, `Type:` + fmt.Sprintf("%v", this.Type) + `,`, - `SELinuxOptions:` + strings.Replace(fmt.Sprintf("%v", this.SELinuxOptions), "SELinuxOptions", "v1.SELinuxOptions", 1) + `,`, + `SELinuxOptions:` + strings.Replace(fmt.Sprintf("%v", this.SELinuxOptions), "SELinuxOptions", "v11.SELinuxOptions", 1) + `,`, `}`, }, "") return s @@ -2290,7 +2341,7 @@ func (this *SecurityContextConstraints) String() string { } repeatedStringForAllowedFlexVolumes += "}" s := strings.Join([]string{`&SecurityContextConstraints{`, - `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v11.ObjectMeta", 1), `&`, ``, 1) + `,`, + `ObjectMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ObjectMeta), "ObjectMeta", "v1.ObjectMeta", 1), `&`, ``, 1) + `,`, `Priority:` + valueToStringGenerated(this.Priority) + `,`, `AllowPrivilegedContainer:` + fmt.Sprintf("%v", this.AllowPrivilegedContainer) + `,`, `DefaultAddCapabilities:` + fmt.Sprintf("%v", this.DefaultAddCapabilities) + `,`, @@ -2315,6 +2366,7 @@ func (this *SecurityContextConstraints) String() string { `AllowPrivilegeEscalation:` + valueToStringGenerated(this.AllowPrivilegeEscalation) + `,`, `AllowedUnsafeSysctls:` + fmt.Sprintf("%v", this.AllowedUnsafeSysctls) + `,`, `ForbiddenSysctls:` + fmt.Sprintf("%v", this.ForbiddenSysctls) + `,`, + `UserNamespaceLevel:` + fmt.Sprintf("%v", this.UserNamespaceLevel) + `,`, `}`, }, "") return s @@ -2329,7 +2381,7 @@ func (this *SecurityContextConstraintsList) String() string { } repeatedStringForItems += "}" s := strings.Join([]string{`&SecurityContextConstraintsList{`, - `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v11.ListMeta", 1), `&`, ``, 1) + `,`, + `ListMeta:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.ListMeta), "ListMeta", "v1.ListMeta", 1), `&`, ``, 1) + `,`, `Items:` + repeatedStringForItems + `,`, `}`, }, "") @@ -2751,6 +2803,39 @@ func (m *PodSecurityPolicyReview) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -3066,6 +3151,39 @@ func (m *PodSecurityPolicySelfSubjectReview) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -3265,6 +3383,39 @@ func (m *PodSecurityPolicySubjectReview) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ObjectMeta", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if err := m.ObjectMeta.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -3492,7 +3643,7 @@ func (m *PodSecurityPolicySubjectReviewStatus) Unmarshal(dAtA []byte) error { return io.ErrUnexpectedEOF } if m.AllowedBy == nil { - m.AllowedBy = &v1.ObjectReference{} + m.AllowedBy = &v11.ObjectReference{} } if err := m.AllowedBy.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err @@ -4083,7 +4234,7 @@ func (m *SELinuxContextStrategyOptions) Unmarshal(dAtA []byte) error { return io.ErrUnexpectedEOF } if m.SELinuxOptions == nil { - m.SELinuxOptions = &v1.SELinuxOptions{} + m.SELinuxOptions = &v11.SELinuxOptions{} } if err := m.SELinuxOptions.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err @@ -4828,6 +4979,38 @@ func (m *SecurityContextConstraints) Unmarshal(dAtA []byte) error { } m.ForbiddenSysctls = append(m.ForbiddenSysctls, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex + case 26: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field UserNamespaceLevel", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.UserNamespaceLevel = NamespaceLevelType(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/vendor/github.com/openshift/api/security/v1/generated.proto b/vendor/github.com/openshift/api/security/v1/generated.proto index 0f00758e5b..fdb879ce0d 100644 --- a/vendor/github.com/openshift/api/security/v1/generated.proto +++ b/vendor/github.com/openshift/api/security/v1/generated.proto @@ -25,6 +25,7 @@ message FSGroupStrategyOptions { // Ranges are the allowed ranges of fs groups. If you would like to force a single // fs group then supply a single range with the same start and end. + // +listType=atomic repeated IDRange ranges = 2; } @@ -43,6 +44,10 @@ message IDRange { // Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=2 message PodSecurityPolicyReview { + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 3; + // spec is the PodSecurityPolicy to check. optional PodSecurityPolicyReviewSpec spec = 1; @@ -56,7 +61,7 @@ message PodSecurityPolicyReviewSpec { // if serviceAccountNames is empty, unless the template.spec.serviceAccountName is empty, // in which case "default" is used. // If serviceAccountNames is specified, template.spec.serviceAccountName is ignored. - optional k8s.io.api.core.v1.PodTemplateSpec template = 1; + optional .k8s.io.api.core.v1.PodTemplateSpec template = 1; // serviceAccountNames is an optional set of ServiceAccounts to run the check with. // If serviceAccountNames is empty, the template.spec.serviceAccountName is used, @@ -76,6 +81,10 @@ message PodSecurityPolicyReviewStatus { // Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=2 message PodSecurityPolicySelfSubjectReview { + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 3; + // spec defines specification the PodSecurityPolicySelfSubjectReview. optional PodSecurityPolicySelfSubjectReviewSpec spec = 1; @@ -86,7 +95,7 @@ message PodSecurityPolicySelfSubjectReview { // PodSecurityPolicySelfSubjectReviewSpec contains specification for PodSecurityPolicySelfSubjectReview. message PodSecurityPolicySelfSubjectReviewSpec { // template is the PodTemplateSpec to check. - optional k8s.io.api.core.v1.PodTemplateSpec template = 1; + optional .k8s.io.api.core.v1.PodTemplateSpec template = 1; } // PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec. @@ -94,6 +103,10 @@ message PodSecurityPolicySelfSubjectReviewSpec { // Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=2 message PodSecurityPolicySubjectReview { + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 3; + // spec defines specification for the PodSecurityPolicySubjectReview. optional PodSecurityPolicySubjectReviewSpec spec = 1; @@ -105,7 +118,7 @@ message PodSecurityPolicySubjectReview { message PodSecurityPolicySubjectReviewSpec { // template is the PodTemplateSpec to check. If template.spec.serviceAccountName is empty it will not be defaulted. // If its non-empty, it will be checked. - optional k8s.io.api.core.v1.PodTemplateSpec template = 1; + optional .k8s.io.api.core.v1.PodTemplateSpec template = 1; // user is the user you're testing for. // If you specify "user" but not "group", then is it interpreted as "What if user were not a member of any groups. @@ -121,7 +134,7 @@ message PodSecurityPolicySubjectReviewStatus { // allowedBy is a reference to the rule that allows the PodTemplateSpec. // A rule can be a SecurityContextConstraint or a PodSecurityPolicy // A `nil`, indicates that it was denied. - optional k8s.io.api.core.v1.ObjectReference allowedBy = 1; + optional .k8s.io.api.core.v1.ObjectReference allowedBy = 1; // A machine-readable description of why this operation is in the // "Failure" status. If this value is empty there @@ -129,7 +142,7 @@ message PodSecurityPolicySubjectReviewStatus { optional string reason = 2; // template is the PodTemplateSpec after the defaulting is applied. - optional k8s.io.api.core.v1.PodTemplateSpec template = 3; + optional .k8s.io.api.core.v1.PodTemplateSpec template = 3; } // RangeAllocation is used so we can easily