From 882bb48d4d91e279c55eb73fdfb62912b125e2ee Mon Sep 17 00:00:00 2001 From: Riccardo Ravaioli Date: Mon, 1 Dec 2025 13:22:05 +0100 Subject: [PATCH 01/10] [DELETE] Vendor no-overlay api and client-go PRs https://github.com/openshift/api/pull/2537 https://github.com/openshift/client-go/pull/349 Signed-off-by: Riccardo Ravaioli --- go.mod | 6 +- go.sum | 8 +- vendor/github.com/openshift/api/AGENTS.md | 18 +- .../openshift/api/config/v1/register.go | 2 - .../openshift/api/config/v1/types_feature.go | 9 +- .../api/config/v1/types_image_policy.go | 2 +- .../api/config/v1/types_infrastructure.go | 194 ++- .../openshift/api/config/v1/types_insights.go | 230 --- .../openshift/api/config/v1/types_node.go | 1 - .../api/config/v1/types_scheduling.go | 4 +- .../api/config/v1/zz_generated.deepcopy.go | 225 --- ..._generated.featuregated-crd-manifests.yaml | 27 +- .../v1/zz_generated.swagger_doc_generated.go | 118 +- .../v1alpha1/types_cluster_monitoring.go | 2 +- ..._generated.featuregated-crd-manifests.yaml | 6 +- .../openshift/api/console/v1/types.go | 4 +- .../v1/zz_generated.swagger_doc_generated.go | 2 +- vendor/github.com/openshift/api/features.md | 227 +-- .../openshift/api/features/features.go | 153 +- .../api/machine/v1beta1/types_awsprovider.go | 80 +- .../machine/v1beta1/zz_generated.deepcopy.go | 54 +- .../zz_generated.swagger_doc_generated.go | 25 +- .../api/machineconfiguration/v1/types.go | 35 + .../v1/types_machineconfignode.go | 81 ++ .../v1/zz_generated.deepcopy.go | 65 + ..._generated.featuregated-crd-manifests.yaml | 4 +- .../v1/zz_generated.swagger_doc_generated.go | 31 + .../machineconfiguration/v1alpha1/register.go | 4 + .../machineconfiguration/v1alpha1/types.go | 10 + .../v1alpha1/types_internalreleaseimage.go | 178 +++ .../v1alpha1/types_osimagestream.go | 131 ++ .../v1alpha1/types_pinnedimageset.go | 12 +- .../v1alpha1/zz_generated.deepcopy.go | 269 ++++ ..._generated.featuregated-crd-manifests.yaml | 48 + .../zz_generated.swagger_doc_generated.go | 108 +- .../api/operator/v1/types_ingress.go | 108 +- .../api/operator/v1/types_network.go | 113 ++ .../0000_12_etcd_01_etcds-OKD.crd.yaml | 331 +++++ ...e-apiserver_01_kubeapiservers-OKD.crd.yaml | 335 +++++ ...i-driver_01_clustercsidrivers-OKD.crd.yaml | 488 +++++++ ..._50_ingress_00_ingresscontrollers.crd.yaml | 86 +- ...twork_01_networks-CustomNoUpgrade.crd.yaml | 1146 +++++++++++++++ ...00_70_network_01_networks-Default.crd.yaml | 1045 ++++++++++++++ ...k_01_networks-DevPreviewNoUpgrade.crd.yaml | 1045 ++++++++++++++ ... 0000_70_network_01_networks-OKD.crd.yaml} | 1 + ..._01_networks-TechPreviewNoUpgrade.crd.yaml | 1146 +++++++++++++++ ...nfig_01_machineconfigurations-OKD.crd.yaml | 1253 +++++++++++++++++ .../api/operator/v1/zz_generated.deepcopy.go | 39 + ..._generated.featuregated-crd-manifests.yaml | 1 + .../v1/zz_generated.swagger_doc_generated.go | 53 +- .../config/v1/awsplatformstatus.go | 13 + .../config/v1/azureplatformstatus.go | 9 + .../config/v1/baremetalplatformstatus.go | 9 + .../applyconfigurations/config/v1/custom.go | 28 - .../config/v1/gatherconfig.go | 47 - .../config/v1/gathererconfig.go | 36 - .../config/v1/gatherers.go | 36 - .../config/v1/gcpplatformstatus.go | 14 - .../config/v1/gcpserviceendpoint.go | 36 - .../config/v1/insightsdatagatherspec.go | 23 - .../config/v1/nutanixplatformstatus.go | 13 + .../config/v1/openstackplatformstatus.go | 9 + .../config/v1/ovirtplatformstatus.go | 13 + .../v1/persistentvolumeclaimreference.go | 23 - .../config/v1/persistentvolumeconfig.go | 32 - .../applyconfigurations/config/v1/storage.go | 36 - .../config/v1/vsphereplatformstatus.go | 9 + .../applyconfigurations/internal/internal.go | 149 +- .../typed/config/v1/config_client.go | 5 - .../typed/config/v1/generated_expansion.go | 2 - .../typed/config/v1/insightsdatagather.go | 54 - .../config/v1/insightsdatagather.go | 85 -- .../externalversions/config/v1/interface.go | 7 - .../informers/externalversions/generic.go | 2 - .../listers/config/v1/expansion_generated.go | 4 - .../listers/config/v1/insightsdatagather.go | 32 - .../applyconfigurations/internal/internal.go | 133 +- .../v1/machineconfignodestatus.go | 9 + ...ineconfignodestatusinternalreleaseimage.go | 28 + ...confignodestatusinternalreleaseimageref.go | 50 + .../v1/machineconfigpoolspec.go | 9 + .../v1/machineconfigpoolstatus.go | 9 + .../v1/osimagestreamreference.go | 23 + .../v1alpha1/internalreleaseimage.go | 263 ++++ .../internalreleaseimagebundlestatus.go | 50 + .../v1alpha1/internalreleaseimageref.go | 23 + .../v1alpha1/internalreleaseimagespec.go | 28 + .../v1alpha1/internalreleaseimagestatus.go | 46 + .../v1alpha1/osimagestream.go} | 119 +- .../v1alpha1/osimagestreamset.go | 45 + .../v1alpha1/osimagestreamstatus.go | 37 + .../v1alpha1/pinnedimageref.go | 8 +- .../v1alpha1/generated_expansion.go | 4 + .../v1alpha1/internalreleaseimage.go | 62 + .../v1alpha1/machineconfiguration_client.go | 10 + .../v1alpha1/osimagestream.go | 62 + .../informers/externalversions/generic.go | 4 + .../v1alpha1/interface.go | 14 + .../v1alpha1/internalreleaseimage.go | 85 ++ .../v1alpha1/osimagestream.go | 85 ++ .../v1alpha1/expansion_generated.go | 8 + .../v1alpha1/internalreleaseimage.go | 32 + .../v1alpha1/osimagestream.go | 32 + .../applyconfigurations/internal/internal.go | 36 + .../operator/v1/bgpmanagedconfig.go | 36 + .../operator/v1/ingresscontrollerspec.go | 45 +- .../v1/ingresscontrollertuningoptions.go | 9 + .../operator/v1/nooverlayoptions.go | 36 + .../operator/v1/ovnkubernetesconfig.go | 51 +- .../operator/applyconfigurations/utils.go | 4 + vendor/modules.txt | 6 +- 111 files changed, 10182 insertions(+), 1608 deletions(-) delete mode 100644 vendor/github.com/openshift/api/config/v1/types_insights.go create mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types.go create mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_internalreleaseimage.go create mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_osimagestream.go create mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-OKD.crd.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-OKD.crd.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-OKD.crd.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml rename vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/{0000_70_network_01_networks.crd.yaml => 0000_70_network_01_networks-OKD.crd.yaml} (99%) create mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpserviceendpoint.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagatherspec.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeclaimreference.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeconfig.go delete mode 100644 vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/storage.go delete mode 100644 vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/insightsdatagather.go delete mode 100644 vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/insightsdatagather.go delete mode 100644 vendor/github.com/openshift/client-go/config/listers/config/v1/insightsdatagather.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatusinternalreleaseimage.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatusinternalreleaseimageref.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/osimagestreamreference.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimage.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagebundlestatus.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimageref.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagespec.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagestatus.go rename vendor/github.com/openshift/client-go/{config/applyconfigurations/config/v1/insightsdatagather.go => machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestream.go} (62%) create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestreamset.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestreamstatus.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/internalreleaseimage.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/osimagestream.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/internalreleaseimage.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/osimagestream.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/internalreleaseimage.go create mode 100644 vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/osimagestream.go create mode 100644 vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/bgpmanagedconfig.go create mode 100644 vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/nooverlayoptions.go diff --git a/go.mod b/go.mod index bdd65c31f6..596415f957 100644 --- a/go.mod +++ b/go.mod @@ -102,7 +102,7 @@ require ( ) require ( - github.com/openshift/api v0.0.0-20251106190826-ebe535b08719 + github.com/openshift/api v0.0.0-20251204164930-cd2e40c5883a github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235 github.com/openshift/library-go v0.0.0-20251107090138-0de9712313a5 github.com/openshift/machine-config-operator v0.0.1-0.20250724162154-ab14c8e2843b @@ -174,3 +174,7 @@ require ( sigs.k8s.io/randfill v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect ) + +replace github.com/openshift/api => github.com/ricky-rav/api v0.0.0-20251215092810-0a87dc54a866 + +replace github.com/openshift/client-go => github.com/ricky-rav/client-go v0.0.0-20251215095632-b5f208914736 diff --git a/go.sum b/go.sum index 01033a7a20..9554f67909 100644 --- a/go.sum +++ b/go.sum @@ -300,12 +300,8 @@ github.com/onsi/gomega v1.38.1 h1:FaLA8GlcpXDwsb7m0h2A9ew2aTk3vnZMlzFgg5tz/pk= github.com/onsi/gomega v1.38.1/go.mod h1:LfcV8wZLvwcYRwPiJysphKAEsmcFnLMK/9c+PjvlX8g= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/openshift/api v0.0.0-20251106190826-ebe535b08719 h1:KEwYyKaJniwhoyLB75tAMmJn9pMlk0PUlRfrsXYOhwM= -github.com/openshift/api v0.0.0-20251106190826-ebe535b08719/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY= github.com/openshift/build-machinery-go v0.0.0-20251023084048-5d77c1a5e5af h1:UiYYMi/CCV+kwWrXuXfuUSOY2yNXOpWpNVgHc6aLQlE= github.com/openshift/build-machinery-go v0.0.0-20251023084048-5d77c1a5e5af/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE= -github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235 h1:9JBeIXmnHlpXTQPi7LPmu1jdxznBhAE7bb1K+3D8gxY= -github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235/go.mod h1:L49W6pfrZkfOE5iC1PqEkuLkXG4W0BX4w8b+L2Bv7fM= github.com/openshift/library-go v0.0.0-20251107090138-0de9712313a5 h1:Gq8jCFgSrilZ2ZHjQleFZWlblikc1aaRZ0hqs+yvrP4= github.com/openshift/library-go v0.0.0-20251107090138-0de9712313a5/go.mod h1:OlFFws1AO51uzfc48MsStGE4SFMWlMZD0+f5a/zCtKI= github.com/openshift/machine-config-operator v0.0.1-0.20250724162154-ab14c8e2843b h1:LvoFr/2IEj0BWy7mKBdR7ueAHpMJGju1EkEIZrXa+DM= @@ -335,6 +331,10 @@ github.com/prometheus/common v0.67.2/go.mod h1:63W3KZb1JOKgcjlIr64WW/LvFGAqKPj0a github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws= github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw= +github.com/ricky-rav/api v0.0.0-20251215092810-0a87dc54a866 h1:/Czn5nnlZaR9XroaoyGrQCyEUV85CgriqAzj+NSR8yE= +github.com/ricky-rav/api v0.0.0-20251215092810-0a87dc54a866/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY= +github.com/ricky-rav/client-go v0.0.0-20251215095632-b5f208914736 h1:mf7IkH4wNGDi7/UmR2qJglol8p2VJYJBVfOEwH8eo4I= +github.com/ricky-rav/client-go v0.0.0-20251215095632-b5f208914736/go.mod h1:3/X0BFj3dJqulKlLyo5RoWLQzQ4ccpJPklDB4331r2s= github.com/robfig/cron v1.2.0 h1:ZjScXvvxeQ63Dbyxy76Fj3AT3Ut0aKsyd2/tl3DTMuQ= github.com/robfig/cron v1.2.0/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= diff --git a/vendor/github.com/openshift/api/AGENTS.md b/vendor/github.com/openshift/api/AGENTS.md index 0e39032433..991ed62579 100644 --- a/vendor/github.com/openshift/api/AGENTS.md +++ b/vendor/github.com/openshift/api/AGENTS.md @@ -37,15 +37,23 @@ When working on a specific API group/version, you can regenerate only the affect ```bash # Regenerate CRDs for a specific API group/version -make update-codegen-crds API_GROUP_VERSIONS=operator.openshift.io/v1alpha1 -make update-codegen-crds API_GROUP_VERSIONS=config.openshift.io/v1 -make update-codegen-crds API_GROUP_VERSIONS=route.openshift.io/v1 +make update-codegen API_GROUP_VERSIONS=operator.openshift.io/v1alpha1 +make update-codegen API_GROUP_VERSIONS=config.openshift.io/v1 +make update-codegen API_GROUP_VERSIONS=route.openshift.io/v1 # Multiple API groups can be specified with comma separation -make update-codegen-crds API_GROUP_VERSIONS=operator.openshift.io/v1alpha1,config.openshift.io/v1 +make update-codegen API_GROUP_VERSIONS=operator.openshift.io/v1alpha1,config.openshift.io/v1 ``` -This is more efficient than running `make update` (which regenerates all CRDs) when you're only working on specific API groups. +**Important:** While using `API_GROUP_VERSIONS` is faster for iteration (e.g., when developing tests), +it generates invalid OpenAPI data. This targeted generation is useful during development cycles, but you +**must run `make update`** (without `API_GROUP_VERSIONS`) to regenerate all files correctly before +committing changes. The full `make update` ensures all generated files, including OpenAPI schemas, are +properly synchronized. + +**Workflow:** +- During iteration: `make update-codegen API_GROUP_VERSIONS=your.group/v1` (fast feedback) +- Before committing: `make update` (ensures correctness) ### Testing ```bash diff --git a/vendor/github.com/openshift/api/config/v1/register.go b/vendor/github.com/openshift/api/config/v1/register.go index 222c7f0cc7..eac29a2367 100644 --- a/vendor/github.com/openshift/api/config/v1/register.go +++ b/vendor/github.com/openshift/api/config/v1/register.go @@ -76,8 +76,6 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ImagePolicyList{}, &ClusterImagePolicy{}, &ClusterImagePolicyList{}, - &InsightsDataGather{}, - &InsightsDataGatherList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) return nil diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index 169e29c5c5..e111d518ab 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -53,8 +53,12 @@ var ( // your cluster may fail in an unrecoverable way. CustomNoUpgrade FeatureSet = "CustomNoUpgrade" + // OKD turns on features for OKD. Turning this feature set ON is supported for OKD clusters, but NOT for OpenShift clusters. + // Once enabled, this feature set cannot be changed back to Default, but can be changed to other feature sets and it allows upgrades. + OKD FeatureSet = "OKD" + // AllFixedFeatureSets are the featuresets that have known featuregates. Custom doesn't for instance. LatencySensitive is dead - AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade, DevPreviewNoUpgrade} + AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade, DevPreviewNoUpgrade, OKD} ) type FeatureGateSpec struct { @@ -67,10 +71,11 @@ type FeatureGateSelection struct { // Turning on or off features may cause irreversible changes in your cluster which cannot be undone. // +unionDiscriminator // +optional - // +kubebuilder:validation:Enum=CustomNoUpgrade;DevPreviewNoUpgrade;TechPreviewNoUpgrade;"" + // +kubebuilder:validation:Enum=CustomNoUpgrade;DevPreviewNoUpgrade;TechPreviewNoUpgrade;OKD;"" // +kubebuilder:validation:XValidation:rule="oldSelf == 'CustomNoUpgrade' ? self == 'CustomNoUpgrade' : true",message="CustomNoUpgrade may not be changed" // +kubebuilder:validation:XValidation:rule="oldSelf == 'TechPreviewNoUpgrade' ? self == 'TechPreviewNoUpgrade' : true",message="TechPreviewNoUpgrade may not be changed" // +kubebuilder:validation:XValidation:rule="oldSelf == 'DevPreviewNoUpgrade' ? self == 'DevPreviewNoUpgrade' : true",message="DevPreviewNoUpgrade may not be changed" + // +kubebuilder:validation:XValidation:rule="oldSelf == 'OKD' ? self != '' : true",message="OKD cannot transition to Default" FeatureSet FeatureSet `json:"featureSet,omitempty"` // customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. diff --git a/vendor/github.com/openshift/api/config/v1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1/types_image_policy.go index 54bd21adb4..a6a6405130 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1/types_image_policy.go @@ -82,7 +82,7 @@ type PolicyRootOfTrust struct { // Allowed values are "PublicKey", "FulcioCAWithRekor", and "PKI". // When set to "PublicKey", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. // When set to "FulcioCAWithRekor", the policy is based on the Fulcio certification and incorporates a Rekor verification. - // When set to "PKI", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate. + // When set to "PKI", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). // +unionDiscriminator // +required PolicyType PolicyType `json:"policyType"` diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 005702e993..313ed57a41 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -183,6 +183,17 @@ const ( LoadBalancerTypeOpenShiftManagedDefault PlatformLoadBalancerType = "OpenShiftManagedDefault" ) +// DNSRecordsType defines whether api, api-int, and ingress records are provided by +// the internal DNS infrastructure or must be configured external to the cluster. +// +kubebuilder:validation:Enum=Internal;External +// +enum +type DNSRecordsType string + +const ( + DNSRecordsTypeExternal DNSRecordsType = "External" + DNSRecordsTypeInternal DNSRecordsType = "Internal" +) + // PlatformType is a specific supported infrastructure provider. // +kubebuilder:validation:Enum="";AWS;Azure;BareMetal;GCP;Libvirt;OpenStack;None;VSphere;oVirt;IBMCloud;KubeVirt;EquinixMetal;PowerVS;AlibabaCloud;Nutanix;External type PlatformType string @@ -688,74 +699,43 @@ const ( AzureStackCloud AzureCloudEnvironment = "AzureStackCloud" ) +// Start: TOMBSTONE + // GCPServiceEndpointName is the name of the GCP Service Endpoint. // +kubebuilder:validation:Enum=Compute;Container;CloudResourceManager;DNS;File;IAM;IAMCredentials;OAuth;ServiceUsage;Storage;STS -type GCPServiceEndpointName string - -const ( - // GCPServiceEndpointNameCompute is the name used for the GCP Compute Service endpoint. - GCPServiceEndpointNameCompute GCPServiceEndpointName = "Compute" - - // GCPServiceEndpointNameContainer is the name used for the GCP Container Service endpoint. - GCPServiceEndpointNameContainer GCPServiceEndpointName = "Container" - - // GCPServiceEndpointNameCloudResource is the name used for the GCP Resource Manager Service endpoint. - GCPServiceEndpointNameCloudResource GCPServiceEndpointName = "CloudResourceManager" - - // GCPServiceEndpointNameDNS is the name used for the GCP DNS Service endpoint. - GCPServiceEndpointNameDNS GCPServiceEndpointName = "DNS" - - // GCPServiceEndpointNameFile is the name used for the GCP File Service endpoint. - GCPServiceEndpointNameFile GCPServiceEndpointName = "File" - - // GCPServiceEndpointNameIAM is the name used for the GCP IAM Service endpoint. - GCPServiceEndpointNameIAM GCPServiceEndpointName = "IAM" - - // GCPServiceEndpointNameIAMCredentials is the name used for the GCP IAM Credentials Service endpoint. - GCPServiceEndpointNameIAMCredentials GCPServiceEndpointName = "IAMCredentials" - - // GCPServiceEndpointNameOAuth is the name used for the GCP OAuth2 Service endpoint. - GCPServiceEndpointNameOAuth GCPServiceEndpointName = "OAuth" - - // GCPServiceEndpointNameServiceUsage is the name used for the GCP Service Usage Service endpoint. - GCPServiceEndpointNameServiceUsage GCPServiceEndpointName = "ServiceUsage" - - // GCPServiceEndpointNameStorage is the name used for the GCP Storage Service endpoint. - GCPServiceEndpointNameStorage GCPServiceEndpointName = "Storage" - - // GCPServiceEndpointNameSTS is the name used for the GCP STS Service endpoint. - GCPServiceEndpointNameSTS GCPServiceEndpointName = "STS" -) +//type GCPServiceEndpointName string // GCPServiceEndpoint store the configuration of a custom url to // override existing defaults of GCP Services. -type GCPServiceEndpoint struct { - // name is the name of the GCP service whose endpoint is being overridden. - // This must be provided and cannot be empty. - // - // Allowed values are Compute, Container, CloudResourceManager, DNS, File, IAM, ServiceUsage, - // Storage, and TagManager. - // - // As an example, when setting the name to Compute all requests made by the caller to the GCP Compute - // Service will be directed to the endpoint specified in the url field. - // - // +required - Name GCPServiceEndpointName `json:"name"` +// type GCPServiceEndpoint struct { +// name is the name of the GCP service whose endpoint is being overridden. +// This must be provided and cannot be empty. +// +// Allowed values are Compute, Container, CloudResourceManager, DNS, File, IAM, ServiceUsage, +// Storage, and TagManager. +// +// As an example, when setting the name to Compute all requests made by the caller to the GCP Compute +// Service will be directed to the endpoint specified in the url field. +// +// +required +// Name GCPServiceEndpointName `json:"name"` - // url is a fully qualified URI that overrides the default endpoint for a client using the GCP service specified - // in the name field. - // url is required, must use the scheme https, must not be more than 253 characters in length, - // and must be a valid URL according to Go's net/url package (https://pkg.go.dev/net/url#URL) - // - // An example of a valid endpoint that overrides the Compute Service: "https://compute-myendpoint1.p.googleapis.com" - // - // +required - // +kubebuilder:validation:MaxLength=253 - // +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" - // +kubebuilder:validation:XValidation:rule="isURL(self) ? (url(self).getScheme() == \"https\") : true",message="scheme must be https" - // +kubebuilder:validation:XValidation:rule="url(self).getEscapedPath() == \"\" || url(self).getEscapedPath() == \"/\"",message="url must consist only of a scheme and domain. The url path must be empty." - URL string `json:"url"` -} +// url is a fully qualified URI that overrides the default endpoint for a client using the GCP service specified +// in the name field. +// url is required, must use the scheme https, must not be more than 253 characters in length, +// and must be a valid URL according to Go's net/url package (https://pkg.go.dev/net/url#URL) +// +// An example of a valid endpoint that overrides the Compute Service: "https://compute-myendpoint1.p.googleapis.com" +// +// +required +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:XValidation:rule="isURL(self)",message="must be a valid URL" +// +kubebuilder:validation:XValidation:rule="isURL(self) ? (url(self).getScheme() == \"https\") : true",message="scheme must be https" +// +kubebuilder:validation:XValidation:rule="url(self).getEscapedPath() == \"\" || url(self).getEscapedPath() == \"/\"",message="url must consist only of a scheme and domain. The url path must be empty." +// URL string `json:"url"` +//} + +// End: TOMBSTONE // GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. // This only includes fields that can be modified in the cluster. @@ -811,18 +791,21 @@ type GCPPlatformStatus struct { // +nullable CloudLoadBalancerConfig *CloudLoadBalancerConfig `json:"cloudLoadBalancerConfig,omitempty"` + // This field was introduced and removed under tech preview. // serviceEndpoints specifies endpoints that override the default endpoints // used when creating clients to interact with GCP services. // When not specified, the default endpoint for the GCP region will be used. // Only 1 endpoint override is permitted for each GCP service. // The maximum number of endpoint overrides allowed is 11. + // To avoid conflicts with serialisation, this field name may never be used again. + // Tombstone the field as a reminder. // +listType=map // +listMapKey=name // +kubebuilder:validation:MaxItems=11 // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x.name == y.name))",message="only 1 endpoint override is permitted per GCP service name" // +optional // +openshift:enable:FeatureGate=GCPCustomAPIEndpointsInstall - ServiceEndpoints []GCPServiceEndpoint `json:"serviceEndpoints,omitempty"` + // ServiceEndpoints []GCPServiceEndpoint `json:"serviceEndpoints,omitempty"` } // GCPResourceLabel is a label to apply to GCP resources created for the cluster. @@ -1022,6 +1005,7 @@ type BareMetalPlatformSpec struct { // BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. // For more information about the network architecture used with the BareMetal platform type, see: // https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md +// +openshift:validation:FeatureGateAwareXValidation:featureGate=OnPremDNSRecords,rule="!has(self.dnsRecordsType) || self.dnsRecordsType == 'Internal' || (has(self.loadBalancer) && self.loadBalancer.type == 'UserManaged')",message="dnsRecordsType may only be set to External when loadBalancer.type is UserManaged" type BareMetalPlatformStatus struct { // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used // by components inside the cluster, like kubelets using the infrastructure rather @@ -1074,6 +1058,22 @@ type BareMetalPlatformStatus struct { // +optional LoadBalancer *BareMetalPlatformLoadBalancer `json:"loadBalancer,omitempty"` + // dnsRecordsType determines whether records for api, api-int, and ingress + // are provided by the internal DNS service or externally. + // Allowed values are `Internal`, `External`, and omitted. + // When set to `Internal`, records are provided by the internal infrastructure and + // no additional user configuration is required for the cluster to function. + // When set to `External`, records are not provided by the internal infrastructure + // and must be configured by the user on a DNS server outside the cluster. + // Cluster nodes must use this external server for their upstream DNS requests. + // This value may only be set when loadBalancer.type is set to UserManaged. + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is `Internal`. + // +openshift:enable:FeatureGate=OnPremDNSRecords + // +optional + DNSRecordsType DNSRecordsType `json:"dnsRecordsType,omitempty"` + // machineNetworks are IP networks used to connect all the OpenShift cluster nodes. // +listType=atomic // +kubebuilder:validation:MaxItems=32 @@ -1150,6 +1150,7 @@ type OpenStackPlatformSpec struct { } // OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider. +// +openshift:validation:FeatureGateAwareXValidation:featureGate=OnPremDNSRecords,rule="!has(self.dnsRecordsType) || self.dnsRecordsType == 'Internal' || (has(self.loadBalancer) && self.loadBalancer.type == 'UserManaged')",message="dnsRecordsType may only be set to External when loadBalancer.type is UserManaged" type OpenStackPlatformStatus struct { // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used // by components inside the cluster, like kubelets using the infrastructure rather @@ -1206,6 +1207,22 @@ type OpenStackPlatformStatus struct { // +optional LoadBalancer *OpenStackPlatformLoadBalancer `json:"loadBalancer,omitempty"` + // dnsRecordsType determines whether records for api, api-int, and ingress + // are provided by the internal DNS service or externally. + // Allowed values are `Internal`, `External`, and omitted. + // When set to `Internal`, records are provided by the internal infrastructure and + // no additional user configuration is required for the cluster to function. + // When set to `External`, records are not provided by the internal infrastructure + // and must be configured by the user on a DNS server outside the cluster. + // Cluster nodes must use this external server for their upstream DNS requests. + // This value may only be set when loadBalancer.type is set to UserManaged. + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is `Internal`. + // +openshift:enable:FeatureGate=OnPremDNSRecords + // +optional + DNSRecordsType DNSRecordsType `json:"dnsRecordsType,omitempty"` + // machineNetworks are IP networks used to connect all the OpenShift cluster nodes. // +listType=atomic // +kubebuilder:validation:MaxItems=32 @@ -1240,6 +1257,7 @@ type OvirtPlatformLoadBalancer struct { type OvirtPlatformSpec struct{} // OvirtPlatformStatus holds the current status of the oVirt infrastructure provider. +// +openshift:validation:FeatureGateAwareXValidation:featureGate=OnPremDNSRecords,rule="!has(self.dnsRecordsType) || self.dnsRecordsType == 'Internal' || (has(self.loadBalancer) && self.loadBalancer.type == 'UserManaged')",message="dnsRecordsType may only be set to External when loadBalancer.type is UserManaged" type OvirtPlatformStatus struct { // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used // by components inside the cluster, like kubelets using the infrastructure rather @@ -1286,6 +1304,22 @@ type OvirtPlatformStatus struct { // +kubebuilder:default={"type": "OpenShiftManagedDefault"} // +optional LoadBalancer *OvirtPlatformLoadBalancer `json:"loadBalancer,omitempty"` + + // dnsRecordsType determines whether records for api, api-int, and ingress + // are provided by the internal DNS service or externally. + // Allowed values are `Internal`, `External`, and omitted. + // When set to `Internal`, records are provided by the internal infrastructure and + // no additional user configuration is required for the cluster to function. + // When set to `External`, records are not provided by the internal infrastructure + // and must be configured by the user on a DNS server outside the cluster. + // Cluster nodes must use this external server for their upstream DNS requests. + // This value may only be set when loadBalancer.type is set to UserManaged. + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is `Internal`. + // +openshift:enable:FeatureGate=OnPremDNSRecords + // +optional + DNSRecordsType DNSRecordsType `json:"dnsRecordsType,omitempty"` } // VSpherePlatformLoadBalancer defines the load balancer used by the cluster on VSphere platform. @@ -1683,6 +1717,7 @@ type VSpherePlatformSpec struct { } // VSpherePlatformStatus holds the current status of the vSphere infrastructure provider. +// +openshift:validation:FeatureGateAwareXValidation:featureGate=OnPremDNSRecords,rule="!has(self.dnsRecordsType) || self.dnsRecordsType == 'Internal' || (has(self.loadBalancer) && self.loadBalancer.type == 'UserManaged')",message="dnsRecordsType may only be set to External when loadBalancer.type is UserManaged" type VSpherePlatformStatus struct { // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used // by components inside the cluster, like kubelets using the infrastructure rather @@ -1735,6 +1770,22 @@ type VSpherePlatformStatus struct { // +optional LoadBalancer *VSpherePlatformLoadBalancer `json:"loadBalancer,omitempty"` + // dnsRecordsType determines whether records for api, api-int, and ingress + // are provided by the internal DNS service or externally. + // Allowed values are `Internal`, `External`, and omitted. + // When set to `Internal`, records are provided by the internal infrastructure and + // no additional user configuration is required for the cluster to function. + // When set to `External`, records are not provided by the internal infrastructure + // and must be configured by the user on a DNS server outside the cluster. + // Cluster nodes must use this external server for their upstream DNS requests. + // This value may only be set when loadBalancer.type is set to UserManaged. + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is `Internal`. + // +openshift:enable:FeatureGate=OnPremDNSRecords + // +optional + DNSRecordsType DNSRecordsType `json:"dnsRecordsType,omitempty"` + // machineNetworks are IP networks used to connect all the OpenShift cluster nodes. // +listType=atomic // +kubebuilder:validation:MaxItems=32 @@ -2108,6 +2159,7 @@ type NutanixPrismElementEndpoint struct { } // NutanixPlatformStatus holds the current status of the Nutanix infrastructure provider. +// +openshift:validation:FeatureGateAwareXValidation:featureGate=OnPremDNSRecords,rule="!has(self.dnsRecordsType) || self.dnsRecordsType == 'Internal' || (has(self.loadBalancer) && self.loadBalancer.type == 'UserManaged')",message="dnsRecordsType may only be set to External when loadBalancer.type is UserManaged" type NutanixPlatformStatus struct { // apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used // by components inside the cluster, like kubelets using the infrastructure rather @@ -2151,6 +2203,22 @@ type NutanixPlatformStatus struct { // +kubebuilder:default={"type": "OpenShiftManagedDefault"} // +optional LoadBalancer *NutanixPlatformLoadBalancer `json:"loadBalancer,omitempty"` + + // dnsRecordsType determines whether records for api, api-int, and ingress + // are provided by the internal DNS service or externally. + // Allowed values are `Internal`, `External`, and omitted. + // When set to `Internal`, records are provided by the internal infrastructure and + // no additional user configuration is required for the cluster to function. + // When set to `External`, records are not provided by the internal infrastructure + // and must be configured by the user on a DNS server outside the cluster. + // Cluster nodes must use this external server for their upstream DNS requests. + // This value may only be set when loadBalancer.type is set to UserManaged. + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is `Internal`. + // +openshift:enable:FeatureGate=OnPremDNSRecords + // +optional + DNSRecordsType DNSRecordsType `json:"dnsRecordsType,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/github.com/openshift/api/config/v1/types_insights.go b/vendor/github.com/openshift/api/config/v1/types_insights.go deleted file mode 100644 index b0959881f1..0000000000 --- a/vendor/github.com/openshift/api/config/v1/types_insights.go +++ /dev/null @@ -1,230 +0,0 @@ -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// InsightsDataGather provides data gather configuration options for the Insights Operator. -// -// +genclient -// +genclient:nonNamespaced -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// -// +kubebuilder:object:root=true -// +kubebuilder:resource:path=insightsdatagathers,scope=Cluster -// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2448 -// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 -// +openshift:enable:FeatureGate=InsightsConfig -// -// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -// +openshift:compatibility-gen:level=1 -type InsightsDataGather struct { - metav1.TypeMeta `json:",inline"` - // metadata is the standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metav1.ObjectMeta `json:"metadata,omitempty"` - // spec holds user settable values for configuration - // +required - Spec InsightsDataGatherSpec `json:"spec,omitempty,omitzero"` -} - -// InsightsDataGatherSpec contains the configuration for the data gathering. -type InsightsDataGatherSpec struct { - // gatherConfig is a required spec attribute that includes all the configuration options related to gathering of the Insights data and its uploading to the ingress. - // +required - GatherConfig GatherConfig `json:"gatherConfig,omitempty,omitzero"` -} - -// GatherConfig provides data gathering configuration options. -type GatherConfig struct { - // dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. - // It may not exceed 2 items and must not contain duplicates. - // Valid values are ObfuscateNetworking and WorkloadNames. - // When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. - // When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. - // When omitted no obfuscation is applied. - // +kubebuilder:validation:MinItems=1 - // +kubebuilder:validation:MaxItems=2 - // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))",message="dataPolicy items must be unique" - // +listType=atomic - // +optional - DataPolicy []DataPolicyOption `json:"dataPolicy,omitempty"` - // gatherers is a required field that specifies the configuration of the gatherers. - // +required - Gatherers Gatherers `json:"gatherers,omitempty,omitzero"` - // storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. - // If omitted, the gathering job will use ephemeral storage. - // +optional - Storage Storage `json:"storage,omitempty,omitzero"` -} - -// Gatherers specifies the configuration of the gatherers -// +kubebuilder:validation:XValidation:rule="has(self.mode) && self.mode == 'Custom' ? has(self.custom) : !has(self.custom)",message="custom is required when mode is Custom, and forbidden otherwise" -// +union -type Gatherers struct { - // mode is a required field that specifies the mode for gatherers. Allowed values are All, None, and Custom. - // When set to All, all gatherers will run and gather data. - // When set to None, all gatherers will be disabled and no data will be gathered. - // When set to Custom, the custom configuration from the custom field will be applied. - // +unionDiscriminator - // +required - Mode GatheringMode `json:"mode,omitempty"` - // custom provides gathering configuration. - // It is required when mode is Custom, and forbidden otherwise. - // Custom configuration allows user to disable only a subset of gatherers. - // Gatherers that are not explicitly disabled in custom configuration will run. - // +unionMember - // +optional - Custom Custom `json:"custom,omitempty,omitzero"` -} - -// Custom provides the custom configuration of gatherers -type Custom struct { - // configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. - // It may not exceed 100 items and each gatherer can be present only once. - // It is possible to disable an entire set of gatherers while allowing a specific function within that set. - // The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. - // Run the following command to get the names of last active gatherers: - // "oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'" - // +kubebuilder:validation:MinItems=1 - // +kubebuilder:validation:MaxItems=100 - // +listType=map - // +listMapKey=name - // +required - Configs []GathererConfig `json:"configs,omitempty"` -} - -// GatheringMode defines the valid gathering modes. -// +kubebuilder:validation:Enum=All;None;Custom -type GatheringMode string - -const ( - // Enabled enables all gatherers - GatheringModeAll GatheringMode = "All" - // Disabled disables all gatherers - GatheringModeNone GatheringMode = "None" - // Custom applies the configuration from GatheringConfig. - GatheringModeCustom GatheringMode = "Custom" -) - -// DataPolicyOption declares valid data policy options -// +kubebuilder:validation:Enum=ObfuscateNetworking;WorkloadNames -type DataPolicyOption string - -const ( - // IP addresses and cluster domain name are obfuscated - DataPolicyOptionObfuscateNetworking DataPolicyOption = "ObfuscateNetworking" - // Data from Deployment Validation Operator are obfuscated - DataPolicyOptionObfuscateWorkloadNames DataPolicyOption = "WorkloadNames" -) - -// Storage provides persistent storage configuration options for gathering jobs. -// If the type is set to PersistentVolume, then the PersistentVolume must be defined. -// If the type is set to Ephemeral, then the PersistentVolume must not be defined. -// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'PersistentVolume' ? has(self.persistentVolume) : !has(self.persistentVolume)",message="persistentVolume is required when type is PersistentVolume, and forbidden otherwise" -// +union -type Storage struct { - // type is a required field that specifies the type of storage that will be used to store the Insights data archive. - // Valid values are "PersistentVolume" and "Ephemeral". - // When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. - // When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field. - // +unionDiscriminator - // +required - Type StorageType `json:"type,omitempty"` - // persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. - // The PersistentVolume must be created in the openshift-insights namespace. - // +unionMember - // +optional - PersistentVolume PersistentVolumeConfig `json:"persistentVolume,omitempty,omitzero"` -} - -// StorageType declares valid storage types -// +kubebuilder:validation:Enum=PersistentVolume;Ephemeral -type StorageType string - -const ( - // StorageTypePersistentVolume storage type - StorageTypePersistentVolume StorageType = "PersistentVolume" - // StorageTypeEphemeral storage type - StorageTypeEphemeral StorageType = "Ephemeral" -) - -// PersistentVolumeConfig provides configuration options for PersistentVolume storage. -type PersistentVolumeConfig struct { - // claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. - // The PersistentVolumeClaim must be created in the openshift-insights namespace. - // +required - Claim PersistentVolumeClaimReference `json:"claim,omitempty,omitzero"` - // mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. - // When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. - // The current default mount path is /var/lib/insights-operator - // The path may not exceed 1024 characters and must not contain a colon. - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:MaxLength=1024 - // +kubebuilder:validation:XValidation:rule="!self.contains(':')",message="mountPath must not contain a colon" - // +optional - MountPath string `json:"mountPath,omitempty"` -} - -// PersistentVolumeClaimReference is a reference to a PersistentVolumeClaim. -type PersistentVolumeClaimReference struct { - // name is the name of the PersistentVolumeClaim that will be used to store the Insights data archive. - // It is a string that follows the DNS1123 subdomain format. - // It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character. - // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:MaxLength=253 - // +required - Name string `json:"name,omitempty"` -} - -// GathererConfig allows to configure specific gatherers -type GathererConfig struct { - // name is the required name of a specific gatherer. - // It may not exceed 256 characters. - // The format for a gatherer name is: {gatherer}/{function} where the function is optional. - // Gatherer consists of a lowercase letters only that may include underscores (_). - // Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). - // The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. - // Run the following command to get the names of last active gatherers: - // "oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'" - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:MaxLength=256 - // +kubebuilder:validation:XValidation:rule=`self.matches("^[a-z]+[_a-z]*[a-z]([/a-z][_a-z]*)?[a-z]$")`,message=`gatherer name must be in the format of {gatherer}/{function} where the gatherer and function are lowercase letters only that may include underscores (_) and are separated by a forward slash (/) if the function is provided` - // +required - Name string `json:"name,omitempty"` - // state is a required field that allows you to configure specific gatherer. Valid values are "Enabled" and "Disabled". - // When set to Enabled the gatherer will run. - // When set to Disabled the gatherer will not run. - // +required - State GathererState `json:"state,omitempty"` -} - -// GathererState declares valid gatherer state types. -// +kubebuilder:validation:Enum=Enabled;Disabled -type GathererState string - -const ( - // GathererStateEnabled gatherer state, which means that the gatherer will run. - GathererStateEnabled GathererState = "Enabled" - // GathererStateDisabled gatherer state, which means that the gatherer will not run. - GathererStateDisabled GathererState = "Disabled" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// InsightsDataGatherList is a collection of items -// Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). -// +openshift:compatibility-gen:level=1 -type InsightsDataGatherList struct { - metav1.TypeMeta `json:",inline"` - // metadata is the required standard list's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +required - metav1.ListMeta `json:"metadata,omitempty"` - // items is the required list of InsightsDataGather objects - // it may not exceed 100 items - // +kubebuilder:validation:MinItems=0 - // +kubebuilder:validation:MaxItems=100 - // +required - Items []InsightsDataGather `json:"items,omitempty"` -} diff --git a/vendor/github.com/openshift/api/config/v1/types_node.go b/vendor/github.com/openshift/api/config/v1/types_node.go index 1282f33158..2f627be11e 100644 --- a/vendor/github.com/openshift/api/config/v1/types_node.go +++ b/vendor/github.com/openshift/api/config/v1/types_node.go @@ -79,7 +79,6 @@ type CgroupMode string const ( CgroupModeEmpty CgroupMode = "" // Empty string indicates to honor user set value on the system that should not be overridden by OpenShift - CgroupModeV1 CgroupMode = "v1" CgroupModeV2 CgroupMode = "v2" CgroupModeDefault CgroupMode = CgroupModeV2 ) diff --git a/vendor/github.com/openshift/api/config/v1/types_scheduling.go b/vendor/github.com/openshift/api/config/v1/types_scheduling.go index c90d5633f6..a81ed9f30c 100644 --- a/vendor/github.com/openshift/api/config/v1/types_scheduling.go +++ b/vendor/github.com/openshift/api/config/v1/types_scheduling.go @@ -48,7 +48,9 @@ type SchedulerSpec struct { // +optional Profile SchedulerProfile `json:"profile,omitempty"` // profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. - // +openshift:enable:FeatureGate=DynamicResourceAllocation + // Deprecated: no longer needed, since DRA is GA starting with 4.21, and + // is enabled by' default in the cluster, this field will be removed in 4.24. + // +openshift:enable:FeatureGate=HyperShiftOnlyDynamicResourceAllocation // +optional ProfileCustomizations ProfileCustomizations `json:"profileCustomizations"` // defaultNodeSelector helps set the cluster-wide default node selector to diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index 0863934f22..fe8c112273 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -1736,27 +1736,6 @@ func (in *ConsoleStatus) DeepCopy() *ConsoleStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Custom) DeepCopyInto(out *Custom) { - *out = *in - if in.Configs != nil { - in, out := &in.Configs, &out.Configs - *out = make([]GathererConfig, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Custom. -func (in *Custom) DeepCopy() *Custom { - if in == nil { - return nil - } - out := new(Custom) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CustomFeatureGates) DeepCopyInto(out *CustomFeatureGates) { *out = *in @@ -2422,11 +2401,6 @@ func (in *GCPPlatformStatus) DeepCopyInto(out *GCPPlatformStatus) { *out = new(CloudLoadBalancerConfig) (*in).DeepCopyInto(*out) } - if in.ServiceEndpoints != nil { - in, out := &in.ServiceEndpoints, &out.ServiceEndpoints - *out = make([]GCPServiceEndpoint, len(*in)) - copy(*out, *in) - } return } @@ -2472,78 +2446,6 @@ func (in *GCPResourceTag) DeepCopy() *GCPResourceTag { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GCPServiceEndpoint) DeepCopyInto(out *GCPServiceEndpoint) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPServiceEndpoint. -func (in *GCPServiceEndpoint) DeepCopy() *GCPServiceEndpoint { - if in == nil { - return nil - } - out := new(GCPServiceEndpoint) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GatherConfig) DeepCopyInto(out *GatherConfig) { - *out = *in - if in.DataPolicy != nil { - in, out := &in.DataPolicy, &out.DataPolicy - *out = make([]DataPolicyOption, len(*in)) - copy(*out, *in) - } - in.Gatherers.DeepCopyInto(&out.Gatherers) - out.Storage = in.Storage - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatherConfig. -func (in *GatherConfig) DeepCopy() *GatherConfig { - if in == nil { - return nil - } - out := new(GatherConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *GathererConfig) DeepCopyInto(out *GathererConfig) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GathererConfig. -func (in *GathererConfig) DeepCopy() *GathererConfig { - if in == nil { - return nil - } - out := new(GathererConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Gatherers) DeepCopyInto(out *Gatherers) { - *out = *in - in.Custom.DeepCopyInto(&out.Custom) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Gatherers. -func (in *Gatherers) DeepCopy() *Gatherers { - if in == nil { - return nil - } - out := new(Gatherers) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GenericAPIServerConfig) DeepCopyInto(out *GenericAPIServerConfig) { *out = *in @@ -3647,83 +3549,6 @@ func (in *IngressStatus) DeepCopy() *IngressStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InsightsDataGather) DeepCopyInto(out *InsightsDataGather) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGather. -func (in *InsightsDataGather) DeepCopy() *InsightsDataGather { - if in == nil { - return nil - } - out := new(InsightsDataGather) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *InsightsDataGather) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InsightsDataGatherList) DeepCopyInto(out *InsightsDataGatherList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]InsightsDataGather, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherList. -func (in *InsightsDataGatherList) DeepCopy() *InsightsDataGatherList { - if in == nil { - return nil - } - out := new(InsightsDataGatherList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *InsightsDataGatherList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *InsightsDataGatherSpec) DeepCopyInto(out *InsightsDataGatherSpec) { - *out = *in - in.GatherConfig.DeepCopyInto(&out.GatherConfig) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InsightsDataGatherSpec. -func (in *InsightsDataGatherSpec) DeepCopy() *InsightsDataGatherSpec { - if in == nil { - return nil - } - out := new(InsightsDataGatherSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IntermediateTLSProfile) DeepCopyInto(out *IntermediateTLSProfile) { *out = *in @@ -5173,39 +4998,6 @@ func (in *PKICertificateSubject) DeepCopy() *PKICertificateSubject { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeClaimReference) DeepCopyInto(out *PersistentVolumeClaimReference) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeClaimReference. -func (in *PersistentVolumeClaimReference) DeepCopy() *PersistentVolumeClaimReference { - if in == nil { - return nil - } - out := new(PersistentVolumeClaimReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PersistentVolumeConfig) DeepCopyInto(out *PersistentVolumeConfig) { - *out = *in - out.Claim = in.Claim - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PersistentVolumeConfig. -func (in *PersistentVolumeConfig) DeepCopy() *PersistentVolumeConfig { - if in == nil { - return nil - } - out := new(PersistentVolumeConfig) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PlatformSpec) DeepCopyInto(out *PlatformSpec) { *out = *in @@ -6168,23 +5960,6 @@ func (in *SignatureStore) DeepCopy() *SignatureStore { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Storage) DeepCopyInto(out *Storage) { - *out = *in - out.PersistentVolume = in.PersistentVolume - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Storage. -func (in *Storage) DeepCopy() *Storage { - if in == nil { - return nil - } - out := new(Storage) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *StringSource) DeepCopyInto(out *StringSource) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index 03b091ead5..e56c1a15a9 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -368,10 +368,10 @@ infrastructures.config.openshift.io: - DualReplica - DyanmicServiceEndpointIBMCloud - GCPClusterHostedDNSInstall - - GCPCustomAPIEndpointsInstall - HighlyAvailableArbiter - HighlyAvailableArbiter+DualReplica - NutanixMultiSubnets + - OnPremDNSRecords - VSphereHostVMGroupZonal - VSphereMultiNetworks FilenameOperatorName: config-operator @@ -410,29 +410,6 @@ ingresses.config.openshift.io: TopLevelFeatureGates: [] Version: v1 -insightsdatagathers.config.openshift.io: - Annotations: {} - ApprovedPRNumber: https://github.com/openshift/api/pull/2448 - CRDName: insightsdatagathers.config.openshift.io - Capability: "" - Category: "" - FeatureGates: - - InsightsConfig - FilenameOperatorName: config-operator - FilenameOperatorOrdering: "01" - FilenameRunLevel: "0000_10" - GroupName: config.openshift.io - HasStatus: false - KindName: InsightsDataGather - Labels: {} - PluralName: insightsdatagathers - PrinterColumns: [] - Scope: Cluster - ShortNames: null - TopLevelFeatureGates: - - InsightsConfig - Version: v1 - networks.config.openshift.io: Annotations: release.openshift.io/bootstrap-required: "true" @@ -574,7 +551,7 @@ schedulers.config.openshift.io: Capability: "" Category: "" FeatureGates: - - DynamicResourceAllocation + - HyperShiftOnlyDynamicResourceAllocation FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index be7d462a50..766ac5ddab 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -1335,7 +1335,7 @@ func (PolicyMatchRemapIdentity) SwaggerDoc() map[string]string { var map_PolicyRootOfTrust = map[string]string{ "": "PolicyRootOfTrust defines the root of trust based on the selected policyType.", - "policyType": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", + "policyType": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI).", "publicKey": "publicKey defines the root of trust configuration based on a sigstore public key. Optionally include a Rekor public key for Rekor verification. publicKey is required when policyType is PublicKey, and forbidden otherwise.", "fulcioCAWithRekor": "fulcioCAWithRekor defines the root of trust configuration based on the Fulcio certificate and the Rekor public key. fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", "pki": "pki defines the root of trust configuration based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. pki is required when policyType is PKI, and forbidden otherwise.", @@ -1527,6 +1527,7 @@ var map_BareMetalPlatformStatus = map[string]string{ "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", "loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.", + "dnsRecordsType": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.", "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", } @@ -1615,7 +1616,6 @@ var map_GCPPlatformStatus = map[string]string{ "resourceLabels": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", "resourceTags": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", "cloudLoadBalancerConfig": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", - "serviceEndpoints": "serviceEndpoints specifies endpoints that override the default endpoints used when creating clients to interact with GCP services. When not specified, the default endpoint for the GCP region will be used. Only 1 endpoint override is permitted for each GCP service. The maximum number of endpoint overrides allowed is 11.", } func (GCPPlatformStatus) SwaggerDoc() map[string]string { @@ -1643,16 +1643,6 @@ func (GCPResourceTag) SwaggerDoc() map[string]string { return map_GCPResourceTag } -var map_GCPServiceEndpoint = map[string]string{ - "": "GCPServiceEndpoint store the configuration of a custom url to override existing defaults of GCP Services.", - "name": "name is the name of the GCP service whose endpoint is being overridden. This must be provided and cannot be empty.