expose a RangeAllocation typed for security group @@ -139,7 +152,7 @@ message PodSecurityPolicySubjectReviewStatus { message RangeAllocation { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // range is a string representing a unique label for a range of uids, "1000000000-2000000000/10000". optional string range = 2; @@ -156,7 +169,7 @@ message RangeAllocation { message RangeAllocationList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // List of RangeAllocations. repeated RangeAllocation items = 2; @@ -184,7 +197,7 @@ message SELinuxContextStrategyOptions { optional string type = 1; // seLinuxOptions required to run as; required for MustRunAs - optional k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 2; + optional .k8s.io.api.core.v1.SELinuxOptions seLinuxOptions = 2; } // SecurityContextConstraints governs the ability to make requests that affect the SecurityContext @@ -214,7 +227,7 @@ message SELinuxContextStrategyOptions { message SecurityContextConstraints { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Priority influences the sort order of SCCs when evaluating which SCCs to try first for // a given pod request based on access in the Users and Groups fields. The higher the int, the @@ -232,11 +245,13 @@ message SecurityContextConstraints { // unless the pod spec specifically drops the capability. You may not list a capabiility in both // DefaultAddCapabilities and RequiredDropCapabilities. // +nullable + // +listType=atomic repeated string defaultAddCapabilities = 4; // RequiredDropCapabilities are the capabilities that will be dropped from the container. These // are required to be dropped and cannot be added. // +nullable + // +listType=atomic repeated string requiredDropCapabilities = 5; // AllowedCapabilities is a list of capabilities that can be requested to add to the container. @@ -244,6 +259,7 @@ message SecurityContextConstraints { // You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. // To allow all capabilities you may use '*'. // +nullable + // +listType=atomic repeated string allowedCapabilities = 6; // AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin @@ -254,6 +270,7 @@ message SecurityContextConstraints { // of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use "*". // To allow no volumes, set to ["none"]. // +nullable + // +listType=atomic repeated string volumes = 8; // AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all @@ -261,6 +278,7 @@ message SecurityContextConstraints { // is allowed in the "Volumes" field. // +optional // +nullable + // +listType=atomic repeated AllowedFlexVolume allowedFlexVolumes = 21; // AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec. @@ -275,6 +293,18 @@ message SecurityContextConstraints { // AllowHostIPC determines if the policy allows host ipc in the containers. optional bool allowHostIPC = 12; + // userNamespaceLevel determines if the policy allows host users in containers. + // Valid values are "AllowHostLevel", "RequirePodLevel", and omitted. + // When "AllowHostLevel" is set, a pod author may set `hostUsers` to either `true` or `false`. + // When "RequirePodLevel" is set, a pod author must set `hostUsers` to `false`. + // When omitted, the default value is "AllowHostLevel". + // +openshift:enable:FeatureGate=UserNamespacesPodSecurityStandards + // +kubebuilder:validation:Enum="AllowHostLevel";"RequirePodLevel" + // +kubebuilder:default:="AllowHostLevel" + // +default="AllowHostLevel" + // +optional + optional string userNamespaceLevel = 26; + // DefaultAllowPrivilegeEscalation controls the default setting for whether a // process can gain more privileges than its parent process. // +optional @@ -313,11 +343,13 @@ message SecurityContextConstraints { // The users who have permissions to use this security context constraints // +optional // +nullable + // +listType=atomic repeated string users = 18; // The groups that have permission to use this security context constraints // +optional // +nullable + // +listType=atomic repeated string groups = 19; // SeccompProfiles lists the allowed profiles that may be set for the pod or @@ -326,6 +358,7 @@ message SecurityContextConstraints { // used to generate a value for a pod the first non-wildcard profile will be used as // the default. // +nullable + // +listType=atomic repeated string seccompProfiles = 20; // AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. @@ -338,6 +371,7 @@ message SecurityContextConstraints { // e.g. "foo.*" allows "foo.bar", "foo.baz", etc. // +optional // +nullable + // +listType=atomic repeated string allowedUnsafeSysctls = 24; // ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. @@ -349,6 +383,7 @@ message SecurityContextConstraints { // e.g. "foo.*" forbids "foo.bar", "foo.baz", etc. // +optional // +nullable + // +listType=atomic repeated string forbiddenSysctls = 25; } @@ -359,7 +394,7 @@ message SecurityContextConstraints { message SecurityContextConstraintsList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // List of security context constraints. repeated SecurityContextConstraints items = 2; @@ -380,6 +415,7 @@ message SupplementalGroupsStrategyOptions { // Ranges are the allowed ranges of supplemental groups. If you would like to force a single // supplemental group then supply a single range with the same start and end. + // +listType=atomic repeated IDRange ranges = 2; } diff --git a/vendor/github.com/openshift/api/security/v1/types.go b/vendor/github.com/openshift/api/security/v1/types.go index 44db1cdd39..9d0af5c8dd 100644 --- a/vendor/github.com/openshift/api/security/v1/types.go +++ b/vendor/github.com/openshift/api/security/v1/types.go @@ -60,16 +60,19 @@ type SecurityContextConstraints struct { // unless the pod spec specifically drops the capability. You may not list a capabiility in both // DefaultAddCapabilities and RequiredDropCapabilities. // +nullable + // +listType=atomic DefaultAddCapabilities []corev1.Capability `json:"defaultAddCapabilities" protobuf:"bytes,4,rep,name=defaultAddCapabilities,casttype=Capability"` // RequiredDropCapabilities are the capabilities that will be dropped from the container. These // are required to be dropped and cannot be added. // +nullable + // +listType=atomic RequiredDropCapabilities []corev1.Capability `json:"requiredDropCapabilities" protobuf:"bytes,5,rep,name=requiredDropCapabilities,casttype=Capability"` // AllowedCapabilities is a list of capabilities that can be requested to add to the container. // Capabilities in this field maybe added at the pod author's discretion. // You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. // To allow all capabilities you may use '*'. // +nullable + // +listType=atomic AllowedCapabilities []corev1.Capability `json:"allowedCapabilities" protobuf:"bytes,6,rep,name=allowedCapabilities,casttype=Capability"` // AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin // +k8s:conversion-gen=false @@ -78,12 +81,14 @@ type SecurityContextConstraints struct { // of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use "*". // To allow no volumes, set to ["none"]. // +nullable + // +listType=atomic Volumes []FSType `json:"volumes" protobuf:"bytes,8,rep,name=volumes,casttype=FSType"` // AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all // Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes // is allowed in the "Volumes" field. // +optional // +nullable + // +listType=atomic AllowedFlexVolumes []AllowedFlexVolume `json:"allowedFlexVolumes,omitempty" protobuf:"bytes,21,rep,name=allowedFlexVolumes"` // AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec. AllowHostNetwork bool `json:"allowHostNetwork" protobuf:"varint,9,opt,name=allowHostNetwork"` @@ -93,6 +98,17 @@ type SecurityContextConstraints struct { AllowHostPID bool `json:"allowHostPID" protobuf:"varint,11,opt,name=allowHostPID"` // AllowHostIPC determines if the policy allows host ipc in the containers. AllowHostIPC bool `json:"allowHostIPC" protobuf:"varint,12,opt,name=allowHostIPC"` + // userNamespaceLevel determines if the policy allows host users in containers. + // Valid values are "AllowHostLevel", "RequirePodLevel", and omitted. + // When "AllowHostLevel" is set, a pod author may set `hostUsers` to either `true` or `false`. + // When "RequirePodLevel" is set, a pod author must set `hostUsers` to `false`. + // When omitted, the default value is "AllowHostLevel". + // +openshift:enable:FeatureGate=UserNamespacesPodSecurityStandards + // +kubebuilder:validation:Enum="AllowHostLevel";"RequirePodLevel" + // +kubebuilder:default:="AllowHostLevel" + // +default="AllowHostLevel" + // +optional + UserNamespaceLevel NamespaceLevelType `json:"userNamespaceLevel,omitempty" protobuf:"bytes,26,opt,name=userNamespaceLevel"` // DefaultAllowPrivilegeEscalation controls the default setting for whether a // process can gain more privileges than its parent process. // +optional @@ -125,10 +141,12 @@ type SecurityContextConstraints struct { // The users who have permissions to use this security context constraints // +optional // +nullable + // +listType=atomic Users []string `json:"users" protobuf:"bytes,18,rep,name=users"` // The groups that have permission to use this security context constraints // +optional // +nullable + // +listType=atomic Groups []string `json:"groups" protobuf:"bytes,19,rep,name=groups"` // SeccompProfiles lists the allowed profiles that may be set for the pod or @@ -137,6 +155,7 @@ type SecurityContextConstraints struct { // used to generate a value for a pod the first non-wildcard profile will be used as // the default. // +nullable + // +listType=atomic SeccompProfiles []string `json:"seccompProfiles,omitempty" protobuf:"bytes,20,opt,name=seccompProfiles"` // AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. @@ -149,6 +168,7 @@ type SecurityContextConstraints struct { // e.g. "foo.*" allows "foo.bar", "foo.baz", etc. // +optional // +nullable + // +listType=atomic AllowedUnsafeSysctls []string `json:"allowedUnsafeSysctls,omitempty" protobuf:"bytes,24,rep,name=allowedUnsafeSysctls"` // ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. // Each entry is either a plain sysctl name or ends in "*" in which case it is considered @@ -159,6 +179,7 @@ type SecurityContextConstraints struct { // e.g. "foo.*" forbids "foo.bar", "foo.baz", etc. // +optional // +nullable + // +listType=atomic ForbiddenSysctls []string `json:"forbiddenSysctls,omitempty" protobuf:"bytes,25,rep,name=forbiddenSysctls"` } @@ -195,6 +216,7 @@ var ( FSStorageOS FSType = "storageOS" FSTypeCSI FSType = "csi" FSTypeEphemeral FSType = "ephemeral" + FSTypeImage FSType = "image" FSTypeAll FSType = "*" FSTypeNone FSType = "none" ) @@ -232,6 +254,7 @@ type FSGroupStrategyOptions struct { Type FSGroupStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=FSGroupStrategyType"` // Ranges are the allowed ranges of fs groups. If you would like to force a single // fs group then supply a single range with the same start and end. + // +listType=atomic Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"` } @@ -241,6 +264,7 @@ type SupplementalGroupsStrategyOptions struct { Type SupplementalGroupsStrategyType `json:"type,omitempty" protobuf:"bytes,1,opt,name=type,casttype=SupplementalGroupsStrategyType"` // Ranges are the allowed ranges of supplemental groups. If you would like to force a single // supplemental group then supply a single range with the same start and end. + // +listType=atomic Ranges []IDRange `json:"ranges,omitempty" protobuf:"bytes,2,rep,name=ranges"` } @@ -253,6 +277,9 @@ type IDRange struct { Max int64 `json:"max,omitempty" protobuf:"varint,2,opt,name=max"` } +// NamespaceLevelType shows the allowable values for the UserNamespaceLevel field. +type NamespaceLevelType string + // SELinuxContextStrategyType denotes strategy types for generating SELinux options for a // SecurityContext type SELinuxContextStrategyType string @@ -270,6 +297,11 @@ type SupplementalGroupsStrategyType string type FSGroupStrategyType string const ( + // NamespaceLevelAllowHost allows a pod to set `hostUsers` field to either `true` or `false` + NamespaceLevelAllowHost NamespaceLevelType = "AllowHostLevel" + // NamespaceLevelRequirePod requires the `hostUsers` field be `false` in a pod. + NamespaceLevelRequirePod NamespaceLevelType = "RequirePodLevel" + // container must have SELinux labels of X applied. SELinuxStrategyMustRunAs SELinuxContextStrategyType = "MustRunAs" // container may make requests for any SELinux context labels. @@ -323,6 +355,10 @@ type SecurityContextConstraintsList struct { type PodSecurityPolicySubjectReview struct { metav1.TypeMeta `json:",inline"` + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,3,opt,name=metadata"` + // spec defines specification for the PodSecurityPolicySubjectReview. Spec PodSecurityPolicySubjectReviewSpec `json:"spec" protobuf:"bytes,1,opt,name=spec"` @@ -372,6 +408,10 @@ type PodSecurityPolicySubjectReviewStatus struct { type PodSecurityPolicySelfSubjectReview struct { metav1.TypeMeta `json:",inline"` + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,3,opt,name=metadata"` + // spec defines specification the PodSecurityPolicySelfSubjectReview. Spec PodSecurityPolicySelfSubjectReviewSpec `json:"spec" protobuf:"bytes,1,opt,name=spec"` @@ -396,6 +436,10 @@ type PodSecurityPolicySelfSubjectReviewSpec struct { type PodSecurityPolicyReview struct { metav1.TypeMeta `json:",inline"` + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,3,opt,name=metadata"` + // spec is the PodSecurityPolicy to check. Spec PodSecurityPolicyReviewSpec `json:"spec" protobuf:"bytes,1,opt,name=spec"` diff --git a/vendor/github.com/openshift/api/security/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/security/v1/zz_generated.deepcopy.go index 26c88f7de8..66e8b5a21c 100644 --- a/vendor/github.com/openshift/api/security/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/security/v1/zz_generated.deepcopy.go @@ -67,6 +67,7 @@ func (in *IDRange) DeepCopy() *IDRange { func (in *PodSecurityPolicyReview) DeepCopyInto(out *PodSecurityPolicyReview) { *out = *in out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) return @@ -139,6 +140,7 @@ func (in *PodSecurityPolicyReviewStatus) DeepCopy() *PodSecurityPolicyReviewStat func (in *PodSecurityPolicySelfSubjectReview) DeepCopyInto(out *PodSecurityPolicySelfSubjectReview) { *out = *in out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) return @@ -183,6 +185,7 @@ func (in *PodSecurityPolicySelfSubjectReviewSpec) DeepCopy() *PodSecurityPolicyS func (in *PodSecurityPolicySubjectReview) DeepCopyInto(out *PodSecurityPolicySubjectReview) { *out = *in out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) in.Status.DeepCopyInto(&out.Status) return diff --git a/vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml index 86f78058a2..178c970780 100644 --- a/vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml @@ -5,7 +5,8 @@ securitycontextconstraints.security.openshift.io: CRDName: securitycontextconstraints.security.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - UserNamespacesPodSecurityStandards FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_03" diff --git a/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go index a72b8ecf08..2f242366a8 100644 --- a/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go @@ -41,9 +41,10 @@ func (IDRange) SwaggerDoc() map[string]string { } var map_PodSecurityPolicyReview = map[string]string{ - "": "PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "spec": "spec is the PodSecurityPolicy to check.", - "status": "status represents the current information/status for the PodSecurityPolicyReview.", + "": "PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec is the PodSecurityPolicy to check.", + "status": "status represents the current information/status for the PodSecurityPolicyReview.", } func (PodSecurityPolicyReview) SwaggerDoc() map[string]string { @@ -70,9 +71,10 @@ func (PodSecurityPolicyReviewStatus) SwaggerDoc() map[string]string { } var map_PodSecurityPolicySelfSubjectReview = map[string]string{ - "": "PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "spec": "spec defines specification the PodSecurityPolicySelfSubjectReview.", - "status": "status represents the current information/status for the PodSecurityPolicySelfSubjectReview.", + "": "PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec defines specification the PodSecurityPolicySelfSubjectReview.", + "status": "status represents the current information/status for the PodSecurityPolicySelfSubjectReview.", } func (PodSecurityPolicySelfSubjectReview) SwaggerDoc() map[string]string { @@ -89,9 +91,10 @@ func (PodSecurityPolicySelfSubjectReviewSpec) SwaggerDoc() map[string]string { } var map_PodSecurityPolicySubjectReview = map[string]string{ - "": "PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "spec": "spec defines specification for the PodSecurityPolicySubjectReview.", - "status": "status represents the current information/status for the PodSecurityPolicySubjectReview.", + "": "PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec defines specification for the PodSecurityPolicySubjectReview.", + "status": "status represents the current information/status for the PodSecurityPolicySubjectReview.", } func (PodSecurityPolicySubjectReview) SwaggerDoc() map[string]string { @@ -178,6 +181,7 @@ var map_SecurityContextConstraints = map[string]string{ "allowHostPorts": "AllowHostPorts determines if the policy allows host ports in the containers.", "allowHostPID": "AllowHostPID determines if the policy allows host pid in the containers.", "allowHostIPC": "AllowHostIPC determines if the policy allows host ipc in the containers.", + "userNamespaceLevel": "userNamespaceLevel determines if the policy allows host users in containers. Valid values are \"AllowHostLevel\", \"RequirePodLevel\", and omitted. When \"AllowHostLevel\" is set, a pod author may set `hostUsers` to either `true` or `false`. When \"RequirePodLevel\" is set, a pod author must set `hostUsers` to `false`. When omitted, the default value is \"AllowHostLevel\".", "defaultAllowPrivilegeEscalation": "DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.", "allowPrivilegeEscalation": "AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.", "seLinuxContext": "SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.", diff --git a/vendor/github.com/openshift/api/template/v1/generated.proto b/vendor/github.com/openshift/api/template/v1/generated.proto index 24b37bcd7e..5ff4d7b1d6 100644 --- a/vendor/github.com/openshift/api/template/v1/generated.proto +++ b/vendor/github.com/openshift/api/template/v1/generated.proto @@ -21,7 +21,7 @@ option go_package = "github.com/openshift/api/template/v1"; message BrokerTemplateInstance { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // spec describes the state of this BrokerTemplateInstance. optional BrokerTemplateInstanceSpec spec = 2; @@ -34,7 +34,7 @@ message BrokerTemplateInstance { message BrokerTemplateInstanceList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // items is a list of BrokerTemplateInstances repeated BrokerTemplateInstance items = 2; @@ -44,11 +44,11 @@ message BrokerTemplateInstanceList { message BrokerTemplateInstanceSpec { // templateinstance is a reference to a TemplateInstance object residing // in a namespace. - optional k8s.io.api.core.v1.ObjectReference templateInstance = 1; + optional .k8s.io.api.core.v1.ObjectReference templateInstance = 1; // secret is a reference to a Secret object residing in a namespace, // containing the necessary template parameters. - optional k8s.io.api.core.v1.ObjectReference secret = 2; + optional .k8s.io.api.core.v1.ObjectReference secret = 2; // bindingids is a list of 'binding_id's provided during successive bind // calls to the template service broker. @@ -115,7 +115,7 @@ message Parameter { message Template { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // message is an optional instructional message that will // be displayed when this template is instantiated. @@ -132,7 +132,7 @@ message Template { // value after parameter substitution will be respected and the object // will be created in that namespace. // +kubebuilder:pruning:PreserveUnknownFields - repeated k8s.io.apimachinery.pkg.runtime.RawExtension objects = 3; + repeated .k8s.io.apimachinery.pkg.runtime.RawExtension objects = 3; // parameters is an optional array of Parameters used during the // Template to Config transformation. @@ -151,7 +151,7 @@ message Template { message TemplateInstance { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // spec describes the desired state of this TemplateInstance. optional TemplateInstanceSpec spec = 2; @@ -172,7 +172,7 @@ message TemplateInstanceCondition { // LastTransitionTime is the last time a condition status transitioned from // one state to another. - optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3; // Reason is a brief machine readable explanation for the condition's last // transition. @@ -190,7 +190,7 @@ message TemplateInstanceCondition { message TemplateInstanceList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // items is a list of Templateinstances repeated TemplateInstance items = 2; @@ -201,7 +201,7 @@ message TemplateInstanceObject { // ref is a reference to the created object. When used under .spec, only // name and namespace are used; these can contain references to parameters // which will be substituted following the usual rules. - optional k8s.io.api.core.v1.ObjectReference ref = 1; + optional .k8s.io.api.core.v1.ObjectReference ref = 1; } // TemplateInstanceRequester holds the identity of an agent requesting a @@ -229,7 +229,7 @@ message TemplateInstanceSpec { // secret is a reference to