\n\nAllowed values are Compute, Container, CloudResourceManager, DNS, File, IAM, ServiceUsage, Storage, and TagManager.\n\nAs an example, when setting the name to Compute all requests made by the caller to the GCP Compute Service will be directed to the endpoint specified in the url field.", - "url": "url is a fully qualified URI that overrides the default endpoint for a client using the GCP service specified in the name field. url is required, must use the scheme https, must not be more than 253 characters in length, and must be a valid URL according to Go's net/url package (https://pkg.go.dev/net/url#URL)\n\nAn example of a valid endpoint that overrides the Compute Service: \"https://compute-myendpoint1.p.googleapis.com\"", -} - -func (GCPServiceEndpoint) SwaggerDoc() map[string]string { - return map_GCPServiceEndpoint -} - var map_IBMCloudPlatformSpec = map[string]string{ "": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", "serviceEndpoints": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints. A maximum of 13 service endpoints overrides are supported.", @@ -1789,6 +1779,7 @@ var map_NutanixPlatformStatus = map[string]string{ "ingressIP": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", "loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.", + "dnsRecordsType": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.", } func (NutanixPlatformStatus) SwaggerDoc() map[string]string { @@ -1855,6 +1846,7 @@ var map_OpenStackPlatformStatus = map[string]string{ "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", "loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.", + "dnsRecordsType": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.", "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", } @@ -1887,6 +1879,7 @@ var map_OvirtPlatformStatus = map[string]string{ "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", "nodeDNSIP": "deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.", "loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.", + "dnsRecordsType": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.", } func (OvirtPlatformStatus) SwaggerDoc() map[string]string { @@ -2069,6 +2062,7 @@ var map_VSpherePlatformStatus = map[string]string{ "ingressIPs": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", "nodeDNSIP": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", "loadBalancer": "loadBalancer defines how the load balancer used by the cluster is configured.", + "dnsRecordsType": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.", "machineNetworks": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", } @@ -2197,104 +2191,6 @@ func (LoadBalancer) SwaggerDoc() map[string]string { return map_LoadBalancer } -var map_Custom = map[string]string{ - "": "Custom provides the custom configuration of gatherers", - "configs": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", -} - -func (Custom) SwaggerDoc() map[string]string { - return map_Custom -} - -var map_GatherConfig = map[string]string{ - "": "GatherConfig provides data gathering configuration options.", - "dataPolicy": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", - "gatherers": "gatherers is a required field that specifies the configuration of the gatherers.", - "storage": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", -} - -func (GatherConfig) SwaggerDoc() map[string]string { - return map_GatherConfig -} - -var map_GathererConfig = map[string]string{ - "": "GathererConfig allows to configure specific gatherers", - "name": "name is the required name of a specific gatherer. It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", - "state": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", -} - -func (GathererConfig) SwaggerDoc() map[string]string { - return map_GathererConfig -} - -var map_Gatherers = map[string]string{ - "": "Gatherers specifies the configuration of the gatherers", - "mode": "mode is a required field that specifies the mode for gatherers. Allowed values are All, None, and Custom. When set to All, all gatherers will run and gather data. When set to None, all gatherers will be disabled and no data will be gathered. When set to Custom, the custom configuration from the custom field will be applied.", - "custom": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", -} - -func (Gatherers) SwaggerDoc() map[string]string { - return map_Gatherers -} - -var map_InsightsDataGather = map[string]string{ - "": "InsightsDataGather provides data gather configuration options for the Insights Operator.\n\n\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "spec": "spec holds user settable values for configuration", -} - -func (InsightsDataGather) SwaggerDoc() map[string]string { - return map_InsightsDataGather -} - -var map_InsightsDataGatherList = map[string]string{ - "": "InsightsDataGatherList is a collection of items Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "metadata": "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "items": "items is the required list of InsightsDataGather objects it may not exceed 100 items", -} - -func (InsightsDataGatherList) SwaggerDoc() map[string]string { - return map_InsightsDataGatherList -} - -var map_InsightsDataGatherSpec = map[string]string{ - "": "InsightsDataGatherSpec contains the configuration for the data gathering.", - "gatherConfig": "gatherConfig is a required spec attribute that includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", -} - -func (InsightsDataGatherSpec) SwaggerDoc() map[string]string { - return map_InsightsDataGatherSpec -} - -var map_PersistentVolumeClaimReference = map[string]string{ - "": "PersistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", - "name": "name is the name of the PersistentVolumeClaim that will be used to store the Insights data archive. It is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", -} - -func (PersistentVolumeClaimReference) SwaggerDoc() map[string]string { - return map_PersistentVolumeClaimReference -} - -var map_PersistentVolumeConfig = map[string]string{ - "": "PersistentVolumeConfig provides configuration options for PersistentVolume storage.", - "claim": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - "mountPath": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", -} - -func (PersistentVolumeConfig) SwaggerDoc() map[string]string { - return map_PersistentVolumeConfig -} - -var map_Storage = map[string]string{ - "": "Storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", - "type": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", - "persistentVolume": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", -} - -func (Storage) SwaggerDoc() map[string]string { - return map_Storage -} - var map_AWSKMSConfig = map[string]string{ "": "AWSKMSConfig defines the KMS config specific to AWS KMS provider", "keyARN": "keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. The value must adhere to the format `arn:aws:kms:::key/`, where: - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens.", @@ -2896,7 +2792,7 @@ func (SchedulerList) SwaggerDoc() map[string]string { var map_SchedulerSpec = map[string]string{ "policy": "DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", "profile": "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods.\n\nValid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"", - "profileCustomizations": "profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles.", + "profileCustomizations": "profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. Deprecated: no longer needed, since DRA is GA starting with 4.21, and is enabled by' default in the cluster, this field will be removed in 4.24.", "defaultNodeSelector": "defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod's selector. For example, defaultNodeSelector: \"type=user-node,region=east\" would set nodeSelector field in pod spec to \"type=user-node,region=east\" to all pods created in all namespaces. Namespaces having project-wide node selectors won't be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector='type=user-node,region=east', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: \"type=user-node,region=west\" means that the default of \"type=user-node,region=east\" set in defaultNodeSelector would not be applied.", "mastersSchedulable": "mastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.", } diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go index f6d4cd3420..0653eeb5a5 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go @@ -33,7 +33,7 @@ import ( // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1929 // +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true -// +kubebuilder:resource:path=clustermonitoring,scope=Cluster +// +kubebuilder:resource:path=clustermonitorings,scope=Cluster // +kubebuilder:subresource:status // +kubebuilder:metadata:annotations="description=Cluster Monitoring Operators configuration API" // +openshift:enable:FeatureGate=ClusterMonitoringConfig diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index b9dca71a92..2f79f801dd 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -45,11 +45,11 @@ clusterimagepolicies.config.openshift.io: - SigstoreImageVerification Version: v1alpha1 -clustermonitoring.config.openshift.io: +clustermonitorings.config.openshift.io: Annotations: description: Cluster Monitoring Operators configuration API ApprovedPRNumber: https://github.com/openshift/api/pull/1929 - CRDName: clustermonitoring.config.openshift.io + CRDName: clustermonitorings.config.openshift.io Capability: "" Category: "" FeatureGates: @@ -61,7 +61,7 @@ clustermonitoring.config.openshift.io: HasStatus: true KindName: ClusterMonitoring Labels: {} - PluralName: clustermonitoring + PluralName: clustermonitorings PrinterColumns: [] Scope: Cluster ShortNames: null diff --git a/vendor/github.com/openshift/api/console/v1/types.go b/vendor/github.com/openshift/api/console/v1/types.go index 416eaa3e87..24dcd5ca0b 100644 --- a/vendor/github.com/openshift/api/console/v1/types.go +++ b/vendor/github.com/openshift/api/console/v1/types.go @@ -4,7 +4,7 @@ package v1 type Link struct { // text is the display text for the link Text string `json:"text"` - // href is the absolute secure URL for the link (must use https) - // +kubebuilder:validation:Pattern=`^https://` + // href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links. + // +kubebuilder:validation:Pattern=`^(https://|mailto:)` Href string `json:"href"` } diff --git a/vendor/github.com/openshift/api/console/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/console/v1/zz_generated.swagger_doc_generated.go index a02cbf7c17..606b95cafc 100644 --- a/vendor/github.com/openshift/api/console/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/console/v1/zz_generated.swagger_doc_generated.go @@ -14,7 +14,7 @@ package v1 var map_Link = map[string]string{ "": "Represents a standard link that could be generated in HTML", "text": "text is the display text for the link", - "href": "href is the absolute secure URL for the link (must use https)", + "href": "href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.", } func (Link) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md index df45c853f3..9ca59207ca 100644 --- a/vendor/github.com/openshift/api/features.md +++ b/vendor/github.com/openshift/api/features.md @@ -1,112 +1,115 @@ -| FeatureGate | Default on Hypershift | Default on SelfManagedHA | DevPreviewNoUpgrade on Hypershift | DevPreviewNoUpgrade on SelfManagedHA | TechPreviewNoUpgrade on Hypershift | TechPreviewNoUpgrade on SelfManagedHA | -| ------ | --- | --- | --- | --- | --- | --- | -| ClusterAPIInstall| | | | | | | -| EventedPLEG| | | | | | | -| MachineAPIOperatorDisableMachineHealthCheckController| | | | | | | -| MultiArchInstallAzure| | | | | | | -| ShortCertRotation| | | | | | | -| ClusterAPIMachineManagementVSphere| | | Enabled | Enabled | | | -| Example2| | | Enabled | Enabled | | | -| ExternalSnapshotMetadata| | | Enabled | Enabled | | | -| IngressControllerDynamicConfigurationManager| | | Enabled | Enabled | | | -| NewOLMCatalogdAPIV1Metas| | | | Enabled | | Enabled | -| NewOLMOwnSingleNamespace| | | | Enabled | | Enabled | -| NewOLMPreflightPermissionChecks| | | | Enabled | | Enabled | -| NoRegistryClusterOperations| | | | Enabled | | Enabled | -| VSphereMixedNodeEnv| | | Enabled | Enabled | | | -| NewOLM| | Enabled | | Enabled | | Enabled | -| NewOLMWebhookProviderOpenshiftServiceCA| | Enabled | | Enabled | | Enabled | -| AWSClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled | -| AWSClusterHostedDNSInstall| | | Enabled | Enabled | Enabled | Enabled | -| AWSDedicatedHosts| | | Enabled | Enabled | Enabled | Enabled | -| AWSDualStackInstall| | | Enabled | Enabled | Enabled | Enabled | -| AWSServiceLBNetworkSecurityGroup| | | Enabled | Enabled | Enabled | Enabled | -| AutomatedEtcdBackup| | | Enabled | Enabled | Enabled | Enabled | -| AzureClusterHostedDNSInstall| | | Enabled | Enabled | Enabled | Enabled | -| AzureDedicatedHosts| | | Enabled | Enabled | Enabled | Enabled | -| AzureDualStackInstall| | | Enabled | Enabled | Enabled | Enabled | -| AzureMultiDisk| | | Enabled | Enabled | Enabled | Enabled | -| BootImageSkewEnforcement| | | Enabled | Enabled | Enabled | Enabled | -| BootcNodeManagement| | | Enabled | Enabled | Enabled | Enabled | -| CBORServingAndStorage| | | Enabled | Enabled | Enabled | Enabled | -| CRDCompatibilityRequirementOperator| | | Enabled | Enabled | Enabled | Enabled | -| ClientsAllowCBOR| | | Enabled | Enabled | Enabled | Enabled | -| ClientsPreferCBOR| | | Enabled | Enabled | Enabled | Enabled | -| ClusterAPIInstallIBMCloud| | | Enabled | Enabled | Enabled | Enabled | -| ClusterAPIMachineManagement| | | Enabled | Enabled | Enabled | Enabled | -| ClusterMonitoringConfig| | | Enabled | Enabled | Enabled | Enabled | -| ClusterVersionOperatorConfiguration| | | Enabled | Enabled | Enabled | Enabled | -| DNSNameResolver| | | Enabled | Enabled | Enabled | Enabled | -| DualReplica| | | Enabled | Enabled | Enabled | Enabled | -| DyanmicServiceEndpointIBMCloud| | | Enabled | Enabled | Enabled | Enabled | -| DynamicResourceAllocation| | | Enabled | Enabled | Enabled | Enabled | -| EtcdBackendQuota| | | Enabled | Enabled | Enabled | Enabled | -| EventTTL| | | Enabled | Enabled | Enabled | Enabled | -| Example| | | Enabled | Enabled | Enabled | Enabled | -| GCPClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled | -| GCPCustomAPIEndpoints| | | Enabled | Enabled | Enabled | Enabled | -| GCPCustomAPIEndpointsInstall| | | Enabled | Enabled | Enabled | Enabled | -| GCPDualStackInstall| | | Enabled | Enabled | Enabled | Enabled | -| ImageModeStatusReporting| | | Enabled | Enabled | Enabled | Enabled | -| ImageStreamImportMode| | | Enabled | Enabled | Enabled | Enabled | -| InsightsConfig| | | Enabled | Enabled | Enabled | Enabled | -| InsightsOnDemandDataGather| | | Enabled | Enabled | Enabled | Enabled | -| IrreconcilableMachineConfig| | | Enabled | Enabled | Enabled | Enabled | -| KMSEncryptionProvider| | | Enabled | Enabled | Enabled | Enabled | -| MachineAPIMigration| | | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesCPMS| | | Enabled | Enabled | Enabled | Enabled | -| MaxUnavailableStatefulSet| | | Enabled | Enabled | Enabled | Enabled | -| MinimumKubeletVersion| | | Enabled | Enabled | Enabled | Enabled | -| MixedCPUsAllocation| | | Enabled | Enabled | Enabled | Enabled | -| MultiDiskSetup| | | Enabled | Enabled | Enabled | Enabled | -| MutableCSINodeAllocatableCount| | | Enabled | Enabled | Enabled | Enabled | -| MutatingAdmissionPolicy| | | Enabled | Enabled | Enabled | Enabled | -| NutanixMultiSubnets| | | Enabled | Enabled | Enabled | Enabled | -| OSStreams| | | Enabled | Enabled | Enabled | Enabled | -| OVNObservability| | | Enabled | Enabled | Enabled | Enabled | -| SELinuxMount| | | Enabled | Enabled | Enabled | Enabled | -| SignatureStores| | | Enabled | Enabled | Enabled | Enabled | -| SigstoreImageVerificationPKI| | | Enabled | Enabled | Enabled | Enabled | -| TranslateStreamCloseWebsocketRequests| | | Enabled | Enabled | Enabled | Enabled | -| VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | Enabled | Enabled | -| VSphereHostVMGroupZonal| | | Enabled | Enabled | Enabled | Enabled | -| VolumeGroupSnapshot| | | Enabled | Enabled | Enabled | Enabled | -| AdditionalRoutingCapabilities| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| AdminNetworkPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| AlibabaPlatform| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| CPMSMachineNamePrefix| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ConsolePluginContentSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ExternalOIDC| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ExternalOIDCWithUIDAndExtraClaimMappings| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| GCPClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| GatewayAPI| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| GatewayAPIController| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| HighlyAvailableArbiter| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ImageVolume| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| MachineConfigNodes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesAzure| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesvSphere| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| MetricsCollectionProfiles| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| NetworkDiagnosticsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| NetworkLiveMigration| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| NetworkSegmentation| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| PinnedImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| PreconfiguredUDNAddresses| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ProcMountType| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| RouteAdvertisements| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| RouteExternalCertificate| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ServiceAccountTokenNodeBinding| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| SigstoreImageVerification| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| StoragePerformantSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| UpgradeStatus| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| UserNamespacesPodSecurityStandards| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| UserNamespacesSupport| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| VSphereMultiDisk| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| VSphereMultiNetworks| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| VolumeAttributesClass| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| FeatureGate | Default on Hypershift | Default on SelfManagedHA | DevPreviewNoUpgrade on Hypershift | DevPreviewNoUpgrade on SelfManagedHA | OKD on Hypershift | OKD on SelfManagedHA | TechPreviewNoUpgrade on Hypershift | TechPreviewNoUpgrade on SelfManagedHA | +| ------ | --- | --- | --- | --- | --- | --- | --- | --- | +| ClientsAllowCBOR| | | | | | | | | +| ClusterAPIInstall| | | | | | | | | +| EventedPLEG| | | | | | | | | +| MachineAPIOperatorDisableMachineHealthCheckController| | | | | | | | | +| MultiArchInstallAzure| | | | | | | | | +| NewOLMBoxCutterRuntime| | | | | | | | | +| ShortCertRotation| | | | | | | | | +| ClusterAPIMachineManagementVSphere| | | Enabled | Enabled | | | | | +| Example2| | | Enabled | Enabled | | | | | +| ExternalSnapshotMetadata| | | Enabled | Enabled | | | | | +| IngressControllerDynamicConfigurationManager| | | Enabled | Enabled | | | | | +| NewOLMCatalogdAPIV1Metas| | | | Enabled | | | | Enabled | +| NewOLMOwnSingleNamespace| | | | Enabled | | | | Enabled | +| NewOLMPreflightPermissionChecks| | | | Enabled | | | | Enabled | +| NoOverlayMode| | | | | | | Enabled | Enabled | +| NoRegistryClusterInstall| | | | Enabled | | | | Enabled | +| ProvisioningRequestAvailable| | | Enabled | Enabled | | | | | +| AWSClusterHostedDNS| | | Enabled | Enabled | | | Enabled | Enabled | +| AWSClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled | +| AWSDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled | +| AWSDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | +| AWSServiceLBNetworkSecurityGroup| | | Enabled | Enabled | | | Enabled | Enabled | +| AutomatedEtcdBackup| | | Enabled | Enabled | | | Enabled | Enabled | +| AzureClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled | +| AzureDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled | +| AzureDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | +| AzureMultiDisk| | | Enabled | Enabled | | | Enabled | Enabled | +| BootImageSkewEnforcement| | | Enabled | Enabled | | | Enabled | Enabled | +| BootcNodeManagement| | | Enabled | Enabled | | | Enabled | Enabled | +| CBORServingAndStorage| | | Enabled | Enabled | | | Enabled | Enabled | +| CRDCompatibilityRequirementOperator| | | Enabled | Enabled | | | Enabled | Enabled | +| ClientsPreferCBOR| | | Enabled | Enabled | | | Enabled | Enabled | +| ClusterAPIInstallIBMCloud| | | Enabled | Enabled | | | Enabled | Enabled | +| ClusterAPIMachineManagement| | | Enabled | Enabled | | | Enabled | Enabled | +| ClusterMonitoringConfig| | | Enabled | Enabled | | | Enabled | Enabled | +| ClusterVersionOperatorConfiguration| | | Enabled | Enabled | | | Enabled | Enabled | +| DNSNameResolver| | | Enabled | Enabled | | | Enabled | Enabled | +| DualReplica| | | Enabled | Enabled | | | Enabled | Enabled | +| DyanmicServiceEndpointIBMCloud| | | Enabled | Enabled | | | Enabled | Enabled | +| EtcdBackendQuota| | | Enabled | Enabled | | | Enabled | Enabled | +| EventTTL| | | Enabled | Enabled | | | Enabled | Enabled | +| Example| | | Enabled | Enabled | | | Enabled | Enabled | +| GCPClusterHostedDNS| | | Enabled | Enabled | | | Enabled | Enabled | +| GCPCustomAPIEndpoints| | | Enabled | Enabled | | | Enabled | Enabled | +| GCPCustomAPIEndpointsInstall| | | Enabled | Enabled | | | Enabled | Enabled | +| GCPDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | +| HyperShiftOnlyDynamicResourceAllocation| Enabled | | Enabled | | Enabled | | Enabled | | +| ImageModeStatusReporting| | | Enabled | Enabled | | | Enabled | Enabled | +| InsightsConfig| | | Enabled | Enabled | | | Enabled | Enabled | +| InsightsOnDemandDataGather| | | Enabled | Enabled | | | Enabled | Enabled | +| IrreconcilableMachineConfig| | | Enabled | Enabled | | | Enabled | Enabled | +| KMSEncryptionProvider| | | Enabled | Enabled | | | Enabled | Enabled | +| MachineAPIMigration| | | Enabled | Enabled | | | Enabled | Enabled | +| ManagedBootImagesCPMS| | | Enabled | Enabled | | | Enabled | Enabled | +| MaxUnavailableStatefulSet| | | Enabled | Enabled | | | Enabled | Enabled | +| MinimumKubeletVersion| | | Enabled | Enabled | | | Enabled | Enabled | +| MixedCPUsAllocation| | | Enabled | Enabled | | | Enabled | Enabled | +| MultiDiskSetup| | | Enabled | Enabled | | | Enabled | Enabled | +| MutableCSINodeAllocatableCount| | | Enabled | Enabled | | | Enabled | Enabled | +| MutatingAdmissionPolicy| | | Enabled | Enabled | | | Enabled | Enabled | +| NewOLM| | Enabled | | Enabled | | Enabled | | Enabled | +| NewOLMWebhookProviderOpenshiftServiceCA| | Enabled | | Enabled | | Enabled | | Enabled | +| NutanixMultiSubnets| | | Enabled | Enabled | | | Enabled | Enabled | +| OSStreams| | | Enabled | Enabled | | | Enabled | Enabled | +| OVNObservability| | | Enabled | Enabled | | | Enabled | Enabled | +| OnPremDNSRecords| | | Enabled | Enabled | | | Enabled | Enabled | +| SELinuxMount| | | Enabled | Enabled | | | Enabled | Enabled | +| SignatureStores| | | Enabled | Enabled | | | Enabled | Enabled | +| VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | | | Enabled | Enabled | +| VSphereHostVMGroupZonal| | | Enabled | Enabled | | | Enabled | Enabled | +| VSphereMixedNodeEnv| | | Enabled | Enabled | | | Enabled | Enabled | +| VolumeGroupSnapshot| | | Enabled | Enabled | | | Enabled | Enabled | +| AdditionalRoutingCapabilities| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| AdminNetworkPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| AlibabaPlatform| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| CPMSMachineNamePrefix| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ConsolePluginContentSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ExternalOIDC| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ExternalOIDCWithUIDAndExtraClaimMappings| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| GCPClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| GatewayAPI| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| GatewayAPIController| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| HighlyAvailableArbiter| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ImageStreamImportMode| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ImageVolume| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| MachineConfigNodes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ManagedBootImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ManagedBootImagesAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ManagedBootImagesAzure| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ManagedBootImagesvSphere| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| MetricsCollectionProfiles| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| NetworkDiagnosticsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| NetworkLiveMigration| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| NetworkSegmentation| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| PinnedImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| PreconfiguredUDNAddresses| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ProcMountType| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| RouteAdvertisements| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| RouteExternalCertificate| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ServiceAccountTokenNodeBinding| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| SigstoreImageVerification| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| SigstoreImageVerificationPKI| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| StoragePerformantSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| UpgradeStatus| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| UserNamespacesPodSecurityStandards| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| UserNamespacesSupport| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| VSphereMultiDisk| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| VSphereMultiNetworks| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| VolumeAttributesClass| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/vendor/github.com/openshift/api/features/features.go b/vendor/github.com/openshift/api/features/features.go index 910cabc5fa..fef36220ea 100644 --- a/vendor/github.com/openshift/api/features/features.go +++ b/vendor/github.com/openshift/api/features/features.go @@ -40,7 +40,7 @@ var ( reportProblemsToJiraComponent("Management Console"). contactPerson("jhadvig"). productScope(ocpSpecific). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). enhancementPR("https://github.com/openshift/enhancements/pull/1706"). mustRegister() @@ -49,7 +49,7 @@ var ( contactPerson("ibihim"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/4193"). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateMutatingAdmissionPolicy = newFeatureGate("MutatingAdmissionPolicy"). @@ -65,7 +65,7 @@ var ( contactPerson("miciah"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateOpenShiftPodSecurityAdmission = newFeatureGate("OpenShiftPodSecurityAdmission"). @@ -73,7 +73,7 @@ var ( contactPerson("ibihim"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/899"). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateBuildCSIVolumes = newFeatureGate("BuildCSIVolumes"). @@ -81,23 +81,15 @@ var ( contactPerson("adkaplan"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() - FeatureGateDynamicResourceAllocation = newFeatureGate("DynamicResourceAllocation"). - reportProblemsToJiraComponent("scheduling"). - contactPerson("jchaloup"). - productScope(kubernetes). - enhancementPR("https://github.com/kubernetes/enhancements/issues/4381"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - FeatureGateAzureWorkloadIdentity = newFeatureGate("AzureWorkloadIdentity"). reportProblemsToJiraComponent("cloud-credential-operator"). contactPerson("abutcher"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateAzureDedicatedHosts = newFeatureGate("AzureDedicatedHosts"). @@ -128,7 +120,7 @@ var ( contactPerson("sgrunert"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). mustRegister() FeatureGateSigstoreImageVerificationPKI = newFeatureGate("SigstoreImageVerificationPKI"). @@ -136,7 +128,7 @@ var ( contactPerson("QiWang"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1658"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). mustRegister() FeatureGateAlibabaPlatform = newFeatureGate("AlibabaPlatform"). @@ -144,7 +136,7 @@ var ( contactPerson("jspeed"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateVSphereHostVMGroupZonal = newFeatureGate("VSphereHostVMGroupZonal"). @@ -160,7 +152,7 @@ var ( contactPerson("vr4manta"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1709"). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateRouteExternalCertificate = newFeatureGate("RouteExternalCertificate"). @@ -168,7 +160,7 @@ var ( contactPerson("chiragkyal"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateCPMSMachineNamePrefix = newFeatureGate("CPMSMachineNamePrefix"). @@ -176,7 +168,7 @@ var ( contactPerson("chiragkyal"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1714"). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateAdminNetworkPolicy = newFeatureGate("AdminNetworkPolicy"). @@ -184,7 +176,7 @@ var ( contactPerson("tssurya"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateNetworkSegmentation = newFeatureGate("NetworkSegmentation"). @@ -192,7 +184,15 @@ var ( contactPerson("tssurya"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1623"). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateNoOverlayMode = newFeatureGate("NoOverlayMode"). + reportProblemsToJiraComponent("Networking/ovn-kubernetes"). + contactPerson("pliurh"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1859"). + enableIn(configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateAdditionalRoutingCapabilities = newFeatureGate("AdditionalRoutingCapabilities"). @@ -200,7 +200,7 @@ var ( contactPerson("jcaamano"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateRouteAdvertisements = newFeatureGate("RouteAdvertisements"). @@ -208,7 +208,7 @@ var ( contactPerson("jcaamano"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateNetworkLiveMigration = newFeatureGate("NetworkLiveMigration"). @@ -216,7 +216,7 @@ var ( contactPerson("pliu"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateNetworkDiagnosticsConfig = newFeatureGate("NetworkDiagnosticsConfig"). @@ -224,7 +224,7 @@ var ( contactPerson("kyrtapz"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateOVNObservability = newFeatureGate("OVNObservability"). @@ -271,7 +271,7 @@ var ( contactPerson("ijanssen"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1765"). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateImageModeStatusReporting = newFeatureGate("ImageModeStatusReporting"). @@ -326,7 +326,7 @@ var ( contactPerson("djoshy"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateManagedBootImagesAWS = newFeatureGate("ManagedBootImagesAWS"). @@ -334,7 +334,7 @@ var ( contactPerson("djoshy"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateManagedBootImagesvSphere = newFeatureGate("ManagedBootImagesvSphere"). @@ -342,7 +342,7 @@ var ( contactPerson("rsaini"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1496"). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateManagedBootImagesAzure = newFeatureGate("ManagedBootImagesAzure"). @@ -350,7 +350,7 @@ var ( contactPerson("djoshy"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1761"). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateManagedBootImagesCPMS = newFeatureGate("ManagedBootImagesCPMS"). @@ -390,7 +390,7 @@ var ( contactPerson("dgrisonnet"). productScope(kubernetes). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGatePinnedImages = newFeatureGate("PinnedImages"). @@ -398,7 +398,7 @@ var ( contactPerson("RishabhSaini"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateUpgradeStatus = newFeatureGate("UpgradeStatus"). @@ -406,23 +406,15 @@ var ( contactPerson("pmuller"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). mustRegister() - FeatureGateTranslateStreamCloseWebsocketRequests = newFeatureGate("TranslateStreamCloseWebsocketRequests"). - reportProblemsToJiraComponent("kube-apiserver"). - contactPerson("akashem"). - productScope(kubernetes). - enhancementPR("https://github.com/kubernetes/enhancements/issues/4006"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - FeatureGateVolumeAttributesClass = newFeatureGate("VolumeAttributesClass"). reportProblemsToJiraComponent("Storage / Kubernetes External Components"). contactPerson("dfajmon"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/3751"). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateVolumeGroupSnapshot = newFeatureGate("VolumeGroupSnapshot"). @@ -446,7 +438,7 @@ var ( contactPerson("liouk"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1596"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). mustRegister() FeatureGateExternalOIDCWithAdditionalClaimMappings = newFeatureGate("ExternalOIDCWithUIDAndExtraClaimMappings"). @@ -454,7 +446,7 @@ var ( contactPerson("bpalmer"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1777"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). mustRegister() FeatureGateExample = newFeatureGate("Example"). @@ -478,7 +470,7 @@ var ( contactPerson("joe"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableForClusterProfile(SelfManaged, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). + enableForClusterProfile(SelfManaged, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). mustRegister() FeatureGateNewOLMCatalogdAPIV1Metas = newFeatureGate("NewOLMCatalogdAPIV1Metas"). @@ -501,7 +493,7 @@ var ( reportProblemsToJiraComponent("olm"). contactPerson("nschieder"). productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1774"). + enhancementPR("https://github.com/openshift/enhancements/pull/1849"). enableForClusterProfile(SelfManaged, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() @@ -510,9 +502,16 @@ var ( contactPerson("pegoncal"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1844"). - enableForClusterProfile(SelfManaged, configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableForClusterProfile(SelfManaged, configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + FeatureGateNewOLMBoxCutterRuntime = newFeatureGate("NewOLMBoxCutterRuntime"). + reportProblemsToJiraComponent("olm"). + contactPerson("pegoncal"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1890"). + mustRegister() + FeatureGateInsightsOnDemandDataGather = newFeatureGate("InsightsOnDemandDataGather"). reportProblemsToJiraComponent("insights"). contactPerson("tremes"). @@ -534,7 +533,7 @@ var ( contactPerson("rexagod"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateClusterAPIInstallIBMCloud = newFeatureGate("ClusterAPIInstallIBMCloud"). @@ -589,7 +588,7 @@ var ( contactPerson("psundara"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateUserNamespacesSupport = newFeatureGate("UserNamespacesSupport"). @@ -597,7 +596,7 @@ var ( contactPerson("haircommander"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/127"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). mustRegister() // Note: this feature is perma-alpha, but it is safe and desireable to enable. @@ -608,7 +607,7 @@ var ( contactPerson("haircommander"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/127"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). mustRegister() FeatureGateProcMountType = newFeatureGate("ProcMountType"). @@ -616,7 +615,7 @@ var ( contactPerson("haircommander"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/4265"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). mustRegister() FeatureGateVSphereMultiNetworks = newFeatureGate("VSphereMultiNetworks"). @@ -624,7 +623,7 @@ var ( contactPerson("rvanderp"). productScope(ocpSpecific). enhancementPR(legacyFeatureGateWithoutEnhancement). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateIngressControllerDynamicConfigurationManager = newFeatureGate("IngressControllerDynamicConfigurationManager"). @@ -664,7 +663,7 @@ var ( contactPerson("eggfoobar"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1674"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). mustRegister() FeatureGateCVOConfiguration = newFeatureGate("ClusterVersionOperatorConfiguration"). @@ -717,7 +716,7 @@ var ( // A dedicated feature gate now controls the Gateway Controller to distinguish // its production readiness from that of the CRDs. enhancementPR("https://github.com/openshift/enhancements/pull/1756"). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureShortCertRotation = newFeatureGate("ShortCertRotation"). @@ -748,7 +747,7 @@ var ( contactPerson("hekumar"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1804"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). mustRegister() FeatureGateMultiDiskSetup = newFeatureGate("MultiDiskSetup"). @@ -760,8 +759,8 @@ var ( mustRegister() FeatureGateAWSDedicatedHosts = newFeatureGate("AWSDedicatedHosts"). - reportProblemsToJiraComponent("Installer"). - contactPerson("faermanj"). + reportProblemsToJiraComponent("splat"). + contactPerson("rvanderp3"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1781"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). @@ -772,7 +771,7 @@ var ( contactPerson("vr4manta"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1772"). - enableIn(configv1.DevPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGatePreconfiguredUDNAddresses = newFeatureGate("PreconfiguredUDNAddresses"). @@ -780,7 +779,7 @@ var ( contactPerson("kyrtapz"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1793"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). mustRegister() FeatureGateAWSServiceLBNetworkSecurityGroup = newFeatureGate("AWSServiceLBNetworkSecurityGroup"). @@ -792,14 +791,14 @@ var ( mustRegister() FeatureGateImageVolume = newFeatureGate("ImageVolume"). - reportProblemsToJiraComponent("Node"). + reportProblemsToJiraComponent("Node"). contactPerson("haircommander"). productScope(kubernetes). enhancementPR("https://github.com/openshift/enhancements/pull/1792"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). mustRegister() - FeatureGateNoRegistryClusterOperations = newFeatureGate("NoRegistryClusterOperations"). + FeatureGateNoRegistryClusterInstall = newFeatureGate("NoRegistryClusterInstall"). reportProblemsToJiraComponent("Installer / Agent based installation"). contactPerson("andfasano"). productScope(ocpSpecific). @@ -812,7 +811,7 @@ var ( contactPerson("barbacbd"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1468"). - enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.OKD, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateAWSClusterHostedDNSInstall = newFeatureGate("AWSClusterHostedDNSInstall"). @@ -875,7 +874,6 @@ var ( contactPerson("benluddy"). productScope(kubernetes). enhancementPR("https://github.com/kubernetes/enhancements/issues/4222"). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureClientsPreferCBOR = newFeatureGate("ClientsPreferCBOR"). @@ -916,4 +914,27 @@ var ( enhancementPR("https://github.com/openshift/enhancements/pull/1845"). enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + FeatureGateOnPremDNSRecords = newFeatureGate("OnPremDNSRecords"). + reportProblemsToJiraComponent("Networking / On-Prem DNS"). + contactPerson("bnemec"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1803"). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateProvisioningRequestAvailable = newFeatureGate("ProvisioningRequestAvailable"). + reportProblemsToJiraComponent("Cluster Autoscaler"). + contactPerson("elmiko"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1752"). + enableIn(configv1.DevPreviewNoUpgrade). + mustRegister() + + FeatureGateHyperShiftOnlyDynamicResourceAllocation = newFeatureGate("HyperShiftOnlyDynamicResourceAllocation"). + reportProblemsToJiraComponent("hypershift"). + contactPerson("csrwng"). + productScope(ocpSpecific). + enhancementPR("https://github.com/kubernetes/enhancements/issues/4381"). + enableForClusterProfile(Hypershift, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade, configv1.Default, configv1.OKD). + mustRegister() ) diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go b/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go index b3b38bc6cc..c6442186a0 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go @@ -114,6 +114,15 @@ type AWSMachineProviderConfig struct { // If this value is selected, capacityReservationID must be specified to identify the target reservation. // +optional MarketType MarketType `json:"marketType,omitempty"` + + // Tombstone: This field was moved into the Placement struct to belong w/ the Tenancy field due to involvement with the setting. + // hostPlacement configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host + // for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), + // and to gain visibility and control over instance placement on a physical server. + // When omitted, the instance is not constrained to a dedicated host. + // +openshift:enable:FeatureGate=AWSDedicatedHosts + // +optional + //HostPlacement *HostPlacement `json:"hostPlacement,omitempty"` } // AWSConfidentialComputePolicy represents the confidential compute configuration for the instance. @@ -205,6 +214,19 @@ type EBSBlockDeviceSpec struct { // it is not used in requests to create gp2, st1, sc1, or standard volumes. // +optional Iops *int64 `json:"iops,omitempty"` + // throughputMib to provision in MiB/s supported for the volume type. Not applicable to all types. + // + // This parameter is valid only for gp3 volumes. + // Valid Range: Minimum value of 125. Maximum value of 2000. + // + // When omitted, this means no opinion, and the platform is left to + // choose a reasonable default, which is subject to change over time. + // The current default is 125. + // + // +kubebuilder:validation:Minimum:=125 + // +kubebuilder:validation:Maximum:=2000 + // +optional + ThroughputMib *int32 `json:"throughputMib,omitempty"` // The size of the volume, in GiB. // // Constraints: 1-16384 for General Purpose SSD (gp2), 4-16384 for Provisioned @@ -217,7 +239,7 @@ type EBSBlockDeviceSpec struct { // a volume size, the default is the snapshot size. // +optional VolumeSize *int64 `json:"volumeSize,omitempty"` - // The volume type: gp2, io1, st1, sc1, or standard. + // volumeType can be of type gp2, gp3, io1, st1, sc1, or standard. // Default: standard // +optional VolumeType *string `json:"volumeType,omitempty"` @@ -273,6 +295,7 @@ type AWSResourceReference struct { } // Placement indicates where to create the instance in AWS +// +kubebuilder:validation:XValidation:rule="has(self.tenancy) && self.tenancy == 'host' ? true : !has(self.host)",message="host may only be specified when tenancy is host" type Placement struct { // region is the region to use to create the instance // +optional @@ -282,8 +305,19 @@ type Placement struct { AvailabilityZone string `json:"availabilityZone,omitempty"` // tenancy indicates if instance should run on shared or single-tenant hardware. There are // supported 3 options: default, dedicated and host. + // When set to default Runs on shared multi-tenant hardware. + // When dedicated Runs on single-tenant hardware (any dedicated instance hardware). + // When host and the host object is not provided: Runs on Dedicated Host; best-effort restart on same host. + // When `host` and `host` object is provided with affinity `dedicatedHost` defined: Runs on specified Dedicated Host. // +optional Tenancy InstanceTenancy `json:"tenancy,omitempty"` + // host configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host + // for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), + // and to gain visibility and control over instance placement on a physical server. + // When omitted, the instance is not constrained to a dedicated host. + // +openshift:enable:FeatureGate=AWSDedicatedHosts + // +optional + Host *HostPlacement `json:"host,omitempty"` } // Filter is a filter used to identify an AWS resource @@ -393,3 +427,47 @@ const ( // When set to CapacityBlock the instance utilizes pre-purchased compute capacity (capacity blocks) with AWS Capacity Reservations. MarketTypeCapacityBlock MarketType = "CapacityBlock" ) + +// HostPlacement is the type that will be used to configure the placement of AWS instances. +// +kubebuilder:validation:XValidation:rule="has(self.affinity) && self.affinity == 'DedicatedHost' ? has(self.dedicatedHost) : true",message="dedicatedHost is required when affinity is DedicatedHost, and optional otherwise" +// +union +type HostPlacement struct { + // affinity specifies the affinity setting for the instance. + // Allowed values are AnyAvailable and DedicatedHost. + // When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set. + // When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host. + // When Affinity is set to AnyAvailable and the `dedicatedHost` field is defined, it runs on specified Dedicated Host, but may move if stopped. + // +required + // +unionDiscriminator + Affinity *HostAffinity `json:"affinity,omitempty"` + + // dedicatedHost specifies the exact host that an instance should be restarted on if stopped. + // dedicatedHost is required when 'affinity' is set to DedicatedHost, and optional otherwise. + // +optional + // +unionMember + DedicatedHost *DedicatedHost `json:"dedicatedHost,omitempty"` +} + +// HostAffinity selects how an instance should be placed on AWS Dedicated Hosts. +// +kubebuilder:validation:Enum:=DedicatedHost;AnyAvailable +type HostAffinity string + +const ( + // HostAffinityAnyAvailable lets the platform select any available dedicated host. + HostAffinityAnyAvailable HostAffinity = "AnyAvailable" + + // HostAffinityDedicatedHost requires specifying a particular host via dedicatedHost.host.hostID. + HostAffinityDedicatedHost HostAffinity = "DedicatedHost" +) + +// DedicatedHost represents the configuration for the usage of dedicated host. +type DedicatedHost struct { + // id identifies the AWS Dedicated Host on which the instance must run. + // The value must start with "h-" followed by 17 lowercase hexadecimal characters (0-9 and a-f). + // Must be exactly 19 characters in length. + // +kubebuilder:validation:XValidation:rule="self.matches('^h-[0-9a-f]{17}$')",message="hostID must start with 'h-' followed by 17 lowercase hexadecimal characters (0-9 and a-f)" + // +kubebuilder:validation:MinLength=19 + // +kubebuilder:validation:MaxLength=19 + // +required + ID string `json:"id,omitempty"` +} diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go index 554fc19b9c..d08906c7d8 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go @@ -61,7 +61,7 @@ func (in *AWSMachineProviderConfig) DeepCopyInto(out *AWSMachineProviderConfig) } } in.Subnet.DeepCopyInto(&out.Subnet) - out.Placement = in.Placement + in.Placement.DeepCopyInto(&out.Placement) if in.LoadBalancers != nil { in, out := &in.LoadBalancers, &out.LoadBalancers *out = make([]LoadBalancerReference, len(*in)) @@ -509,6 +509,22 @@ func (in *DataDiskManagedDiskParameters) DeepCopy() *DataDiskManagedDiskParamete return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DedicatedHost) DeepCopyInto(out *DedicatedHost) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DedicatedHost. +func (in *DedicatedHost) DeepCopy() *DedicatedHost { + if in == nil { + return nil + } + out := new(DedicatedHost) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DiskEncryptionSetParameters) DeepCopyInto(out *DiskEncryptionSetParameters) { *out = *in @@ -560,6 +576,11 @@ func (in *EBSBlockDeviceSpec) DeepCopyInto(out *EBSBlockDeviceSpec) { *out = new(int64) **out = **in } + if in.ThroughputMib != nil { + in, out := &in.ThroughputMib, &out.ThroughputMib + *out = new(int32) + **out = **in + } if in.VolumeSize != nil { in, out := &in.VolumeSize, &out.VolumeSize *out = new(int64) @@ -903,6 +924,32 @@ func (in *GCPShieldedInstanceConfig) DeepCopy() *GCPShieldedInstanceConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HostPlacement) DeepCopyInto(out *HostPlacement) { + *out = *in + if in.Affinity != nil { + in, out := &in.Affinity, &out.Affinity + *out = new(HostAffinity) + **out = **in + } + if in.DedicatedHost != nil { + in, out := &in.DedicatedHost, &out.DedicatedHost + *out = new(DedicatedHost) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostPlacement. +func (in *HostPlacement) DeepCopy() *HostPlacement { + if in == nil { + return nil + } + out := new(HostPlacement) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Image) DeepCopyInto(out *Image) { *out = *in @@ -1582,6 +1629,11 @@ func (in *ObjectMeta) DeepCopy() *ObjectMeta { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Placement) DeepCopyInto(out *Placement) { *out = *in + if in.Host != nil { + in, out := &in.Host, &out.Host + *out = new(HostPlacement) + (*in).DeepCopyInto(*out) + } return } diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go index 7b74d37d02..903faf94ba 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go @@ -92,14 +92,24 @@ func (CPUOptions) SwaggerDoc() map[string]string { return map_CPUOptions } +var map_DedicatedHost = map[string]string{ + "": "DedicatedHost represents the configuration for the usage of dedicated host.", + "id": "id identifies the AWS Dedicated Host on which the instance must run. The value must start with \"h-\" followed by 17 lowercase hexadecimal characters (0-9 and a-f). Must be exactly 19 characters in length.", +} + +func (DedicatedHost) SwaggerDoc() map[string]string { + return map_DedicatedHost +} + var map_EBSBlockDeviceSpec = map[string]string{ "": "EBSBlockDeviceSpec describes a block device for an EBS volume. https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsBlockDevice", "deleteOnTermination": "Indicates whether the EBS volume is deleted on machine termination.\n\nDeprecated: setting this field has no effect.", "encrypted": "Indicates whether the EBS volume is encrypted. Encrypted Amazon EBS volumes may only be attached to machines that support Amazon EBS encryption.", "kmsKey": "Indicates the KMS key that should be used to encrypt the Amazon EBS volume.", "iops": "The number of I/O operations per second (IOPS) that the volume supports. For io1, this represents the number of IOPS that are provisioned for the volume. For gp2, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. For more information about General Purpose SSD baseline performance, I/O credits, and bursting, see Amazon EBS Volume Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the Amazon Elastic Compute Cloud User Guide.\n\nMinimal and maximal IOPS for io1 and gp2 are constrained. Please, check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html for precise boundaries for individual volumes.\n\nCondition: This parameter is required for requests to create io1 volumes; it is not used in requests to create gp2, st1, sc1, or standard volumes.", + "throughputMib": "throughputMib to provision in MiB/s supported for the volume type. Not applicable to all types.\n\nThis parameter is valid only for gp3 volumes. Valid Range: Minimum value of 125. Maximum value of 2000.\n\nWhen omitted, this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 125.", "volumeSize": "The size of the volume, in GiB.\n\nConstraints: 1-16384 for General Purpose SSD (gp2), 4-16384 for Provisioned IOPS SSD (io1), 500-16384 for Throughput Optimized HDD (st1), 500-16384 for Cold HDD (sc1), and 1-1024 for Magnetic (standard) volumes. If you specify a snapshot, the volume size must be equal to or larger than the snapshot size.\n\nDefault: If you're creating the volume from a snapshot and don't specify a volume size, the default is the snapshot size.", - "volumeType": "The volume type: gp2, io1, st1, sc1, or standard. Default: standard", + "volumeType": "volumeType can be of type gp2, gp3, io1, st1, sc1, or standard. Default: standard", } func (EBSBlockDeviceSpec) SwaggerDoc() map[string]string { @@ -116,6 +126,16 @@ func (Filter) SwaggerDoc() map[string]string { return map_Filter } +var map_HostPlacement = map[string]string{ + "": "HostPlacement is the type that will be used to configure the placement of AWS instances.", + "affinity": "affinity specifies the affinity setting for the instance. Allowed values are AnyAvailable and DedicatedHost. When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set. When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host. When Affinity is set to AnyAvailable and the `dedicatedHost` field is defined, it runs on specified Dedicated Host, but may move if stopped.", + "dedicatedHost": "dedicatedHost specifies the exact host that an instance should be restarted on if stopped. dedicatedHost is required when 'affinity' is set to DedicatedHost, and optional otherwise.", +} + +func (HostPlacement) SwaggerDoc() map[string]string { + return map_HostPlacement +} + var map_LoadBalancerReference = map[string]string{ "": "LoadBalancerReference is a reference to a load balancer on AWS.", } @@ -137,7 +157,8 @@ var map_Placement = map[string]string{ "": "Placement indicates where to create the instance in AWS", "region": "region is the region to use to create the instance", "availabilityZone": "availabilityZone is the availability zone of the instance", - "tenancy": "tenancy indicates if instance should run on shared or single-tenant hardware. There are supported 3 options: default, dedicated and host.", + "tenancy": "tenancy indicates if instance should run on shared or single-tenant hardware. There are supported 3 options: default, dedicated and host. When set to default Runs on shared multi-tenant hardware. When dedicated Runs on single-tenant hardware (any dedicated instance hardware). When host and the host object is not provided: Runs on Dedicated Host; best-effort restart on same host. When `host` and `host` object is provided with affinity `dedicatedHost` defined: Runs on specified Dedicated Host.", + "host": "host configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), and to gain visibility and control over instance placement on a physical server. When omitted, the instance is not constrained to a dedicated host.", } func (Placement) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/types.go b/vendor/github.com/openshift/api/machineconfiguration/v1/types.go index cbb1fe077f..6673adeb1b 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/types.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/types.go @@ -452,6 +452,34 @@ type MachineConfigPoolSpec struct { // +listMapKey=name // +kubebuilder:validation:MaxItems=100 PinnedImageSets []PinnedImageSetRef `json:"pinnedImageSets,omitempty"` + + // osImageStream specifies an OS stream to be used for the pool. + // + // This field can be optionally set to a known OSImageStream name to change the + // OS and Extension images with a well-known, tested, release-provided set of images. + // This enables a streamlined way of switching the pool's node OS to a different version + // than the cluster default, such as transitioning to a major RHEL version. + // + // When set, the referenced stream overrides the cluster-wide OS + // images for the pool with the OS and Extensions associated to stream. + // When omitted, the pool uses the cluster-wide default OS images. + // + // +openshift:enable:FeatureGate=OSStreams + // +optional + OSImageStream OSImageStreamReference `json:"osImageStream,omitempty,omitzero"` +} + +type OSImageStreamReference struct { + // name is a required reference to an OSImageStream to be used for the pool. + // + // It must be a valid RFC 1123 subdomain between 1 and 253 characters in length, + // consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'). + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + Name string `json:"name,omitempty"` } type PinnedImageSetRef struct { @@ -517,6 +545,13 @@ type MachineConfigPoolStatus struct { // +listMapKey=poolSynchronizerType // +optional PoolSynchronizersStatus []PoolSynchronizerStatus `json:"poolSynchronizersStatus,omitempty"` + + // osImageStream specifies the last updated OSImageStream for the pool. + // + // When omitted, the pool is using the cluster-wide default OS images. + // +openshift:enable:FeatureGate=OSStreams + // +optional + OSImageStream OSImageStreamReference `json:"osImageStream,omitempty,omitzero"` } // +kubebuilder:validation:XValidation:rule="self.machineCount >= self.updatedMachineCount", message="machineCount must be greater than or equal to updatedMachineCount" diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/types_machineconfignode.go b/vendor/github.com/openshift/api/machineconfiguration/v1/types_machineconfignode.go index 97460171b0..a51620fc5a 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/types_machineconfignode.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/types_machineconfignode.go @@ -158,8 +158,89 @@ type MachineConfigNodeStatus struct { // +kubebuilder:validation:MaxItems=32 // +optional IrreconcilableChanges []IrreconcilableChangeDiff `json:"irreconcilableChanges,omitempty"` + // internalReleaseImage describes the status of the release payloads stored in the node. + // When specified, an internalReleaseImage custom resource exists on the cluster, and the specified images will be made available on the control plane nodes. + // This field will reflect the actual on-disk state of those release images. + // +openshift:enable:FeatureGate=NoRegistryClusterInstall + // +optional + InternalReleaseImage MachineConfigNodeStatusInternalReleaseImage `json:"internalReleaseImage,omitzero,omitempty"` +} + +// MachineConfigNodeStatusInternalReleaseImage holds information about the current and discovered release bundles for the observed machine +// config node. +type MachineConfigNodeStatusInternalReleaseImage struct { + // releases is a list of the release bundles currently owned and managed by the + // cluster. + // A release bundle content could be safely pulled only when its Conditions field + // contains at least an Available entry set to "True" and Degraded to "False". + // Entries must be unique, keyed on the name field. + // releases must contain at least one entry and must not exceed 32 entries. + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=32 + // +required + Releases []MachineConfigNodeStatusInternalReleaseImageRef `json:"releases,omitempty"` +} + +// MachineConfigNodeStatusInternalReleaseImageRef is used to provide a more detailed reference for +// a release bundle. +type MachineConfigNodeStatusInternalReleaseImageRef struct { + // conditions represent the observations of an internal release image current state. Valid types are: + // Mounted, Installing, Available, Removing and Degraded. + // + // If Mounted is true, that means that a valid ISO has been mounted on the current node. + // If Installing is true, that means that a new release bundle is currently being copied on the current node, and not yet completed. + // If Available is true, it means that the release has been previously installed on the current node, and it can be used. + // If Removing is true, it means that a release deletion is in progress on the current node, and not yet completed. + // If Degraded is true, that means something has gone wrong in the current node. + // + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=5 + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` + // name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. + // The expected name format is ocp-release-bundle--. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:XValidation:rule=`self.matches('^ocp-release-bundle-[0-9]+\\.[0-9]+\\.[0-9]+-[A-Za-z0-9._-]+$')`,message="must be ocp-release-bundle-- and <= 64 chars" + // +required + Name string `json:"name,omitempty"` + // image is an OCP release image referenced by digest. + // The format of the image pull spec is: host[:port][/namespace]/name@sha256:, + // where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. + // The length of the whole spec must be between 1 to 447 characters. + // The field is optional, and it will be provided after a release will be successfully installed. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=447 + // +kubebuilder:validation:XValidation:rule=`(self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))`,message="the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long" + // +kubebuilder:validation:XValidation:rule=`(self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))`,message="the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme" + // +optional + Image string `json:"image,omitempty"` } +// InternalReleaseImageConditionType is each possible state for each possible InternalReleaseImageBundleStatus +// conditions type. +// +enum +type InternalReleaseImageConditionType string + +const ( + // InternalReleaseImageConditionTypeMounted describes a new release, not yet installed, that has been discovered when an ISO has been attached to + // the current node + InternalReleaseImageConditionTypeMounted InternalReleaseImageConditionType = "Mounted" + // InternalReleaseImageConditionTypeInstalling describes a new release that is getting installed on the current node. Due the size of the data + // transfered, the operation could take several minutes + InternalReleaseImageConditionTypeInstalling InternalReleaseImageConditionType = "Installing" + // InternalReleaseImageConditionTypeAvailable describes a release that has been successfully installed on the current node, ready to be consumed + InternalReleaseImageConditionTypeAvailable InternalReleaseImageConditionType = "Available" + // InternalReleaseImageConditionTypeRemoving describes an existing release that is getting removed from the current node + InternalReleaseImageConditionTypeRemoving InternalReleaseImageConditionType = "Removing" + // InternalReleaseImageConditionTypeDegraded describes a failure for the current release + InternalReleaseImageConditionTypeDegraded InternalReleaseImageConditionType = "Degraded" +) + // IrreconcilableChangeDiff holds an individual diff between the initial install-time MachineConfig // and the latest applied one caused by the presence of irreconcilable changes. type IrreconcilableChangeDiff struct { diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go index c8a7667fe7..5061d8b822 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go @@ -820,6 +820,7 @@ func (in *MachineConfigNodeStatus) DeepCopyInto(out *MachineConfigNodeStatus) { *out = make([]IrreconcilableChangeDiff, len(*in)) copy(*out, *in) } + in.InternalReleaseImage.DeepCopyInto(&out.InternalReleaseImage) return } @@ -849,6 +850,52 @@ func (in *MachineConfigNodeStatusConfigImage) DeepCopy() *MachineConfigNodeStatu return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigNodeStatusInternalReleaseImage) DeepCopyInto(out *MachineConfigNodeStatusInternalReleaseImage) { + *out = *in + if in.Releases != nil { + in, out := &in.Releases, &out.Releases + *out = make([]MachineConfigNodeStatusInternalReleaseImageRef, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigNodeStatusInternalReleaseImage. +func (in *MachineConfigNodeStatusInternalReleaseImage) DeepCopy() *MachineConfigNodeStatusInternalReleaseImage { + if in == nil { + return nil + } + out := new(MachineConfigNodeStatusInternalReleaseImage) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigNodeStatusInternalReleaseImageRef) DeepCopyInto(out *MachineConfigNodeStatusInternalReleaseImageRef) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigNodeStatusInternalReleaseImageRef. +func (in *MachineConfigNodeStatusInternalReleaseImageRef) DeepCopy() *MachineConfigNodeStatusInternalReleaseImageRef { + if in == nil { + return nil + } + out := new(MachineConfigNodeStatusInternalReleaseImageRef) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MachineConfigNodeStatusMachineConfigVersion) DeepCopyInto(out *MachineConfigNodeStatusMachineConfigVersion) { *out = *in @@ -999,6 +1046,7 @@ func (in *MachineConfigPoolSpec) DeepCopyInto(out *MachineConfigPoolSpec) { *out = make([]PinnedImageSetRef, len(*in)) copy(*out, *in) } + out.OSImageStream = in.OSImageStream return } @@ -1035,6 +1083,7 @@ func (in *MachineConfigPoolStatus) DeepCopyInto(out *MachineConfigPoolStatus) { *out = make([]PoolSynchronizerStatus, len(*in)) copy(*out, *in) } + out.OSImageStream = in.OSImageStream return } @@ -1441,6 +1490,22 @@ func (in *NetworkInfo) DeepCopy() *NetworkInfo { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OSImageStreamReference) DeepCopyInto(out *OSImageStreamReference) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OSImageStreamReference. +func (in *OSImageStreamReference) DeepCopy() *OSImageStreamReference { + if in == nil { + return nil + } + out := new(OSImageStreamReference) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ObjectReference) DeepCopyInto(out *ObjectReference) { *out = *in diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml index fe5a8fd8af..1d96519e7e 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml @@ -35,10 +35,10 @@ controllerconfigs.machineconfiguration.openshift.io: - DualReplica - DyanmicServiceEndpointIBMCloud - GCPClusterHostedDNSInstall - - GCPCustomAPIEndpointsInstall - HighlyAvailableArbiter - HighlyAvailableArbiter+DualReplica - NutanixMultiSubnets + - OnPremDNSRecords - VSphereHostVMGroupZonal - VSphereMultiNetworks FilenameOperatorName: machine-config @@ -123,6 +123,7 @@ machineconfignodes.machineconfiguration.openshift.io: - ImageModeStatusReporting - IrreconcilableMachineConfig - MachineConfigNodes + - NoRegistryClusterInstall FilenameOperatorName: machine-config FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_80" @@ -201,6 +202,7 @@ machineconfigpools.machineconfiguration.openshift.io: Capability: "" Category: "" FeatureGates: + - OSStreams - PinnedImages FilenameOperatorName: machine-config FilenameOperatorOrdering: "01" diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go index 3a0b0646a6..650fc1709d 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go @@ -289,6 +289,7 @@ var map_MachineConfigPoolSpec = map[string]string{ "maxUnavailable": "maxUnavailable defines either an integer number or percentage of nodes in the pool that can go Unavailable during an update. This includes nodes Unavailable for any reason, including user initiated cordons, failing nodes, etc. The default value is 1.\n\nA value larger than 1 will mean multiple nodes going unavailable during the update, which may affect your workload stress on the remaining nodes. You cannot set this value to 0 to stop updates (it will default back to 1); to stop updates, use the 'paused' property instead. Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards, even if maxUnavailable is greater than one.", "configuration": "The targeted MachineConfig object for the machine config pool.", "pinnedImageSets": "pinnedImageSets specifies a sequence of PinnedImageSetRef objects for the pool. Nodes within this pool will preload and pin images defined in the PinnedImageSet. Before pulling images the MachineConfigDaemon will ensure the total uncompressed size of all the images does not exceed available resources. If the total size of the images exceeds the available resources the controller will report a Degraded status to the MachineConfigPool and not attempt to pull any images. Also to help ensure the kubelet can mitigate storage risk, the pinned_image configuration and subsequent service reload will happen only after all of the images have been pulled for each set. Images from multiple PinnedImageSets are loaded and pinned sequentially as listed. Duplicate and existing images will be skipped.\n\nAny failure to prefetch or pin images will result in a Degraded pool. Resolving these failures is the responsibility of the user. The admin should be proactive in ensuring adequate storage and proper image authentication exists in advance.", + "osImageStream": "osImageStream specifies an OS stream to be used for the pool.\n\nThis field can be optionally set to a known OSImageStream name to change the OS and Extension images with a well-known, tested, release-provided set of images. This enables a streamlined way of switching the pool's node OS to a different version than the cluster default, such as transitioning to a major RHEL version.\n\nWhen set, the referenced stream overrides the cluster-wide OS images for the pool with the OS and Extensions associated to stream. When omitted, the pool uses the cluster-wide default OS images.", } func (MachineConfigPoolSpec) SwaggerDoc() map[string]string { @@ -307,6 +308,7 @@ var map_MachineConfigPoolStatus = map[string]string{ "conditions": "conditions represents the latest available observations of current state.", "certExpirys": "certExpirys keeps track of important certificate expiration data", "poolSynchronizersStatus": "poolSynchronizersStatus is the status of the machines managed by the pool synchronizers.", + "osImageStream": "osImageStream specifies the last updated OSImageStream for the pool.\n\nWhen omitted, the pool is using the cluster-wide default OS images.", } func (MachineConfigPoolStatus) SwaggerDoc() map[string]string { @@ -346,6 +348,14 @@ func (NetworkInfo) SwaggerDoc() map[string]string { return map_NetworkInfo } +var map_OSImageStreamReference = map[string]string{ + "name": "name is a required reference to an OSImageStream to be used for the pool.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", +} + +func (OSImageStreamReference) SwaggerDoc() map[string]string { + return map_OSImageStreamReference +} + var map_PinnedImageSetRef = map[string]string{ "name": "name is a reference to the name of a PinnedImageSet. Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123). Made up of one of more period-separated (.) segments, where each segment consists of alphanumeric characters and hyphens (-), must begin and end with an alphanumeric character, and is at most 63 characters in length. The total length of the name must not exceed 253 characters.", } @@ -446,6 +456,7 @@ var map_MachineConfigNodeStatus = map[string]string{ "configImage": "configImage is an optional field for configuring the OS image to be used for this node. This field will only exist if the node belongs to a pool opted into on-cluster image builds, and will override any MachineConfig referenced OSImageURL fields. When omitted, this means that the Image Mode feature is not being used and the node will be up to date with the specific current rendered config version for the nodes MachinePool. When specified, the Image Mode feature is enabled and the contents of this field show the observed state of the node image. When Image Mode is enabled and a new MachineConfig is applied such that a new OS image build is not created, only the configVersion field will change. When Image Mode is enabled and a new MachineConfig is applied such that a new OS image build is created, then only the configImage field will change. It is also possible that both the configImage and configVersion change during the same update.", "pinnedImageSets": "pinnedImageSets describes the current and desired pinned image sets for this node.", "irreconcilableChanges": "irreconcilableChanges is an optional field that contains the observed differences between this nodes configuration and the target rendered MachineConfig. This field will be set when there are changes to the target rendered MachineConfig that can only be applied to new nodes joining the cluster. Entries must be unique, keyed on the fieldPath field. Must not exceed 32 entries.", + "internalReleaseImage": "internalReleaseImage describes the status of the release payloads stored in the node. When specified, an internalReleaseImage custom resource exists on the cluster, and the specified images will be made available on the control plane nodes. This field will reflect the actual on-disk state of those release images.", } func (MachineConfigNodeStatus) SwaggerDoc() map[string]string { @@ -462,6 +473,26 @@ func (MachineConfigNodeStatusConfigImage) SwaggerDoc() map[string]string { return map_MachineConfigNodeStatusConfigImage } +var map_MachineConfigNodeStatusInternalReleaseImage = map[string]string{ + "": "MachineConfigNodeStatusInternalReleaseImage holds information about the current and discovered release bundles for the observed machine config node.", + "releases": "releases is a list of the release bundles currently owned and managed by the cluster. A release bundle content could be safely pulled only when its Conditions field contains at least an Available entry set to \"True\" and Degraded to \"False\". Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 32 entries.", +} + +func (MachineConfigNodeStatusInternalReleaseImage) SwaggerDoc() map[string]string { + return map_MachineConfigNodeStatusInternalReleaseImage +} + +var map_MachineConfigNodeStatusInternalReleaseImageRef = map[string]string{ + "": "MachineConfigNodeStatusInternalReleaseImageRef is used to provide a more detailed reference for a release bundle.", + "conditions": "conditions represent the observations of an internal release image current state. Valid types are: Mounted, Installing, Available, Removing and Degraded.\n\nIf Mounted is true, that means that a valid ISO has been mounted on the current node. If Installing is true, that means that a new release bundle is currently being copied on the current node, and not yet completed. If Available is true, it means that the release has been previously installed on the current node, and it can be used. If Removing is true, it means that a release deletion is in progress on the current node, and not yet completed. If Degraded is true, that means something has gone wrong in the current node.", + "name": "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", + "image": "image is an OCP release image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters. The field is optional, and it will be provided after a release will be successfully installed.", +} + +func (MachineConfigNodeStatusInternalReleaseImageRef) SwaggerDoc() map[string]string { + return map_MachineConfigNodeStatusInternalReleaseImageRef +} + var map_MachineConfigNodeStatusMachineConfigVersion = map[string]string{ "": "MachineConfigNodeStatusMachineConfigVersion holds the current and desired config versions as last updated in the MCN status. When the current and desired versions do not match, the machine config pool is processing an upgrade and the machine config node will monitor the upgrade process. When the current and desired versions do match, the machine config node will ignore these events given that certain operations happen both during the MCO's upgrade mode and the daily operations mode.", "current": "current is the name of the machine config currently in use on the node. This value is updated once the machine config daemon has completed the update of the configuration for the node. This value should match the desired version unless an upgrade is in progress. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/register.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/register.go index c60f521f94..27610a91bc 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/register.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/register.go @@ -28,6 +28,10 @@ func addKnownTypes(scheme *runtime.Scheme) error { &MachineConfigNodeList{}, &PinnedImageSet{}, &PinnedImageSetList{}, + &OSImageStream{}, + &OSImageStreamList{}, + &InternalReleaseImage{}, + &InternalReleaseImageList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) return nil diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types.go new file mode 100644 index 0000000000..dd5792602b --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types.go @@ -0,0 +1,10 @@ +package v1alpha1 + +// ImageDigestFormat is a type that conforms to the format host[:port][/namespace]/name@sha256:. +// The digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. +// The length of the field must be between 1 to 447 characters. +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=447 +// +kubebuilder:validation:XValidation:rule=`(self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))`,message="the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long" +// +kubebuilder:validation:XValidation:rule=`(self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))`,message="the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme" +type ImageDigestFormat string diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_internalreleaseimage.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_internalreleaseimage.go new file mode 100644 index 0000000000..cd888c9678 --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_internalreleaseimage.go @@ -0,0 +1,178 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=internalreleaseimages,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2510 +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01 +// +openshift:enable:FeatureGate=NoRegistryClusterInstall +// +kubebuilder:metadata:labels=openshift.io/operator-managed= +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="internalreleaseimage is a singleton, .metadata.name must be 'cluster'" + +// InternalReleaseImage is used to keep track and manage a set +// of release bundles (OCP and OLM operators images) that are stored +// into the control planes nodes. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type InternalReleaseImage struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +required + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec describes the configuration of this internal release image. + // +required + Spec InternalReleaseImageSpec `json:"spec,omitempty,omitzero"` + + // status describes the last observed state of this internal release image. + // +optional + Status InternalReleaseImageStatus `json:"status,omitempty,omitzero"` +} + +// InternalReleaseImageSpec defines the desired state of a InternalReleaseImage. +type InternalReleaseImageSpec struct { + // releases is a list of release bundle identifiers that the user wants to + // add/remove to/from the control plane nodes. + // Entries must be unique, keyed on the name field. + // releases must contain at least one entry and must not exceed 16 entries. + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=16 + // +listType=map + // +listMapKey=name + // +required + Releases []InternalReleaseImageRef `json:"releases,omitempty"` +} + +// InternalReleaseImageRef is used to provide a simple reference for a release +// bundle. Currently it contains only the name field. +type InternalReleaseImageRef struct { + // name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. + // The expected name format is ocp-release-bundle--. + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:XValidation:rule=`self.matches('^ocp-release-bundle-[0-9]+\\.[0-9]+\\.[0-9]+-[A-Za-z0-9._-]+$')`,message="must be ocp-release-bundle-- and <= 64 chars" + Name string `json:"name,omitempty"` +} + +// InternalReleaseImageStatus describes the current state of a InternalReleaseImage. +type InternalReleaseImageStatus struct { + // conditions represent the observations of the InternalReleaseImage controller current state. + // Valid types are: Degraded. + // If Degraded is true, that means something has gone wrong in the controller. + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=20 + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` + // releases is a list of the release bundles currently owned and managed by the + // cluster. + // A release bundle content could be safely pulled only when its Conditions field + // contains at least an Available entry set to "True" and Degraded to "False". + // Entries must be unique, keyed on the name field. + // releases must contain at least one entry and must not exceed 32 entries. + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=32 + // +required + Releases []InternalReleaseImageBundleStatus `json:"releases,omitempty"` +} + +// InternalReleaseImageStatusConditionType describes the possible states for InternalReleaseImageStatus. +// +enum +type InternalReleaseImageStatusConditionType string + +const ( + // InternalReleaseImageStatusConditionTypeDegraded describes a failure in the controller. + InternalReleaseImageStatusConditionTypeDegraded InternalReleaseImageStatusConditionType = "Degraded" +) + +type InternalReleaseImageBundleStatus struct { + // conditions represent the observations of an internal release image current state. Valid types are: + // Mounted, Installing, Available, Removing and Degraded. + // + // If Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes. + // If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed. + // If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used. + // If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed. + // If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes). + // + // In general, after installing a new release bundle, it is required to wait for the Conditions "Available" to become "True" (and all + // the other conditions to be equal to "False") before being able to pull its content. + // + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=5 + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` + // name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. + // The expected name format is ocp-release-bundle--. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=64 + // +kubebuilder:validation:XValidation:rule=`self.matches('^ocp-release-bundle-[0-9]+\\.[0-9]+\\.[0-9]+-[A-Za-z0-9._-]+$')`,message="must be ocp-release-bundle-- and <= 64 chars" + // +required + Name string `json:"name,omitempty"` + // image is an OCP release image referenced by digest. + // The format of the image pull spec is: host[:port][/namespace]/name@sha256:, + // where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. + // The length of the whole spec must be between 1 to 447 characters. + // The field is optional, and it will be provided after a release will be successfully installed. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=447 + // +kubebuilder:validation:XValidation:rule=`(self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$'))`,message="the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long" + // +kubebuilder:validation:XValidation:rule=`(self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$'))`,message="the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme" + // +optional + Image string `json:"image,omitempty"` +} + +// InternalReleaseImageConditionType is each possible state for each possible InternalReleaseImageBundleStatus +// conditions type. +// +enum +type InternalReleaseImageConditionType string + +const ( + // InternalReleaseImageConditionTypeMounted describes a new release, not yet installed, that has been discovered when an ISO has been attached to + // one of the control plane nodes + InternalReleaseImageConditionTypeMounted InternalReleaseImageConditionType = "Mounted" + // InternalReleaseImageConditionTypeInstalling describes a new release that is getting installed in the cluster. Due the size of the data + // transfered, the operation could take several minutes. The condition will remain in such state until all the control plane nodes will + // complete the installing operation + InternalReleaseImageConditionTypeInstalling InternalReleaseImageConditionType = "Installing" + // InternalReleaseImageConditionTypeAvailable describes a release that has been successfully installed in the cluster, ready to be consumed. This + // means that the release has been successfully installed on all the control plane nodes + InternalReleaseImageConditionTypeAvailable InternalReleaseImageConditionType = "Available" + // InternalReleaseImageConditionTypeRemoving describes an existing release that is getting removed from the cluster. The condition will remain in such + // state until all the control plane nodes will complete the removal operation + InternalReleaseImageConditionTypeRemoving InternalReleaseImageConditionType = "Removing" + // InternalReleaseImageConditionTypeDegraded describes a failure, happened in one or more control plane nodes, for the current release + InternalReleaseImageConditionTypeDegraded InternalReleaseImageConditionType = "Degraded" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// InternalReleaseImageList is a list of InternalReleaseImage resources +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type InternalReleaseImageList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []InternalReleaseImage `json:"items"` +} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_osimagestream.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_osimagestream.go new file mode 100644 index 0000000000..cb6163ddb7 --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_osimagestream.go @@ -0,0 +1,131 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// OSImageStream describes a set of streams and associated images available +// for the MachineConfigPools to be used as base OS images. +// +// The resource is a singleton named "cluster". +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=osimagestreams,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2555 +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01 +// +openshift:enable:FeatureGate=OSStreams +// +kubebuilder:metadata:labels=openshift.io/operator-managed= +// +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="osimagestream is a singleton, .metadata.name must be 'cluster'" +type OSImageStream struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec contains the desired OSImageStream config configuration. + // +required + Spec *OSImageStreamSpec `json:"spec,omitempty"` + + // status describes the last observed state of this OSImageStream. + // Populated by the MachineConfigOperator after reading release metadata. + // When not present, the controller has not yet reconciled this resource. + // +optional + Status OSImageStreamStatus `json:"status,omitempty,omitzero"` +} + +// OSImageStreamStatus describes the current state of a OSImageStream +// +kubebuilder:validation:XValidation:rule="self.defaultStream in self.availableStreams.map(s, s.name)",message="defaultStream must reference a stream name from availableStreams" +type OSImageStreamStatus struct { + + // availableStreams is a list of the available OS Image Streams that can be + // used as the base image for MachineConfigPools. + // availableStreams is required, must have at least one item, must not exceed + // 100 items, and must have unique entries keyed on the name field. + // + // +required + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=100 + // +listType=map + // +listMapKey=name + AvailableStreams []OSImageStreamSet `json:"availableStreams,omitempty"` + + // defaultStream is the name of the stream that should be used as the default + // when no specific stream is requested by a MachineConfigPool. + // + // It must be a valid RFC 1123 subdomain between 1 and 253 characters in length, + // consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'), + // and must reference the name of one of the streams in availableStreams. + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + DefaultStream string `json:"defaultStream,omitempty"` +} + +// OSImageStreamSpec defines the desired state of a OSImageStream. +type OSImageStreamSpec struct { +} + +type OSImageStreamSet struct { + // name is the required identifier of the stream. + // + // name is determined by the operator based on the OCI label of the + // discovered OS or Extension Image. + // + // Must be a valid RFC 1123 subdomain between 1 and 253 characters in length, + // consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'). + // + // +required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:XValidation:rule="!format.dns1123Subdomain().validate(self).hasValue()",message="a RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character." + Name string `json:"name,omitempty"` + + // osImage is a required OS Image referenced by digest. + // + // osImage contains the immutable, fundamental operating system components, including the kernel + // and base utilities, that define the core environment for the node's host operating system. + // + // The format of the image pull spec is: host[:port][/namespace]/name@sha256:, + // where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. + // The length of the whole spec must be between 1 to 447 characters. + // +required + OSImage ImageDigestFormat `json:"osImage,omitempty"` + + // osExtensionsImage is a required OS Extensions Image referenced by digest. + // + // osExtensionsImage bundles the extra repositories used to enable extensions, augmenting + // the base operating system without modifying the underlying immutable osImage. + // + // The format of the image pull spec is: host[:port][/namespace]/name@sha256:, + // where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. + // The length of the whole spec must be between 1 to 447 characters. + // +required + OSExtensionsImage ImageDigestFormat `json:"osExtensionsImage,omitempty"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// OSImageStreamList is a list of OSImageStream resources +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type OSImageStreamList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []OSImageStream `json:"items"` +} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_pinnedimageset.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_pinnedimageset.go index 7373c610a0..4708609fc5 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_pinnedimageset.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/types_pinnedimageset.go @@ -67,15 +67,11 @@ type PinnedImageSetSpec struct { type PinnedImageRef struct { // name is an OCI Image referenced by digest. - // - // The format of the image ref is: - // host[:port][/namespace]/name@sha256: + // The format of the image pull spec is: host[:port][/namespace]/name@sha256:, + // where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. + // The length of the whole spec must be between 1 to 447 characters. // +required - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:MaxLength=447 - // +kubebuilder:validation:XValidation:rule=`self.split('@').size() == 2 && self.split('@')[1].matches('^sha256:[a-f0-9]{64}$')`,message="the OCI Image reference must end with a valid '@sha256:' suffix, where '' is 64 characters long" - // +kubebuilder:validation:XValidation:rule=`self.split('@')[0].matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*?$')`,message="the OCI Image name should follow the host[:port][/namespace]/name format, resembling a valid URL without the scheme" - Name string `json:"name"` + Name ImageDigestFormat `json:"name,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.deepcopy.go index 5e9e7a8c08..69b63f6778 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.deepcopy.go @@ -10,6 +10,157 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalReleaseImage) DeepCopyInto(out *InternalReleaseImage) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalReleaseImage. +func (in *InternalReleaseImage) DeepCopy() *InternalReleaseImage { + if in == nil { + return nil + } + out := new(InternalReleaseImage) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InternalReleaseImage) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalReleaseImageBundleStatus) DeepCopyInto(out *InternalReleaseImageBundleStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalReleaseImageBundleStatus. +func (in *InternalReleaseImageBundleStatus) DeepCopy() *InternalReleaseImageBundleStatus { + if in == nil { + return nil + } + out := new(InternalReleaseImageBundleStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalReleaseImageList) DeepCopyInto(out *InternalReleaseImageList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]InternalReleaseImage, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalReleaseImageList. +func (in *InternalReleaseImageList) DeepCopy() *InternalReleaseImageList { + if in == nil { + return nil + } + out := new(InternalReleaseImageList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *InternalReleaseImageList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalReleaseImageRef) DeepCopyInto(out *InternalReleaseImageRef) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalReleaseImageRef. +func (in *InternalReleaseImageRef) DeepCopy() *InternalReleaseImageRef { + if in == nil { + return nil + } + out := new(InternalReleaseImageRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalReleaseImageSpec) DeepCopyInto(out *InternalReleaseImageSpec) { + *out = *in + if in.Releases != nil { + in, out := &in.Releases, &out.Releases + *out = make([]InternalReleaseImageRef, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalReleaseImageSpec. +func (in *InternalReleaseImageSpec) DeepCopy() *InternalReleaseImageSpec { + if in == nil { + return nil + } + out := new(InternalReleaseImageSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InternalReleaseImageStatus) DeepCopyInto(out *InternalReleaseImageStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Releases != nil { + in, out := &in.Releases, &out.Releases + *out = make([]InternalReleaseImageBundleStatus, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalReleaseImageStatus. +func (in *InternalReleaseImageStatus) DeepCopy() *InternalReleaseImageStatus { + if in == nil { + return nil + } + out := new(InternalReleaseImageStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MCOObjectReference) DeepCopyInto(out *MCOObjectReference) { *out = *in @@ -183,6 +334,124 @@ func (in *MachineConfigNodeStatusPinnedImageSet) DeepCopy() *MachineConfigNodeSt return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OSImageStream) DeepCopyInto(out *OSImageStream) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Spec != nil { + in, out := &in.Spec, &out.Spec + *out = new(OSImageStreamSpec) + **out = **in + } + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OSImageStream. +func (in *OSImageStream) DeepCopy() *OSImageStream { + if in == nil { + return nil + } + out := new(OSImageStream) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OSImageStream) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OSImageStreamList) DeepCopyInto(out *OSImageStreamList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]OSImageStream, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OSImageStreamList. +func (in *OSImageStreamList) DeepCopy() *OSImageStreamList { + if in == nil { + return nil + } + out := new(OSImageStreamList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *OSImageStreamList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OSImageStreamSet) DeepCopyInto(out *OSImageStreamSet) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OSImageStreamSet. +func (in *OSImageStreamSet) DeepCopy() *OSImageStreamSet { + if in == nil { + return nil + } + out := new(OSImageStreamSet) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OSImageStreamSpec) DeepCopyInto(out *OSImageStreamSpec) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OSImageStreamSpec. +func (in *OSImageStreamSpec) DeepCopy() *OSImageStreamSpec { + if in == nil { + return nil + } + out := new(OSImageStreamSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OSImageStreamStatus) DeepCopyInto(out *OSImageStreamStatus) { + *out = *in + if in.AvailableStreams != nil { + in, out := &in.AvailableStreams, &out.AvailableStreams + *out = make([]OSImageStreamSet, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OSImageStreamStatus. +func (in *OSImageStreamStatus) DeepCopy() *OSImageStreamStatus { + if in == nil { + return nil + } + out := new(OSImageStreamStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PinnedImageRef) DeepCopyInto(out *PinnedImageRef) { *out = *in diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index 9404910930..dc82dc2049 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -1,3 +1,27 @@ +internalreleaseimages.machineconfiguration.