a Secret object containing the necessary // template parameters. - optional k8s.io.api.core.v1.LocalObjectReference secret = 2; + optional .k8s.io.api.core.v1.LocalObjectReference secret = 2; // requester holds the identity of the agent requesting the template // instantiation. @@ -254,7 +254,7 @@ message TemplateInstanceStatus { message TemplateList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is a list of templates repeated Template items = 2; diff --git a/vendor/github.com/openshift/api/user/v1/generated.proto b/vendor/github.com/openshift/api/user/v1/generated.proto index 5b8a2eb12c..c1c2b8156b 100644 --- a/vendor/github.com/openshift/api/user/v1/generated.proto +++ b/vendor/github.com/openshift/api/user/v1/generated.proto @@ -19,7 +19,7 @@ option go_package = "github.com/openshift/api/user/v1"; message Group { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Users is the list of users in this group. optional OptionalNames users = 2; @@ -32,7 +32,7 @@ message Group { message GroupList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of groups repeated Group items = 2; @@ -49,7 +49,7 @@ message GroupList { message Identity { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // ProviderName is the source of identity information optional string providerName = 2; @@ -59,7 +59,7 @@ message Identity { // User is a reference to the user this identity is associated with // Both Name and UID must be set - optional k8s.io.api.core.v1.ObjectReference user = 4; + optional .k8s.io.api.core.v1.ObjectReference user = 4; // Extra holds extra information about this identity map extra = 5; @@ -72,7 +72,7 @@ message Identity { message IdentityList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of identities repeated Identity items = 2; @@ -98,7 +98,7 @@ message OptionalNames { message User { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // FullName is the full name of user optional string fullName = 2; @@ -120,13 +120,13 @@ message User { message UserIdentityMapping { // metadata is the standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; // Identity is a reference to an identity - optional k8s.io.api.core.v1.ObjectReference identity = 2; + optional .k8s.io.api.core.v1.ObjectReference identity = 2; // User is a reference to a user - optional k8s.io.api.core.v1.ObjectReference user = 3; + optional .k8s.io.api.core.v1.ObjectReference user = 3; } // UserList is a collection of Users @@ -136,7 +136,7 @@ message UserIdentityMapping { message UserList { // metadata is the standard list's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; + optional .k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1; // Items is the list of users repeated User items = 2; diff --git a/vendor/modules.txt b/vendor/modules.txt index abad846631..355caca157 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -410,7 +410,7 @@ github.com/mxk/go-flowrate/flowrate # github.com/oklog/ulid v1.3.1 ## explicit github.com/oklog/ulid -# github.com/openshift/api v3.9.1-0.20190924102528-32369d4db2ad+incompatible => github.com/openshift/api v0.0.0-20240806152114-6b4a57ec20b0 +# github.com/openshift/api v3.9.1-0.20190924102528-32369d4db2ad+incompatible => github.com/openshift/api v0.0.0-20241004095111-b1f700bdd8d2 ## explicit; go 1.22.0 github.com/openshift/api github.com/openshift/api/annotations @@ -1397,5 +1397,5 @@ sigs.k8s.io/structured-merge-diff/v4/value sigs.k8s.io/yaml sigs.k8s.io/yaml/goyaml.v2 # bitbucket.org/ww/goautoneg => github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d -# github.com/openshift/api => github.com/openshift/api v0.0.0-20240806152114-6b4a57ec20b0 +# github.com/openshift/api => github.com/openshift/api v0.0.0-20241004095111-b1f700bdd8d2 # k8s.io/client-go => k8s.io/client-go v0.31.1 From 737cd08aa8e85c506195a0578b942da3916dafd0 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Thu, 14 Nov 2024 19:50:35 -0500 Subject: [PATCH 2/4] controller/ingress: rename lb to lbStatus variable --- .../controller/ingress/load_balancer_service.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/pkg/operator/controller/ingress/load_balancer_service.go b/pkg/operator/controller/ingress/load_balancer_service.go index 7c9e0a0a49..6db7e033e0 100644 --- a/pkg/operator/controller/ingress/load_balancer_service.go +++ b/pkg/operator/controller/ingress/load_balancer_service.go @@ -370,8 +370,8 @@ func desiredLoadBalancerService(ci *operatorv1.IngressController, deploymentRef service.Spec.Selector = controller.IngressControllerDeploymentPodSelector(ci).MatchLabels - lb := ci.Status.EndpointPublishingStrategy.LoadBalancer - isInternal := lb != nil && lb.Scope == operatorv1.InternalLoadBalancer + lbStatus := ci.Status.EndpointPublishingStrategy.LoadBalancer + isInternal := lbStatus != nil && lbStatus.Scope == operatorv1.InternalLoadBalancer if service.Annotations == nil { service.Annotations = map[string]string{} @@ -391,10 +391,10 @@ func desiredLoadBalancerService(ci *operatorv1.IngressController, deploymentRef // Set the GCP Global Access annotation for internal load balancers on GCP only if platform.Type == configv1.GCPPlatformType { - if lb != nil && lb.ProviderParameters != nil && - lb.ProviderParameters.Type == operatorv1.GCPLoadBalancerProvider && - lb.ProviderParameters.GCP != nil { - globalAccessEnabled := lb.ProviderParameters.GCP.ClientAccess == operatorv1.GCPGlobalAccess + if lbStatus != nil && lbStatus.ProviderParameters != nil && + lbStatus.ProviderParameters.Type == operatorv1.GCPLoadBalancerProvider && + lbStatus.ProviderParameters.GCP != nil { + globalAccessEnabled := lbStatus.ProviderParameters.GCP.ClientAccess == operatorv1.GCPGlobalAccess service.Annotations[GCPGlobalAccessAnnotation] = strconv.FormatBool(globalAccessEnabled) } } @@ -410,8 +410,8 @@ func desiredLoadBalancerService(ci *operatorv1.IngressController, deploymentRef if proxyNeeded { service.Annotations[awsLBProxyProtocolAnnotation] = "*" } - if lb != nil && lb.ProviderParameters != nil { - if aws := lb.ProviderParameters.AWS; aws != nil && lb.ProviderParameters.Type == operatorv1.AWSLoadBalancerProvider { + if lbStatus != nil && lbStatus.ProviderParameters != nil { + if aws := lbStatus.ProviderParameters.AWS; aws != nil && lbStatus.ProviderParameters.Type == operatorv1.AWSLoadBalancerProvider { switch aws.Type { case operatorv1.AWSNetworkLoadBalancer: service.Annotations[AWSLBTypeAnnotation] = AWSNLBAnnotation From 84f57a61ea3bbdfc3401ce891cda077c383ba204 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Mon, 16 Sep 2024 12:01:44 -0400 Subject: [PATCH 3/4] openstack: support setting LB IP This commit introduces enhancements to the Cluster Ingress Operator to support setting a specific IP address for load balancers on the OpenStack platform. * Updated the logic to handle LoadBalancer IP settings for OpenStack in the controller.go and load_balancer_service.go files. * Added conditions to support external load balancers with floating IPs and ensure proper IP assignment and validation. * Added support for OpenStack provider parameters ensuring the correct configuration of load balancers. * Added new test cases in load_balancer_service_test.go to verify the behavior with OpenStack load balancer configurations. https://issues.redhat.com/browse/OSASINFRA-3642 