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/2510 + CRDName: internalreleaseimages.machineconfiguration.openshift.io + Capability: "" + Category: "" + FeatureGates: + - NoRegistryClusterInstall + FilenameOperatorName: machine-config + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" + GroupName: machineconfiguration.openshift.io + HasStatus: true + KindName: InternalReleaseImage + Labels: + openshift.io/operator-managed: "" + PluralName: internalreleaseimages + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - NoRegistryClusterInstall + Version: v1alpha1 + machineconfignodes.machineconfiguration.openshift.io: Annotations: {} ApprovedPRNumber: https://github.com/openshift/api/pull/2256 @@ -74,6 +98,30 @@ machineconfignodes.machineconfiguration.openshift.io: - MachineConfigNodes Version: v1alpha1 +osimagestreams.machineconfiguration.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/2555 + CRDName: osimagestreams.machineconfiguration.openshift.io + Capability: "" + Category: "" + FeatureGates: + - OSStreams + FilenameOperatorName: machine-config + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" + GroupName: machineconfiguration.openshift.io + HasStatus: true + KindName: OSImageStream + Labels: + openshift.io/operator-managed: "" + PluralName: osimagestreams + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - OSStreams + Version: v1alpha1 + pinnedimagesets.machineconfiguration.openshift.io: Annotations: {} ApprovedPRNumber: https://github.com/openshift/api/pull/1713 diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go index a5b0dcfb31..144d295afe 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go @@ -11,6 +11,64 @@ package v1alpha1 // Those methods can be generated by using hack/update-swagger-docs.sh // AUTO-GENERATED FUNCTIONS START HERE +var map_InternalReleaseImage = map[string]string{ + "": "InternalReleaseImage is used to keep track and manage a set of release bundles (OCP and OLM operators images) that are stored into the control planes nodes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec describes the configuration of this internal release image.", + "status": "status describes the last observed state of this internal release image.", +} + +func (InternalReleaseImage) SwaggerDoc() map[string]string { + return map_InternalReleaseImage +} + +var map_InternalReleaseImageBundleStatus = map[string]string{ + "conditions": "conditions represent the observations of an internal release image current state. Valid types are: Mounted, Installing, Available, Removing and Degraded.\n\nIf Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes. If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed. If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used. If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed. If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes).\n\nIn general, after installing a new release bundle, it is required to wait for the Conditions \"Available\" to become \"True\" (and all the other conditions to be equal to \"False\") before being able to pull its content.", + "name": "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", + "image": "image is an OCP release image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters. The field is optional, and it will be provided after a release will be successfully installed.", +} + +func (InternalReleaseImageBundleStatus) SwaggerDoc() map[string]string { + return map_InternalReleaseImageBundleStatus +} + +var map_InternalReleaseImageList = map[string]string{ + "": "InternalReleaseImageList is a list of InternalReleaseImage resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (InternalReleaseImageList) SwaggerDoc() map[string]string { + return map_InternalReleaseImageList +} + +var map_InternalReleaseImageRef = map[string]string{ + "": "InternalReleaseImageRef is used to provide a simple reference for a release bundle. Currently it contains only the name field.", + "name": "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", +} + +func (InternalReleaseImageRef) SwaggerDoc() map[string]string { + return map_InternalReleaseImageRef +} + +var map_InternalReleaseImageSpec = map[string]string{ + "": "InternalReleaseImageSpec defines the desired state of a InternalReleaseImage.", + "releases": "releases is a list of release bundle identifiers that the user wants to add/remove to/from the control plane nodes. Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 16 entries.", +} + +func (InternalReleaseImageSpec) SwaggerDoc() map[string]string { + return map_InternalReleaseImageSpec +} + +var map_InternalReleaseImageStatus = map[string]string{ + "": "InternalReleaseImageStatus describes the current state of a InternalReleaseImage.", + "conditions": "conditions represent the observations of the InternalReleaseImage controller current state. Valid types are: Degraded. If Degraded is true, that means something has gone wrong in the controller.", + "releases": "releases is a list of the release bundles currently owned and managed by the cluster. A release bundle content could be safely pulled only when its Conditions field contains at least an Available entry set to \"True\" and Degraded to \"False\". Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 32 entries.", +} + +func (InternalReleaseImageStatus) SwaggerDoc() map[string]string { + return map_InternalReleaseImageStatus +} + var map_MCOObjectReference = map[string]string{ "": "MCOObjectReference holds information about an object the MCO either owns or modifies in some way", "name": "name is the name of the object being referenced. For example, this can represent a machine config pool or node name. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", @@ -96,8 +154,56 @@ func (MachineConfigNodeStatusPinnedImageSet) SwaggerDoc() map[string]string { return map_MachineConfigNodeStatusPinnedImageSet } +var map_OSImageStream = map[string]string{ + "": "OSImageStream describes a set of streams and associated images available for the MachineConfigPools to be used as base OS images.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "spec": "spec contains the desired OSImageStream config configuration.", + "status": "status describes the last observed state of this OSImageStream. Populated by the MachineConfigOperator after reading release metadata. When not present, the controller has not yet reconciled this resource.", +} + +func (OSImageStream) SwaggerDoc() map[string]string { + return map_OSImageStream +} + +var map_OSImageStreamList = map[string]string{ + "": "OSImageStreamList is a list of OSImageStream resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (OSImageStreamList) SwaggerDoc() map[string]string { + return map_OSImageStreamList +} + +var map_OSImageStreamSet = map[string]string{ + "name": "name is the required identifier of the stream.\n\nname is determined by the operator based on the OCI label of the discovered OS or Extension Image.\n\nMust be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", + "osImage": "osImage is a required OS Image referenced by digest.\n\nosImage contains the immutable, fundamental operating system components, including the kernel and base utilities, that define the core environment for the node's host operating system.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", + "osExtensionsImage": "osExtensionsImage is a required OS Extensions Image referenced by digest.\n\nosExtensionsImage bundles the extra repositories used to enable extensions, augmenting the base operating system without modifying the underlying immutable osImage.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", +} + +func (OSImageStreamSet) SwaggerDoc() map[string]string { + return map_OSImageStreamSet +} + +var map_OSImageStreamSpec = map[string]string{ + "": "OSImageStreamSpec defines the desired state of a OSImageStream.", +} + +func (OSImageStreamSpec) SwaggerDoc() map[string]string { + return map_OSImageStreamSpec +} + +var map_OSImageStreamStatus = map[string]string{ + "": "OSImageStreamStatus describes the current state of a OSImageStream", + "availableStreams": "availableStreams is a list of the available OS Image Streams that can be used as the base image for MachineConfigPools. availableStreams is required, must have at least one item, must not exceed 100 items, and must have unique entries keyed on the name field.", + "defaultStream": "defaultStream is the name of the stream that should be used as the default when no specific stream is requested by a MachineConfigPool.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'), and must reference the name of one of the streams in availableStreams.", +} + +func (OSImageStreamStatus) SwaggerDoc() map[string]string { + return map_OSImageStreamStatus +} + var map_PinnedImageRef = map[string]string{ - "name": "name is an OCI Image referenced by digest.\n\nThe format of the image ref is: host[:port][/namespace]/name@sha256:", + "name": "name is an OCI Image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", } func (PinnedImageRef) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 46b906518d..d54352f2ce 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -298,9 +298,9 @@ type IngressControllerSpec struct { // case HAProxy handles it in the old process and closes // the connection after sending the response. // - // - HAProxy's `timeout http-keep-alive` duration expires - // (300 seconds in OpenShift's configuration, not - // configurable). + // - HAProxy's `timeout http-keep-alive` duration expires. + // By default this is 300 seconds, but it can be changed + // using httpKeepAliveTimeout tuning option. // // - The client's keep-alive timeout expires, causing the // client to close the connection. @@ -344,6 +344,47 @@ type IngressControllerSpec struct { // +kubebuilder:default:="Immediate" // +default="Immediate" IdleConnectionTerminationPolicy IngressControllerConnectionTerminationPolicy `json:"idleConnectionTerminationPolicy,omitempty"` + + // closedClientConnectionPolicy controls how the IngressController + // behaves when the client closes the TCP connection while the TLS + // handshake or HTTP request is in progress. This option maps directly + // to HAProxy’s "abortonclose" option. + // + // Valid values are: "Abort" and "Continue". + // The default value is "Continue". + // + // When set to "Abort", the router will stop processing the TLS handshake + // if it is in progress, and it will not send an HTTP request to the backend server + // if the request has not yet been sent when the client closes the connection. + // + // When set to "Continue", the router will complete the TLS handshake + // if it is in progress, or send an HTTP request to the backend server + // and wait for the backend server's response, regardless of + // whether the client has closed the connection. + // + // Setting "Abort" can help free CPU resources otherwise spent on TLS computation + // for connections the client has already closed, and can reduce request queue + // size, thereby reducing the load on saturated backend servers. + // + // Important Considerations: + // + // - The default policy ("Continue") is HTTP-compliant, and requests + // for aborted client connections will still be served. + // Use the "Continue" policy to allow a client to send a request + // and then immediately close its side of the connection while + // still receiving a response on the half-closed connection. + // + // - When clients use keep-alive connections, the most common case for premature + // closure is when the user wants to cancel the transfer or when a timeout + // occurs. In that case, the "Abort" policy may be used to reduce resource consumption. + // + // - Using RSA keys larger than 2048 bits can significantly slow down + // TLS computations. Consider using the "Abort" policy to reduce CPU usage. + // + // +optional + // +kubebuilder:default:="Continue" + // +default="Continue" + ClosedClientConnectionPolicy IngressControllerClosedClientConnectionPolicy `json:"closedClientConnectionPolicy,omitempty"` } // httpCompressionPolicy turns on compression for the specified MIME types. @@ -1884,6 +1925,36 @@ type IngressControllerTuningOptions struct { // +optional ConnectTimeout *metav1.Duration `json:"connectTimeout,omitempty"` + // httpKeepAliveTimeout defines the maximum allowed time to wait for + // a new HTTP request to appear on a connection from the client to the router. + // + // This field expects an unsigned duration string of a decimal number, with optional + // fraction and a unit suffix, e.g. "300ms", "1.5s" or "2m45s". + // Valid time units are "ms", "s", "m". + // The allowed range is from 1 millisecond to 15 minutes. + // + // When omitted, this means the user has no opinion and the platform is left + // to choose a reasonable default. This default is subject to change over time. + // The current default is 300s. + // + // Low values (tens of milliseconds or less) can cause clients to close and reopen connections + // for each request, leading to reduced connection sharing. + // For HTTP/2, special care should be taken with low values. + // A few seconds is a reasonable starting point to avoid holding idle connections open + // while still allowing subsequent requests to reuse the connection. + // + // High values (minutes or more) favor connection reuse but may cause idle + // connections to linger longer. + // + // +kubebuilder:validation:Type:=string + // +kubebuilder:validation:XValidation:rule="self.matches('^([0-9]+(\\\\.[0-9]+)?(ms|s|m))+$')",message="httpKeepAliveTimeout must be a valid duration string composed of an unsigned integer value, optionally followed by a decimal fraction and a unit suffix (ms, s, m)" + // +kubebuilder:validation:XValidation:rule="!self.matches('^([0-9]+(\\\\.[0-9]+)?(ms|s|m))+$') || duration(self) <= duration('15m')",message="httpKeepAliveTimeout must be less than or equal to 15 minutes" + // +kubebuilder:validation:XValidation:rule="!self.matches('^([0-9]+(\\\\.[0-9]+)?(ms|s|m))+$') || duration(self) >= duration('1ms')",message="httpKeepAliveTimeout must be greater than or equal to 1 millisecond" + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=16 + // +optional + HTTPKeepAliveTimeout *metav1.Duration `json:"httpKeepAliveTimeout,omitempty"` + // tlsInspectDelay defines how long the router can hold data to find a // matching route. // @@ -2140,3 +2211,34 @@ const ( // connection. IngressControllerConnectionTerminationPolicyDeferred IngressControllerConnectionTerminationPolicy = "Deferred" ) + +// IngressControllerClosedClientConnectionPolicy controls how the IngressController +// behaves when the client closes the TCP connection while the TLS +// handshake or HTTP request is in progress. +// +// +kubebuilder:validation:Enum=Abort;Continue +type IngressControllerClosedClientConnectionPolicy string + +const ( + // IngressControllerClosedClientConnectionPolicyAbort aborts processing early when the client + // closes the connection. + // + // This affects two types of processing: TLS handshake computation on the router + // and request handling. + // + // When the client closes the connection, the router will stop processing + // the TLS handshake, preventing unnecessary CPU work. + // + // If the HTTP request has not yet been sent to the backend, it will be aborted. + // If the request is already being processed by the backend, the router will + // half-close the connection to signal this condition to the backend server, + // which can then decide how to proceed. + IngressControllerClosedClientConnectionPolicyAbort IngressControllerClosedClientConnectionPolicy = "Abort" + + // IngressControllerClosedClientConnectionPolicyContinue continues processing even if the client + // closes the connection. + // + // The router will complete the TLS handshake and wait for the backend + // server's response regardless of the client having closed the connection. + IngressControllerClosedClientConnectionPolicyContinue IngressControllerClosedClientConnectionPolicy = "Continue" +) diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index 111240eecf..6d95e5905a 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -397,8 +397,18 @@ type OpenShiftSDNConfig struct { EnableUnidling *bool `json:"enableUnidling,omitempty"` } +// Maintainer note for NoOverlayMode feature (TechPreview): +// When NoOverlayMode graduates to GA, add '+kubebuilder:default=Geneve' to the DefaultNetworkTransport +// field so the default is visible in the CRD schema and applied by the API server automatically. +// Currently CNO handles the default (treating omitted as Geneve) because the field is feature-gated +// and existing ungated tests don't expect this field in outputs. + // ovnKubernetesConfig contains the configuration parameters for networks // using the ovn-kubernetes network project +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(self.defaultNetworkTransport) || self.defaultNetworkTransport != 'NoOverlay' || has(self.defaultNetworkNoOverlayOptions)",message="defaultNetworkNoOverlayOptions is required when defaultNetworkTransport is NoOverlay" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(self.defaultNetworkNoOverlayOptions) || self.defaultNetworkNoOverlayOptions.routing != 'Managed' || has(self.bgpManagedConfig)",message="bgpManagedConfig is required when defaultNetworkNoOverlayOptions.routing is Managed" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(oldSelf.defaultNetworkTransport) || oldSelf.defaultNetworkTransport == '' || has(self.defaultNetworkTransport)",message="defaultNetworkTransport cannot be removed once set to a non-empty value" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(oldSelf.defaultNetworkNoOverlayOptions) || has(self.defaultNetworkNoOverlayOptions)",message="defaultNetworkNoOverlayOptions cannot be removed once set" type OVNKubernetesConfig struct { // mtu is the MTU to use for the tunnel interface. This must be 100 // bytes smaller than the uplink mtu. @@ -468,6 +478,35 @@ type OVNKubernetesConfig struct { // +openshift:enable:FeatureGate=RouteAdvertisements // +optional RouteAdvertisements RouteAdvertisementsEnablement `json:"routeAdvertisements,omitempty"` + + // defaultNetworkTransport describes the transport protocol for east-west traffic for the default network. + // Allowed values are "NoOverlay" and "Geneve". + // When set to "NoOverlay", the default network operates in no-overlay mode. + // When set to "Geneve", the default network uses Geneve overlay. + // When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. + // The current default is "Geneve". + // +openshift:enable:FeatureGate=NoOverlayMode + // +kubebuilder:validation:Enum=NoOverlay;Geneve + // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="defaultNetworkTransport is immutable once set" + // +optional + DefaultNetworkTransport TransportOption `json:"defaultNetworkTransport,omitempty"` + + // defaultNetworkNoOverlayOptions contains configuration for no-overlay mode for the default network. + // It is required when DefaultNetworkTransport is "NoOverlay". + // When omitted, this means the user does not configure no-overlay mode options. + // +openshift:enable:FeatureGate=NoOverlayMode + // +kubebuilder:validation:XValidation:rule="!oldSelf.hasValue() || self == oldSelf.value()",message="defaultNetworkNoOverlayOptions is immutable once set",optionalOldSelf=true + // +optional + DefaultNetworkNoOverlayOptions NoOverlayOptions `json:"defaultNetworkNoOverlayOptions,omitzero,omitempty"` + + // bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) + // in no-overlay mode that specify routing="Managed" in their NoOverlayOptions. + // It is required when DefaultNetworkNoOverlayOptions.Routing is set to "Managed". + // When omitted, this means the user does not configure BGP for managed routing. + // +openshift:enable:FeatureGate=NoOverlayMode + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="bgpManagedConfig field is immutable" + // +optional + BGPManagedConfig BGPManagedConfig `json:"bgpManagedConfig,omitzero,omitempty"` } type IPv4OVNKubernetesConfig struct { @@ -898,3 +937,77 @@ type AdditionalRoutingCapabilities struct { // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))" Providers []RoutingCapabilitiesProvider `json:"providers"` } + +// TransportOption is the type for network transport options +type TransportOption string + +// SNATOption is the type for SNAT configuration options +type SNATOption string + +// RoutingOption is the type for routing configuration options +type RoutingOption string + +// BGPTopology is the type for BGP topology configuration +type BGPTopology string + +const ( + // TransportOptionNoOverlay indicates the network operates in no-overlay mode + TransportOptionNoOverlay TransportOption = "NoOverlay" + // TransportOptionGeneve indicates the network uses Geneve overlay + TransportOptionGeneve TransportOption = "Geneve" + + // SNATEnabled indicates outbound SNAT is enabled + SNATEnabled SNATOption = "Enabled" + // SNATDisabled indicates outbound SNAT is disabled + SNATDisabled SNATOption = "Disabled" + + // RoutingManaged indicates routing is managed by OVN-Kubernetes + RoutingManaged RoutingOption = "Managed" + // RoutingUnmanaged indicates routing is managed by users + RoutingUnmanaged RoutingOption = "Unmanaged" + + // BGPTopologyFullMesh indicates every node deploys a BGP router, forming a BGP full mesh + BGPTopologyFullMesh BGPTopology = "FullMesh" +) + +// NoOverlayOptions contains configuration options for networks operating in no-overlay mode. +type NoOverlayOptions struct { + // outboundSNAT defines the SNAT behavior for outbound traffic from pods. + // Allowed values are "Enabled" and "Disabled". + // When set to "Enabled", SNAT is performed on outbound traffic from pods. + // When set to "Disabled", SNAT is not performed and pod IPs are preserved in outbound traffic. + // This field is required when the network operates in no-overlay mode. + // +kubebuilder:validation:Enum=Enabled;Disabled + // +required + OutboundSNAT SNATOption `json:"outboundSNAT,omitempty"` + + // routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. + // Allowed values are "Managed" and "Unmanaged". + // When set to "Managed", OVN-Kubernetes manages the pod network routing configuration through BGP. + // When set to "Unmanaged", users are responsible for configuring the pod network routing. + // This field is required when the network operates in no-overlay mode. + // +kubebuilder:validation:Enum=Managed;Unmanaged + // +required + Routing RoutingOption `json:"routing,omitempty"` +} + +// BGPManagedConfig contains configuration options for BGP when routing is "Managed". +type BGPManagedConfig struct { + // asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) + // to be used in the generated FRR configuration. + // Valid values are 1 to 4294967295. + // When omitted, this defaults to 64512. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=4294967295 + // +kubebuilder:default=64512 + // +optional + ASNumber int64 `json:"asNumber,omitempty"` + + // bgpTopology defines the BGP topology to be used. + // Allowed values are "FullMesh". + // When set to "FullMesh", every node deploys a BGP router, forming a BGP full mesh. + // This field is required when BGPManagedConfig is specified. + // +kubebuilder:validation:Enum=FullMesh + // +required + BGPTopology BGPTopology `json:"bgpTopology,omitempty"` +} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-OKD.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-OKD.crd.yaml new file mode 100644 index 0000000000..b1ad9fc093 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-OKD.crd.yaml @@ -0,0 +1,331 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/752 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: OKD + name: etcds.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: Etcd + listKind: EtcdList + plural: etcds + singular: etcd + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Etcd provides information to configure an operator to manage etcd. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + controlPlaneHardwareSpeed: + description: "HardwareSpeed allows user to change the etcd tuning + profile which configures\nthe latency parameters for heartbeat interval + and leader election timeouts\nallowing the cluster to tolerate longer + round-trip-times between etcd members.\nValid values are \"\", \"Standard\" + and \"Slower\".\n\t\"\" means no opinion and the platform is left + to choose a reasonable default\n\twhich is subject to change without + notice." + enum: + - "" + - Standard + - Slower + type: string + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + controlPlaneHardwareSpeed: + description: ControlPlaneHardwareSpeed declares valid hardware speed + tolerance levels + enum: + - "" + - Standard + - Slower + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: |- + currentRevision is the generation of the most recently successful deployment. + Can not be set on creation of a nodeStatus. Updates must only increase the value. + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: |- + targetRevision is the generation of the deployment we're trying to apply. + Can not be set on creation of a nodeStatus. + format: int32 + type: integer + required: + - nodeName + type: object + x-kubernetes-validations: + - fieldPath: .currentRevision + message: cannot be unset once set + rule: has(self.currentRevision) || !has(oldSelf.currentRevision) + - fieldPath: .currentRevision + message: currentRevision can not be set on creation of a nodeStatus + optionalOldSelf: true + rule: oldSelf.hasValue() || !has(self.currentRevision) + - fieldPath: .targetRevision + message: targetRevision can not be set on creation of a nodeStatus + optionalOldSelf: true + rule: oldSelf.hasValue() || !has(self.targetRevision) + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: no more than 1 node status may have a nonzero targetRevision + rule: size(self.filter(status, status.?targetRevision.orValue(0) + != 0)) <= 1 + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-OKD.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-OKD.crd.yaml new file mode 100644 index 0000000000..ac96531975 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_20_kube-apiserver_01_kubeapiservers-OKD.crd.yaml @@ -0,0 +1,335 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: OKD + name: kubeapiservers.operator.openshift.io +spec: + group: operator.openshift.io + names: + categories: + - coreoperators + kind: KubeAPIServer + listKind: KubeAPIServerList + plural: kubeapiservers + singular: kubeapiserver + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeAPIServer provides information to configure an operator to manage kube-apiserver. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Kubernetes API Server + properties: + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Force)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Kubernetes + API Server + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: |- + currentRevision is the generation of the most recently successful deployment. + Can not be set on creation of a nodeStatus. Updates must only increase the value. + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + lastFailedCount: + description: lastFailedCount is how often the installer pod + of the last failed revision failed. + type: integer + lastFailedReason: + description: lastFailedReason is a machine readable failure + reason string. + type: string + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of human readable + errors during the failed deployment referenced in lastFailedRevision. + items: + type: string + type: array + x-kubernetes-list-type: atomic + lastFailedTime: + description: lastFailedTime is the time the last failed revision + failed the last time. + format: date-time + type: string + lastFallbackCount: + description: lastFallbackCount is how often a fallback to a + previous revision happened. + type: integer + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: |- + targetRevision is the generation of the deployment we're trying to apply. + Can not be set on creation of a nodeStatus. + format: int32 + type: integer + required: + - nodeName + type: object + x-kubernetes-validations: + - fieldPath: .currentRevision + message: cannot be unset once set + rule: has(self.currentRevision) || !has(oldSelf.currentRevision) + - fieldPath: .currentRevision + message: currentRevision can not be set on creation of a nodeStatus + optionalOldSelf: true + rule: oldSelf.hasValue() || !has(self.currentRevision) + - fieldPath: .targetRevision + message: targetRevision can not be set on creation of a nodeStatus + optionalOldSelf: true + rule: oldSelf.hasValue() || !has(self.targetRevision) + type: array + x-kubernetes-list-map-keys: + - nodeName + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: no more than 1 node status may have a nonzero targetRevision + rule: size(self.filter(status, status.?targetRevision.orValue(0) + != 0)) <= 1 + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + serviceAccountIssuers: + description: |- + serviceAccountIssuers tracks history of used service account issuers. + The item without expiration time represents the currently used service account issuer. + The other items represents service account issuers that were used previously and are still being trusted. + The default expiration for the items is set by the platform and it defaults to 24h. + see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection + items: + properties: + expirationTime: + description: |- + expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list + of service account issuers. + format: date-time + type: string + name: + description: name is the name of the service account issuer + type: string + type: object + type: array + x-kubernetes-list-type: atomic + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-OKD.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-OKD.crd.yaml new file mode 100644 index 0000000000..04758b7a19 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-OKD.crd.yaml @@ -0,0 +1,488 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/701 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: OKD + name: clustercsidrivers.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: ClusterCSIDriver + listKind: ClusterCSIDriverList + plural: clustercsidrivers + singular: clustercsidriver + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + ClusterCSIDriver object allows management and configuration of a CSI driver operator + installed by default in OpenShift. Name of the object must be name of the CSI driver + it operates. See CSIDriverName type for list of allowed values. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + properties: + name: + enum: + - ebs.csi.aws.com + - efs.csi.aws.com + - disk.csi.azure.com + - file.csi.azure.com + - filestore.csi.storage.gke.io + - pd.csi.storage.gke.io + - cinder.csi.openstack.org + - csi.vsphere.vmware.com + - manila.csi.openstack.org + - csi.kubevirt.io + - csi.sharedresource.openshift.io + - diskplugin.csi.alibabacloud.com + - vpc.block.csi.ibm.io + - powervs.csi.ibm.com + - secrets-store.csi.k8s.io + - smb.csi.k8s.io + type: string + type: object + spec: + description: spec holds user settable values for configuration + properties: + driverConfig: + description: |- + driverConfig can be used to specify platform specific driver configuration. + When omitted, this means no opinion and the platform is left to choose reasonable + defaults. These defaults are subject to change over time. + properties: + aws: + description: aws is used to configure the AWS CSI driver. + properties: + efsVolumeMetrics: + description: efsVolumeMetrics sets the configuration for collecting + metrics from EFS volumes used by the EFS CSI Driver. + properties: + recursiveWalk: + description: |- + recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver + when the state is set to RecursiveWalk. + properties: + fsRateLimit: + description: |- + fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is 5. + The valid range is from 1 to 100 goroutines. + format: int32 + maximum: 100 + minimum: 1 + type: integer + refreshPeriodMinutes: + description: |- + refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is 240. + The valid range is from 1 to 43200 minutes (30 days). + format: int32 + maximum: 43200 + minimum: 1 + type: integer + type: object + state: + description: |- + state defines the state of metric collection in the AWS EFS CSI Driver. + This field is required and must be set to one of the following values: Disabled or RecursiveWalk. + Disabled means no metrics collection will be performed. This is the default value. + RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics. + This process may result in high CPU and memory usage, depending on the volume size. + enum: + - RecursiveWalk + - Disabled + type: string + required: + - state + type: object + kmsKeyARN: + description: |- + kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, + rather than the default KMS key used by AWS. + The value may be either the ARN or Alias ARN of a KMS key. + pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$ + type: string + type: object + azure: + description: azure is used to configure the Azure CSI driver. + properties: + diskEncryptionSet: + description: |- + diskEncryptionSet sets the cluster default storage class to encrypt volumes with a + customer-managed encryption set, rather than the default platform-managed keys. + properties: + name: + description: |- + name is the name of the disk encryption set that will be set on the default storage class. + The value should consist of only alphanumberic characters, + underscores (_), hyphens, and be at most 80 characters in length. + maxLength: 80 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + resourceGroup: + description: |- + resourceGroup defines the Azure resource group that contains the disk encryption set. + The value should consist of only alphanumberic characters, + underscores (_), parentheses, hyphens and periods. + The value should not end in a period and be at most 90 characters in + length. + maxLength: 90 + pattern: ^[\w\.\-\(\)]*[\w\-\(\)]$ + type: string + subscriptionID: + description: |- + subscriptionID defines the Azure subscription that contains the disk encryption set. + The value should meet the following conditions: + 1. It should be a 128-bit number. + 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. + 3. It should be displayed in five groups separated by hyphens (-). + 4. The first group should be 8 characters long. + 5. The second, third, and fourth groups should be 4 characters long. + 6. The fifth group should be 12 characters long. + An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378 + maxLength: 36 + pattern: ^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$ + type: string + required: + - name + - resourceGroup + - subscriptionID + type: object + type: object + driverType: + description: |- + driverType indicates type of CSI driver for which the + driverConfig is being applied to. + Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. + Consumers should treat unknown values as a NO-OP. + enum: + - "" + - AWS + - Azure + - GCP + - IBMCloud + - vSphere + type: string + gcp: + description: gcp is used to configure the GCP CSI driver. + properties: + kmsKey: + description: |- + kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied + encryption keys, rather than the default keys managed by GCP. + properties: + keyRing: + description: |- + keyRing is the name of the KMS Key Ring which the KMS Key belongs to. + The value should correspond to an existing KMS key ring and should + consist of only alphanumeric characters, hyphens (-) and underscores (_), + and be at most 63 characters in length. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + location: + description: |- + location is the GCP location in which the Key Ring exists. + The value must match an existing GCP location, or "global". + Defaults to global, if not set. + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + name: + description: |- + name is the name of the customer-managed encryption key to be used for disk encryption. + The value should correspond to an existing KMS key and should + consist of only alphanumeric characters, hyphens (-) and underscores (_), + and be at most 63 characters in length. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z0-9\_-]+$ + type: string + projectID: + description: |- + projectID is the ID of the Project in which the KMS Key Ring exists. + It must be 6 to 30 lowercase letters, digits, or hyphens. + It must start with a letter. Trailing hyphens are prohibited. + maxLength: 30 + minLength: 6 + pattern: ^[a-z][a-z0-9-]+[a-z0-9]$ + type: string + required: + - keyRing + - name + - projectID + type: object + type: object + ibmcloud: + description: ibmcloud is used to configure the IBM Cloud CSI driver. + properties: + encryptionKeyCRN: + description: |- + encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use + for disk encryption of volumes for the default storage classes. + maxLength: 154 + minLength: 144 + pattern: ^crn:v[0-9]+:bluemix:(public|private):(kms|hs-crypto):[a-z-]+:a/[0-9a-f]+:[0-9a-f-]{36}:key:[0-9a-f-]{36}$ + type: string + required: + - encryptionKeyCRN + type: object + vSphere: + description: vSphere is used to configure the vsphere CSI driver. + properties: + globalMaxSnapshotsPerBlockVolume: + description: |- + globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of + datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. + Snapshots can not be disabled using this parameter. + Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 + Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html + format: int32 + maximum: 32 + minimum: 1 + type: integer + granularMaxSnapshotsPerBlockVolumeInVSAN: + description: |- + granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It + overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. + Snapshots for VSAN can not be disabled using this parameter. + format: int32 + maximum: 32 + minimum: 1 + type: integer + granularMaxSnapshotsPerBlockVolumeInVVOL: + description: |- + granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. + It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. + Snapshots for VVOL can not be disabled using this parameter. + format: int32 + maximum: 32 + minimum: 1 + type: integer + topologyCategories: + description: |- + topologyCategories indicates tag categories with which + vcenter resources such as hostcluster or datacenter were tagged with. + If cluster Infrastructure object has a topology, values specified in + Infrastructure object will be used and modifications to topologyCategories + will be rejected. + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + required: + - driverType + type: object + x-kubernetes-validations: + - message: ibmcloud must be set if driverType is 'IBMCloud', but remain + unset otherwise + rule: 'has(self.driverType) && self.driverType == ''IBMCloud'' ? + has(self.ibmcloud) : !has(self.ibmcloud)' + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + storageClassState: + description: |- + storageClassState determines if CSI operator should create and manage storage classes. + If this field value is empty or Managed - CSI operator will continuously reconcile + storage class and create if necessary. + If this field value is Unmanaged - CSI operator will not reconcile any previously created + storage class. + If this field value is Removed - CSI operator will delete the storage class it created previously. + When omitted, this means the user has no opinion and the platform chooses a reasonable default, + which is subject to change over time. + The current default behaviour is Managed. + enum: + - "" + - Managed + - Unmanaged + - Removed + type: string + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml index 25c51d7956..d37991c458 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers.crd.yaml @@ -109,6 +109,48 @@ spec: - clientCA - clientCertificatePolicy type: object + closedClientConnectionPolicy: + default: Continue + description: |- + closedClientConnectionPolicy controls how the IngressController + behaves when the client closes the TCP connection while the TLS + handshake or HTTP request is in progress. This option maps directly + to HAProxy’s "abortonclose" option. + + Valid values are: "Abort" and "Continue". + The default value is "Continue". + + When set to "Abort", the router will stop processing the TLS handshake + if it is in progress, and it will not send an HTTP request to the backend server + if the request has not yet been sent when the client closes the connection. + + When set to "Continue", the router will complete the TLS handshake + if it is in progress, or send an HTTP request to the backend server + and wait for the backend server's response, regardless of + whether the client has closed the connection. + + Setting "Abort" can help free CPU resources otherwise spent on TLS computation + for connections the client has already closed, and can reduce request queue + size, thereby reducing the load on saturated backend servers. + + Important Considerations: + + - The default policy ("Continue") is HTTP-compliant, and requests + for aborted client connections will still be served. + Use the "Continue" policy to allow a client to send a request + and then immediately close its side of the connection while + still receiving a response on the half-closed connection. + + - When clients use keep-alive connections, the most common case for premature + closure is when the user wants to cancel the transfer or when a timeout + occurs. In that case, the "Abort" policy may be used to reduce resource consumption. + + - Using RSA keys larger than 2048 bits can significantly slow down + TLS computations. Consider using the "Abort" policy to reduce CPU usage. + enum: + - Abort + - Continue + type: string defaultCertificate: description: |- defaultCertificate is a reference to a secret containing the default @@ -1300,9 +1342,9 @@ spec: case HAProxy handles it in the old process and closes the connection after sending the response. - - HAProxy's `timeout http-keep-alive` duration expires - (300 seconds in OpenShift's configuration, not - configurable). + - HAProxy's `timeout http-keep-alive` duration expires. + By default this is 300 seconds, but it can be changed + using httpKeepAliveTimeout tuning option. - The client's keep-alive timeout expires, causing the client to close the connection. @@ -2250,6 +2292,44 @@ spec: 2147483647ms (24.85 days). Both are subject to change over time. pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ type: string + httpKeepAliveTimeout: + description: |- + httpKeepAliveTimeout defines the maximum allowed time to wait for + a new HTTP request to appear on a connection from the client to the router. + + This field expects an unsigned duration string of a decimal number, with optional + fraction and a unit suffix, e.g. "300ms", "1.5s" or "2m45s". + Valid time units are "ms", "s", "m". + The allowed range is from 1 millisecond to 15 minutes. + + When omitted, this means the user has no opinion and the platform is left + to choose a reasonable default. This default is subject to change over time. + The current default is 300s. + + Low values (tens of milliseconds or less) can cause clients to close and reopen connections + for each request, leading to reduced connection sharing. + For HTTP/2, special care should be taken with low values. + A few seconds is a reasonable starting point to avoid holding idle connections open + while still allowing subsequent requests to reuse the connection. + + High values (minutes or more) favor connection reuse but may cause idle + connections to linger longer. + maxLength: 16 + minLength: 1 + type: string + x-kubernetes-validations: + - message: httpKeepAliveTimeout must be a valid duration string + composed of an unsigned integer value, optionally followed + by a decimal fraction and a unit suffix (ms, s, m) + rule: self.matches('^([0-9]+(\\.[0-9]+)?(ms|s|m))+$') + - message: httpKeepAliveTimeout must be less than or equal to + 15 minutes + rule: '!self.matches(''^([0-9]+(\\.[0-9]+)?(ms|s|m))+$'') || + duration(self) <= duration(''15m'')' + - message: httpKeepAliveTimeout must be greater than or equal + to 1 millisecond + rule: '!self.matches(''^([0-9]+(\\.[0-9]+)?(ms|s|m))+$'') || + duration(self) >= duration(''1ms'')' maxConnections: description: |- maxConnections defines the maximum number of simultaneous diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml new file mode 100644 index 0000000000..a3097090d4 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml @@ -0,0 +1,1146 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: CustomNoUpgrade + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: simpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: ipamConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: staticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: address is the IP address in + CIDR format + type: string + gateway: + description: gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: dns configures DNS for the interface + properties: + domain: + description: domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: destination points the IP route + destination + type: string + gateway: + description: |- + gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openshiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + bgpManagedConfig: + description: |- + bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) + in no-overlay mode that specify routing="Managed" in their NoOverlayOptions. + It is required when DefaultNetworkNoOverlayOptions.Routing is set to "Managed". + When omitted, this means the user does not configure BGP for managed routing. + properties: + asNumber: + default: 64512 + description: |- + asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) + to be used in the generated FRR configuration. + Valid values are 1 to 4294967295. + When omitted, this defaults to 64512. + format: int64 + maximum: 4294967295 + minimum: 1 + type: integer + bgpTopology: + description: |- + bgpTopology defines the BGP topology to be used. + Allowed values are "FullMesh". + When set to "FullMesh", every node deploys a BGP router, forming a BGP full mesh. + This field is required when BGPManagedConfig is specified. + enum: + - FullMesh + type: string + required: + - bgpTopology + type: object + x-kubernetes-validations: + - message: bgpManagedConfig field is immutable + rule: self == oldSelf + defaultNetworkNoOverlayOptions: + description: |- + defaultNetworkNoOverlayOptions contains configuration for no-overlay mode for the default network. + It is required when DefaultNetworkTransport is "NoOverlay". + When omitted, this means the user does not configure no-overlay mode options. + properties: + outboundSNAT: + description: |- + outboundSNAT defines the SNAT behavior for outbound traffic from pods. + Allowed values are "Enabled" and "Disabled". + When set to "Enabled", SNAT is performed on outbound traffic from pods. + When set to "Disabled", SNAT is not performed and pod IPs are preserved in outbound traffic. + This field is required when the network operates in no-overlay mode. + enum: + - Enabled + - Disabled + type: string + routing: + description: |- + routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. + Allowed values are "Managed" and "Unmanaged". + When set to "Managed", OVN-Kubernetes manages the pod network routing configuration through BGP. + When set to "Unmanaged", users are responsible for configuring the pod network routing. + This field is required when the network operates in no-overlay mode. + enum: + - Managed + - Unmanaged + type: string + required: + - outboundSNAT + - routing + type: object + x-kubernetes-validations: + - message: defaultNetworkNoOverlayOptions is immutable once + set + optionalOldSelf: true + rule: '!oldSelf.hasValue() || self == oldSelf.value()' + defaultNetworkTransport: + description: |- + defaultNetworkTransport describes the transport protocol for east-west traffic for the default network. + Allowed values are "NoOverlay" and "Geneve". + When set to "NoOverlay", the default network operates in no-overlay mode. + When set to "Geneve", the default network uses Geneve overlay. + When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. + The current default is "Geneve". + enum: + - NoOverlay + - Geneve + type: string + x-kubernetes-validations: + - message: defaultNetworkTransport is immutable once set + rule: oldSelf == '' || self == oldSelf + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.0.0/17 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/112 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + hybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: hybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + full: + description: |- + full defines configuration parameters for the IPsec `Full` mode. + This is permitted only when mode is configured with `Full`, + and forbidden otherwise. + minProperties: 1 + properties: + encapsulation: + description: |- + encapsulation option to configure libreswan on how inter-pod traffic across nodes + are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 + for the encapsulation. + Valid values are Always, Auto and omitted. + Always means enable UDP encapsulation regardless of whether NAT is detected. + Auto means enable UDP encapsulation based on the detection of NAT. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is Auto. + enum: + - Always + - Auto + type: string + type: object + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + - message: full is forbidden when mode is not Full + rule: 'has(self.mode) && self.mode == ''Full'' ? true : + !has(self.full)' + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default value is fd98::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is fd98::/64 + type: string + type: object + x-kubernetes-validations: + - message: defaultNetworkNoOverlayOptions is required when defaultNetworkTransport + is NoOverlay + rule: '!has(self.defaultNetworkTransport) || self.defaultNetworkTransport + != ''NoOverlay'' || has(self.defaultNetworkNoOverlayOptions)' + - message: bgpManagedConfig is required when defaultNetworkNoOverlayOptions.routing + is Managed + rule: '!has(self.defaultNetworkNoOverlayOptions) || self.defaultNetworkNoOverlayOptions.routing + != ''Managed'' || has(self.bgpManagedConfig)' + - message: defaultNetworkTransport cannot be removed once set + to a non-empty value + rule: '!has(oldSelf.defaultNetworkTransport) || oldSelf.defaultNetworkTransport + == '''' || has(self.defaultNetworkTransport)' + - message: defaultNetworkNoOverlayOptions cannot be removed once + set + rule: '!has(oldSelf.defaultNetworkNoOverlayOptions) || has(self.defaultNetworkNoOverlayOptions)' + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. + disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, + that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, + but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml new file mode 100644 index 0000000000..26fc12dea5 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-Default.crd.yaml @@ -0,0 +1,1045 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: Default + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: simpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: ipamConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: staticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: address is the IP address in + CIDR format + type: string + gateway: + description: gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: dns configures DNS for the interface + properties: + domain: + description: domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: destination points the IP route + destination + type: string + gateway: + description: |- + gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openshiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.0.0/17 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/112 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + hybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: hybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + full: + description: |- + full defines configuration parameters for the IPsec `Full` mode. + This is permitted only when mode is configured with `Full`, + and forbidden otherwise. + minProperties: 1 + properties: + encapsulation: + description: |- + encapsulation option to configure libreswan on how inter-pod traffic across nodes + are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 + for the encapsulation. + Valid values are Always, Auto and omitted. + Always means enable UDP encapsulation regardless of whether NAT is detected. + Auto means enable UDP encapsulation based on the detection of NAT. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is Auto. + enum: + - Always + - Auto + type: string + type: object + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + - message: full is forbidden when mode is not Full + rule: 'has(self.mode) && self.mode == ''Full'' ? true : + !has(self.full)' + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default value is fd98::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is fd98::/64 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. + disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, + that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, + but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 0000000000..c49605a9e7 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,1045 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: simpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: ipamConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: staticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: address is the IP address in + CIDR format + type: string + gateway: + description: gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: dns configures DNS for the interface + properties: + domain: + description: domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: destination points the IP route + destination + type: string + gateway: + description: |- + gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openshiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.0.0/17 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/112 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + hybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: hybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + full: + description: |- + full defines configuration parameters for the IPsec `Full` mode. + This is permitted only when mode is configured with `Full`, + and forbidden otherwise. + minProperties: 1 + properties: + encapsulation: + description: |- + encapsulation option to configure libreswan on how inter-pod traffic across nodes + are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 + for the encapsulation. + Valid values are Always, Auto and omitted. + Always means enable UDP encapsulation regardless of whether NAT is detected. + Auto means enable UDP encapsulation based on the detection of NAT. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is Auto. + enum: + - Always + - Auto + type: string + type: object + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + - message: full is forbidden when mode is not Full + rule: 'has(self.mode) && self.mode == ''Full'' ? true : + !has(self.full)' + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default value is fd98::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is fd98::/64 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. + disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, + that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, + but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-OKD.crd.yaml similarity index 99% rename from vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks.crd.yaml rename to vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-OKD.crd.yaml index 7a41655bd1..e4764f46ca 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-OKD.crd.yaml @@ -6,6 +6,7 @@ metadata: api.openshift.io/merged-by-featuregates: "true" include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: OKD name: networks.operator.openshift.io spec: group: operator.openshift.io diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 0000000000..64dd91cabb --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,1146 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: simpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: ipamConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: staticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: address is the IP address in + CIDR format + type: string + gateway: + description: gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: dns configures DNS for the interface + properties: + domain: + description: domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: destination points the IP route + destination + type: string + gateway: + description: |- + gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openshiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + bgpManagedConfig: + description: |- + bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) + in no-overlay mode that specify routing="Managed" in their NoOverlayOptions. + It is required when DefaultNetworkNoOverlayOptions.Routing is set to "Managed". + When omitted, this means the user does not configure BGP for managed routing. + properties: + asNumber: + default: 64512 + description: |- + asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) + to be used in the generated FRR configuration. + Valid values are 1 to 4294967295. + When omitted, this defaults to 64512. + format: int64 + maximum: 4294967295 + minimum: 1 + type: integer + bgpTopology: + description: |- + bgpTopology defines the BGP topology to be used. + Allowed values are "FullMesh". + When set to "FullMesh", every node deploys a BGP router, forming a BGP full mesh. + This field is required when BGPManagedConfig is specified. + enum: + - FullMesh + type: string + required: + - bgpTopology + type: object + x-kubernetes-validations: + - message: bgpManagedConfig field is immutable + rule: self == oldSelf + defaultNetworkNoOverlayOptions: + description: |- + defaultNetworkNoOverlayOptions contains configuration for no-overlay mode for the default network. + It is required when DefaultNetworkTransport is "NoOverlay". + When omitted, this means the user does not configure no-overlay mode options. + properties: + outboundSNAT: + description: |- + outboundSNAT defines the SNAT behavior for outbound traffic from pods. + Allowed values are "Enabled" and "Disabled". + When set to "Enabled", SNAT is performed on outbound traffic from pods. + When set to "Disabled", SNAT is not performed and pod IPs are preserved in outbound traffic. + This field is required when the network operates in no-overlay mode. + enum: + - Enabled + - Disabled + type: string + routing: + description: |- + routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. + Allowed values are "Managed" and "Unmanaged". + When set to "Managed", OVN-Kubernetes manages the pod network routing configuration through BGP. + When set to "Unmanaged", users are responsible for configuring the pod network routing. + This field is required when the network operates in no-overlay mode. + enum: + - Managed + - Unmanaged + type: string + required: + - outboundSNAT + - routing + type: object + x-kubernetes-validations: + - message: defaultNetworkNoOverlayOptions is immutable once + set + optionalOldSelf: true + rule: '!oldSelf.hasValue() || self == oldSelf.value()' + defaultNetworkTransport: + description: |- + defaultNetworkTransport describes the transport protocol for east-west traffic for the default network. + Allowed values are "NoOverlay" and "Geneve". + When set to "NoOverlay", the default network operates in no-overlay mode. + When set to "Geneve", the default network uses Geneve overlay. + When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. + The current default is "Geneve". + enum: + - NoOverlay + - Geneve + type: string + x-kubernetes-validations: + - message: defaultNetworkTransport is immutable once set + rule: oldSelf == '' || self == oldSelf + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.0.0/17 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/112 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + hybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: hybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + full: + description: |- + full defines configuration parameters for the IPsec `Full` mode. + This is permitted only when mode is configured with `Full`, + and forbidden otherwise. + minProperties: 1 + properties: + encapsulation: + description: |- + encapsulation option to configure libreswan on how inter-pod traffic across nodes + are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 + for the encapsulation. + Valid values are Always, Auto and omitted. + Always means enable UDP encapsulation regardless of whether NAT is detected. + Auto means enable UDP encapsulation based on the detection of NAT. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is Auto. + enum: + - Always + - Auto + type: string + type: object + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + - message: full is forbidden when mode is not Full + rule: 'has(self.mode) && self.mode == ''Full'' ? true : + !has(self.full)' + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default value is fd98::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is fd98::/64 + type: string + type: object + x-kubernetes-validations: + - message: defaultNetworkNoOverlayOptions is required when defaultNetworkTransport + is NoOverlay + rule: '!has(self.defaultNetworkTransport) || self.defaultNetworkTransport + != ''NoOverlay'' || has(self.defaultNetworkNoOverlayOptions)' + - message: bgpManagedConfig is required when defaultNetworkNoOverlayOptions.routing + is Managed + rule: '!has(self.defaultNetworkNoOverlayOptions) || self.defaultNetworkNoOverlayOptions.routing + != ''Managed'' || has(self.bgpManagedConfig)' + - message: defaultNetworkTransport cannot be removed once set + to a non-empty value + rule: '!has(oldSelf.defaultNetworkTransport) || oldSelf.defaultNetworkTransport + == '''' || has(self.defaultNetworkTransport)' + - message: defaultNetworkNoOverlayOptions cannot be removed once + set + rule: '!has(oldSelf.defaultNetworkNoOverlayOptions) || has(self.defaultNetworkNoOverlayOptions)' + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. + disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, + that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, + but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml new file mode 100644 index 0000000000..6c763ea479 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml @@ -0,0 +1,1253 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: OKD + name: machineconfigurations.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: MachineConfiguration + listKind: MachineConfigurationList + plural: machineconfigurations + singular: machineconfiguration + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + MachineConfiguration provides information to configure an operator to manage Machine Configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Machine Config Operator + properties: + failedRevisionLimit: + description: |- + failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: |- + forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. + This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work + this time instead of failing again on the same config. + type: string + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managedBootImages: + description: |- + managedBootImages allows configuration for the management of boot images for machine + resources within the cluster. This configuration allows users to select resources that should + be updated to the latest boot images during cluster upgrades, ensuring that new machines + always boot with the current cluster version's boot image. When omitted, this means no opinion + and the platform is left to choose a reasonable default, which is subject to change over time. + The default for each machine manager mode is All for GCP and AWS platforms, and None for all + other platforms. + properties: + machineManagers: + description: |- + machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator + will watch for changes to this list. Only one entry is permitted per type of machine management resource. + items: + description: |- + MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information + such as the resource type and the API Group of the resource. It also provides granular control via the selection field. + properties: + apiGroup: + description: |- + apiGroup is name of the APIGroup that the machine management resource belongs to. + The only current valid value is machine.openshift.io. + machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group. + enum: + - machine.openshift.io + type: string + resource: + description: |- + resource is the machine management resource's type. + Valid values are machinesets and controlplanemachinesets. + machinesets means that the machine manager will only register resources of the kind MachineSet. + controlplanemachinesets means that the machine manager will only register resources of the kind ControlPlaneMachineSet. + enum: + - machinesets + type: string + selection: + description: selection allows granular control of the machine + management resources that will be registered for boot + image updates. + properties: + mode: + description: |- + mode determines how machine managers will be selected for updates. + Valid values are All, Partial and None. + All means that every resource matched by the machine manager will be updated. + Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. + Partial is not permitted for the controlplanemachinesets resource type as they are a singleton within the cluster. + None means that every resource matched by the machine manager will not be updated. + enum: + - All + - Partial + - None + type: string + partial: + description: |- + partial provides label selector(s) that can be used to match machine management resources. + Only permitted when mode is set to "Partial". + properties: + machineResourceSelector: + description: machineResourceSelector is a label + selector that can be used to select machine resources + like MachineSets. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - machineResourceSelector + type: object + required: + - mode + type: object + x-kubernetes-validations: + - message: Partial is required when type is partial, and + forbidden otherwise + rule: 'has(self.mode) && self.mode == ''Partial'' ? has(self.partial) + : !has(self.partial)' + required: + - apiGroup + - resource + - selection + type: object + maxItems: 5 + type: array + x-kubernetes-list-map-keys: + - resource + - apiGroup + x-kubernetes-list-type: map + type: object + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + nodeDisruptionPolicy: + description: |- + nodeDisruptionPolicy allows an admin to set granular node disruption actions for + MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow + for less downtime when doing small configuration updates to the cluster. This configuration + has no effect on cluster upgrades which will still incur node disruption where required. + properties: + files: + description: |- + files is a list of MachineConfig file definitions and actions to take to changes on those paths + This list supports a maximum of 50 entries. + items: + description: NodeDisruptionPolicySpecFile is a file entry and + corresponding actions to take and is used in the NodeDisruptionPolicyConfig + object + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? has(self.reload) + : !has(self.reload)' + - message: restart is required when type is Restart, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' ? + has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) == + 1 : true' + path: + description: |- + path is the location of a file being managed through a MachineConfig. + The Actions in the policy will apply to changes to the file at this path. + type: string + required: + - actions + - path + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - path + x-kubernetes-list-type: map + sshkey: + description: |- + sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this + will apply to all sshkey changes in the cluster + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, where + ${SERVICETYPE} must be one of ".service", ".socket", + ".device", ".mount", ".automount", ".swap", + ".target", ".path", ".timer",".snapshot", ".slice" + or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, where + ${SERVICETYPE} must be one of ".service", ".socket", + ".device", ".mount", ".automount", ".swap", + ".target", ".path", ".timer",".snapshot", ".slice" + or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? has(self.reload) + : !has(self.reload)' + - message: restart is required when type is Restart, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' ? has(self.restart) + : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) == + 1 : true' + - message: None action can only be specified standalone, as + it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) == + 1 : true' + required: + - actions + type: object + units: + description: |- + units is a list MachineConfig unit definitions and actions to take on changes to those services + This list supports a maximum of 50 entries. + items: + description: NodeDisruptionPolicySpecUnit is a systemd unit + name and corresponding actions to take and is used in the + NodeDisruptionPolicyConfig object + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} + must be atleast 1 character long and can only + consist of alphabets, digits, ":", "-", "_", + ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? has(self.reload) + : !has(self.reload)' + - message: restart is required when type is Restart, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' ? + has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) == + 1 : true' + name: + description: |- + name represents the service name of a systemd service managed through a MachineConfig + Actions specified will be applied for changes to the named service. + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. Expected + format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} + must be one of ".service", ".socket", ".device", ".mount", + ".automount", ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected format + is ${NAME}${SERVICETYPE}, where {NAME} must be atleast + 1 character long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - actions + - name + type: object + maxItems: 50 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + succeededRevisionLimit: + description: |- + succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api + -1 = unlimited, 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Machine + Config Operator + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + managedBootImagesStatus: + description: |- + managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is + and will be used by Machine Config Controller while performing boot image updates. + properties: + machineManagers: + description: |- + machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator + will watch for changes to this list. Only one entry is permitted per type of machine management resource. + items: + description: |- + MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information + such as the resource type and the API Group of the resource. It also provides granular control via the selection field. + properties: + apiGroup: + description: |- + apiGroup is name of the APIGroup that the machine management resource belongs to. + The only current valid value is machine.openshift.io. + machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group. + enum: + - machine.openshift.io + type: string + resource: + description: |- + resource is the machine management resource's type. + Valid values are machinesets and controlplanemachinesets. + machinesets means that the machine manager will only register resources of the kind MachineSet. + controlplanemachinesets means that the machine manager will only register resources of the kind ControlPlaneMachineSet. + enum: + - machinesets + type: string + selection: + description: selection allows granular control of the machine + management resources that will be registered for boot + image updates. + properties: + mode: + description: |- + mode determines how machine managers will be selected for updates. + Valid values are All, Partial and None. + All means that every resource matched by the machine manager will be updated. + Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. + Partial is not permitted for the controlplanemachinesets resource type as they are a singleton within the cluster. + None means that every resource matched by the machine manager will not be updated. + enum: + - All + - Partial + - None + type: string + partial: + description: |- + partial provides label selector(s) that can be used to match machine management resources. + Only permitted when mode is set to "Partial". + properties: + machineResourceSelector: + description: machineResourceSelector is a label + selector that can be used to select machine resources + like MachineSets. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + required: + - machineResourceSelector + type: object + required: + - mode + type: object + x-kubernetes-validations: + - message: Partial is required when type is partial, and + forbidden otherwise + rule: 'has(self.mode) && self.mode == ''Partial'' ? has(self.partial) + : !has(self.partial)' + required: + - apiGroup + - resource + - selection + type: object + maxItems: 5 + type: array + x-kubernetes-list-map-keys: + - resource + - apiGroup + x-kubernetes-list-type: map + type: object + nodeDisruptionPolicyStatus: + description: |- + nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, + and will be used by the Machine Config Daemon during future node updates. + properties: + clusterPolicies: + description: clusterPolicies is a merge of cluster default and + user provided node disruption policies. + properties: + files: + description: files is a list of MachineConfig file definitions + and actions to take to changes on those paths + items: + description: NodeDisruptionPolicyStatusFile is a file entry + and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus + object + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to + restart, only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + - Special + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' + ? has(self.reload) : !has(self.reload)' + - message: restart is required when type is Restart, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' + ? has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) + == 1 : true' + path: + description: |- + path is the location of a file being managed through a MachineConfig. + The Actions in the policy will apply to changes to the file at this path. + type: string + required: + - actions + - path + type: object + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - path + x-kubernetes-list-type: map + sshkey: + description: sshkey is the overall sshkey MachineConfig definition + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to restart, + only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + - Special + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, and + forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' ? + has(self.reload) : !has(self.reload)' + - message: restart is required when type is Restart, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' + ? has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) + == 1 : true' + required: + - actions + type: object + units: + description: units is a list MachineConfig unit definitions + and actions to take on changes to those services + items: + description: NodeDisruptionPolicyStatusUnit is a systemd + unit name and corresponding actions to take and is used + in the NodeDisruptionPolicyClusterStatus object + properties: + actions: + description: |- + actions represents the series of commands to be executed on changes to the file at + the corresponding file path. Actions will be applied in the order that + they are set in this list. If there are other incoming changes to other MachineConfig + entries in the same update that require a reboot, the reboot will supercede these actions. + Valid actions are Reboot, Drain, Reload, DaemonReload and None. + The Reboot action and the None action cannot be used in conjunction with any of the other actions. + This list supports a maximum of 10 entries. + items: + properties: + reload: + description: reload specifies the service to reload, + only valid if type is reload + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be reloaded + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + restart: + description: restart specifies the service to + restart, only valid if type is restart + properties: + serviceName: + description: |- + serviceName is the full name (e.g. crio.service) of the service to be restarted + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service + name. Expected format is ${NAME}${SERVICETYPE}, + where ${SERVICETYPE} must be one of ".service", + ".socket", ".device", ".mount", ".automount", + ".swap", ".target", ".path", ".timer",".snapshot", + ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. + Expected format is ${NAME}${SERVICETYPE}, + where {NAME} must be atleast 1 character + long and can only consist of alphabets, + digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - serviceName + type: object + type: + description: |- + type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. + reload/restart requires a corresponding service target specified in the reload/restart field. + Other values require no further configuration + enum: + - Reboot + - Drain + - Reload + - Restart + - DaemonReload + - None + - Special + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: reload is required when type is Reload, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Reload'' + ? has(self.reload) : !has(self.reload)' + - message: restart is required when type is Restart, + and forbidden otherwise + rule: 'has(self.type) && self.type == ''Restart'' + ? has(self.restart) : !has(self.restart)' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: Reboot action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''Reboot'') ? size(self) + == 1 : true' + - message: None action can only be specified standalone, + as it will override any other actions + rule: 'self.exists(x, x.type==''None'') ? size(self) + == 1 : true' + name: + description: |- + name represents the service name of a systemd service managed through a MachineConfig + Actions specified will be applied for changes to the named service. + Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + maxLength: 255 + type: string + x-kubernetes-validations: + - message: Invalid ${SERVICETYPE} in service name. Expected + format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} + must be one of ".service", ".socket", ".device", + ".mount", ".automount", ".swap", ".target", ".path", + ".timer",".snapshot", ".slice" or ".scope". + rule: self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$') + - message: Invalid ${NAME} in service name. Expected + format is ${NAME}${SERVICETYPE}, where {NAME} must + be atleast 1 character long and can only consist + of alphabets, digits, ":", "-", "_", ".", and "\" + rule: self.matches('^[a-zA-Z0-9:._\\\\-]+\\..') + required: + - actions + - name + type: object + maxItems: 100 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index fd83694c23..30f437b45a 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -390,6 +390,22 @@ func (in *AzureDiskEncryptionSet) DeepCopy() *AzureDiskEncryptionSet { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BGPManagedConfig) DeepCopyInto(out *BGPManagedConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BGPManagedConfig. +func (in *BGPManagedConfig) DeepCopy() *BGPManagedConfig { + if in == nil { + return nil + } + out := new(BGPManagedConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BootImageSkewEnforcementConfig) DeepCopyInto(out *BootImageSkewEnforcementConfig) { *out = *in @@ -2564,6 +2580,11 @@ func (in *IngressControllerTuningOptions) DeepCopyInto(out *IngressControllerTun *out = new(metav1.Duration) **out = **in } + if in.HTTPKeepAliveTimeout != nil { + in, out := &in.HTTPKeepAliveTimeout, &out.HTTPKeepAliveTimeout + *out = new(metav1.Duration) + **out = **in + } if in.TLSInspectDelay != nil { in, out := &in.TLSInspectDelay, &out.TLSInspectDelay *out = new(metav1.Duration) @@ -3660,6 +3681,22 @@ func (in *NetworkStatus) DeepCopy() *NetworkStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NoOverlayOptions) DeepCopyInto(out *NoOverlayOptions) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NoOverlayOptions. +func (in *NoOverlayOptions) DeepCopy() *NoOverlayOptions { + if in == nil { + return nil + } + out := new(NoOverlayOptions) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeDisruptionPolicyClusterStatus) DeepCopyInto(out *NodeDisruptionPolicyClusterStatus) { *out = *in @@ -4153,6 +4190,8 @@ func (in *OVNKubernetesConfig) DeepCopyInto(out *OVNKubernetesConfig) { *out = new(IPv6OVNKubernetesConfig) **out = **in } + out.DefaultNetworkNoOverlayOptions = in.DefaultNetworkNoOverlayOptions + out.BGPManagedConfig = in.BGPManagedConfig return } diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml index e7c94e2869..c35554548a 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -330,6 +330,7 @@ networks.operator.openshift.io: FeatureGates: - AdditionalRoutingCapabilities - NetworkLiveMigration + - NoOverlayMode - RouteAdvertisements FilenameOperatorName: network FilenameOperatorOrdering: "01" diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index d3475d9024..526e4c2014 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -1080,7 +1080,8 @@ var map_IngressControllerSpec = map[string]string{ "tuningOptions": "tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their respective defaults if not set. See specific tuningOptions fields for more details.\n\nSetting fields within tuningOptions is generally not recommended. The default values are suitable for most configurations.", "unsupportedConfigOverrides": "unsupportedConfigOverrides allows specifying unsupported configuration options. Its use is unsupported.", "httpCompression": "httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression.", - "idleConnectionTerminationPolicy": "idleConnectionTerminationPolicy maps directly to HAProxy's idle-close-on-response option and controls whether HAProxy keeps idle frontend connections open during a soft stop (router reload).\n\nAllowed values for this field are \"Immediate\" and \"Deferred\". The default value is \"Immediate\".\n\nWhen set to \"Immediate\", idle connections are closed immediately during router reloads. This ensures immediate propagation of route changes but may impact clients sensitive to connection resets.\n\nWhen set to \"Deferred\", HAProxy will maintain idle connections during a soft reload instead of closing them immediately. These connections remain open until any of the following occurs:\n\n - A new request is received on the connection, in which\n case HAProxy handles it in the old process and closes\n the connection after sending the response.\n\n - HAProxy's `timeout http-keep-alive` duration expires\n (300 seconds in OpenShift's configuration, not\n configurable).\n\n - The client's keep-alive timeout expires, causing the\n client to close the connection.\n\nSetting Deferred can help prevent errors in clients or load balancers that do not properly handle connection resets. Additionally, this option allows you to retain the pre-2.4 HAProxy behaviour: in HAProxy version 2.2 (OpenShift versions < 4.14), maintaining idle connections during a soft reload was the default behaviour, but starting with HAProxy 2.4, the default changed to closing idle connections immediately.\n\nImportant Consideration:\n\n - Using Deferred will result in temporary inconsistencies\n for the first request on each persistent connection\n after a route update and router reload. This request\n will be processed by the old HAProxy process using its\n old configuration. Subsequent requests will use the\n updated configuration.\n\nOperational Considerations:\n\n - Keeping idle connections open during reloads may lead\n to an accumulation of old HAProxy processes if\n connections remain idle for extended periods,\n especially in environments where frequent reloads\n occur.\n\n - Consider monitoring the number of HAProxy processes in\n the router pods when Deferred is set.\n\n - You may need to enable or adjust the\n `ingress.operator.openshift.io/hard-stop-after`\n duration (configured via an annotation on the\n IngressController resource) in environments with\n frequent reloads to prevent resource exhaustion.", + "idleConnectionTerminationPolicy": "idleConnectionTerminationPolicy maps directly to HAProxy's idle-close-on-response option and controls whether HAProxy keeps idle frontend connections open during a soft stop (router reload).\n\nAllowed values for this field are \"Immediate\" and \"Deferred\". The default value is \"Immediate\".\n\nWhen set to \"Immediate\", idle connections are closed immediately during router reloads. This ensures immediate propagation of route changes but may impact clients sensitive to connection resets.\n\nWhen set to \"Deferred\", HAProxy will maintain idle connections during a soft reload instead of closing them immediately. These connections remain open until any of the following occurs:\n\n - A new request is received on the connection, in which\n case HAProxy handles it in the old process and closes\n the connection after sending the response.\n\n - HAProxy's `timeout http-keep-alive` duration expires.\n By default this is 300 seconds, but it can be changed\n using httpKeepAliveTimeout tuning option.\n\n - The client's keep-alive timeout expires, causing the\n client to close the connection.\n\nSetting Deferred can help prevent errors in clients or load balancers that do not properly handle connection resets. Additionally, this option allows you to retain the pre-2.4 HAProxy behaviour: in HAProxy version 2.2 (OpenShift versions < 4.14), maintaining idle connections during a soft reload was the default behaviour, but starting with HAProxy 2.4, the default changed to closing idle connections immediately.\n\nImportant Consideration:\n\n - Using Deferred will result in temporary inconsistencies\n for the first request on each persistent connection\n after a route update and router reload. This request\n will be processed by the old HAProxy process using its\n old configuration. Subsequent requests will use the\n updated configuration.\n\nOperational Considerations:\n\n - Keeping idle connections open during reloads may lead\n to an accumulation of old HAProxy processes if\n connections remain idle for extended periods,\n especially in environments where frequent reloads\n occur.\n\n - Consider monitoring the number of HAProxy processes in\n the router pods when Deferred is set.\n\n - You may need to enable or adjust the\n `ingress.operator.openshift.io/hard-stop-after`\n duration (configured via an annotation on the\n IngressController resource) in environments with\n frequent reloads to prevent resource exhaustion.", + "closedClientConnectionPolicy": "closedClientConnectionPolicy controls how the IngressController behaves when the client closes the TCP connection while the TLS handshake or HTTP request is in progress. This option maps directly to HAProxy’s \"abortonclose\" option.\n\nValid values are: \"Abort\" and \"Continue\". The default value is \"Continue\".\n\nWhen set to \"Abort\", the router will stop processing the TLS handshake if it is in progress, and it will not send an HTTP request to the backend server if the request has not yet been sent when the client closes the connection.\n\nWhen set to \"Continue\", the router will complete the TLS handshake if it is in progress, or send an HTTP request to the backend server and wait for the backend server's response, regardless of whether the client has closed the connection.\n\nSetting \"Abort\" can help free CPU resources otherwise spent on TLS computation for connections the client has already closed, and can reduce request queue size, thereby reducing the load on saturated backend servers.\n\nImportant Considerations:\n\n - The default policy (\"Continue\") is HTTP-compliant, and requests\n for aborted client connections will still be served.\n Use the \"Continue\" policy to allow a client to send a request\n and then immediately close its side of the connection while\n still receiving a response on the half-closed connection.\n\n - When clients use keep-alive connections, the most common case for premature\n closure is when the user wants to cancel the transfer or when a timeout\n occurs. In that case, the \"Abort\" policy may be used to reduce resource consumption.\n\n - Using RSA keys larger than 2048 bits can significantly slow down\n TLS computations. Consider using the \"Abort\" policy to reduce CPU usage.", } func (IngressControllerSpec) SwaggerDoc() map[string]string { @@ -1115,6 +1116,7 @@ var map_IngressControllerTuningOptions = map[string]string{ "serverFinTimeout": "serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection.\n\nIf unset, the default timeout is 1s", "tunnelTimeout": "tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle.\n\nIf unset, the default timeout is 1h", "connectTimeout": "connectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s.", + "httpKeepAliveTimeout": "httpKeepAliveTimeout defines the maximum allowed time to wait for a new HTTP request to appear on a connection from the client to the router.\n\nThis field expects an unsigned duration string of a decimal number, with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5s\" or \"2m45s\". Valid time units are \"ms\", \"s\", \"m\". The allowed range is from 1 millisecond to 15 minutes.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 300s.\n\nLow values (tens of milliseconds or less) can cause clients to close and reopen connections for each request, leading to reduced connection sharing. For HTTP/2, special care should be taken with low values. A few seconds is a reasonable starting point to avoid holding idle connections open while still allowing subsequent requests to reuse the connection.\n\nHigh values (minutes or more) favor connection reuse but may cause idle connections to linger longer.", "tlsInspectDelay": "tlsInspectDelay defines how long the router can hold data to find a matching route.\n\nSetting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used.\n\nIf unset, the default inspect delay is 5s", "healthCheckInterval": "healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation \"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.", "maxConnections": "maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed.\n\nPermitted values are: empty, 0, -1, and the range 2000-2000000.\n\nIf this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases.\n\nIf the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000.\n\nSetting a value that is greater than the current operating system limit will prevent the HAProxy process from starting.\n\nIf you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there's no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime.\n\nYou can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.\n\nYou can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'.", @@ -1667,6 +1669,16 @@ func (AdditionalRoutingCapabilities) SwaggerDoc() map[string]string { return map_AdditionalRoutingCapabilities } +var map_BGPManagedConfig = map[string]string{ + "": "BGPManagedConfig contains configuration options for BGP when routing is \"Managed\".", + "asNumber": "asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) to be used in the generated FRR configuration. Valid values are 1 to 4294967295. When omitted, this defaults to 64512.", + "bgpTopology": "bgpTopology defines the BGP topology to be used. Allowed values are \"FullMesh\". When set to \"FullMesh\", every node deploys a BGP router, forming a BGP full mesh. This field is required when BGPManagedConfig is specified.", +} + +func (BGPManagedConfig) SwaggerDoc() map[string]string { + return map_BGPManagedConfig +} + var map_ClusterNetworkEntry = map[string]string{ "": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks", } @@ -1894,20 +1906,33 @@ func (NetworkStatus) SwaggerDoc() map[string]string { return map_NetworkStatus } +var map_NoOverlayOptions = map[string]string{ + "": "NoOverlayOptions contains configuration options for networks operating in no-overlay mode.", + "outboundSNAT": "outboundSNAT defines the SNAT behavior for outbound traffic from pods. Allowed values are \"Enabled\" and \"Disabled\". When set to \"Enabled\", SNAT is performed on outbound traffic from pods. When set to \"Disabled\", SNAT is not performed and pod IPs are preserved in outbound traffic. This field is required when the network operates in no-overlay mode.", + "routing": "routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. Allowed values are \"Managed\" and \"Unmanaged\". When set to \"Managed\", OVN-Kubernetes manages the pod network routing configuration through BGP. When set to \"Unmanaged\", users are responsible for configuring the pod network routing. This field is required when the network operates in no-overlay mode.", +} + +func (NoOverlayOptions) SwaggerDoc() map[string]string { + return map_NoOverlayOptions +} + var map_OVNKubernetesConfig = map[string]string{ - "": "ovnKubernetesConfig contains the configuration parameters for networks using the ovn-kubernetes network project", - "mtu": "mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400", - "genevePort": "geneve port is the UDP port to be used by geneve encapulation. Default is 6081", - "hybridOverlayConfig": "hybridOverlayConfig configures an additional overlay network for peers that are not using OVN.", - "ipsecConfig": "ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.", - "policyAuditConfig": "policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.", - "gatewayConfig": "gatewayConfig holds the configuration for node gateway options.", - "v4InternalSubnet": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is 100.64.0.0/16", - "v6InternalSubnet": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is fd98::/64", - "egressIPConfig": "egressIPConfig holds the configuration for EgressIP options.", - "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", - "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", - "routeAdvertisements": "routeAdvertisements determines if the functionality to advertise cluster network routes through a dynamic routing protocol, such as BGP, is enabled or not. This functionality is configured through the ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing capability provider to be enabled as an additional routing capability. Allowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is \"Disabled\".", + "": "ovnKubernetesConfig contains the configuration parameters for networks using the ovn-kubernetes network project", + "mtu": "mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400", + "genevePort": "geneve port is the UDP port to be used by geneve encapulation. Default is 6081", + "hybridOverlayConfig": "hybridOverlayConfig configures an additional overlay network for peers that are not using OVN.", + "ipsecConfig": "ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.", + "policyAuditConfig": "policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.", + "gatewayConfig": "gatewayConfig holds the configuration for node gateway options.", + "v4InternalSubnet": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is 100.64.0.0/16", + "v6InternalSubnet": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is fd98::/64", + "egressIPConfig": "egressIPConfig holds the configuration for EgressIP options.", + "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", + "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", + "routeAdvertisements": "routeAdvertisements determines if the functionality to advertise cluster network routes through a dynamic routing protocol, such as BGP, is enabled or not. This functionality is configured through the ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing capability provider to be enabled as an additional routing capability. Allowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is \"Disabled\".", + "defaultNetworkTransport": "defaultNetworkTransport describes the transport protocol for east-west traffic for the default network. Allowed values are \"NoOverlay\" and \"Geneve\". When set to \"NoOverlay\", the default network operates in no-overlay mode. When set to \"Geneve\", the default network uses Geneve overlay. When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. The current default is \"Geneve\".", + "defaultNetworkNoOverlayOptions": "defaultNetworkNoOverlayOptions contains configuration for no-overlay mode for the default network. It is required when DefaultNetworkTransport is \"NoOverlay\". When omitted, this means the user does not configure no-overlay mode options.", + "bgpManagedConfig": "bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) in no-overlay mode that specify routing=\"Managed\" in their NoOverlayOptions. It is required when DefaultNetworkNoOverlayOptions.Routing is set to \"Managed\". When omitted, this means the user does not configure BGP for managed routing.", } func (OVNKubernetesConfig) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go index b217e5bdcd..53d86d2fdd 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go @@ -2,6 +2,10 @@ package v1 +import ( + configv1 "github.com/openshift/api/config/v1" +) + // AWSPlatformStatusApplyConfiguration represents a declarative configuration of the AWSPlatformStatus type for use // with apply. type AWSPlatformStatusApplyConfiguration struct { @@ -9,6 +13,7 @@ type AWSPlatformStatusApplyConfiguration struct { ServiceEndpoints []AWSServiceEndpointApplyConfiguration `json:"serviceEndpoints,omitempty"` ResourceTags []AWSResourceTagApplyConfiguration `json:"resourceTags,omitempty"` CloudLoadBalancerConfig *CloudLoadBalancerConfigApplyConfiguration `json:"cloudLoadBalancerConfig,omitempty"` + IPFamily *configv1.IPFamilyType `json:"ipFamily,omitempty"` } // AWSPlatformStatusApplyConfiguration constructs a declarative configuration of the AWSPlatformStatus type for use with @@ -58,3 +63,11 @@ func (b *AWSPlatformStatusApplyConfiguration) WithCloudLoadBalancerConfig(value b.CloudLoadBalancerConfig = value return b } + +// WithIPFamily sets the IPFamily field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the IPFamily field is set to the value of the last call. +func (b *AWSPlatformStatusApplyConfiguration) WithIPFamily(value configv1.IPFamilyType) *AWSPlatformStatusApplyConfiguration { + b.IPFamily = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go index 3d1a83d28a..774641c829 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go @@ -15,6 +15,7 @@ type AzurePlatformStatusApplyConfiguration struct { ARMEndpoint *string `json:"armEndpoint,omitempty"` ResourceTags []AzureResourceTagApplyConfiguration `json:"resourceTags,omitempty"` CloudLoadBalancerConfig *CloudLoadBalancerConfigApplyConfiguration `json:"cloudLoadBalancerConfig,omitempty"` + IPFamily *configv1.IPFamilyType `json:"ipFamily,omitempty"` } // AzurePlatformStatusApplyConfiguration constructs a declarative configuration of the AzurePlatformStatus type for use with @@ -75,3 +76,11 @@ func (b *AzurePlatformStatusApplyConfiguration) WithCloudLoadBalancerConfig(valu b.CloudLoadBalancerConfig = value return b } + +// WithIPFamily sets the IPFamily field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the IPFamily field is set to the value of the last call. +func (b *AzurePlatformStatusApplyConfiguration) WithIPFamily(value configv1.IPFamilyType) *AzurePlatformStatusApplyConfiguration { + b.IPFamily = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go index 55b875c7c4..315dc309ca 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go @@ -15,6 +15,7 @@ type BareMetalPlatformStatusApplyConfiguration struct { IngressIPs []string `json:"ingressIPs,omitempty"` NodeDNSIP *string `json:"nodeDNSIP,omitempty"` LoadBalancer *BareMetalPlatformLoadBalancerApplyConfiguration `json:"loadBalancer,omitempty"` + DNSRecordsType *configv1.DNSRecordsType `json:"dnsRecordsType,omitempty"` MachineNetworks []configv1.CIDR `json:"machineNetworks,omitempty"` } @@ -76,6 +77,14 @@ func (b *BareMetalPlatformStatusApplyConfiguration) WithLoadBalancer(value *Bare return b } +// WithDNSRecordsType sets the DNSRecordsType field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSRecordsType field is set to the value of the last call. +func (b *BareMetalPlatformStatusApplyConfiguration) WithDNSRecordsType(value configv1.DNSRecordsType) *BareMetalPlatformStatusApplyConfiguration { + b.DNSRecordsType = &value + return b +} + // WithMachineNetworks adds the given value to the MachineNetworks field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the MachineNetworks field. diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go deleted file mode 100644 index 77234d0df5..