Co-Authored: Grant Spence --- pkg/operator/controller/ingress/controller.go | 13 +++ .../ingress/load_balancer_service.go | 60 +++++++++++++ .../ingress/load_balancer_service_test.go | 50 +++++++++++ pkg/operator/controller/ingress/status.go | 17 ++++ .../controller/ingress/status_test.go | 90 +++++++++++++++++++ 5 files changed, 230 insertions(+) diff --git a/pkg/operator/controller/ingress/controller.go b/pkg/operator/controller/ingress/controller.go index 4368544e25..184f433fbe 100644 --- a/pkg/operator/controller/ingress/controller.go +++ b/pkg/operator/controller/ingress/controller.go @@ -468,6 +468,11 @@ func setDefaultPublishingStrategy(ic *operatorv1.IngressController, platformStat effectiveStrategy.LoadBalancer.DNSManagementPolicy = operatorv1.UnmanagedLoadBalancerDNS } + // OpenStack platform does not support managed DNS for load balancers. + if platformStatus.Type == configv1.OpenStackPlatformType { + effectiveStrategy.LoadBalancer.DNSManagementPolicy = operatorv1.UnmanagedLoadBalancerDNS + } + // When the platform's default DNS solution cannot be used, set the DNSManagementPolicy // accordingly. This feature is currently being implemented first for GCP. Will be // extended to AWS and Azure platforms later. @@ -754,6 +759,14 @@ func setDefaultProviderParameters(lbs *operatorv1.LoadBalancerStrategy, ingressC if lbs.ProviderParameters.IBM == nil { lbs.ProviderParameters.IBM = &operatorv1.IBMLoadBalancerParameters{} } + case operatorv1.OpenStackLoadBalancerProvider: + if lbs.ProviderParameters == nil { + lbs.ProviderParameters = &operatorv1.ProviderLoadBalancerParameters{} + } + lbs.ProviderParameters.Type = provider + if lbs.ProviderParameters.OpenStack == nil { + lbs.ProviderParameters.OpenStack = &operatorv1.OpenStackLoadBalancerParameters{} + } } } diff --git a/pkg/operator/controller/ingress/load_balancer_service.go b/pkg/operator/controller/ingress/load_balancer_service.go index 6db7e033e0..562068fa76 100644 --- a/pkg/operator/controller/ingress/load_balancer_service.go +++ b/pkg/operator/controller/ingress/load_balancer_service.go @@ -370,6 +370,10 @@ func desiredLoadBalancerService(ci *operatorv1.IngressController, deploymentRef service.Spec.Selector = controller.IngressControllerDeploymentPodSelector(ci).MatchLabels + var lbSpec *operatorv1.LoadBalancerStrategy + if ci.Spec.EndpointPublishingStrategy != nil { + lbSpec = ci.Spec.EndpointPublishingStrategy.LoadBalancer + } lbStatus := ci.Status.EndpointPublishingStrategy.LoadBalancer isInternal := lbStatus != nil && lbStatus.Scope == operatorv1.InternalLoadBalancer @@ -480,6 +484,17 @@ func desiredLoadBalancerService(ci *operatorv1.IngressController, deploymentRef if !isInternal { service.Annotations[alibabaCloudLBAddressTypeAnnotation] = alibabaCloudLBAddressTypeInternet } + case configv1.OpenStackPlatformType: + // Set a floating IP only if the load balancer scope is external. + if !isInternal { + if lbSpec != nil && lbSpec.ProviderParameters != nil && + lbSpec.ProviderParameters.Type == operatorv1.OpenStackLoadBalancerProvider && + lbSpec.ProviderParameters.OpenStack != nil { + // We know that LoadBalancerIP is deprecated but in this current version of Service, this won't be removed. + // It'll probably be removed in Service v2 which is not going to happen in the near future. + service.Spec.LoadBalancerIP = lbSpec.ProviderParameters.OpenStack.FloatingIP + } + } } // Azure load balancers are not customizable and are set to (2 fail @ 5s interval, 2 healthy) // GCP load balancers are not customizable and are set to (3 fail @ 8s interval, 1 healthy) @@ -666,6 +681,9 @@ func shouldRecreateLoadBalancer(current, desired *corev1.Service, platform *conf if platform.Type == configv1.AWSPlatformType && !serviceEIPAllocationsEqual(current, desired) { return true, "its eipAllocations changed" } + if platform.Type == configv1.OpenStackPlatformType && current.Spec.LoadBalancerIP != desired.Spec.LoadBalancerIP { + return true, "its load balancer IP changed" + } return false, "" } @@ -861,6 +879,18 @@ func loadBalancerServiceIsProgressing(ic *operatorv1.IngressController, service } } + if platform.Type == configv1.OpenStackPlatformType { + wantFloatingIP := getOpenStackFloatingIPInSpec(ic) + haveFloatingIP := getOpenStackFloatingIPInStatus(ic) + // OpenStack CCM does not support updating Service.Spec.LoadBalancerIP after creation, the load balancer will never be updated. + if wantFloatingIP != haveFloatingIP { + changeMsg := fmt.Sprintf("The IngressController floatingIP was changed from %q to %q.", haveFloatingIP, wantFloatingIP) + ocPatchRevertCmd := fmt.Sprintf(`oc -n %[1]s patch ingresscontrollers/%[2]s --type=merge --patch='{"spec":{"endpointPublishingStrategy":{"type":"LoadBalancerService","loadBalancer":{"providerParameters":{"type":"OpenStack","openstack":{"floatingIP":"%[3]s"}}}}}}'`, ic.Namespace, ic.Name, haveFloatingIP) + err := fmt.Errorf("%[1]s To effectuate this change, you must delete the service: `oc -n %[2]s delete svc/%[3]s`; the service load-balancer will then be deprovisioned and a new one created. This will most likely cause the new load-balancer to have a different host name and IP address and cause disruption. To return to the previous state, you can revert the change to the IngressController: `%[4]s`", changeMsg, service.Namespace, service.Name, ocPatchRevertCmd) + errs = append(errs, err) + } + } + errs = append(errs, loadBalancerSourceRangesAnnotationSet(service)) errs = append(errs, loadBalancerSourceRangesMatch(ic, service)) @@ -1003,6 +1033,15 @@ func getSubnetsFromServiceAnnotation(service *corev1.Service) *operatorv1.AWSSub return awsSubnets } +// getLoadBalancerIPFromService gets the effective loadBalancerIP by looking at the Service.Spec.LoadBalancerIP. +func getLoadBalancerIPFromService(service *corev1.Service) string { + if service == nil { + return "" + } + + return service.Spec.LoadBalancerIP +} + // getEIPAllocationsFromServiceAnnotation gets the effective eipAllocations by looking at the // service.beta.kubernetes.io/aws-load-balancer-eip-allocations annotation of the LoadBalancer-type Service. // If no eipAllocations are specified in the annotation, this function returns nil. @@ -1241,3 +1280,24 @@ func getAWSNetworkLoadBalancerParametersInStatus(ic *operatorv1.IngressControlle } return nil } + +// getOpenStackFloatingIPInSpec gets the OpenStack Floating IP reported in the spec. +func getOpenStackFloatingIPInSpec(ic *operatorv1.IngressController) string { + return getOpenStackFloatingIPInEPS(ic.Spec.EndpointPublishingStrategy) +} + +// getOpenStackFloatingIPInStatus gets the OpenStack Floating IP reported in the status. +func getOpenStackFloatingIPInStatus(ic *operatorv1.IngressController) string { + return getOpenStackFloatingIPInEPS(ic.Status.EndpointPublishingStrategy) +} + +// getOpenStackFloatingIPInEPS gets the OpenStack Floating IP reported in the EndpointPublishingStrategy. +func getOpenStackFloatingIPInEPS(eps *operatorv1.EndpointPublishingStrategy) string { + if eps != nil && + eps.LoadBalancer != nil && + eps.LoadBalancer.ProviderParameters != nil && + eps.LoadBalancer.ProviderParameters.OpenStack != nil { + return eps.LoadBalancer.ProviderParameters.OpenStack.FloatingIP + } + return "" +} diff --git