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/custom.go +++ /dev/null @@ -1,28 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1 - -// CustomApplyConfiguration represents a declarative configuration of the Custom type for use -// with apply. -type CustomApplyConfiguration struct { - Configs []GathererConfigApplyConfiguration `json:"configs,omitempty"` -} - -// CustomApplyConfiguration constructs a declarative configuration of the Custom type for use with -// apply. -func Custom() *CustomApplyConfiguration { - return &CustomApplyConfiguration{} -} - -// WithConfigs adds the given value to the Configs field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the Configs field. -func (b *CustomApplyConfiguration) WithConfigs(values ...*GathererConfigApplyConfiguration) *CustomApplyConfiguration { - for i := range values { - if values[i] == nil { - panic("nil value passed to WithConfigs") - } - b.Configs = append(b.Configs, *values[i]) - } - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go deleted file mode 100644 index eaa7965192..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherconfig.go +++ /dev/null @@ -1,47 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1 - -import ( - configv1 "github.com/openshift/api/config/v1" -) - -// GatherConfigApplyConfiguration represents a declarative configuration of the GatherConfig type for use -// with apply. -type GatherConfigApplyConfiguration struct { - DataPolicy []configv1.DataPolicyOption `json:"dataPolicy,omitempty"` - Gatherers *GatherersApplyConfiguration `json:"gatherers,omitempty"` - Storage *StorageApplyConfiguration `json:"storage,omitempty"` -} - -// GatherConfigApplyConfiguration constructs a declarative configuration of the GatherConfig type for use with -// apply. -func GatherConfig() *GatherConfigApplyConfiguration { - return &GatherConfigApplyConfiguration{} -} - -// WithDataPolicy adds the given value to the DataPolicy field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the DataPolicy field. -func (b *GatherConfigApplyConfiguration) WithDataPolicy(values ...configv1.DataPolicyOption) *GatherConfigApplyConfiguration { - for i := range values { - b.DataPolicy = append(b.DataPolicy, values[i]) - } - return b -} - -// WithGatherers sets the Gatherers field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Gatherers field is set to the value of the last call. -func (b *GatherConfigApplyConfiguration) WithGatherers(value *GatherersApplyConfiguration) *GatherConfigApplyConfiguration { - b.Gatherers = value - return b -} - -// WithStorage sets the Storage field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Storage field is set to the value of the last call. -func (b *GatherConfigApplyConfiguration) WithStorage(value *StorageApplyConfiguration) *GatherConfigApplyConfiguration { - b.Storage = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go deleted file mode 100644 index caa8b79d03..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gathererconfig.go +++ /dev/null @@ -1,36 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1 - -import ( - configv1 "github.com/openshift/api/config/v1" -) - -// GathererConfigApplyConfiguration represents a declarative configuration of the GathererConfig type for use -// with apply. -type GathererConfigApplyConfiguration struct { - Name *string `json:"name,omitempty"` - State *configv1.GathererState `json:"state,omitempty"` -} - -// GathererConfigApplyConfiguration constructs a declarative configuration of the GathererConfig type for use with -// apply. -func GathererConfig() *GathererConfigApplyConfiguration { - return &GathererConfigApplyConfiguration{} -} - -// WithName sets the Name field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Name field is set to the value of the last call. -func (b *GathererConfigApplyConfiguration) WithName(value string) *GathererConfigApplyConfiguration { - b.Name = &value - return b -} - -// WithState sets the State field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the State field is set to the value of the last call. -func (b *GathererConfigApplyConfiguration) WithState(value configv1.GathererState) *GathererConfigApplyConfiguration { - b.State = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go deleted file mode 100644 index 32469f512b..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gatherers.go +++ /dev/null @@ -1,36 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1 - -import ( - configv1 "github.com/openshift/api/config/v1" -) - -// GatherersApplyConfiguration represents a declarative configuration of the Gatherers type for use -// with apply. -type GatherersApplyConfiguration struct { - Mode *configv1.GatheringMode `json:"mode,omitempty"` - Custom *CustomApplyConfiguration `json:"custom,omitempty"` -} - -// GatherersApplyConfiguration constructs a declarative configuration of the Gatherers type for use with -// apply. -func Gatherers() *GatherersApplyConfiguration { - return &GatherersApplyConfiguration{} -} - -// WithMode sets the Mode field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Mode field is set to the value of the last call. -func (b *GatherersApplyConfiguration) WithMode(value configv1.GatheringMode) *GatherersApplyConfiguration { - b.Mode = &value - return b -} - -// WithCustom sets the Custom field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Custom field is set to the value of the last call. -func (b *GatherersApplyConfiguration) WithCustom(value *CustomApplyConfiguration) *GatherersApplyConfiguration { - b.Custom = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go index 3f67e9e359..9c28888cf9 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpplatformstatus.go @@ -10,7 +10,6 @@ type GCPPlatformStatusApplyConfiguration struct { ResourceLabels []GCPResourceLabelApplyConfiguration `json:"resourceLabels,omitempty"` ResourceTags []GCPResourceTagApplyConfiguration `json:"resourceTags,omitempty"` CloudLoadBalancerConfig *CloudLoadBalancerConfigApplyConfiguration `json:"cloudLoadBalancerConfig,omitempty"` - ServiceEndpoints []GCPServiceEndpointApplyConfiguration `json:"serviceEndpoints,omitempty"` } // GCPPlatformStatusApplyConfiguration constructs a declarative configuration of the GCPPlatformStatus type for use with @@ -68,16 +67,3 @@ func (b *GCPPlatformStatusApplyConfiguration) WithCloudLoadBalancerConfig(value b.CloudLoadBalancerConfig = value return b } - -// WithServiceEndpoints adds the given value to the ServiceEndpoints field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the ServiceEndpoints field. -func (b *GCPPlatformStatusApplyConfiguration) WithServiceEndpoints(values ...*GCPServiceEndpointApplyConfiguration) *GCPPlatformStatusApplyConfiguration { - for i := range values { - if values[i] == nil { - panic("nil value passed to WithServiceEndpoints") - } - b.ServiceEndpoints = append(b.ServiceEndpoints, *values[i]) - } - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpserviceendpoint.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpserviceendpoint.go deleted file mode 100644 index 2cb9d0a7ca..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/gcpserviceendpoint.go +++ /dev/null @@ -1,36 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1 - -import ( - configv1 "github.com/openshift/api/config/v1" -) - -// GCPServiceEndpointApplyConfiguration represents a declarative configuration of the GCPServiceEndpoint type for use -// with apply. -type GCPServiceEndpointApplyConfiguration struct { - Name *configv1.GCPServiceEndpointName `json:"name,omitempty"` - URL *string `json:"url,omitempty"` -} - -// GCPServiceEndpointApplyConfiguration constructs a declarative configuration of the GCPServiceEndpoint type for use with -// apply. -func GCPServiceEndpoint() *GCPServiceEndpointApplyConfiguration { - return &GCPServiceEndpointApplyConfiguration{} -} - -// WithName sets the Name field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Name field is set to the value of the last call. -func (b *GCPServiceEndpointApplyConfiguration) WithName(value configv1.GCPServiceEndpointName) *GCPServiceEndpointApplyConfiguration { - b.Name = &value - return b -} - -// WithURL sets the URL field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the URL field is set to the value of the last call. -func (b *GCPServiceEndpointApplyConfiguration) WithURL(value string) *GCPServiceEndpointApplyConfiguration { - b.URL = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagatherspec.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagatherspec.go deleted file mode 100644 index 4be6d441a8..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagatherspec.go +++ /dev/null @@ -1,23 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1 - -// InsightsDataGatherSpecApplyConfiguration represents a declarative configuration of the InsightsDataGatherSpec type for use -// with apply. -type InsightsDataGatherSpecApplyConfiguration struct { - GatherConfig *GatherConfigApplyConfiguration `json:"gatherConfig,omitempty"` -} - -// InsightsDataGatherSpecApplyConfiguration constructs a declarative configuration of the InsightsDataGatherSpec type for use with -// apply. -func InsightsDataGatherSpec() *InsightsDataGatherSpecApplyConfiguration { - return &InsightsDataGatherSpecApplyConfiguration{} -} - -// WithGatherConfig sets the GatherConfig field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the GatherConfig field is set to the value of the last call. -func (b *InsightsDataGatherSpecApplyConfiguration) WithGatherConfig(value *GatherConfigApplyConfiguration) *InsightsDataGatherSpecApplyConfiguration { - b.GatherConfig = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go index d7988e5115..5c61ef9801 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/nutanixplatformstatus.go @@ -2,6 +2,10 @@ package v1 +import ( + configv1 "github.com/openshift/api/config/v1" +) + // NutanixPlatformStatusApplyConfiguration represents a declarative configuration of the NutanixPlatformStatus type for use // with apply. type NutanixPlatformStatusApplyConfiguration struct { @@ -10,6 +14,7 @@ type NutanixPlatformStatusApplyConfiguration struct { IngressIP *string `json:"ingressIP,omitempty"` IngressIPs []string `json:"ingressIPs,omitempty"` LoadBalancer *NutanixPlatformLoadBalancerApplyConfiguration `json:"loadBalancer,omitempty"` + DNSRecordsType *configv1.DNSRecordsType `json:"dnsRecordsType,omitempty"` } // NutanixPlatformStatusApplyConfiguration constructs a declarative configuration of the NutanixPlatformStatus type for use with @@ -61,3 +66,11 @@ func (b *NutanixPlatformStatusApplyConfiguration) WithLoadBalancer(value *Nutani b.LoadBalancer = value return b } + +// WithDNSRecordsType sets the DNSRecordsType field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSRecordsType field is set to the value of the last call. +func (b *NutanixPlatformStatusApplyConfiguration) WithDNSRecordsType(value configv1.DNSRecordsType) *NutanixPlatformStatusApplyConfiguration { + b.DNSRecordsType = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go index f06c78e243..4052769489 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/openstackplatformstatus.go @@ -16,6 +16,7 @@ type OpenStackPlatformStatusApplyConfiguration struct { IngressIPs []string `json:"ingressIPs,omitempty"` NodeDNSIP *string `json:"nodeDNSIP,omitempty"` LoadBalancer *OpenStackPlatformLoadBalancerApplyConfiguration `json:"loadBalancer,omitempty"` + DNSRecordsType *configv1.DNSRecordsType `json:"dnsRecordsType,omitempty"` MachineNetworks []configv1.CIDR `json:"machineNetworks,omitempty"` } @@ -85,6 +86,14 @@ func (b *OpenStackPlatformStatusApplyConfiguration) WithLoadBalancer(value *Open return b } +// WithDNSRecordsType sets the DNSRecordsType field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSRecordsType field is set to the value of the last call. +func (b *OpenStackPlatformStatusApplyConfiguration) WithDNSRecordsType(value configv1.DNSRecordsType) *OpenStackPlatformStatusApplyConfiguration { + b.DNSRecordsType = &value + return b +} + // WithMachineNetworks adds the given value to the MachineNetworks field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the MachineNetworks field. diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go index 18ad5d8492..dab2c7a101 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/ovirtplatformstatus.go @@ -2,6 +2,10 @@ package v1 +import ( + configv1 "github.com/openshift/api/config/v1" +) + // OvirtPlatformStatusApplyConfiguration represents a declarative configuration of the OvirtPlatformStatus type for use // with apply. type OvirtPlatformStatusApplyConfiguration struct { @@ -11,6 +15,7 @@ type OvirtPlatformStatusApplyConfiguration struct { IngressIPs []string `json:"ingressIPs,omitempty"` NodeDNSIP *string `json:"nodeDNSIP,omitempty"` LoadBalancer *OvirtPlatformLoadBalancerApplyConfiguration `json:"loadBalancer,omitempty"` + DNSRecordsType *configv1.DNSRecordsType `json:"dnsRecordsType,omitempty"` } // OvirtPlatformStatusApplyConfiguration constructs a declarative configuration of the OvirtPlatformStatus type for use with @@ -70,3 +75,11 @@ func (b *OvirtPlatformStatusApplyConfiguration) WithLoadBalancer(value *OvirtPla b.LoadBalancer = value return b } + +// WithDNSRecordsType sets the DNSRecordsType field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSRecordsType field is set to the value of the last call. +func (b *OvirtPlatformStatusApplyConfiguration) WithDNSRecordsType(value configv1.DNSRecordsType) *OvirtPlatformStatusApplyConfiguration { + b.DNSRecordsType = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeclaimreference.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeclaimreference.go deleted file mode 100644 index 49daf4bc2a..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeclaimreference.go +++ /dev/null @@ -1,23 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1 - -// PersistentVolumeClaimReferenceApplyConfiguration represents a declarative configuration of the PersistentVolumeClaimReference type for use -// with apply. -type PersistentVolumeClaimReferenceApplyConfiguration struct { - Name *string `json:"name,omitempty"` -} - -// PersistentVolumeClaimReferenceApplyConfiguration constructs a declarative configuration of the PersistentVolumeClaimReference type for use with -// apply. -func PersistentVolumeClaimReference() *PersistentVolumeClaimReferenceApplyConfiguration { - return &PersistentVolumeClaimReferenceApplyConfiguration{} -} - -// WithName sets the Name field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Name field is set to the value of the last call. -func (b *PersistentVolumeClaimReferenceApplyConfiguration) WithName(value string) *PersistentVolumeClaimReferenceApplyConfiguration { - b.Name = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeconfig.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeconfig.go deleted file mode 100644 index c62fdbcf99..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/persistentvolumeconfig.go +++ /dev/null @@ -1,32 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1 - -// PersistentVolumeConfigApplyConfiguration represents a declarative configuration of the PersistentVolumeConfig type for use -// with apply. -type PersistentVolumeConfigApplyConfiguration struct { - Claim *PersistentVolumeClaimReferenceApplyConfiguration `json:"claim,omitempty"` - MountPath *string `json:"mountPath,omitempty"` -} - -// PersistentVolumeConfigApplyConfiguration constructs a declarative configuration of the PersistentVolumeConfig type for use with -// apply. -func PersistentVolumeConfig() *PersistentVolumeConfigApplyConfiguration { - return &PersistentVolumeConfigApplyConfiguration{} -} - -// WithClaim sets the Claim field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Claim field is set to the value of the last call. -func (b *PersistentVolumeConfigApplyConfiguration) WithClaim(value *PersistentVolumeClaimReferenceApplyConfiguration) *PersistentVolumeConfigApplyConfiguration { - b.Claim = value - return b -} - -// WithMountPath sets the MountPath field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the MountPath field is set to the value of the last call. -func (b *PersistentVolumeConfigApplyConfiguration) WithMountPath(value string) *PersistentVolumeConfigApplyConfiguration { - b.MountPath = &value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/storage.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/storage.go deleted file mode 100644 index 405df6c132..0000000000 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/storage.go +++ /dev/null @@ -1,36 +0,0 @@ -// Code generated by applyconfiguration-gen. DO NOT EDIT. - -package v1 - -import ( - configv1 "github.com/openshift/api/config/v1" -) - -// StorageApplyConfiguration represents a declarative configuration of the Storage type for use -// with apply. -type StorageApplyConfiguration struct { - Type *configv1.StorageType `json:"type,omitempty"` - PersistentVolume *PersistentVolumeConfigApplyConfiguration `json:"persistentVolume,omitempty"` -} - -// StorageApplyConfiguration constructs a declarative configuration of the Storage type for use with -// apply. -func Storage() *StorageApplyConfiguration { - return &StorageApplyConfiguration{} -} - -// WithType sets the Type field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Type field is set to the value of the last call. -func (b *StorageApplyConfiguration) WithType(value configv1.StorageType) *StorageApplyConfiguration { - b.Type = &value - return b -} - -// WithPersistentVolume sets the PersistentVolume field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the PersistentVolume field is set to the value of the last call. -func (b *StorageApplyConfiguration) WithPersistentVolume(value *PersistentVolumeConfigApplyConfiguration) *StorageApplyConfiguration { - b.PersistentVolume = value - return b -} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformstatus.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformstatus.go index 36696df716..a3cfc9b1c7 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformstatus.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vsphereplatformstatus.go @@ -15,6 +15,7 @@ type VSpherePlatformStatusApplyConfiguration struct { IngressIPs []string `json:"ingressIPs,omitempty"` NodeDNSIP *string `json:"nodeDNSIP,omitempty"` LoadBalancer *VSpherePlatformLoadBalancerApplyConfiguration `json:"loadBalancer,omitempty"` + DNSRecordsType *configv1.DNSRecordsType `json:"dnsRecordsType,omitempty"` MachineNetworks []configv1.CIDR `json:"machineNetworks,omitempty"` } @@ -76,6 +77,14 @@ func (b *VSpherePlatformStatusApplyConfiguration) WithLoadBalancer(value *VSpher return b } +// WithDNSRecordsType sets the DNSRecordsType field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DNSRecordsType field is set to the value of the last call. +func (b *VSpherePlatformStatusApplyConfiguration) WithDNSRecordsType(value configv1.DNSRecordsType) *VSpherePlatformStatusApplyConfiguration { + b.DNSRecordsType = &value + return b +} + // WithMachineNetworks adds the given value to the MachineNetworks field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the MachineNetworks field. diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go index de325e3678..0d49eb95f2 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go @@ -164,6 +164,10 @@ var schemaYAML = typed.YAMLObject(`types: namedType: com.github.openshift.api.config.v1.CloudLoadBalancerConfig default: dnsType: PlatformDefault + - name: ipFamily + type: + scalar: string + default: IPv4 - name: region type: scalar: string @@ -363,6 +367,10 @@ var schemaYAML = typed.YAMLObject(`types: - name: cloudName type: scalar: string + - name: ipFamily + type: + scalar: string + default: IPv4 - name: networkResourceGroupName type: scalar: string @@ -429,6 +437,9 @@ var schemaYAML = typed.YAMLObject(`types: elementType: scalar: string elementRelationship: atomic + - name: dnsRecordsType + type: + scalar: string - name: ingressIP type: scalar: string @@ -1054,17 +1065,6 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.Custom - map: - fields: - - name: configs - type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.GathererConfig - elementRelationship: associative - keys: - - name - name: com.github.openshift.api.config.v1.CustomFeatureGates map: fields: @@ -1386,14 +1386,6 @@ var schemaYAML = typed.YAMLObject(`types: elementRelationship: associative keys: - key - - name: serviceEndpoints - type: - list: - elementType: - namedType: com.github.openshift.api.config.v1.GCPServiceEndpoint - elementRelationship: associative - keys: - - name - name: com.github.openshift.api.config.v1.GCPResourceLabel map: fields: @@ -1420,58 +1412,6 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.GCPServiceEndpoint - map: - fields: - - name: name - type: - scalar: string - default: "" - - name: url - type: - scalar: string - default: "" -- name: com.github.openshift.api.config.v1.GatherConfig - map: - fields: - - name: dataPolicy - type: - list: - elementType: - scalar: string - elementRelationship: atomic - - name: gatherers - type: - namedType: com.github.openshift.api.config.v1.Gatherers - default: {} - - name: storage - type: - namedType: com.github.openshift.api.config.v1.Storage - default: {} -- name: com.github.openshift.api.config.v1.GathererConfig - map: - fields: - - name: name - type: - scalar: string - - name: state - type: - scalar: string -- name: com.github.openshift.api.config.v1.Gatherers - map: - fields: - - name: custom - type: - namedType: com.github.openshift.api.config.v1.Custom - default: {} - - name: mode - type: - scalar: string - unions: - - discriminator: mode - fields: - - fieldName: custom - discriminatorValue: Custom - name: com.github.openshift.api.config.v1.GitHubIdentityProvider map: fields: @@ -2064,30 +2004,6 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.InsightsDataGather - map: - fields: - - name: apiVersion - type: - scalar: string - - name: kind - type: - scalar: string - - name: metadata - type: - namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta - default: {} - - name: spec - type: - namedType: com.github.openshift.api.config.v1.InsightsDataGatherSpec - default: {} -- name: com.github.openshift.api.config.v1.InsightsDataGatherSpec - map: - fields: - - name: gatherConfig - type: - namedType: com.github.openshift.api.config.v1.GatherConfig - default: {} - name: com.github.openshift.api.config.v1.IntermediateTLSProfile map: elementType: @@ -2499,6 +2415,9 @@ var schemaYAML = typed.YAMLObject(`types: elementType: scalar: string elementRelationship: associative + - name: dnsRecordsType + type: + scalar: string - name: ingressIP type: scalar: string @@ -2860,6 +2779,9 @@ var schemaYAML = typed.YAMLObject(`types: - name: cloudName type: scalar: string + - name: dnsRecordsType + type: + scalar: string - name: ingressIP type: scalar: string @@ -2969,6 +2891,9 @@ var schemaYAML = typed.YAMLObject(`types: elementType: scalar: string elementRelationship: associative + - name: dnsRecordsType + type: + scalar: string - name: ingressIP type: scalar: string @@ -3008,22 +2933,6 @@ var schemaYAML = typed.YAMLObject(`types: - name: hostname type: scalar: string -- name: com.github.openshift.api.config.v1.PersistentVolumeClaimReference - map: - fields: - - name: name - type: - scalar: string -- name: com.github.openshift.api.config.v1.PersistentVolumeConfig - map: - fields: - - name: claim - type: - namedType: com.github.openshift.api.config.v1.PersistentVolumeClaimReference - default: {} - - name: mountPath - type: - scalar: string - name: com.github.openshift.api.config.v1.PlatformSpec map: fields: @@ -3605,21 +3514,6 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" -- name: com.github.openshift.api.config.v1.Storage - map: - fields: - - name: persistentVolume - type: - namedType: com.github.openshift.api.config.v1.PersistentVolumeConfig - default: {} - - name: type - type: - scalar: string - unions: - - discriminator: type - fields: - - fieldName: persistentVolume - discriminatorValue: PersistentVolume - name: com.github.openshift.api.config.v1.TLSSecurityProfile map: fields: @@ -3970,6 +3864,9 @@ var schemaYAML = typed.YAMLObject(`types: elementType: scalar: string elementRelationship: atomic + - name: dnsRecordsType + type: + scalar: string - name: ingressIP type: scalar: string diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/config_client.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/config_client.go index afce6aef52..70957eee8b 100644 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/config_client.go +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/config_client.go @@ -28,7 +28,6 @@ type ConfigV1Interface interface { ImageTagMirrorSetsGetter InfrastructuresGetter IngressesGetter - InsightsDataGathersGetter NetworksGetter NodesGetter OAuthsGetter @@ -107,10 +106,6 @@ func (c *ConfigV1Client) Ingresses() IngressInterface { return newIngresses(c) } -func (c *ConfigV1Client) InsightsDataGathers() InsightsDataGatherInterface { - return newInsightsDataGathers(c) -} - func (c *ConfigV1Client) Networks() NetworkInterface { return newNetworks(c) } diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/generated_expansion.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/generated_expansion.go index 27c5fd110b..44ad19dcb3 100644 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/generated_expansion.go +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/generated_expansion.go @@ -34,8 +34,6 @@ type InfrastructureExpansion interface{} type IngressExpansion interface{} -type InsightsDataGatherExpansion interface{} - type NetworkExpansion interface{} type NodeExpansion interface{} diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/insightsdatagather.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/insightsdatagather.go deleted file mode 100644 index 43f6620122..0000000000 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/typed/config/v1/insightsdatagather.go +++ /dev/null @@ -1,54 +0,0 @@ -// Code generated by client-gen. DO NOT EDIT. - -package v1 - -import ( - context "context" - - configv1 "github.com/openshift/api/config/v1" - applyconfigurationsconfigv1 "github.com/openshift/client-go/config/applyconfigurations/config/v1" - scheme "github.com/openshift/client-go/config/clientset/versioned/scheme" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - gentype "k8s.io/client-go/gentype" -) - -// InsightsDataGathersGetter has a method to return a InsightsDataGatherInterface. -// A group's client should implement this interface. -type InsightsDataGathersGetter interface { - InsightsDataGathers() InsightsDataGatherInterface -} - -// InsightsDataGatherInterface has methods to work with InsightsDataGather resources. -type InsightsDataGatherInterface interface { - Create(ctx context.Context, insightsDataGather *configv1.InsightsDataGather, opts metav1.CreateOptions) (*configv1.InsightsDataGather, error) - Update(ctx context.Context, insightsDataGather *configv1.InsightsDataGather, opts metav1.UpdateOptions) (*configv1.InsightsDataGather, error) - Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error - Get(ctx context.Context, name string, opts metav1.GetOptions) (*configv1.InsightsDataGather, error) - List(ctx context.Context, opts metav1.ListOptions) (*configv1.InsightsDataGatherList, error) - Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *configv1.InsightsDataGather, err error) - Apply(ctx context.Context, insightsDataGather *applyconfigurationsconfigv1.InsightsDataGatherApplyConfiguration, opts metav1.ApplyOptions) (result *configv1.InsightsDataGather, err error) - InsightsDataGatherExpansion -} - -// insightsDataGathers implements InsightsDataGatherInterface -type insightsDataGathers struct { - *gentype.ClientWithListAndApply[*configv1.InsightsDataGather, *configv1.InsightsDataGatherList, *applyconfigurationsconfigv1.InsightsDataGatherApplyConfiguration] -} - -// newInsightsDataGathers returns a InsightsDataGathers -func newInsightsDataGathers(c *ConfigV1Client) *insightsDataGathers { - return &insightsDataGathers{ - gentype.NewClientWithListAndApply[*configv1.InsightsDataGather, *configv1.InsightsDataGatherList, *applyconfigurationsconfigv1.InsightsDataGatherApplyConfiguration]( - "insightsdatagathers", - c.RESTClient(), - scheme.ParameterCodec, - "", - func() *configv1.InsightsDataGather { return &configv1.InsightsDataGather{} }, - func() *configv1.InsightsDataGatherList { return &configv1.InsightsDataGatherList{} }, - ), - } -} diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/insightsdatagather.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/insightsdatagather.go deleted file mode 100644 index 53a1739911..0000000000 --- a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/insightsdatagather.go +++ /dev/null @@ -1,85 +0,0 @@ -// Code generated by informer-gen. DO NOT EDIT. - -package v1 - -import ( - context "context" - time "time" - - apiconfigv1 "github.com/openshift/api/config/v1" - versioned "github.com/openshift/client-go/config/clientset/versioned" - internalinterfaces "github.com/openshift/client-go/config/informers/externalversions/internalinterfaces" - configv1 "github.com/openshift/client-go/config/listers/config/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// InsightsDataGatherInformer provides access to a shared informer and lister for -// InsightsDataGathers. -type InsightsDataGatherInformer interface { - Informer() cache.SharedIndexInformer - Lister() configv1.InsightsDataGatherLister -} - -type insightsDataGatherInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewInsightsDataGatherInformer constructs a new informer for InsightsDataGather type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewInsightsDataGatherInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredInsightsDataGatherInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredInsightsDataGatherInformer constructs a new informer for InsightsDataGather type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredInsightsDataGatherInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1().InsightsDataGathers().List(context.Background(), options) - }, - WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1().InsightsDataGathers().Watch(context.Background(), options) - }, - ListWithContextFunc: func(ctx context.Context, options metav1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1().InsightsDataGathers().List(ctx, options) - }, - WatchFuncWithContext: func(ctx context.Context, options metav1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.ConfigV1().InsightsDataGathers().Watch(ctx, options) - }, - }, - &apiconfigv1.InsightsDataGather{}, - resyncPeriod, - indexers, - ) -} - -func (f *insightsDataGatherInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredInsightsDataGatherInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *insightsDataGatherInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&apiconfigv1.InsightsDataGather{}, f.defaultInformer) -} - -func (f *insightsDataGatherInformer) Lister() configv1.InsightsDataGatherLister { - return configv1.NewInsightsDataGatherLister(f.Informer().GetIndexer()) -} diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/interface.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/interface.go index 0ad1b98f37..ff4c521b04 100644 --- a/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/interface.go +++ b/vendor/github.com/openshift/client-go/config/informers/externalversions/config/v1/interface.go @@ -40,8 +40,6 @@ type Interface interface { Infrastructures() InfrastructureInformer // Ingresses returns a IngressInformer. Ingresses() IngressInformer - // InsightsDataGathers returns a InsightsDataGatherInformer. - InsightsDataGathers() InsightsDataGatherInformer // Networks returns a NetworkInformer. Networks() NetworkInformer // Nodes returns a NodeInformer. @@ -149,11 +147,6 @@ func (v *version) Ingresses() IngressInformer { return &ingressInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } -// InsightsDataGathers returns a InsightsDataGatherInformer. -func (v *version) InsightsDataGathers() InsightsDataGatherInformer { - return &insightsDataGatherInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - // Networks returns a NetworkInformer. func (v *version) Networks() NetworkInformer { return &networkInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} diff --git a/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go b/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go index 146e7e9754..59c98ea77c 100644 --- a/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go +++ b/vendor/github.com/openshift/client-go/config/informers/externalversions/generic.go @@ -71,8 +71,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1().Infrastructures().Informer()}, nil case v1.SchemeGroupVersion.WithResource("ingresses"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1().Ingresses().Informer()}, nil - case v1.SchemeGroupVersion.WithResource("insightsdatagathers"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1().InsightsDataGathers().Informer()}, nil case v1.SchemeGroupVersion.WithResource("networks"): return &genericInformer{resource: resource.GroupResource(), informer: f.Config().V1().Networks().Informer()}, nil case v1.SchemeGroupVersion.WithResource("nodes"): diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/expansion_generated.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/expansion_generated.go index ca93cb2838..d4e79cd0ea 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/expansion_generated.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/expansion_generated.go @@ -70,10 +70,6 @@ type InfrastructureListerExpansion interface{} // IngressLister. type IngressListerExpansion interface{} -// InsightsDataGatherListerExpansion allows custom methods to be added to -// InsightsDataGatherLister. -type InsightsDataGatherListerExpansion interface{} - // NetworkListerExpansion allows custom methods to be added to // NetworkLister. type NetworkListerExpansion interface{} diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/insightsdatagather.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/insightsdatagather.go deleted file mode 100644 index 79da7823ff..0000000000 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/insightsdatagather.go +++ /dev/null @@ -1,32 +0,0 @@ -// Code generated by lister-gen. DO NOT EDIT. - -package v1 - -import ( - configv1 "github.com/openshift/api/config/v1" - labels "k8s.io/apimachinery/pkg/labels" - listers "k8s.io/client-go/listers" - cache "k8s.io/client-go/tools/cache" -) - -// InsightsDataGatherLister helps list InsightsDataGathers. -// All objects returned here must be treated as read-only. -type InsightsDataGatherLister interface { - // List lists all InsightsDataGathers in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*configv1.InsightsDataGather, err error) - // Get retrieves the InsightsDataGather from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*configv1.InsightsDataGather, error) - InsightsDataGatherListerExpansion -} - -// insightsDataGatherLister implements the InsightsDataGatherLister interface. -type insightsDataGatherLister struct { - listers.ResourceIndexer[*configv1.InsightsDataGather] -} - -// NewInsightsDataGatherLister returns a new InsightsDataGatherLister. -func NewInsightsDataGatherLister(indexer cache.Indexer) InsightsDataGatherLister { - return &insightsDataGatherLister{listers.New[*configv1.InsightsDataGather](indexer, configv1.Resource("insightsdatagather"))} -} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal/internal.go index dfbf8d8a96..e33d9fa11e 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal/internal.go @@ -113,6 +113,80 @@ var schemaYAML = typed.YAMLObject(`types: elementType: namedType: __untyped_deduced_ elementRelationship: separable +- name: com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImage + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + default: {} + - name: spec + type: + namedType: com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageSpec + default: {} + - name: status + type: + namedType: com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageStatus + default: {} +- name: com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageBundleStatus + map: + fields: + - name: conditions + type: + list: + elementType: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + elementRelationship: associative + keys: + - type + - name: image + type: + scalar: string + - name: name + type: + scalar: string +- name: com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageRef + map: + fields: + - name: name + type: + scalar: string +- name: com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageSpec + map: + fields: + - name: releases + type: + list: + elementType: + namedType: com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageRef + elementRelationship: associative + keys: + - name +- name: com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageStatus + map: + fields: + - name: conditions + type: + list: + elementType: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Condition + elementRelationship: associative + keys: + - type + - name: releases + type: + list: + elementType: + namedType: com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageBundleStatus + elementRelationship: associative + keys: + - name - name: com.github.openshift.api.machineconfiguration.v1alpha1.MCOObjectReference map: fields: @@ -219,13 +293,70 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" +- name: com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStream + map: + fields: + - name: apiVersion + type: + scalar: string + - name: kind + type: + scalar: string + - name: metadata + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta + default: {} + - name: spec + type: + namedType: com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSpec + - name: status + type: + namedType: com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamStatus + default: {} +- name: com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSet + map: + fields: + - name: name + type: + scalar: string + - name: osExtensionsImage + type: + scalar: string + - name: osImage + type: + scalar: string +- name: com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSpec + map: + elementType: + scalar: untyped + list: + elementType: + namedType: __untyped_atomic_ + elementRelationship: atomic + map: + elementType: + namedType: __untyped_deduced_ + elementRelationship: separable +- name: com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamStatus + map: + fields: + - name: availableStreams + type: + list: + elementType: + namedType: com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSet + elementRelationship: associative + keys: + - name + - name: defaultStream + type: + scalar: string - name: com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageRef map: fields: - name: name type: scalar: string - default: "" - name: com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSet map: fields: diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatus.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatus.go index 0052db33ea..a96fd0e2e5 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatus.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatus.go @@ -15,6 +15,7 @@ type MachineConfigNodeStatusApplyConfiguration struct { ConfigImage *MachineConfigNodeStatusConfigImageApplyConfiguration `json:"configImage,omitempty"` PinnedImageSets []MachineConfigNodeStatusPinnedImageSetApplyConfiguration `json:"pinnedImageSets,omitempty"` IrreconcilableChanges []IrreconcilableChangeDiffApplyConfiguration `json:"irreconcilableChanges,omitempty"` + InternalReleaseImage *MachineConfigNodeStatusInternalReleaseImageApplyConfiguration `json:"internalReleaseImage,omitempty"` } // MachineConfigNodeStatusApplyConfiguration constructs a declarative configuration of the MachineConfigNodeStatus type for use with @@ -85,3 +86,11 @@ func (b *MachineConfigNodeStatusApplyConfiguration) WithIrreconcilableChanges(va } return b } + +// WithInternalReleaseImage sets the InternalReleaseImage field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the InternalReleaseImage field is set to the value of the last call. +func (b *MachineConfigNodeStatusApplyConfiguration) WithInternalReleaseImage(value *MachineConfigNodeStatusInternalReleaseImageApplyConfiguration) *MachineConfigNodeStatusApplyConfiguration { + b.InternalReleaseImage = value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatusinternalreleaseimage.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatusinternalreleaseimage.go new file mode 100644 index 0000000000..e9f40f6d3b --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatusinternalreleaseimage.go @@ -0,0 +1,28 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// MachineConfigNodeStatusInternalReleaseImageApplyConfiguration represents a declarative configuration of the MachineConfigNodeStatusInternalReleaseImage type for use +// with apply. +type MachineConfigNodeStatusInternalReleaseImageApplyConfiguration struct { + Releases []MachineConfigNodeStatusInternalReleaseImageRefApplyConfiguration `json:"releases,omitempty"` +} + +// MachineConfigNodeStatusInternalReleaseImageApplyConfiguration constructs a declarative configuration of the MachineConfigNodeStatusInternalReleaseImage type for use with +// apply. +func MachineConfigNodeStatusInternalReleaseImage() *MachineConfigNodeStatusInternalReleaseImageApplyConfiguration { + return &MachineConfigNodeStatusInternalReleaseImageApplyConfiguration{} +} + +// WithReleases adds the given value to the Releases field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Releases field. +func (b *MachineConfigNodeStatusInternalReleaseImageApplyConfiguration) WithReleases(values ...*MachineConfigNodeStatusInternalReleaseImageRefApplyConfiguration) *MachineConfigNodeStatusInternalReleaseImageApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithReleases") + } + b.Releases = append(b.Releases, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatusinternalreleaseimageref.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatusinternalreleaseimageref.go new file mode 100644 index 0000000000..98003dce3d --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfignodestatusinternalreleaseimageref.go @@ -0,0 +1,50 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + metav1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// MachineConfigNodeStatusInternalReleaseImageRefApplyConfiguration represents a declarative configuration of the MachineConfigNodeStatusInternalReleaseImageRef type for use +// with apply. +type MachineConfigNodeStatusInternalReleaseImageRefApplyConfiguration struct { + Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"` + Name *string `json:"name,omitempty"` + Image *string `json:"image,omitempty"` +} + +// MachineConfigNodeStatusInternalReleaseImageRefApplyConfiguration constructs a declarative configuration of the MachineConfigNodeStatusInternalReleaseImageRef type for use with +// apply. +func MachineConfigNodeStatusInternalReleaseImageRef() *MachineConfigNodeStatusInternalReleaseImageRefApplyConfiguration { + return &MachineConfigNodeStatusInternalReleaseImageRefApplyConfiguration{} +} + +// WithConditions adds the given value to the Conditions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Conditions field. +func (b *MachineConfigNodeStatusInternalReleaseImageRefApplyConfiguration) WithConditions(values ...*metav1.ConditionApplyConfiguration) *MachineConfigNodeStatusInternalReleaseImageRefApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithConditions") + } + b.Conditions = append(b.Conditions, *values[i]) + } + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *MachineConfigNodeStatusInternalReleaseImageRefApplyConfiguration) WithName(value string) *MachineConfigNodeStatusInternalReleaseImageRefApplyConfiguration { + b.Name = &value + return b +} + +// WithImage sets the Image field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Image field is set to the value of the last call. +func (b *MachineConfigNodeStatusInternalReleaseImageRefApplyConfiguration) WithImage(value string) *MachineConfigNodeStatusInternalReleaseImageRefApplyConfiguration { + b.Image = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfigpoolspec.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfigpoolspec.go index 1b3d4db608..3b44dbf941 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfigpoolspec.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfigpoolspec.go @@ -16,6 +16,7 @@ type MachineConfigPoolSpecApplyConfiguration struct { MaxUnavailable *intstr.IntOrString `json:"maxUnavailable,omitempty"` Configuration *MachineConfigPoolStatusConfigurationApplyConfiguration `json:"configuration,omitempty"` PinnedImageSets []PinnedImageSetRefApplyConfiguration `json:"pinnedImageSets,omitempty"` + OSImageStream *OSImageStreamReferenceApplyConfiguration `json:"osImageStream,omitempty"` } // MachineConfigPoolSpecApplyConfiguration constructs a declarative configuration of the MachineConfigPoolSpec type for use with @@ -76,3 +77,11 @@ func (b *MachineConfigPoolSpecApplyConfiguration) WithPinnedImageSets(values ... } return b } + +// WithOSImageStream sets the OSImageStream field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OSImageStream field is set to the value of the last call. +func (b *MachineConfigPoolSpecApplyConfiguration) WithOSImageStream(value *OSImageStreamReferenceApplyConfiguration) *MachineConfigPoolSpecApplyConfiguration { + b.OSImageStream = value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfigpoolstatus.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfigpoolstatus.go index d92c22c33c..0df351e278 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfigpoolstatus.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/machineconfigpoolstatus.go @@ -15,6 +15,7 @@ type MachineConfigPoolStatusApplyConfiguration struct { Conditions []MachineConfigPoolConditionApplyConfiguration `json:"conditions,omitempty"` CertExpirys []CertExpiryApplyConfiguration `json:"certExpirys,omitempty"` PoolSynchronizersStatus []PoolSynchronizerStatusApplyConfiguration `json:"poolSynchronizersStatus,omitempty"` + OSImageStream *OSImageStreamReferenceApplyConfiguration `json:"osImageStream,omitempty"` } // MachineConfigPoolStatusApplyConfiguration constructs a declarative configuration of the MachineConfigPoolStatus type for use with @@ -117,3 +118,11 @@ func (b *MachineConfigPoolStatusApplyConfiguration) WithPoolSynchronizersStatus( } return b } + +// WithOSImageStream sets the OSImageStream field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OSImageStream field is set to the value of the last call. +func (b *MachineConfigPoolStatusApplyConfiguration) WithOSImageStream(value *OSImageStreamReferenceApplyConfiguration) *MachineConfigPoolStatusApplyConfiguration { + b.OSImageStream = value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/osimagestreamreference.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/osimagestreamreference.go new file mode 100644 index 0000000000..f5e96a1edf --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1/osimagestreamreference.go @@ -0,0 +1,23 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +// OSImageStreamReferenceApplyConfiguration represents a declarative configuration of the OSImageStreamReference type for use +// with apply. +type OSImageStreamReferenceApplyConfiguration struct { + Name *string `json:"name,omitempty"` +} + +// OSImageStreamReferenceApplyConfiguration constructs a declarative configuration of the OSImageStreamReference type for use with +// apply. +func OSImageStreamReference() *OSImageStreamReferenceApplyConfiguration { + return &OSImageStreamReferenceApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *OSImageStreamReferenceApplyConfiguration) WithName(value string) *OSImageStreamReferenceApplyConfiguration { + b.Name = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimage.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimage.go new file mode 100644 index 0000000000..0c512503db --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimage.go @@ -0,0 +1,263 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + machineconfigurationv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + internal "github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + managedfields "k8s.io/apimachinery/pkg/util/managedfields" + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// InternalReleaseImageApplyConfiguration represents a declarative configuration of the InternalReleaseImage type for use +// with apply. +type InternalReleaseImageApplyConfiguration struct { + v1.TypeMetaApplyConfiguration `json:",inline"` + *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Spec *InternalReleaseImageSpecApplyConfiguration `json:"spec,omitempty"` + Status *InternalReleaseImageStatusApplyConfiguration `json:"status,omitempty"` +} + +// InternalReleaseImage constructs a declarative configuration of the InternalReleaseImage type for use with +// apply. +func InternalReleaseImage(name string) *InternalReleaseImageApplyConfiguration { + b := &InternalReleaseImageApplyConfiguration{} + b.WithName(name) + b.WithKind("InternalReleaseImage") + b.WithAPIVersion("machineconfiguration.openshift.io/v1alpha1") + return b +} + +// ExtractInternalReleaseImage extracts the applied configuration owned by fieldManager from +// internalReleaseImage. If no managedFields are found in internalReleaseImage for fieldManager, a +// InternalReleaseImageApplyConfiguration is returned with only the Name, Namespace (if applicable), +// APIVersion and Kind populated. It is possible that no managed fields were found for because other +// field managers have taken ownership of all the fields previously owned by fieldManager, or because +// the fieldManager never owned fields any fields. +// internalReleaseImage must be a unmodified InternalReleaseImage API object that was retrieved from the Kubernetes API. +// ExtractInternalReleaseImage provides a way to perform a extract/modify-in-place/apply workflow. +// Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously +// applied if another fieldManager has updated or force applied any of the previously applied fields. +// Experimental! +func ExtractInternalReleaseImage(internalReleaseImage *machineconfigurationv1alpha1.InternalReleaseImage, fieldManager string) (*InternalReleaseImageApplyConfiguration, error) { + return extractInternalReleaseImage(internalReleaseImage, fieldManager, "") +} + +// ExtractInternalReleaseImageStatus is the same as ExtractInternalReleaseImage except +// that it extracts the status subresource applied configuration. +// Experimental! +func ExtractInternalReleaseImageStatus(internalReleaseImage *machineconfigurationv1alpha1.InternalReleaseImage, fieldManager string) (*InternalReleaseImageApplyConfiguration, error) { + return extractInternalReleaseImage(internalReleaseImage, fieldManager, "status") +} + +func extractInternalReleaseImage(internalReleaseImage *machineconfigurationv1alpha1.InternalReleaseImage, fieldManager string, subresource string) (*InternalReleaseImageApplyConfiguration, error) { + b := &InternalReleaseImageApplyConfiguration{} + err := managedfields.ExtractInto(internalReleaseImage, internal.Parser().Type("com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImage"), fieldManager, b, subresource) + if err != nil { + return nil, err + } + b.WithName(internalReleaseImage.Name) + + b.WithKind("InternalReleaseImage") + b.WithAPIVersion("machineconfiguration.openshift.io/v1alpha1") + return b, nil +} +func (b InternalReleaseImageApplyConfiguration) IsApplyConfiguration() {} + +// WithKind sets the Kind field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Kind field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithKind(value string) *InternalReleaseImageApplyConfiguration { + b.TypeMetaApplyConfiguration.Kind = &value + return b +} + +// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the APIVersion field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithAPIVersion(value string) *InternalReleaseImageApplyConfiguration { + b.TypeMetaApplyConfiguration.APIVersion = &value + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithName(value string) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Name = &value + return b +} + +// WithGenerateName sets the GenerateName field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the GenerateName field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithGenerateName(value string) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.GenerateName = &value + return b +} + +// WithNamespace sets the Namespace field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Namespace field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithNamespace(value string) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Namespace = &value + return b +} + +// WithUID sets the UID field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the UID field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithUID(value types.UID) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.UID = &value + return b +} + +// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ResourceVersion field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithResourceVersion(value string) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.ResourceVersion = &value + return b +} + +// WithGeneration sets the Generation field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Generation field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithGeneration(value int64) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.Generation = &value + return b +} + +// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the CreationTimestamp field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithCreationTimestamp(value metav1.Time) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.CreationTimestamp = &value + return b +} + +// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionTimestamp field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value + return b +} + +// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value + return b +} + +// WithLabels puts the entries into the Labels field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Labels field, +// overwriting an existing map entries in Labels field with the same key. +func (b *InternalReleaseImageApplyConfiguration) WithLabels(entries map[string]string) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Labels[k] = v + } + return b +} + +// WithAnnotations puts the entries into the Annotations field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, the entries provided by each call will be put on the Annotations field, +// overwriting an existing map entries in Annotations field with the same key. +func (b *InternalReleaseImageApplyConfiguration) WithAnnotations(entries map[string]string) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { + b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) + } + for k, v := range entries { + b.ObjectMetaApplyConfiguration.Annotations[k] = v + } + return b +} + +// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the OwnerReferences field. +func (b *InternalReleaseImageApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + if values[i] == nil { + panic("nil value passed to WithOwnerReferences") + } + b.ObjectMetaApplyConfiguration.OwnerReferences = append(b.ObjectMetaApplyConfiguration.OwnerReferences, *values[i]) + } + return b +} + +// WithFinalizers adds the given value to the Finalizers field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Finalizers field. +func (b *InternalReleaseImageApplyConfiguration) WithFinalizers(values ...string) *InternalReleaseImageApplyConfiguration { + b.ensureObjectMetaApplyConfigurationExists() + for i := range values { + b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) + } + return b +} + +func (b *InternalReleaseImageApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { + if b.ObjectMetaApplyConfiguration == nil { + b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} + } +} + +// WithSpec sets the Spec field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Spec field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithSpec(value *InternalReleaseImageSpecApplyConfiguration) *InternalReleaseImageApplyConfiguration { + b.Spec = value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *InternalReleaseImageApplyConfiguration) WithStatus(value *InternalReleaseImageStatusApplyConfiguration) *InternalReleaseImageApplyConfiguration { + b.Status = value + return b +} + +// GetKind retrieves the value of the Kind field in the declarative configuration. +func (b *InternalReleaseImageApplyConfiguration) GetKind() *string { + return b.TypeMetaApplyConfiguration.Kind +} + +// GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. +func (b *InternalReleaseImageApplyConfiguration) GetAPIVersion() *string { + return b.TypeMetaApplyConfiguration.APIVersion +} + +// GetName retrieves the value of the Name field in the declarative configuration. +func (b *InternalReleaseImageApplyConfiguration) GetName() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Name +} + +// GetNamespace retrieves the value of the Namespace field in the declarative configuration. +func (b *InternalReleaseImageApplyConfiguration) GetNamespace() *string { + b.ensureObjectMetaApplyConfigurationExists() + return b.ObjectMetaApplyConfiguration.Namespace +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagebundlestatus.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagebundlestatus.go new file mode 100644 index 0000000000..acfda1ee88 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagebundlestatus.go @@ -0,0 +1,50 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// InternalReleaseImageBundleStatusApplyConfiguration represents a declarative configuration of the InternalReleaseImageBundleStatus type for use +// with apply. +type InternalReleaseImageBundleStatusApplyConfiguration struct { + Conditions []v1.ConditionApplyConfiguration `json:"conditions,omitempty"` + Name *string `json:"name,omitempty"` + Image *string `json:"image,omitempty"` +} + +// InternalReleaseImageBundleStatusApplyConfiguration constructs a declarative configuration of the InternalReleaseImageBundleStatus type for use with +// apply. +func InternalReleaseImageBundleStatus() *InternalReleaseImageBundleStatusApplyConfiguration { + return &InternalReleaseImageBundleStatusApplyConfiguration{} +} + +// WithConditions adds the given value to the Conditions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Conditions field. +func (b *InternalReleaseImageBundleStatusApplyConfiguration) WithConditions(values ...*v1.ConditionApplyConfiguration) *InternalReleaseImageBundleStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithConditions") + } + b.Conditions = append(b.Conditions, *values[i]) + } + return b +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *InternalReleaseImageBundleStatusApplyConfiguration) WithName(value string) *InternalReleaseImageBundleStatusApplyConfiguration { + b.Name = &value + return b +} + +// WithImage sets the Image field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Image field is set to the value of the last call. +func (b *InternalReleaseImageBundleStatusApplyConfiguration) WithImage(value string) *InternalReleaseImageBundleStatusApplyConfiguration { + b.Image = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimageref.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimageref.go new file mode 100644 index 0000000000..8a04846a54 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimageref.go @@ -0,0 +1,23 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// InternalReleaseImageRefApplyConfiguration represents a declarative configuration of the InternalReleaseImageRef type for use +// with apply. +type InternalReleaseImageRefApplyConfiguration struct { + Name *string `json:"name,omitempty"` +} + +// InternalReleaseImageRefApplyConfiguration constructs a declarative configuration of the InternalReleaseImageRef type for use with +// apply. +func InternalReleaseImageRef() *InternalReleaseImageRefApplyConfiguration { + return &InternalReleaseImageRefApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *InternalReleaseImageRefApplyConfiguration) WithName(value string) *InternalReleaseImageRefApplyConfiguration { + b.Name = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagespec.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagespec.go new file mode 100644 index 0000000000..2ddb39c43f --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagespec.go @@ -0,0 +1,28 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// InternalReleaseImageSpecApplyConfiguration represents a declarative configuration of the InternalReleaseImageSpec type for use +// with apply. +type InternalReleaseImageSpecApplyConfiguration struct { + Releases []InternalReleaseImageRefApplyConfiguration `json:"releases,omitempty"` +} + +// InternalReleaseImageSpecApplyConfiguration constructs a declarative configuration of the InternalReleaseImageSpec type for use with +// apply. +func InternalReleaseImageSpec() *InternalReleaseImageSpecApplyConfiguration { + return &InternalReleaseImageSpecApplyConfiguration{} +} + +// WithReleases adds the given value to the Releases field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Releases field. +func (b *InternalReleaseImageSpecApplyConfiguration) WithReleases(values ...*InternalReleaseImageRefApplyConfiguration) *InternalReleaseImageSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithReleases") + } + b.Releases = append(b.Releases, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagestatus.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagestatus.go new file mode 100644 index 0000000000..e5a3483a35 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/internalreleaseimagestatus.go @@ -0,0 +1,46 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1 "k8s.io/client-go/applyconfigurations/meta/v1" +) + +// InternalReleaseImageStatusApplyConfiguration represents a declarative configuration of the InternalReleaseImageStatus type for use +// with apply. +type InternalReleaseImageStatusApplyConfiguration struct { + Conditions []v1.ConditionApplyConfiguration `json:"conditions,omitempty"` + Releases []InternalReleaseImageBundleStatusApplyConfiguration `json:"releases,omitempty"` +} + +// InternalReleaseImageStatusApplyConfiguration constructs a declarative configuration of the InternalReleaseImageStatus type for use with +// apply. +func InternalReleaseImageStatus() *InternalReleaseImageStatusApplyConfiguration { + return &InternalReleaseImageStatusApplyConfiguration{} +} + +// WithConditions adds the given value to the Conditions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Conditions field. +func (b *InternalReleaseImageStatusApplyConfiguration) WithConditions(values ...*v1.ConditionApplyConfiguration) *InternalReleaseImageStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithConditions") + } + b.Conditions = append(b.Conditions, *values[i]) + } + return b +} + +// WithReleases adds the given value to the Releases field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Releases field. +func (b *InternalReleaseImageStatusApplyConfiguration) WithReleases(values ...*InternalReleaseImageBundleStatusApplyConfiguration) *InternalReleaseImageStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithReleases") + } + b.Releases = append(b.Releases, *values[i]) + } + return b +} diff --git a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagather.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestream.go similarity index 62% rename from vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagather.go rename to vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestream.go index 829a4071ac..d8cb0a9d3e 100644 --- a/vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/insightsdatagather.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestream.go @@ -1,74 +1,75 @@ // Code generated by applyconfiguration-gen. DO NOT EDIT. -package v1 +package v1alpha1 import ( - configv1 "github.com/openshift/api/config/v1" - internal "github.com/openshift/client-go/config/applyconfigurations/internal" - apismetav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + machineconfigurationv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + internal "github.com/openshift/client-go/machineconfiguration/applyconfigurations/internal" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" types "k8s.io/apimachinery/pkg/types" managedfields "k8s.io/apimachinery/pkg/util/managedfields" - metav1 "k8s.io/client-go/applyconfigurations/meta/v1" + v1 "k8s.io/client-go/applyconfigurations/meta/v1" ) -// InsightsDataGatherApplyConfiguration represents a declarative configuration of the InsightsDataGather type for use +// OSImageStreamApplyConfiguration represents a declarative configuration of the OSImageStream type for use // with apply. -type InsightsDataGatherApplyConfiguration struct { - metav1.TypeMetaApplyConfiguration `json:",inline"` - *metav1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` - Spec *InsightsDataGatherSpecApplyConfiguration `json:"spec,omitempty"` +type OSImageStreamApplyConfiguration struct { + v1.TypeMetaApplyConfiguration `json:",inline"` + *v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"` + Spec *machineconfigurationv1alpha1.OSImageStreamSpec `json:"spec,omitempty"` + Status *OSImageStreamStatusApplyConfiguration `json:"status,omitempty"` } -// InsightsDataGather constructs a declarative configuration of the InsightsDataGather type for use with +// OSImageStream constructs a declarative configuration of the OSImageStream type for use with // apply. -func InsightsDataGather(name string) *InsightsDataGatherApplyConfiguration { - b := &InsightsDataGatherApplyConfiguration{} +func OSImageStream(name string) *OSImageStreamApplyConfiguration { + b := &OSImageStreamApplyConfiguration{} b.WithName(name) - b.WithKind("InsightsDataGather") - b.WithAPIVersion("config.openshift.io/v1") + b.WithKind("OSImageStream") + b.WithAPIVersion("machineconfiguration.openshift.io/v1alpha1") return b } -// ExtractInsightsDataGather extracts the applied configuration owned by fieldManager from -// insightsDataGather. If no managedFields are found in insightsDataGather for fieldManager, a -// InsightsDataGatherApplyConfiguration is returned with only the Name, Namespace (if applicable), +// ExtractOSImageStream extracts the applied configuration owned by fieldManager from +// oSImageStream. If no managedFields are found in oSImageStream for fieldManager, a +// OSImageStreamApplyConfiguration is returned with only the Name, Namespace (if applicable), // APIVersion and Kind populated. It is possible that no managed fields were found for because other // field managers have taken ownership of all the fields previously owned by fieldManager, or because // the fieldManager never owned fields any fields. -// insightsDataGather must be a unmodified InsightsDataGather API object that was retrieved from the Kubernetes API. -// ExtractInsightsDataGather provides a way to perform a extract/modify-in-place/apply workflow. +// oSImageStream must be a unmodified OSImageStream API object that was retrieved from the Kubernetes API. +// ExtractOSImageStream provides a way to perform a extract/modify-in-place/apply workflow. // Note that an extracted apply configuration will contain fewer fields than what the fieldManager previously // applied if another fieldManager has updated or force applied any of the previously applied fields. // Experimental! -func ExtractInsightsDataGather(insightsDataGather *configv1.InsightsDataGather, fieldManager string) (*InsightsDataGatherApplyConfiguration, error) { - return extractInsightsDataGather(insightsDataGather, fieldManager, "") +func ExtractOSImageStream(oSImageStream *machineconfigurationv1alpha1.OSImageStream, fieldManager string) (*OSImageStreamApplyConfiguration, error) { + return extractOSImageStream(oSImageStream, fieldManager, "") } -// ExtractInsightsDataGatherStatus is the same as ExtractInsightsDataGather except +// ExtractOSImageStreamStatus is the same as ExtractOSImageStream except // that it extracts the status subresource applied configuration. // Experimental! -func ExtractInsightsDataGatherStatus(insightsDataGather *configv1.InsightsDataGather, fieldManager string) (*InsightsDataGatherApplyConfiguration, error) { - return extractInsightsDataGather(insightsDataGather, fieldManager, "status") +func ExtractOSImageStreamStatus(oSImageStream *machineconfigurationv1alpha1.OSImageStream, fieldManager string) (*OSImageStreamApplyConfiguration, error) { + return extractOSImageStream(oSImageStream, fieldManager, "status") } -func extractInsightsDataGather(insightsDataGather *configv1.InsightsDataGather, fieldManager string, subresource string) (*InsightsDataGatherApplyConfiguration, error) { - b := &InsightsDataGatherApplyConfiguration{} - err := managedfields.ExtractInto(insightsDataGather, internal.Parser().Type("com.github.openshift.api.config.v1.InsightsDataGather"), fieldManager, b, subresource) +func extractOSImageStream(oSImageStream *machineconfigurationv1alpha1.OSImageStream, fieldManager string, subresource string) (*OSImageStreamApplyConfiguration, error) { + b := &OSImageStreamApplyConfiguration{} + err := managedfields.ExtractInto(oSImageStream, internal.Parser().Type("com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStream"), fieldManager, b, subresource) if err != nil { return nil, err } - b.WithName(insightsDataGather.Name) + b.WithName(oSImageStream.Name) - b.WithKind("InsightsDataGather") - b.WithAPIVersion("config.openshift.io/v1") + b.WithKind("OSImageStream") + b.WithAPIVersion("machineconfiguration.openshift.io/v1alpha1") return b, nil } -func (b InsightsDataGatherApplyConfiguration) IsApplyConfiguration() {} +func (b OSImageStreamApplyConfiguration) IsApplyConfiguration() {} // WithKind sets the Kind field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Kind field is set to the value of the last call. -func (b *InsightsDataGatherApplyConfiguration) WithKind(value string) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithKind(value string) *OSImageStreamApplyConfiguration { b.TypeMetaApplyConfiguration.Kind = &value return b } @@ -76,7 +77,7 @@ func (b *InsightsDataGatherApplyConfiguration) WithKind(value string) *InsightsD // WithAPIVersion sets the APIVersion field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the APIVersion field is set to the value of the last call. -func (b *InsightsDataGatherApplyConfiguration) WithAPIVersion(value string) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithAPIVersion(value string) *OSImageStreamApplyConfiguration { b.TypeMetaApplyConfiguration.APIVersion = &value return b } @@ -84,7 +85,7 @@ func (b *InsightsDataGatherApplyConfiguration) WithAPIVersion(value string) *Ins // WithName sets the Name field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Name field is set to the value of the last call. -func (b *InsightsDataGatherApplyConfiguration) WithName(value string) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithName(value string) *OSImageStreamApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.Name = &value return b @@ -93,7 +94,7 @@ func (b *InsightsDataGatherApplyConfiguration) WithName(value string) *InsightsD // WithGenerateName sets the GenerateName field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the GenerateName field is set to the value of the last call. -func (b *InsightsDataGatherApplyConfiguration) WithGenerateName(value string) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithGenerateName(value string) *OSImageStreamApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.GenerateName = &value return b @@ -102,7 +103,7 @@ func (b *InsightsDataGatherApplyConfiguration) WithGenerateName(value string) *I // WithNamespace sets the Namespace field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Namespace field is set to the value of the last call. -func (b *InsightsDataGatherApplyConfiguration) WithNamespace(value string) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithNamespace(value string) *OSImageStreamApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.Namespace = &value return b @@ -111,7 +112,7 @@ func (b *InsightsDataGatherApplyConfiguration) WithNamespace(value string) *Insi // WithUID sets the UID field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the UID field is set to the value of the last call. -func (b *InsightsDataGatherApplyConfiguration) WithUID(value types.UID) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithUID(value types.UID) *OSImageStreamApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.UID = &value return b @@ -120,7 +121,7 @@ func (b *InsightsDataGatherApplyConfiguration) WithUID(value types.UID) *Insight // WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the ResourceVersion field is set to the value of the last call. -func (b *InsightsDataGatherApplyConfiguration) WithResourceVersion(value string) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithResourceVersion(value string) *OSImageStreamApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.ResourceVersion = &value return b @@ -129,7 +130,7 @@ func (b *InsightsDataGatherApplyConfiguration) WithResourceVersion(value string) // WithGeneration sets the Generation field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Generation field is set to the value of the last call. -func (b *InsightsDataGatherApplyConfiguration) WithGeneration(value int64) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithGeneration(value int64) *OSImageStreamApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.Generation = &value return b @@ -138,7 +139,7 @@ func (b *InsightsDataGatherApplyConfiguration) WithGeneration(value int64) *Insi // WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the CreationTimestamp field is set to the value of the last call. -func (b *InsightsDataGatherApplyConfiguration) WithCreationTimestamp(value apismetav1.Time) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithCreationTimestamp(value metav1.Time) *OSImageStreamApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.CreationTimestamp = &value return b @@ -147,7 +148,7 @@ func (b *InsightsDataGatherApplyConfiguration) WithCreationTimestamp(value apism // WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the DeletionTimestamp field is set to the value of the last call. -func (b *InsightsDataGatherApplyConfiguration) WithDeletionTimestamp(value apismetav1.Time) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *OSImageStreamApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.DeletionTimestamp = &value return b @@ -156,7 +157,7 @@ func (b *InsightsDataGatherApplyConfiguration) WithDeletionTimestamp(value apism // WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call. -func (b *InsightsDataGatherApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *OSImageStreamApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() b.ObjectMetaApplyConfiguration.DeletionGracePeriodSeconds = &value return b @@ -166,7 +167,7 @@ func (b *InsightsDataGatherApplyConfiguration) WithDeletionGracePeriodSeconds(va // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, the entries provided by each call will be put on the Labels field, // overwriting an existing map entries in Labels field with the same key. -func (b *InsightsDataGatherApplyConfiguration) WithLabels(entries map[string]string) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithLabels(entries map[string]string) *OSImageStreamApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() if b.ObjectMetaApplyConfiguration.Labels == nil && len(entries) > 0 { b.ObjectMetaApplyConfiguration.Labels = make(map[string]string, len(entries)) @@ -181,7 +182,7 @@ func (b *InsightsDataGatherApplyConfiguration) WithLabels(entries map[string]str // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, the entries provided by each call will be put on the Annotations field, // overwriting an existing map entries in Annotations field with the same key. -func (b *InsightsDataGatherApplyConfiguration) WithAnnotations(entries map[string]string) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithAnnotations(entries map[string]string) *OSImageStreamApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() if b.ObjectMetaApplyConfiguration.Annotations == nil && len(entries) > 0 { b.ObjectMetaApplyConfiguration.Annotations = make(map[string]string, len(entries)) @@ -195,7 +196,7 @@ func (b *InsightsDataGatherApplyConfiguration) WithAnnotations(entries map[strin // WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the OwnerReferences field. -func (b *InsightsDataGatherApplyConfiguration) WithOwnerReferences(values ...*metav1.OwnerReferenceApplyConfiguration) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *OSImageStreamApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() for i := range values { if values[i] == nil { @@ -209,7 +210,7 @@ func (b *InsightsDataGatherApplyConfiguration) WithOwnerReferences(values ...*me // WithFinalizers adds the given value to the Finalizers field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the Finalizers field. -func (b *InsightsDataGatherApplyConfiguration) WithFinalizers(values ...string) *InsightsDataGatherApplyConfiguration { +func (b *OSImageStreamApplyConfiguration) WithFinalizers(values ...string) *OSImageStreamApplyConfiguration { b.ensureObjectMetaApplyConfigurationExists() for i := range values { b.ObjectMetaApplyConfiguration.Finalizers = append(b.ObjectMetaApplyConfiguration.Finalizers, values[i]) @@ -217,38 +218,46 @@ func (b *InsightsDataGatherApplyConfiguration) WithFinalizers(values ...string) return b } -func (b *InsightsDataGatherApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { +func (b *OSImageStreamApplyConfiguration) ensureObjectMetaApplyConfigurationExists() { if b.ObjectMetaApplyConfiguration == nil { - b.ObjectMetaApplyConfiguration = &metav1.ObjectMetaApplyConfiguration{} + b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{} } } // WithSpec sets the Spec field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Spec field is set to the value of the last call. -func (b *InsightsDataGatherApplyConfiguration) WithSpec(value *InsightsDataGatherSpecApplyConfiguration) *InsightsDataGatherApplyConfiguration { - b.Spec = value +func (b *OSImageStreamApplyConfiguration) WithSpec(value machineconfigurationv1alpha1.OSImageStreamSpec) *OSImageStreamApplyConfiguration { + b.Spec = &value + return b +} + +// WithStatus sets the Status field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Status field is set to the value of the last call. +func (b *OSImageStreamApplyConfiguration) WithStatus(value *OSImageStreamStatusApplyConfiguration) *OSImageStreamApplyConfiguration { + b.Status = value return b } // GetKind retrieves the value of the Kind field in the declarative configuration. -func (b *InsightsDataGatherApplyConfiguration) GetKind() *string { +func (b *OSImageStreamApplyConfiguration) GetKind() *string { return b.TypeMetaApplyConfiguration.Kind } // GetAPIVersion retrieves the value of the APIVersion field in the declarative configuration. -func (b *InsightsDataGatherApplyConfiguration) GetAPIVersion() *string { +func (b *OSImageStreamApplyConfiguration) GetAPIVersion() *string { return b.TypeMetaApplyConfiguration.APIVersion } // GetName retrieves the value of the Name field in the declarative configuration. -func (b *InsightsDataGatherApplyConfiguration) GetName() *string { +func (b *OSImageStreamApplyConfiguration) GetName() *string { b.ensureObjectMetaApplyConfigurationExists() return b.ObjectMetaApplyConfiguration.Name } // GetNamespace retrieves the value of the Namespace field in the declarative configuration. -func (b *InsightsDataGatherApplyConfiguration) GetNamespace() *string { +func (b *OSImageStreamApplyConfiguration) GetNamespace() *string { b.ensureObjectMetaApplyConfigurationExists() return b.ObjectMetaApplyConfiguration.Namespace } diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestreamset.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestreamset.go new file mode 100644 index 0000000000..d87886a920 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestreamset.go @@ -0,0 +1,45 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + machineconfigurationv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" +) + +// OSImageStreamSetApplyConfiguration represents a declarative configuration of the OSImageStreamSet type for use +// with apply. +type OSImageStreamSetApplyConfiguration struct { + Name *string `json:"name,omitempty"` + OSImage *machineconfigurationv1alpha1.ImageDigestFormat `json:"osImage,omitempty"` + OSExtensionsImage *machineconfigurationv1alpha1.ImageDigestFormat `json:"osExtensionsImage,omitempty"` +} + +// OSImageStreamSetApplyConfiguration constructs a declarative configuration of the OSImageStreamSet type for use with +// apply. +func OSImageStreamSet() *OSImageStreamSetApplyConfiguration { + return &OSImageStreamSetApplyConfiguration{} +} + +// WithName sets the Name field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Name field is set to the value of the last call. +func (b *OSImageStreamSetApplyConfiguration) WithName(value string) *OSImageStreamSetApplyConfiguration { + b.Name = &value + return b +} + +// WithOSImage sets the OSImage field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OSImage field is set to the value of the last call. +func (b *OSImageStreamSetApplyConfiguration) WithOSImage(value machineconfigurationv1alpha1.ImageDigestFormat) *OSImageStreamSetApplyConfiguration { + b.OSImage = &value + return b +} + +// WithOSExtensionsImage sets the OSExtensionsImage field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OSExtensionsImage field is set to the value of the last call. +func (b *OSImageStreamSetApplyConfiguration) WithOSExtensionsImage(value machineconfigurationv1alpha1.ImageDigestFormat) *OSImageStreamSetApplyConfiguration { + b.OSExtensionsImage = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestreamstatus.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestreamstatus.go new file mode 100644 index 0000000000..7a06cad58c --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/osimagestreamstatus.go @@ -0,0 +1,37 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1alpha1 + +// OSImageStreamStatusApplyConfiguration represents a declarative configuration of the OSImageStreamStatus type for use +// with apply. +type OSImageStreamStatusApplyConfiguration struct { + AvailableStreams []OSImageStreamSetApplyConfiguration `json:"availableStreams,omitempty"` + DefaultStream *string `json:"defaultStream,omitempty"` +} + +// OSImageStreamStatusApplyConfiguration constructs a declarative configuration of the OSImageStreamStatus type for use with +// apply. +func OSImageStreamStatus() *OSImageStreamStatusApplyConfiguration { + return &OSImageStreamStatusApplyConfiguration{} +} + +// WithAvailableStreams adds the given value to the AvailableStreams field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the AvailableStreams field. +func (b *OSImageStreamStatusApplyConfiguration) WithAvailableStreams(values ...*OSImageStreamSetApplyConfiguration) *OSImageStreamStatusApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithAvailableStreams") + } + b.AvailableStreams = append(b.AvailableStreams, *values[i]) + } + return b +} + +// WithDefaultStream sets the DefaultStream field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DefaultStream field is set to the value of the last call. +func (b *OSImageStreamStatusApplyConfiguration) WithDefaultStream(value string) *OSImageStreamStatusApplyConfiguration { + b.DefaultStream = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/pinnedimageref.go b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/pinnedimageref.go index a3c7638db7..2cb17fb72d 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/pinnedimageref.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1/pinnedimageref.go @@ -2,10 +2,14 @@ package v1alpha1 +import ( + machineconfigurationv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" +) + // PinnedImageRefApplyConfiguration represents a declarative configuration of the PinnedImageRef type for use // with apply. type PinnedImageRefApplyConfiguration struct { - Name *string `json:"name,omitempty"` + Name *machineconfigurationv1alpha1.ImageDigestFormat `json:"name,omitempty"` } // PinnedImageRefApplyConfiguration constructs a declarative configuration of the PinnedImageRef type for use with @@ -17,7 +21,7 @@ func PinnedImageRef() *PinnedImageRefApplyConfiguration { // WithName sets the Name field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the Name field is set to the value of the last call. -func (b *PinnedImageRefApplyConfiguration) WithName(value string) *PinnedImageRefApplyConfiguration { +func (b *PinnedImageRefApplyConfiguration) WithName(value machineconfigurationv1alpha1.ImageDigestFormat) *PinnedImageRefApplyConfiguration { b.Name = &value return b } diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/generated_expansion.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/generated_expansion.go index f73dfece1f..33be914914 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/generated_expansion.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/generated_expansion.go @@ -2,6 +2,10 @@ package v1alpha1 +type InternalReleaseImageExpansion interface{} + type MachineConfigNodeExpansion interface{} +type OSImageStreamExpansion interface{} + type PinnedImageSetExpansion interface{} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/internalreleaseimage.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/internalreleaseimage.go new file mode 100644 index 0000000000..b99b03685a --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/internalreleaseimage.go @@ -0,0 +1,62 @@ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + context "context" + + machineconfigurationv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + applyconfigurationsmachineconfigurationv1alpha1 "github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1" + scheme "github.com/openshift/client-go/machineconfiguration/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// InternalReleaseImagesGetter has a method to return a InternalReleaseImageInterface. +// A group's client should implement this interface. +type InternalReleaseImagesGetter interface { + InternalReleaseImages() InternalReleaseImageInterface +} + +// InternalReleaseImageInterface has methods to work with InternalReleaseImage resources. +type InternalReleaseImageInterface interface { + Create(ctx context.Context, internalReleaseImage *machineconfigurationv1alpha1.InternalReleaseImage, opts v1.CreateOptions) (*machineconfigurationv1alpha1.InternalReleaseImage, error) + Update(ctx context.Context, internalReleaseImage *machineconfigurationv1alpha1.InternalReleaseImage, opts v1.UpdateOptions) (*machineconfigurationv1alpha1.InternalReleaseImage, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + UpdateStatus(ctx context.Context, internalReleaseImage *machineconfigurationv1alpha1.InternalReleaseImage, opts v1.UpdateOptions) (*machineconfigurationv1alpha1.InternalReleaseImage, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*machineconfigurationv1alpha1.InternalReleaseImage, error) + List(ctx context.Context, opts v1.ListOptions) (*machineconfigurationv1alpha1.InternalReleaseImageList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *machineconfigurationv1alpha1.InternalReleaseImage, err error) + Apply(ctx context.Context, internalReleaseImage *applyconfigurationsmachineconfigurationv1alpha1.InternalReleaseImageApplyConfiguration, opts v1.ApplyOptions) (result *machineconfigurationv1alpha1.InternalReleaseImage, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). + ApplyStatus(ctx context.Context, internalReleaseImage *applyconfigurationsmachineconfigurationv1alpha1.InternalReleaseImageApplyConfiguration, opts v1.ApplyOptions) (result *machineconfigurationv1alpha1.InternalReleaseImage, err error) + InternalReleaseImageExpansion +} + +// internalReleaseImages implements InternalReleaseImageInterface +type internalReleaseImages struct { + *gentype.ClientWithListAndApply[*machineconfigurationv1alpha1.InternalReleaseImage, *machineconfigurationv1alpha1.InternalReleaseImageList, *applyconfigurationsmachineconfigurationv1alpha1.InternalReleaseImageApplyConfiguration] +} + +// newInternalReleaseImages returns a InternalReleaseImages +func newInternalReleaseImages(c *MachineconfigurationV1alpha1Client) *internalReleaseImages { + return &internalReleaseImages{ + gentype.NewClientWithListAndApply[*machineconfigurationv1alpha1.InternalReleaseImage, *machineconfigurationv1alpha1.InternalReleaseImageList, *applyconfigurationsmachineconfigurationv1alpha1.InternalReleaseImageApplyConfiguration]( + "internalreleaseimages", + c.RESTClient(), + scheme.ParameterCodec, + "", + func() *machineconfigurationv1alpha1.InternalReleaseImage { + return &machineconfigurationv1alpha1.InternalReleaseImage{} + }, + func() *machineconfigurationv1alpha1.InternalReleaseImageList { + return &machineconfigurationv1alpha1.InternalReleaseImageList{} + }, + ), + } +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/machineconfiguration_client.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/machineconfiguration_client.go index ad6305471c..70682ef210 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/machineconfiguration_client.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/machineconfiguration_client.go @@ -12,7 +12,9 @@ import ( type MachineconfigurationV1alpha1Interface interface { RESTClient() rest.Interface + InternalReleaseImagesGetter MachineConfigNodesGetter + OSImageStreamsGetter PinnedImageSetsGetter } @@ -21,10 +23,18 @@ type MachineconfigurationV1alpha1Client struct { restClient rest.Interface } +func (c *MachineconfigurationV1alpha1Client) InternalReleaseImages() InternalReleaseImageInterface { + return newInternalReleaseImages(c) +} + func (c *MachineconfigurationV1alpha1Client) MachineConfigNodes() MachineConfigNodeInterface { return newMachineConfigNodes(c) } +func (c *MachineconfigurationV1alpha1Client) OSImageStreams() OSImageStreamInterface { + return newOSImageStreams(c) +} + func (c *MachineconfigurationV1alpha1Client) PinnedImageSets() PinnedImageSetInterface { return newPinnedImageSets(c) } diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/osimagestream.go b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/osimagestream.go new file mode 100644 index 0000000000..386ecb9bb0 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/clientset/versioned/typed/machineconfiguration/v1alpha1/osimagestream.go @@ -0,0 +1,62 @@ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + context "context" + + machineconfigurationv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + applyconfigurationsmachineconfigurationv1alpha1 "github.com/openshift/client-go/machineconfiguration/applyconfigurations/machineconfiguration/v1alpha1" + scheme "github.com/openshift/client-go/machineconfiguration/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// OSImageStreamsGetter has a method to return a OSImageStreamInterface. +// A group's client should implement this interface. +type OSImageStreamsGetter interface { + OSImageStreams() OSImageStreamInterface +} + +// OSImageStreamInterface has methods to work with OSImageStream resources. +type OSImageStreamInterface interface { + Create(ctx context.Context, oSImageStream *machineconfigurationv1alpha1.OSImageStream, opts v1.CreateOptions) (*machineconfigurationv1alpha1.OSImageStream, error) + Update(ctx context.Context, oSImageStream *machineconfigurationv1alpha1.OSImageStream, opts v1.UpdateOptions) (*machineconfigurationv1alpha1.OSImageStream, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + UpdateStatus(ctx context.Context, oSImageStream *machineconfigurationv1alpha1.OSImageStream, opts v1.UpdateOptions) (*machineconfigurationv1alpha1.OSImageStream, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*machineconfigurationv1alpha1.OSImageStream, error) + List(ctx context.Context, opts v1.ListOptions) (*machineconfigurationv1alpha1.OSImageStreamList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *machineconfigurationv1alpha1.OSImageStream, err error) + Apply(ctx context.Context, oSImageStream *applyconfigurationsmachineconfigurationv1alpha1.OSImageStreamApplyConfiguration, opts v1.ApplyOptions) (result *machineconfigurationv1alpha1.OSImageStream, err error) + // Add a +genclient:noStatus comment above the type to avoid generating ApplyStatus(). + ApplyStatus(ctx context.Context, oSImageStream *applyconfigurationsmachineconfigurationv1alpha1.OSImageStreamApplyConfiguration, opts v1.ApplyOptions) (result *machineconfigurationv1alpha1.OSImageStream, err error) + OSImageStreamExpansion +} + +// oSImageStreams implements OSImageStreamInterface +type oSImageStreams struct { + *gentype.ClientWithListAndApply[*machineconfigurationv1alpha1.OSImageStream, *machineconfigurationv1alpha1.OSImageStreamList, *applyconfigurationsmachineconfigurationv1alpha1.OSImageStreamApplyConfiguration] +} + +// newOSImageStreams returns a OSImageStreams +func newOSImageStreams(c *MachineconfigurationV1alpha1Client) *oSImageStreams { + return &oSImageStreams{ + gentype.NewClientWithListAndApply[*machineconfigurationv1alpha1.OSImageStream, *machineconfigurationv1alpha1.OSImageStreamList, *applyconfigurationsmachineconfigurationv1alpha1.OSImageStreamApplyConfiguration]( + "osimagestreams", + c.RESTClient(), + scheme.ParameterCodec, + "", + func() *machineconfigurationv1alpha1.OSImageStream { + return &machineconfigurationv1alpha1.OSImageStream{} + }, + func() *machineconfigurationv1alpha1.OSImageStreamList { + return &machineconfigurationv1alpha1.OSImageStreamList{} + }, + ), + } +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/generic.go b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/generic.go index 2811634a8f..d8ae6246e4 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/generic.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/generic.go @@ -58,8 +58,12 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Machineconfiguration().V1().PinnedImageSets().Informer()}, nil // Group=machineconfiguration.openshift.io, Version=v1alpha1 + case v1alpha1.SchemeGroupVersion.WithResource("internalreleaseimages"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Machineconfiguration().V1alpha1().InternalReleaseImages().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("machineconfignodes"): return &genericInformer{resource: resource.GroupResource(), informer: f.Machineconfiguration().V1alpha1().MachineConfigNodes().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("osimagestreams"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Machineconfiguration().V1alpha1().OSImageStreams().