a/pkg/operator/controller/ingress/load_balancer_service_test.go b/pkg/operator/controller/ingress/load_balancer_service_test.go index 9991ac2b4b..b73bd3ce7a 100644 --- a/pkg/operator/controller/ingress/load_balancer_service_test.go +++ b/pkg/operator/controller/ingress/load_balancer_service_test.go @@ -38,6 +38,20 @@ func Test_desiredLoadBalancerService(t *testing.T) { }, } } + openstackLbWithFloatingIP = func(scope operatorv1.LoadBalancerScope, floatingIP string) *operatorv1.EndpointPublishingStrategy { + return &operatorv1.EndpointPublishingStrategy{ + Type: operatorv1.LoadBalancerServiceStrategyType, + LoadBalancer: &operatorv1.LoadBalancerStrategy{ + Scope: scope, + ProviderParameters: &operatorv1.ProviderLoadBalancerParameters{ + Type: operatorv1.OpenStackLoadBalancerProvider, + OpenStack: &operatorv1.OpenStackLoadBalancerParameters{ + FloatingIP: floatingIP, + }, + }, + }, + } + } // nps returns an EndpointPublishingStrategy with type // "NodePortService" and the specified protocol. nps = func(proto operatorv1.IngressControllerProtocol) *operatorv1.EndpointPublishingStrategy { @@ -128,6 +142,7 @@ func Test_desiredLoadBalancerService(t *testing.T) { platformStatus *configv1.PlatformStatus subnetsAWSFeatureEnabled bool eipAllocationsAWSFeatureEnabled bool + expectedFloatingIP string }{ { description: "external classic load balancer with scope for aws platform", @@ -663,6 +678,19 @@ func Test_desiredLoadBalancerService(t *testing.T) { localWithFallbackAnnotation: {true, ""}, }, }, + { + description: "external load balancer for openstack platform with floating IP", + platformStatus: platformStatus(configv1.OpenStackPlatformType), + strategySpec: openstackLbWithFloatingIP(operatorv1.ExternalLoadBalancer, "1.2.3.4"), + strategyStatus: openstackLbWithFloatingIP(operatorv1.ExternalLoadBalancer, "1.2.3.4"), + expectService: true, + expectedFloatingIP: "1.2.3.4", + expectedExternalTrafficPolicy: corev1.ServiceExternalTrafficPolicyLocal, + expectedServiceAnnotations: map[string]annotationExpectation{ + openstackInternalLBAnnotation: {false, ""}, + localWithFallbackAnnotation: {true, ""}, + }, + }, { description: "internal load balancer for openstack platform", platformStatus: platformStatus(configv1.OpenStackPlatformType), @@ -674,6 +702,20 @@ func Test_desiredLoadBalancerService(t *testing.T) { localWithFallbackAnnotation: {true, ""}, }, }, + { + description: "internal load balancer for openstack platform with floating IP being ignored", + platformStatus: platformStatus(configv1.OpenStackPlatformType), + strategySpec: openstackLbWithFloatingIP(operatorv1.InternalLoadBalancer, "1.2.3.4"), + strategyStatus: lbs(operatorv1.InternalLoadBalancer), + expectedExternalTrafficPolicy: corev1.ServiceExternalTrafficPolicyLocal, + expectedServiceAnnotations: map[string]annotationExpectation{ + openstackInternalLBAnnotation: {true, "true"}, + localWithFallbackAnnotation: {true, ""}, + }, + expectService: true, + // floatingIP is ignored for internal scope + expectedFloatingIP: "", + }, { description: "external load balancer for alibaba platform", platformStatus: platformStatus(configv1.AlibabaCloudPlatformType), @@ -779,6 +821,7 @@ func Test_desiredLoadBalancerService(t *testing.T) { TargetPort: intstr.FromString("https"), }}, svc.Spec.Ports) assert.Equal(t, "None", string(svc.Spec.SessionAffinity)) + assert.Equal(t, tc.expectedFloatingIP, svc.Spec.LoadBalancerIP) }) } } @@ -1115,6 +1158,13 @@ func Test_loadBalancerServiceChanged(t *testing.T) { }, expect: true, }, + { + description: "if .spec.loadBalancerIP changes", + mutate: func(svc *corev1.Service) { + svc.Spec.LoadBalancerIP = "3.4.5.6" + }, + expect: false, + }, { description: "if the service.beta.kubernetes.io/load-balancer-source-ranges annotation changes", mutate: func(svc *corev1.Service) { diff --git a/pkg/operator/controller/ingress/status.go b/pkg/operator/controller/ingress/status.go index dad7b9fa96..e0df9564d5 100644 --- a/pkg/operator/controller/ingress/status.go +++ b/pkg/operator/controller/ingress/status.go @@ -80,6 +80,9 @@ func (r *reconciler) syncIngressControllerStatus(ic *operatorv1.IngressControlle if platformStatus.Type == configv1.AWSPlatformType && r.config.IngressControllerEIPAllocationsAWSEnabled { updateIngressControllerAWSEIPAllocationStatus(updated, service) } + if platformStatus.Type == configv1.OpenStackPlatformType { + updateIngressControllerFloatingIPOpenStackStatus(updated, service) + } updated.Status.Conditions = MergeConditions(updated.Status.Conditions, computeDeploymentAvailableCondition(deployment)) updated.Status.Conditions = MergeConditions(updated.Status.Conditions, computeDeploymentReplicasMinAvailableCondition(deployment, pods)) @@ -821,6 +824,9 @@ func IngressStatusesEqual(a, b operatorv1.IngressControllerStatus) bool { } } } + if getOpenStackFloatingIPInEPS(a.EndpointPublishingStrategy) != getOpenStackFloatingIPInEPS(b.EndpointPublishingStrategy) { + return false + } } return true @@ -979,6 +985,17 @@ func updateIngressControllerAWSEIPAllocationStatus(ic *operatorv1.IngressControl } } +// updateIngressControllerFloatingIPOpenStackStatus mutates the provided IngressController object to +// sync its status to the effective floatingIP on the LoadBalancer-type service. +func updateIngressControllerFloatingIPOpenStackStatus(ic *operatorv1.IngressController, service *corev1.Service) { + if ic.Status.EndpointPublishingStrategy != nil && + ic.Status.EndpointPublishingStrategy.LoadBalancer != nil && + ic.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters != nil && + ic.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters.OpenStack != nil { + ic.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters.OpenStack.FloatingIP = getLoadBalancerIPFromService(service) + } +} + func isProvisioned(service *corev1.Service) bool { ingresses := service.Status.LoadBalancer.Ingress return len(ingresses) > 0 && (len(ingresses[0].Hostname) > 0 || len(ingresses[0].IP) > 0) diff --git a/pkg/operator/controller/ingress/status_test.go b/pkg/operator/controller/ingress/status_test.go index 862ee7ca23..bd2a0ca153 100644 --- a/pkg/operator/controller/ingress/status_test.go +++ b/pkg/operator/controller/ingress/status_test.go @@ -696,6 +696,33 @@ func Test_computeLoadBalancerProgressingStatus(t *testing.T) { return ic } + loadBalancerIngressControllerWithFloatingIP := func(floatingIPSpec, floatingIPStatus string) *operatorv1.IngressController { + eps := &operatorv1.EndpointPublishingStrategy{ + Type: operatorv1.LoadBalancerServiceStrategyType, + LoadBalancer: &operatorv1.LoadBalancerStrategy{ + Scope: operatorv1.ExternalLoadBalancer, + ProviderParameters: &operatorv1.ProviderLoadBalancerParameters{ + Type: operatorv1.OpenStackLoadBalancerProvider, + }, + }, + } + ic := &operatorv1.IngressController{ + Spec: operatorv1.IngressControllerSpec{ + EndpointPublishingStrategy: eps.DeepCopy(), + }, + Status: operatorv1.IngressControllerStatus{ + EndpointPublishingStrategy: eps.DeepCopy(), + }, + } + ic.Spec.EndpointPublishingStrategy.LoadBalancer.ProviderParameters.OpenStack = &operatorv1.OpenStackLoadBalancerParameters{ + FloatingIP: floatingIPSpec, + } + ic.Status.EndpointPublishingStrategy.LoadBalancer.ProviderParameters.OpenStack = &operatorv1.OpenStackLoadBalancerParameters{ + FloatingIP: floatingIPStatus, + } + return ic + } + loadBalancerIngressControllerWithAWSEIPAllocations := func(eipAllocationSpec []operatorv1.EIPAllocation, eipAllocationStatus []operatorv1.EIPAllocation) *operatorv1.IngressController { eps := &operatorv1.EndpointPublishingStrategy{ Type: operatorv1.LoadBalancerServiceStrategyType, @@ -788,6 +815,9 @@ func Test_computeLoadBalancerProgressingStatus(t *testing.T) { azurePlatformStatus := &configv1.PlatformStatus{ Type: configv1.AzurePlatformType, } + openstackPlatformStatus := &configv1.PlatformStatus{ + Type: configv1.OpenStackPlatformType, + } tests := []struct { name string conditions []operatorv1.OperatorCondition @@ -877,6 +907,27 @@ func Test_computeLoadBalancerProgressingStatus(t *testing.T) { platformStatus: awsPlatformStatus, expectStatus: operatorv1.ConditionFalse, }, + { + name: "LoadBalancerService, OpenStack floating IP spec and status are empty", + ic: loadBalancerIngressControllerWithFloatingIP("", ""), + service: lbService, + platformStatus: openstackPlatformStatus, + expectStatus: operatorv1.ConditionFalse, + }, + { + name: "LoadBalancerService, OpenStack floating IP spec and status are the same", + ic: loadBalancerIngressControllerWithFloatingIP("192.168.0.1", "192.168.0.1"), + service: lbService, + platformStatus: openstackPlatformStatus, + expectStatus: operatorv1.ConditionFalse, + }, + { + name: "LoadBalancerService, OpenStack floating IP spec and status are not the same", + ic: loadBalancerIngressControllerWithFloatingIP("192.168.0.1", ""), + service: lbService, + platformStatus: openstackPlatformStatus, + expectStatus: operatorv1.ConditionTrue, + }, { name: "NLB LoadBalancerService, AWS Subnets nil spec and nil status", ic: loadBalancerIngressControllerWithAWSSubnets( @@ -1892,6 +1943,20 @@ func Test_IngressStatusesEqual(t *testing.T) { } return icStatus } + icStatusWithFloatingIP := func(floatingIP string) operatorv1.IngressControllerStatus { + return operatorv1.IngressControllerStatus{ + EndpointPublishingStrategy: &operatorv1.EndpointPublishingStrategy{ + Type: operatorv1.LoadBalancerServiceStrategyType, + LoadBalancer: &operatorv1.LoadBalancerStrategy{ + ProviderParameters: &operatorv1.ProviderLoadBalancerParameters{ + OpenStack: &operatorv1.OpenStackLoadBalancerParameters{ + FloatingIP: floatingIP, + }, + }, + }, + }, + } + } testCases := []struct { description string expected bool @@ -2002,6 +2067,31 @@ func Test_IngressStatusesEqual(t *testing.T) { }, }, }, + { + description: "OpenStack FloatingIP differs", + expected: false, + a: icStatusWithFloatingIP("1.2.3.4"), + b: icStatusWithFloatingIP("1.2.4.5"), + }, + { + description: "OpenStack FloatingIP equal", + expected: true, + a: icStatusWithFloatingIP("1.2.3.4"), + b: icStatusWithFloatingIP("1.2.3.4"), + }, + { + description: "OpenStack providerParameters present for a but nil for b", + expected: false, + a: icStatusWithFloatingIP("1.2.3.4"), + b: operatorv1.IngressControllerStatus{ + EndpointPublishingStrategy: &operatorv1.EndpointPublishingStrategy{ + Type: operatorv1.LoadBalancerServiceStrategyType, + LoadBalancer: &operatorv1.LoadBalancerStrategy{ + ProviderParameters: nil, + }, + }, + }, + }, { description: "NLB Subnets names changed", expected: false, From 46a8f148ecbc3c60283429311df389e13c851086 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Thu, 14 Nov 2024 19:41:11 -0500 Subject: [PATCH 4/4] Add unit tests for `shouldRecreateLoadBalancer` These tests were missing, now we have them. --- .../ingress/load_balancer_service_test.go | 152 ++++++++++++++++++ 1 file changed, 152 insertions(+) diff --git a/pkg/operator/controller/ingress/load_balancer_service_test.go b/pkg/operator/controller/ingress/load_balancer_service_test.go index b73bd3ce7a..44e779861d 100644 --- a/pkg/operator/controller/ingress/load_balancer_service_test.go +++ b/pkg/operator/controller/ingress/load_balancer_service_test.go @@ -1638,3 +1638,155 @@ func TestLoadBalancerServiceChangedEmptyAnnotations(t *testing.T) { }) } } + +// Test_shouldRecreateLoadBalancer verifies that a load balancer should be +// recreated if the annotations or spec of the service have changed. +func Test_shouldRecreateLoadBalancer(t *testing.T) { + testCases := []struct { + description string + current *corev1.Service + desired *corev1.Service + platform *configv1.PlatformStatus + expect bool + reason string + }{ + { + description: "AWS platform with different subnets", + current: &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + awsLBSubnetsAnnotation: "subnet-1", + }, + }, + }, + desired: &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + awsLBSubnetsAnnotation: "subnet-2", + }, + }, + }, + platform: &configv1.PlatformStatus{ + Type: configv1.AWSPlatformType, + }, + expect: true, + reason: "its subnets changed", + }, + { + description: "AWS platform with different EIP allocations", + current: &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + awsEIPAllocationsAnnotation: "eipalloc-1", + }, + }, + }, + desired: &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + awsEIPAllocationsAnnotation: "eipalloc-2", + }, + }, + }, + platform: &configv1.PlatformStatus{ + Type: configv1.AWSPlatformType, + }, + expect: true, + reason: "its eipAllocations changed", + }, + { + description: "OpenStack platform with different LoadBalancerIP", + current: &corev1.Service{ + Spec: corev1.ServiceSpec{ + LoadBalancerIP: "1.2.3.4", + }, + }, + desired: &corev1.Service{ + Spec: corev1.ServiceSpec{ + LoadBalancerIP: "5.6.7.8", + }, + }, + platform: &configv1.PlatformStatus{ + Type: configv1.OpenStackPlatformType, + }, + expect: true, + reason: "its load balancer IP changed", + }, + { + description: "Platform with mutable scope and same scope", + current: &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + azureInternalLBAnnotation: "true", + }, + }, + }, + desired: &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + azureInternalLBAnnotation: "true", + }, + }, + }, + platform: &configv1.PlatformStatus{ + Type: configv1.AzurePlatformType, + }, + expect: false, + }, + { + description: "Platform with immutable scope and different scope", + current: &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + awsInternalLBAnnotation: "true", + }, + }, + }, + desired: &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + awsInternalLBAnnotation: "false", + }, + }, + }, + platform: &configv1.PlatformStatus{ + Type: configv1.AWSPlatformType, + }, + expect: true, + reason: "its scope changed", + }, + { + description: "Platform with same configuration", + current: &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + awsInternalLBAnnotation: "true", + }, + }, + }, + desired: &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + awsInternalLBAnnotation: "true", + }, + }, + }, + platform: &configv1.PlatformStatus{ + Type: configv1.AWSPlatformType, + }, + expect: false, + }, + } + + for _, tc := range testCases { + t.Run(tc.description, func(t *testing.T) { + changed, reason := shouldRecreateLoadBalancer(tc.current, tc.desired, tc.platform) + if changed != tc.expect { + t.Errorf("expected %t, got %t", tc.expect, changed) + } + if reason != tc.reason { + t.Errorf("expected reason %s, got %s", tc.reason, reason) + } + }) + } +}