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("pinnedimagesets"): return &genericInformer{resource: resource.GroupResource(), informer: f.Machineconfiguration().V1alpha1().PinnedImageSets().Informer()}, nil diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/interface.go b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/interface.go index 201e84b1c6..54a6b6ab78 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/interface.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/interface.go @@ -8,8 +8,12 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { + // InternalReleaseImages returns a InternalReleaseImageInformer. + InternalReleaseImages() InternalReleaseImageInformer // MachineConfigNodes returns a MachineConfigNodeInformer. MachineConfigNodes() MachineConfigNodeInformer + // OSImageStreams returns a OSImageStreamInformer. + OSImageStreams() OSImageStreamInformer // PinnedImageSets returns a PinnedImageSetInformer. PinnedImageSets() PinnedImageSetInformer } @@ -25,11 +29,21 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } +// InternalReleaseImages returns a InternalReleaseImageInformer. +func (v *version) InternalReleaseImages() InternalReleaseImageInformer { + return &internalReleaseImageInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + // MachineConfigNodes returns a MachineConfigNodeInformer. func (v *version) MachineConfigNodes() MachineConfigNodeInformer { return &machineConfigNodeInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} } +// OSImageStreams returns a OSImageStreamInformer. +func (v *version) OSImageStreams() OSImageStreamInformer { + return &oSImageStreamInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} +} + // PinnedImageSets returns a PinnedImageSetInformer. func (v *version) PinnedImageSets() PinnedImageSetInformer { return &pinnedImageSetInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/internalreleaseimage.go b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/internalreleaseimage.go new file mode 100644 index 0000000000..86cb78d4b7 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/internalreleaseimage.go @@ -0,0 +1,85 @@ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + context "context" + time "time" + + apimachineconfigurationv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + versioned "github.com/openshift/client-go/machineconfiguration/clientset/versioned" + internalinterfaces "github.com/openshift/client-go/machineconfiguration/informers/externalversions/internalinterfaces" + machineconfigurationv1alpha1 "github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// InternalReleaseImageInformer provides access to a shared informer and lister for +// InternalReleaseImages. +type InternalReleaseImageInformer interface { + Informer() cache.SharedIndexInformer + Lister() machineconfigurationv1alpha1.InternalReleaseImageLister +} + +type internalReleaseImageInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewInternalReleaseImageInformer constructs a new informer for InternalReleaseImage type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewInternalReleaseImageInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredInternalReleaseImageInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredInternalReleaseImageInformer constructs a new informer for InternalReleaseImage type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredInternalReleaseImageInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.MachineconfigurationV1alpha1().InternalReleaseImages().List(context.Background(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.MachineconfigurationV1alpha1().InternalReleaseImages().Watch(context.Background(), options) + }, + ListWithContextFunc: func(ctx context.Context, options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.MachineconfigurationV1alpha1().InternalReleaseImages().List(ctx, options) + }, + WatchFuncWithContext: func(ctx context.Context, options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.MachineconfigurationV1alpha1().InternalReleaseImages().Watch(ctx, options) + }, + }, + &apimachineconfigurationv1alpha1.InternalReleaseImage{}, + resyncPeriod, + indexers, + ) +} + +func (f *internalReleaseImageInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredInternalReleaseImageInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *internalReleaseImageInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&apimachineconfigurationv1alpha1.InternalReleaseImage{}, f.defaultInformer) +} + +func (f *internalReleaseImageInformer) Lister() machineconfigurationv1alpha1.InternalReleaseImageLister { + return machineconfigurationv1alpha1.NewInternalReleaseImageLister(f.Informer().GetIndexer()) +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/osimagestream.go b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/osimagestream.go new file mode 100644 index 0000000000..f4ac866e59 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/informers/externalversions/machineconfiguration/v1alpha1/osimagestream.go @@ -0,0 +1,85 @@ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + context "context" + time "time" + + apimachineconfigurationv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + versioned "github.com/openshift/client-go/machineconfiguration/clientset/versioned" + internalinterfaces "github.com/openshift/client-go/machineconfiguration/informers/externalversions/internalinterfaces" + machineconfigurationv1alpha1 "github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// OSImageStreamInformer provides access to a shared informer and lister for +// OSImageStreams. +type OSImageStreamInformer interface { + Informer() cache.SharedIndexInformer + Lister() machineconfigurationv1alpha1.OSImageStreamLister +} + +type oSImageStreamInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// NewOSImageStreamInformer constructs a new informer for OSImageStream type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewOSImageStreamInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredOSImageStreamInformer(client, resyncPeriod, indexers, nil) +} + +// NewFilteredOSImageStreamInformer constructs a new informer for OSImageStream type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredOSImageStreamInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.MachineconfigurationV1alpha1().OSImageStreams().List(context.Background(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.MachineconfigurationV1alpha1().OSImageStreams().Watch(context.Background(), options) + }, + ListWithContextFunc: func(ctx context.Context, options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.MachineconfigurationV1alpha1().OSImageStreams().List(ctx, options) + }, + WatchFuncWithContext: func(ctx context.Context, options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.MachineconfigurationV1alpha1().OSImageStreams().Watch(ctx, options) + }, + }, + &apimachineconfigurationv1alpha1.OSImageStream{}, + resyncPeriod, + indexers, + ) +} + +func (f *oSImageStreamInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredOSImageStreamInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *oSImageStreamInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&apimachineconfigurationv1alpha1.OSImageStream{}, f.defaultInformer) +} + +func (f *oSImageStreamInformer) Lister() machineconfigurationv1alpha1.OSImageStreamLister { + return machineconfigurationv1alpha1.NewOSImageStreamLister(f.Informer().GetIndexer()) +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/expansion_generated.go b/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/expansion_generated.go index 7e1f91c1c1..1dc14fe6d8 100644 --- a/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/expansion_generated.go +++ b/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/expansion_generated.go @@ -2,10 +2,18 @@ package v1alpha1 +// InternalReleaseImageListerExpansion allows custom methods to be added to +// InternalReleaseImageLister. +type InternalReleaseImageListerExpansion interface{} + // MachineConfigNodeListerExpansion allows custom methods to be added to // MachineConfigNodeLister. type MachineConfigNodeListerExpansion interface{} +// OSImageStreamListerExpansion allows custom methods to be added to +// OSImageStreamLister. +type OSImageStreamListerExpansion interface{} + // PinnedImageSetListerExpansion allows custom methods to be added to // PinnedImageSetLister. type PinnedImageSetListerExpansion interface{} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/internalreleaseimage.go b/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/internalreleaseimage.go new file mode 100644 index 0000000000..73e15d7c58 --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/internalreleaseimage.go @@ -0,0 +1,32 @@ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + machineconfigurationv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + labels "k8s.io/apimachinery/pkg/labels" + listers "k8s.io/client-go/listers" + cache "k8s.io/client-go/tools/cache" +) + +// InternalReleaseImageLister helps list InternalReleaseImages. +// All objects returned here must be treated as read-only. +type InternalReleaseImageLister interface { + // List lists all InternalReleaseImages in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*machineconfigurationv1alpha1.InternalReleaseImage, err error) + // Get retrieves the InternalReleaseImage from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*machineconfigurationv1alpha1.InternalReleaseImage, error) + InternalReleaseImageListerExpansion +} + +// internalReleaseImageLister implements the InternalReleaseImageLister interface. +type internalReleaseImageLister struct { + listers.ResourceIndexer[*machineconfigurationv1alpha1.InternalReleaseImage] +} + +// NewInternalReleaseImageLister returns a new InternalReleaseImageLister. +func NewInternalReleaseImageLister(indexer cache.Indexer) InternalReleaseImageLister { + return &internalReleaseImageLister{listers.New[*machineconfigurationv1alpha1.InternalReleaseImage](indexer, machineconfigurationv1alpha1.Resource("internalreleaseimage"))} +} diff --git a/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/osimagestream.go b/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/osimagestream.go new file mode 100644 index 0000000000..b7881d1adf --- /dev/null +++ b/vendor/github.com/openshift/client-go/machineconfiguration/listers/machineconfiguration/v1alpha1/osimagestream.go @@ -0,0 +1,32 @@ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + machineconfigurationv1alpha1 "github.com/openshift/api/machineconfiguration/v1alpha1" + labels "k8s.io/apimachinery/pkg/labels" + listers "k8s.io/client-go/listers" + cache "k8s.io/client-go/tools/cache" +) + +// OSImageStreamLister helps list OSImageStreams. +// All objects returned here must be treated as read-only. +type OSImageStreamLister interface { + // List lists all OSImageStreams in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*machineconfigurationv1alpha1.OSImageStream, err error) + // Get retrieves the OSImageStream from the index for a given name. + // Objects returned here must be treated as read-only. + Get(name string) (*machineconfigurationv1alpha1.OSImageStream, error) + OSImageStreamListerExpansion +} + +// oSImageStreamLister implements the OSImageStreamLister interface. +type oSImageStreamLister struct { + listers.ResourceIndexer[*machineconfigurationv1alpha1.OSImageStream] +} + +// NewOSImageStreamLister returns a new OSImageStreamLister. +func NewOSImageStreamLister(indexer cache.Indexer) OSImageStreamLister { + return &oSImageStreamLister{listers.New[*machineconfigurationv1alpha1.OSImageStream](indexer, machineconfigurationv1alpha1.Resource("osimagestream"))} +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go index fa2661459e..109db2468d 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go @@ -389,6 +389,15 @@ var schemaYAML = typed.YAMLObject(`types: type: scalar: string default: "" +- name: com.github.openshift.api.operator.v1.BGPManagedConfig + map: + fields: + - name: asNumber + type: + scalar: numeric + - name: bgpTopology + type: + scalar: string - name: com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig map: fields: @@ -1860,6 +1869,10 @@ var schemaYAML = typed.YAMLObject(`types: type: namedType: com.github.openshift.api.operator.v1.ClientTLS default: {} + - name: closedClientConnectionPolicy + type: + scalar: string + default: Continue - name: defaultCertificate type: namedType: io.k8s.api.core.v1.LocalObjectReference @@ -1974,6 +1987,9 @@ var schemaYAML = typed.YAMLObject(`types: - name: healthCheckInterval type: namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration + - name: httpKeepAliveTimeout + type: + namedType: io.k8s.apimachinery.pkg.apis.meta.v1.Duration - name: maxConnections type: scalar: numeric @@ -2830,6 +2846,15 @@ var schemaYAML = typed.YAMLObject(`types: - name: version type: scalar: string +- name: com.github.openshift.api.operator.v1.NoOverlayOptions + map: + fields: + - name: outboundSNAT + type: + scalar: string + - name: routing + type: + scalar: string - name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus map: fields: @@ -3129,6 +3154,17 @@ var schemaYAML = typed.YAMLObject(`types: - name: com.github.openshift.api.operator.v1.OVNKubernetesConfig map: fields: + - name: bgpManagedConfig + type: + namedType: com.github.openshift.api.operator.v1.BGPManagedConfig + default: {} + - name: defaultNetworkNoOverlayOptions + type: + namedType: com.github.openshift.api.operator.v1.NoOverlayOptions + default: {} + - name: defaultNetworkTransport + type: + scalar: string - name: egressIPConfig type: namedType: com.github.openshift.api.operator.v1.EgressIPConfig diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/bgpmanagedconfig.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/bgpmanagedconfig.go new file mode 100644 index 0000000000..fe44370a92 --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/bgpmanagedconfig.go @@ -0,0 +1,36 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + operatorv1 "github.com/openshift/api/operator/v1" +) + +// BGPManagedConfigApplyConfiguration represents a declarative configuration of the BGPManagedConfig type for use +// with apply. +type BGPManagedConfigApplyConfiguration struct { + ASNumber *int64 `json:"asNumber,omitempty"` + BGPTopology *operatorv1.BGPTopology `json:"bgpTopology,omitempty"` +} + +// BGPManagedConfigApplyConfiguration constructs a declarative configuration of the BGPManagedConfig type for use with +// apply. +func BGPManagedConfig() *BGPManagedConfigApplyConfiguration { + return &BGPManagedConfigApplyConfiguration{} +} + +// WithASNumber sets the ASNumber field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ASNumber field is set to the value of the last call. +func (b *BGPManagedConfigApplyConfiguration) WithASNumber(value int64) *BGPManagedConfigApplyConfiguration { + b.ASNumber = &value + return b +} + +// WithBGPTopology sets the BGPTopology field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BGPTopology field is set to the value of the last call. +func (b *BGPManagedConfigApplyConfiguration) WithBGPTopology(value operatorv1.BGPTopology) *BGPManagedConfigApplyConfiguration { + b.BGPTopology = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollerspec.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollerspec.go index ae23fe636a..ff82e0ed18 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollerspec.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollerspec.go @@ -13,24 +13,25 @@ import ( // IngressControllerSpecApplyConfiguration represents a declarative configuration of the IngressControllerSpec type for use // with apply. type IngressControllerSpecApplyConfiguration struct { - Domain *string `json:"domain,omitempty"` - HttpErrorCodePages *configv1.ConfigMapNameReference `json:"httpErrorCodePages,omitempty"` - Replicas *int32 `json:"replicas,omitempty"` - EndpointPublishingStrategy *EndpointPublishingStrategyApplyConfiguration `json:"endpointPublishingStrategy,omitempty"` - DefaultCertificate *corev1.LocalObjectReference `json:"defaultCertificate,omitempty"` - NamespaceSelector *metav1.LabelSelectorApplyConfiguration `json:"namespaceSelector,omitempty"` - RouteSelector *metav1.LabelSelectorApplyConfiguration `json:"routeSelector,omitempty"` - NodePlacement *NodePlacementApplyConfiguration `json:"nodePlacement,omitempty"` - TLSSecurityProfile *configv1.TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` - ClientTLS *ClientTLSApplyConfiguration `json:"clientTLS,omitempty"` - RouteAdmission *RouteAdmissionPolicyApplyConfiguration `json:"routeAdmission,omitempty"` - Logging *IngressControllerLoggingApplyConfiguration `json:"logging,omitempty"` - HTTPHeaders *IngressControllerHTTPHeadersApplyConfiguration `json:"httpHeaders,omitempty"` - HTTPEmptyRequestsPolicy *operatorv1.HTTPEmptyRequestsPolicy `json:"httpEmptyRequestsPolicy,omitempty"` - TuningOptions *IngressControllerTuningOptionsApplyConfiguration `json:"tuningOptions,omitempty"` - UnsupportedConfigOverrides *runtime.RawExtension `json:"unsupportedConfigOverrides,omitempty"` - HTTPCompression *HTTPCompressionPolicyApplyConfiguration `json:"httpCompression,omitempty"` - IdleConnectionTerminationPolicy *operatorv1.IngressControllerConnectionTerminationPolicy `json:"idleConnectionTerminationPolicy,omitempty"` + Domain *string `json:"domain,omitempty"` + HttpErrorCodePages *configv1.ConfigMapNameReference `json:"httpErrorCodePages,omitempty"` + Replicas *int32 `json:"replicas,omitempty"` + EndpointPublishingStrategy *EndpointPublishingStrategyApplyConfiguration `json:"endpointPublishingStrategy,omitempty"` + DefaultCertificate *corev1.LocalObjectReference `json:"defaultCertificate,omitempty"` + NamespaceSelector *metav1.LabelSelectorApplyConfiguration `json:"namespaceSelector,omitempty"` + RouteSelector *metav1.LabelSelectorApplyConfiguration `json:"routeSelector,omitempty"` + NodePlacement *NodePlacementApplyConfiguration `json:"nodePlacement,omitempty"` + TLSSecurityProfile *configv1.TLSSecurityProfile `json:"tlsSecurityProfile,omitempty"` + ClientTLS *ClientTLSApplyConfiguration `json:"clientTLS,omitempty"` + RouteAdmission *RouteAdmissionPolicyApplyConfiguration `json:"routeAdmission,omitempty"` + Logging *IngressControllerLoggingApplyConfiguration `json:"logging,omitempty"` + HTTPHeaders *IngressControllerHTTPHeadersApplyConfiguration `json:"httpHeaders,omitempty"` + HTTPEmptyRequestsPolicy *operatorv1.HTTPEmptyRequestsPolicy `json:"httpEmptyRequestsPolicy,omitempty"` + TuningOptions *IngressControllerTuningOptionsApplyConfiguration `json:"tuningOptions,omitempty"` + UnsupportedConfigOverrides *runtime.RawExtension `json:"unsupportedConfigOverrides,omitempty"` + HTTPCompression *HTTPCompressionPolicyApplyConfiguration `json:"httpCompression,omitempty"` + IdleConnectionTerminationPolicy *operatorv1.IngressControllerConnectionTerminationPolicy `json:"idleConnectionTerminationPolicy,omitempty"` + ClosedClientConnectionPolicy *operatorv1.IngressControllerClosedClientConnectionPolicy `json:"closedClientConnectionPolicy,omitempty"` } // IngressControllerSpecApplyConfiguration constructs a declarative configuration of the IngressControllerSpec type for use with @@ -182,3 +183,11 @@ func (b *IngressControllerSpecApplyConfiguration) WithIdleConnectionTerminationP b.IdleConnectionTerminationPolicy = &value return b } + +// WithClosedClientConnectionPolicy sets the ClosedClientConnectionPolicy field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the ClosedClientConnectionPolicy field is set to the value of the last call. +func (b *IngressControllerSpecApplyConfiguration) WithClosedClientConnectionPolicy(value operatorv1.IngressControllerClosedClientConnectionPolicy) *IngressControllerSpecApplyConfiguration { + b.ClosedClientConnectionPolicy = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollertuningoptions.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollertuningoptions.go index 122801cf10..e7cc8c5ee5 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollertuningoptions.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ingresscontrollertuningoptions.go @@ -18,6 +18,7 @@ type IngressControllerTuningOptionsApplyConfiguration struct { ServerFinTimeout *metav1.Duration `json:"serverFinTimeout,omitempty"` TunnelTimeout *metav1.Duration `json:"tunnelTimeout,omitempty"` ConnectTimeout *metav1.Duration `json:"connectTimeout,omitempty"` + HTTPKeepAliveTimeout *metav1.Duration `json:"httpKeepAliveTimeout,omitempty"` TLSInspectDelay *metav1.Duration `json:"tlsInspectDelay,omitempty"` HealthCheckInterval *metav1.Duration `json:"healthCheckInterval,omitempty"` MaxConnections *int32 `json:"maxConnections,omitempty"` @@ -102,6 +103,14 @@ func (b *IngressControllerTuningOptionsApplyConfiguration) WithConnectTimeout(va return b } +// WithHTTPKeepAliveTimeout sets the HTTPKeepAliveTimeout field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the HTTPKeepAliveTimeout field is set to the value of the last call. +func (b *IngressControllerTuningOptionsApplyConfiguration) WithHTTPKeepAliveTimeout(value metav1.Duration) *IngressControllerTuningOptionsApplyConfiguration { + b.HTTPKeepAliveTimeout = &value + return b +} + // WithTLSInspectDelay sets the TLSInspectDelay field in the declarative configuration to the given value // and returns the receiver, so that objects can be built by chaining "With" function invocations. // If called multiple times, the TLSInspectDelay field is set to the value of the last call. diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/nooverlayoptions.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/nooverlayoptions.go new file mode 100644 index 0000000000..7ac090c240 --- /dev/null +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/nooverlayoptions.go @@ -0,0 +1,36 @@ +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1 + +import ( + operatorv1 "github.com/openshift/api/operator/v1" +) + +// NoOverlayOptionsApplyConfiguration represents a declarative configuration of the NoOverlayOptions type for use +// with apply. +type NoOverlayOptionsApplyConfiguration struct { + OutboundSNAT *operatorv1.SNATOption `json:"outboundSNAT,omitempty"` + Routing *operatorv1.RoutingOption `json:"routing,omitempty"` +} + +// NoOverlayOptionsApplyConfiguration constructs a declarative configuration of the NoOverlayOptions type for use with +// apply. +func NoOverlayOptions() *NoOverlayOptionsApplyConfiguration { + return &NoOverlayOptionsApplyConfiguration{} +} + +// WithOutboundSNAT sets the OutboundSNAT field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the OutboundSNAT field is set to the value of the last call. +func (b *NoOverlayOptionsApplyConfiguration) WithOutboundSNAT(value operatorv1.SNATOption) *NoOverlayOptionsApplyConfiguration { + b.OutboundSNAT = &value + return b +} + +// WithRouting sets the Routing field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the Routing field is set to the value of the last call. +func (b *NoOverlayOptionsApplyConfiguration) WithRouting(value operatorv1.RoutingOption) *NoOverlayOptionsApplyConfiguration { + b.Routing = &value + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ovnkubernetesconfig.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ovnkubernetesconfig.go index 9d878cea91..4fbfb206db 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ovnkubernetesconfig.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/ovnkubernetesconfig.go @@ -9,18 +9,21 @@ import ( // OVNKubernetesConfigApplyConfiguration represents a declarative configuration of the OVNKubernetesConfig type for use // with apply. type OVNKubernetesConfigApplyConfiguration struct { - MTU *uint32 `json:"mtu,omitempty"` - GenevePort *uint32 `json:"genevePort,omitempty"` - HybridOverlayConfig *HybridOverlayConfigApplyConfiguration `json:"hybridOverlayConfig,omitempty"` - IPsecConfig *IPsecConfigApplyConfiguration `json:"ipsecConfig,omitempty"` - PolicyAuditConfig *PolicyAuditConfigApplyConfiguration `json:"policyAuditConfig,omitempty"` - GatewayConfig *GatewayConfigApplyConfiguration `json:"gatewayConfig,omitempty"` - V4InternalSubnet *string `json:"v4InternalSubnet,omitempty"` - V6InternalSubnet *string `json:"v6InternalSubnet,omitempty"` - EgressIPConfig *EgressIPConfigApplyConfiguration `json:"egressIPConfig,omitempty"` - IPv4 *IPv4OVNKubernetesConfigApplyConfiguration `json:"ipv4,omitempty"` - IPv6 *IPv6OVNKubernetesConfigApplyConfiguration `json:"ipv6,omitempty"` - RouteAdvertisements *operatorv1.RouteAdvertisementsEnablement `json:"routeAdvertisements,omitempty"` + MTU *uint32 `json:"mtu,omitempty"` + GenevePort *uint32 `json:"genevePort,omitempty"` + HybridOverlayConfig *HybridOverlayConfigApplyConfiguration `json:"hybridOverlayConfig,omitempty"` + IPsecConfig *IPsecConfigApplyConfiguration `json:"ipsecConfig,omitempty"` + PolicyAuditConfig *PolicyAuditConfigApplyConfiguration `json:"policyAuditConfig,omitempty"` + GatewayConfig *GatewayConfigApplyConfiguration `json:"gatewayConfig,omitempty"` + V4InternalSubnet *string `json:"v4InternalSubnet,omitempty"` + V6InternalSubnet *string `json:"v6InternalSubnet,omitempty"` + EgressIPConfig *EgressIPConfigApplyConfiguration `json:"egressIPConfig,omitempty"` + IPv4 *IPv4OVNKubernetesConfigApplyConfiguration `json:"ipv4,omitempty"` + IPv6 *IPv6OVNKubernetesConfigApplyConfiguration `json:"ipv6,omitempty"` + RouteAdvertisements *operatorv1.RouteAdvertisementsEnablement `json:"routeAdvertisements,omitempty"` + DefaultNetworkTransport *operatorv1.TransportOption `json:"defaultNetworkTransport,omitempty"` + DefaultNetworkNoOverlayOptions *NoOverlayOptionsApplyConfiguration `json:"defaultNetworkNoOverlayOptions,omitempty"` + BGPManagedConfig *BGPManagedConfigApplyConfiguration `json:"bgpManagedConfig,omitempty"` } // OVNKubernetesConfigApplyConfiguration constructs a declarative configuration of the OVNKubernetesConfig type for use with @@ -124,3 +127,27 @@ func (b *OVNKubernetesConfigApplyConfiguration) WithRouteAdvertisements(value op b.RouteAdvertisements = &value return b } + +// WithDefaultNetworkTransport sets the DefaultNetworkTransport field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DefaultNetworkTransport field is set to the value of the last call. +func (b *OVNKubernetesConfigApplyConfiguration) WithDefaultNetworkTransport(value operatorv1.TransportOption) *OVNKubernetesConfigApplyConfiguration { + b.DefaultNetworkTransport = &value + return b +} + +// WithDefaultNetworkNoOverlayOptions sets the DefaultNetworkNoOverlayOptions field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the DefaultNetworkNoOverlayOptions field is set to the value of the last call. +func (b *OVNKubernetesConfigApplyConfiguration) WithDefaultNetworkNoOverlayOptions(value *NoOverlayOptionsApplyConfiguration) *OVNKubernetesConfigApplyConfiguration { + b.DefaultNetworkNoOverlayOptions = value + return b +} + +// WithBGPManagedConfig sets the BGPManagedConfig field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the BGPManagedConfig field is set to the value of the last call. +func (b *OVNKubernetesConfigApplyConfiguration) WithBGPManagedConfig(value *BGPManagedConfigApplyConfiguration) *OVNKubernetesConfigApplyConfiguration { + b.BGPManagedConfig = value + return b +} diff --git a/vendor/github.com/openshift/client-go/operator/applyconfigurations/utils.go b/vendor/github.com/openshift/client-go/operator/applyconfigurations/utils.go index 476c71ae43..baf344126f 100644 --- a/vendor/github.com/openshift/client-go/operator/applyconfigurations/utils.go +++ b/vendor/github.com/openshift/client-go/operator/applyconfigurations/utils.go @@ -50,6 +50,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &operatorv1.AzureCSIDriverConfigSpecApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("AzureDiskEncryptionSet"): return &operatorv1.AzureDiskEncryptionSetApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("BGPManagedConfig"): + return &operatorv1.BGPManagedConfigApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("BootImageSkewEnforcementConfig"): return &operatorv1.BootImageSkewEnforcementConfigApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("BootImageSkewEnforcementStatus"): @@ -318,6 +320,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &operatorv1.NodePortStrategyApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("NodeStatus"): return &operatorv1.NodeStatusApplyConfiguration{} + case v1.SchemeGroupVersion.WithKind("NoOverlayOptions"): + return &operatorv1.NoOverlayOptionsApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("OAuthAPIServerStatus"): return &operatorv1.OAuthAPIServerStatusApplyConfiguration{} case v1.SchemeGroupVersion.WithKind("OLM"): diff --git a/vendor/modules.txt b/vendor/modules.txt index 4359a81d2b..e6b4c2e1d6 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -329,7 +329,7 @@ github.com/onsi/gomega/matchers/support/goraph/edge github.com/onsi/gomega/matchers/support/goraph/node github.com/onsi/gomega/matchers/support/goraph/util github.com/onsi/gomega/types -# github.com/openshift/api v0.0.0-20251106190826-ebe535b08719 +# github.com/openshift/api v0.0.0-20251204164930-cd2e40c5883a => github.com/ricky-rav/api v0.0.0-20251215092810-0a87dc54a866 ## explicit; go 1.24.0 github.com/openshift/api github.com/openshift/api/annotations @@ -418,7 +418,7 @@ github.com/openshift/build-machinery-go/make/targets/golang github.com/openshift/build-machinery-go/make/targets/openshift github.com/openshift/build-machinery-go/make/targets/openshift/operator github.com/openshift/build-machinery-go/scripts -# github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235 +# github.com/openshift/client-go v0.0.0-20251015124057-db0dee36e235 => github.com/ricky-rav/client-go v0.0.0-20251215095632-b5f208914736 ## explicit; go 1.24.0 github.com/openshift/client-go/build/applyconfigurations/build/v1 github.com/openshift/client-go/build/applyconfigurations/internal @@ -1884,3 +1884,5 @@ sigs.k8s.io/structured-merge-diff/v6/value # sigs.k8s.io/yaml v1.6.0 ## explicit; go 1.22 sigs.k8s.io/yaml +# github.com/openshift/api => github.com/ricky-rav/api v0.0.0-20251215092810-0a87dc54a866 +# github.com/openshift/client-go => github.com/ricky-rav/client-go v0.0.0-20251215095632-b5f208914736 From 51a21d8b011e302b670cb41cb752e42b3b11e6a2 Mon Sep 17 00:00:00 2001 From: Riccardo Ravaioli Date: Wed, 26 Nov 2025 17:10:07 +0100 Subject: [PATCH 02/10] Fix lint errors Signed-off-by: Riccardo Ravaioli --- pkg/network/ovn_kubernetes.go | 37 +++++++++++++++--------------- pkg/network/ovn_kubernetes_test.go | 24 +++++++++---------- 2 files changed, 30 insertions(+), 31 deletions(-) diff --git a/pkg/network/ovn_kubernetes.go b/pkg/network/ovn_kubernetes.go index f5d51de5cd..906202ecf6 100644 --- a/pkg/network/ovn_kubernetes.go +++ b/pkg/network/ovn_kubernetes.go @@ -26,7 +26,6 @@ import ( "github.com/pkg/errors" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" - v1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" uns "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -97,7 +96,7 @@ func renderOVNKubernetes(conf *operv1.NetworkSpec, bootstrapResult *bootstrap.Bo // For now, return an error since we don't have any master nodes to run the ovnkube-control-plane deployment. externalControlPlane := bootstrapResult.Infra.ControlPlaneTopology == configv1.ExternalTopologyMode if externalControlPlane && !bootstrapResult.OVN.OVNKubernetesConfig.HyperShiftConfig.Enabled { - return nil, progressing, fmt.Errorf("Unable to render OVN in a cluster with an external control plane") + return nil, progressing, fmt.Errorf("unable to render OVN in a cluster with an external control plane") } c := conf.DefaultNetwork.OVNKubernetesConfig @@ -941,7 +940,7 @@ func bootstrapOVNConfig(conf *operv1.Network, kubeClient cnoclient.Client, hc *h if err != nil { if !apierrors.IsNotFound(err) { - return nil, fmt.Errorf("Could not determine Node Mode: %w", err) + return nil, fmt.Errorf("could not determine Node Mode: %w", err) } } else { dpuHostModeLabel, exists := cm.Data["dpu-host-mode-label"] @@ -981,40 +980,40 @@ func bootstrapOVNConfig(conf *operv1.Network, kubeClient cnoclient.Client, hc *h // daemonset pods in DPU mode from running), it is done by an external operator. ovnConfigResult.DpuHostModeNodes, err = getNodeListByLabel(kubeClient, ovnConfigResult.DpuHostModeLabel) if err != nil { - return nil, fmt.Errorf("Could not get node list with label %s : %w", ovnConfigResult.DpuHostModeLabel, err) + return nil, fmt.Errorf("could not get node list with label %s : %w", ovnConfigResult.DpuHostModeLabel, err) } ovnConfigResult.DpuHostModeLabel, ovnConfigResult.DpuHostModeValue, err = getKeyValueFromLabel(ovnConfigResult.DpuHostModeLabel) if err != nil { - return nil, fmt.Errorf("Could not get key and value from label %s : %w", ovnConfigResult.DpuHostModeLabel, err) + return nil, fmt.Errorf("could not get key and value from label %s : %w", ovnConfigResult.DpuHostModeLabel, err) } ovnConfigResult.DpuModeNodes, err = getNodeListByLabel(kubeClient, ovnConfigResult.DpuModeLabel) if err != nil { - return nil, fmt.Errorf("Could not get node list with label %s : %w", ovnConfigResult.DpuModeLabel, err) + return nil, fmt.Errorf("could not get node list with label %s : %w", ovnConfigResult.DpuModeLabel, err) } ovnConfigResult.DpuModeLabel, _, err = getKeyValueFromLabel(ovnConfigResult.DpuModeLabel) if err != nil { - return nil, fmt.Errorf("Could not get key and value from label %s : %w", ovnConfigResult.DpuModeLabel, err) + return nil, fmt.Errorf("could not get key and value from label %s : %w", ovnConfigResult.DpuModeLabel, err) } ovnConfigResult.SmartNicModeNodes, err = getNodeListByLabel(kubeClient, ovnConfigResult.SmartNicModeLabel) if err != nil { - return nil, fmt.Errorf("Could not get node list with label %s : %w", ovnConfigResult.SmartNicModeLabel, err) + return nil, fmt.Errorf("could not get node list with label %s : %w", ovnConfigResult.SmartNicModeLabel, err) } ovnConfigResult.SmartNicModeLabel, ovnConfigResult.SmartNicModeValue, err = getKeyValueFromLabel(ovnConfigResult.SmartNicModeLabel) if err != nil { - return nil, fmt.Errorf("Could not get key and value from label %s : %w", ovnConfigResult.SmartNicModeLabel, err) + return nil, fmt.Errorf("could not get key and value from label %s : %w", ovnConfigResult.SmartNicModeLabel, err) } // No node shall have any other label set. Each node should be ONLY be DPU, DPU Host, or Smart NIC. found, nodeName := findCommonNode(ovnConfigResult.DpuHostModeNodes, ovnConfigResult.DpuModeNodes, ovnConfigResult.SmartNicModeNodes) if found { - return nil, fmt.Errorf("Node %s has multiple hardware offload labels.", nodeName) + return nil, fmt.Errorf("node %s has multiple hardware offload labels", nodeName) } ovnConfigResult.ConfigOverrides, err = getOVNKubernetesConfigOverrides(kubeClient) if err != nil { - return nil, fmt.Errorf("Could not get OVN Kubernetes config overrides: %w", err) + return nil, fmt.Errorf("could not get OVN Kubernetes config overrides: %w", err) } klog.Infof("OVN configuration is now %+v", ovnConfigResult) @@ -1249,18 +1248,18 @@ func bootstrapOVN(conf *operv1.Network, kubeClient cnoclient.Client, infraStatus clusterConfigLookup := types.NamespacedName{Name: CLUSTER_CONFIG_NAME, Namespace: CLUSTER_CONFIG_NAMESPACE} if err := kubeClient.ClientFor("").CRClient().Get(context.TODO(), clusterConfigLookup, clusterConfig); err != nil { - return nil, fmt.Errorf("Unable to bootstrap OVN, unable to retrieve cluster config: %s", err) + return nil, fmt.Errorf("unable to bootstrap OVN, unable to retrieve cluster config: %s", err) } rcD := replicaCountDecoder{} if err := yaml.Unmarshal([]byte(clusterConfig.Data["install-config"]), &rcD); err != nil { - return nil, fmt.Errorf("Unable to bootstrap OVN, unable to unmarshal install-config: %s", err) + return nil, fmt.Errorf("unable to bootstrap OVN, unable to unmarshal install-config: %s", err) } hc := hypershift.NewHyperShiftConfig() ovnConfigResult, err := bootstrapOVNConfig(conf, kubeClient, hc, infraStatus) if err != nil { - return nil, fmt.Errorf("Unable to bootstrap OVN config, err: %v", err) + return nil, fmt.Errorf("unable to bootstrap OVN config, err: %v", err) } var controlPlaneReplicaCount int @@ -1295,7 +1294,7 @@ func bootstrapOVN(conf *operv1.Network, kubeClient cnoclient.Client, infraStatus nsn = types.NamespacedName{Namespace: namespaceForControlPlane, Name: util.OVN_CONTROL_PLANE} if err := clusterClientForControlPlane.CRClient().Get(context.TODO(), nsn, controlPlaneDeployment); err != nil { if !apierrors.IsNotFound(err) { - return nil, fmt.Errorf("Failed to retrieve %s deployment: %w", util.OVN_CONTROL_PLANE, err) + return nil, fmt.Errorf("failed to retrieve %s deployment: %w", util.OVN_CONTROL_PLANE, err) } else { klog.Infof("%s deployment not running", util.OVN_CONTROL_PLANE) controlPlaneStatus = nil @@ -1324,7 +1323,7 @@ func bootstrapOVN(conf *operv1.Network, kubeClient cnoclient.Client, infraStatus nsn = types.NamespacedName{Namespace: util.OVN_NAMESPACE, Name: util.OVN_NODE} if err := kubeClient.ClientFor("").CRClient().Get(context.TODO(), nsn, nodeDaemonSet); err != nil { if !apierrors.IsNotFound(err) { - return nil, fmt.Errorf("Failed to retrieve existing ovnkube-node DaemonSet: %w", err) + return nil, fmt.Errorf("failed to retrieve existing ovnkube-node DaemonSet: %w", err) } else { nodeStatus = nil klog.Infof("ovnkube-node DaemonSet not running") @@ -1353,7 +1352,7 @@ func bootstrapOVN(conf *operv1.Network, kubeClient cnoclient.Client, infraStatus nsn = types.NamespacedName{Namespace: util.OVN_NAMESPACE, Name: "ovnkube-upgrades-prepuller"} if err := kubeClient.ClientFor("").CRClient().Get(context.TODO(), nsn, prePullerDaemonSet); err != nil { if !apierrors.IsNotFound(err) { - return nil, fmt.Errorf("Failed to retrieve existing prepuller DaemonSet: %w", err) + return nil, fmt.Errorf("failed to retrieve existing prepuller DaemonSet: %w", err) } else { prepullerStatus = nil } @@ -1891,7 +1890,7 @@ func isOVNIPsecNotActiveInDaemonSet(ds *appsv1.DaemonSet) bool { return true } -func isIPSecEnabledInPod(pod v1.PodTemplateSpec, containerName string) bool { +func isIPSecEnabledInPod(pod corev1.PodTemplateSpec, containerName string) bool { for _, container := range pod.Spec.Containers { if container.Name == containerName { for _, c := range container.Lifecycle.PostStart.Exec.Command { @@ -2042,7 +2041,7 @@ func validateOVNKubernetesSubnet(name, subnet string, otherSubnets *iputil.IPPoo } } if err := otherSubnets.Add(*cidr); err != nil { - return fmt.Errorf("Whole or subset of %s CIDR %s is already in use: %s", name, subnet, err) + return fmt.Errorf("whole or subset of %s CIDR %s is already in use: %s", name, subnet, err) } return nil } diff --git a/pkg/network/ovn_kubernetes_test.go b/pkg/network/ovn_kubernetes_test.go index 8109ab1166..de41d07665 100644 --- a/pkg/network/ovn_kubernetes_test.go +++ b/pkg/network/ovn_kubernetes_test.go @@ -1199,20 +1199,20 @@ func TestValidateOVNKubernetesSubnetsIPv4(t *testing.T) { // IPv4 subnet overlap check ovnConfig.V4InternalSubnet = "" ovnConfig.IPv4.InternalJoinSubnet = "10.128.0.0/16" - errExpect("Whole or subset of v4InternalJoinSubnet CIDR 10.128.0.0/16 is already in use: CIDRs 10.128.0.0/15 and 10.128.0.0/16 overlap") + errExpect("whole or subset of v4InternalJoinSubnet CIDR 10.128.0.0/16 is already in use: CIDRs 10.128.0.0/15 and 10.128.0.0/16 overlap") ovnConfig.IPv4.InternalTransitSwitchSubnet = "10.128.0.0/16" - errExpect("Whole or subset of v4InternalTransitSwitchSubnet CIDR 10.128.0.0/16 is already in use: CIDRs 10.128.0.0/15 and 10.128.0.0/16 overlap") + errExpect("whole or subset of v4InternalTransitSwitchSubnet CIDR 10.128.0.0/16 is already in use: CIDRs 10.128.0.0/15 and 10.128.0.0/16 overlap") ovnConfig.GatewayConfig.IPv4.InternalMasqueradeSubnet = "10.128.0.0/16" - errExpect("Whole or subset of v4InternalMasqueradeSubnet CIDR 10.128.0.0/16 is already in use: CIDRs 10.128.0.0/15 and 10.128.0.0/16 overlap") + errExpect("whole or subset of v4InternalMasqueradeSubnet CIDR 10.128.0.0/16 is already in use: CIDRs 10.128.0.0/15 and 10.128.0.0/16 overlap") ovnConfig.IPv4.InternalJoinSubnet = "100.99.0.0/16" ovnConfig.GatewayConfig.IPv4.InternalMasqueradeSubnet = "100.99.0.0/16" - errExpect("Whole or subset of v4InternalMasqueradeSubnet CIDR 100.99.0.0/16 is already in use: CIDRs 100.99.0.0/16 and 100.99.0.0/16 overlap") + errExpect("whole or subset of v4InternalMasqueradeSubnet CIDR 100.99.0.0/16 is already in use: CIDRs 100.99.0.0/16 and 100.99.0.0/16 overlap") ovnConfig.IPv4.InternalJoinSubnet = "100.99.0.0/16" ovnConfig.IPv4.InternalTransitSwitchSubnet = "100.99.0.0/16" - errExpect("Whole or subset of v4InternalTransitSwitchSubnet CIDR 100.99.0.0/16 is already in use: CIDRs 100.99.0.0/16 and 100.99.0.0/16 overlap") + errExpect("whole or subset of v4InternalTransitSwitchSubnet CIDR 100.99.0.0/16 is already in use: CIDRs 100.99.0.0/16 and 100.99.0.0/16 overlap") ovnConfig.IPv4.InternalTransitSwitchSubnet = "100.99.0.0/16" ovnConfig.GatewayConfig.IPv4.InternalMasqueradeSubnet = "100.99.0.0/16" - errExpect("Whole or subset of v4InternalMasqueradeSubnet CIDR 100.99.0.0/16 is already in use: CIDRs 100.99.0.0/16 and 100.99.0.0/16 overlap") + errExpect("whole or subset of v4InternalMasqueradeSubnet CIDR 100.99.0.0/16 is already in use: CIDRs 100.99.0.0/16 and 100.99.0.0/16 overlap") } func TestValidateOVNKubernetesSubnetsIPv6(t *testing.T) { @@ -1282,20 +1282,20 @@ func TestValidateOVNKubernetesSubnetsIPv6(t *testing.T) { // IPv6 subnet overlap check ovnConfig.V6InternalSubnet = "" ovnConfig.IPv6.InternalJoinSubnet = "fd01::/64" - errExpect("Whole or subset of v6InternalJoinSubnet CIDR fd01::/64 is already in use: CIDRs fd01::/48 and fd01::/64 overlap") + errExpect("whole or subset of v6InternalJoinSubnet CIDR fd01::/64 is already in use: CIDRs fd01::/48 and fd01::/64 overlap") ovnConfig.IPv6.InternalTransitSwitchSubnet = "fd01::/64" - errExpect("Whole or subset of v6InternalTransitSwitchSubnet CIDR fd01::/64 is already in use: CIDRs fd01::/48 and fd01::/64 overlap") + errExpect("whole or subset of v6InternalTransitSwitchSubnet CIDR fd01::/64 is already in use: CIDRs fd01::/48 and fd01::/64 overlap") ovnConfig.GatewayConfig.IPv6.InternalMasqueradeSubnet = "fd01::/64" - errExpect("Whole or subset of v6InternalMasqueradeSubnet CIDR fd01::/64 is already in use: CIDRs fd01::/48 and fd01::/64 overlap") + errExpect("whole or subset of v6InternalMasqueradeSubnet CIDR fd01::/64 is already in use: CIDRs fd01::/48 and fd01::/64 overlap") ovnConfig.IPv6.InternalJoinSubnet = "fd69::/111" ovnConfig.GatewayConfig.IPv6.InternalMasqueradeSubnet = "fd69::/111" - errExpect("Whole or subset of v6InternalMasqueradeSubnet CIDR fd69::/111 is already in use: CIDRs fd69::/111 and fd69::/111 overlap") + errExpect("whole or subset of v6InternalMasqueradeSubnet CIDR fd69::/111 is already in use: CIDRs fd69::/111 and fd69::/111 overlap") ovnConfig.IPv6.InternalJoinSubnet = "fd69::/111" ovnConfig.IPv6.InternalTransitSwitchSubnet = "fd69::/111" - errExpect("Whole or subset of v6InternalTransitSwitchSubnet CIDR fd69::/111 is already in use: CIDRs fd69::/111 and fd69::/111 overlap") + errExpect("whole or subset of v6InternalTransitSwitchSubnet CIDR fd69::/111 is already in use: CIDRs fd69::/111 and fd69::/111 overlap") ovnConfig.IPv6.InternalTransitSwitchSubnet = "fd69::/111" ovnConfig.GatewayConfig.IPv6.InternalMasqueradeSubnet = "fd69::/111" - errExpect("Whole or subset of v6InternalMasqueradeSubnet CIDR fd69::/111 is already in use: CIDRs fd69::/111 and fd69::/111 overlap") + errExpect("whole or subset of v6InternalMasqueradeSubnet CIDR fd69::/111 is already in use: CIDRs fd69::/111 and fd69::/111 overlap") } func TestValidateOVNKubernetesDualStack(t *testing.T) { From 4f4c42c357ddb91d160c5fa1e83472fbb0246253 Mon Sep 17 00:00:00 2001 From: Riccardo Ravaioli Date: Mon, 1 Dec 2025 13:25:35 +0100 Subject: [PATCH 03/10] Add support for OVN-Kubernetes no-overlay mode configuration Signed-off-by: Riccardo Ravaioli --- .../ovn-kubernetes/managed/004-config.yaml | 46 + .../self-hosted/004-config.yaml | 23 + ...twork_01_networks-CustomNoUpgrade.crd.yaml | 1147 +++++++++++++++++ ...00_70_network_01_networks-Default.crd.yaml | 1046 +++++++++++++++ ...k_01_networks-DevPreviewNoUpgrade.crd.yaml | 1046 +++++++++++++++ ... 0000_70_network_01_networks-OKD.crd.yaml} | 1 + ..._01_networks-TechPreviewNoUpgrade.crd.yaml | 1147 +++++++++++++++++ pkg/network/ovn_kubernetes.go | 62 + pkg/network/ovn_kubernetes_test.go | 308 ++++- 9 files changed, 4825 insertions(+), 1 deletion(-) create mode 100644 manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml create mode 100644 manifests/0000_70_network_01_networks-Default.crd.yaml create mode 100644 manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml rename manifests/{0000_70_network_01_networks.crd.yaml => 0000_70_network_01_networks-OKD.crd.yaml} (99%) create mode 100644 manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml diff --git a/bindata/network/ovn-kubernetes/managed/004-config.yaml b/bindata/network/ovn-kubernetes/managed/004-config.yaml index 1903f3dc52..a1dff1a82a 100644 --- a/bindata/network/ovn-kubernetes/managed/004-config.yaml +++ b/bindata/network/ovn-kubernetes/managed/004-config.yaml @@ -13,6 +13,9 @@ data: routable-mtu="{{.RoutableMTU}}" {{- end }} cluster-subnets="{{.OVN_cidr}}" + {{- if .DefaultNetworkTransport }} + transport="{{.DefaultNetworkTransport}}" + {{- end }} encap-port="{{.GenevePort}}" enable-lflow-cache=true lflow-cache-limit-kb=1048576 @@ -52,6 +55,26 @@ data: [gateway] mode={{.OVN_GATEWAY_MODE}} nodeport=true +{{- if .NoOverlayEnabled }} + + [no-overlay] + {{- if .NoOverlayOutboundSNAT }} + outbound-snat={{.NoOverlayOutboundSNAT}} + {{- end }} + {{- if .NoOverlayRouting }} + routing={{.NoOverlayRouting}} + {{- end }} +{{- end }} +{{- if .NoOverlayManagedEnabled }} + + [bgp.managed] + {{- if .NoOverlayManagedASNumber }} + as-number={{.NoOverlayManagedASNumber}} + {{- end }} + {{- if .NoOverlayManagedTopology }} + topology={{.NoOverlayManagedTopology}} + {{- end }} +{{- end }} {{- if .OVNHybridOverlayEnable }} [hybridoverlay] @@ -95,6 +118,9 @@ data: routable-mtu="{{.RoutableMTU}}" {{- end }} cluster-subnets="{{.OVN_cidr}}" + {{- if .DefaultNetworkTransport }} + transport="{{.DefaultNetworkTransport}}" + {{- end }} encap-port="{{.GenevePort}}" enable-lflow-cache=true lflow-cache-limit-kb=1048576 @@ -140,6 +166,26 @@ data: [gateway] mode={{.OVN_GATEWAY_MODE}} nodeport=true +{{- if .NoOverlayEnabled }} + + [no-overlay] + {{- if .NoOverlayOutboundSNAT }} + outbound-snat={{.NoOverlayOutboundSNAT}} + {{- end }} + {{- if .NoOverlayRouting }} + routing={{.NoOverlayRouting}} + {{- end }} +{{- end }} +{{- if .NoOverlayManagedEnabled }} + + [bgp.managed] + {{- if .NoOverlayManagedASNumber }} + as-number={{.NoOverlayManagedASNumber}} + {{- end }} + {{- if .NoOverlayManagedTopology }} + topology={{.NoOverlayManagedTopology}} + {{- end }} +{{- end }} {{- if .OVNHybridOverlayEnable }} diff --git a/bindata/network/ovn-kubernetes/self-hosted/004-config.yaml b/bindata/network/ovn-kubernetes/self-hosted/004-config.yaml index 717c3e6877..07130e1ad8 100644 --- a/bindata/network/ovn-kubernetes/self-hosted/004-config.yaml +++ b/bindata/network/ovn-kubernetes/self-hosted/004-config.yaml @@ -13,6 +13,9 @@ data: routable-mtu="{{.RoutableMTU}}" {{- end }} cluster-subnets="{{.OVN_cidr}}" + {{- if .DefaultNetworkTransport }} + transport="{{.DefaultNetworkTransport}}" + {{- end }} encap-port="{{.GenevePort}}" enable-lflow-cache=true lflow-cache-limit-kb=1048576 @@ -62,6 +65,26 @@ data: [gateway] mode={{.OVN_GATEWAY_MODE}} nodeport=true +{{- if .NoOverlayEnabled }} + + [no-overlay] + {{- if .NoOverlayOutboundSNAT }} + outbound-snat={{.NoOverlayOutboundSNAT}} + {{- end }} + {{- if .NoOverlayRouting }} + routing={{.NoOverlayRouting}} + {{- end }} +{{- end }} +{{- if .NoOverlayManagedEnabled }} + + [bgp.managed] + {{- if .NoOverlayManagedASNumber }} + as-number={{.NoOverlayManagedASNumber}} + {{- end }} + {{- if .NoOverlayManagedTopology }} + topology={{.NoOverlayManagedTopology}} + {{- end }} +{{- end }} [logging] libovsdblogfile=/var/log/ovnkube/libovsdb.log diff --git a/manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml b/manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml new file mode 100644 index 0000000000..5b0592cc17 --- /dev/null +++ b/manifests/0000_70_network_01_networks-CustomNoUpgrade.crd.yaml @@ -0,0 +1,1147 @@ +# This file is automatically generated. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: CustomNoUpgrade + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: simpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: ipamConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: staticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: address is the IP address in + CIDR format + type: string + gateway: + description: gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: dns configures DNS for the interface + properties: + domain: + description: domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: destination points the IP route + destination + type: string + gateway: + description: |- + gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openshiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + bgpManagedConfig: + description: |- + bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) + in no-overlay mode that specify routing="Managed" in their NoOverlayOptions. + It is required when DefaultNetworkNoOverlayOptions.Routing is set to "Managed". + When omitted, this means the user does not configure BGP for managed routing. + properties: + asNumber: + default: 64512 + description: |- + asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) + to be used in the generated FRR configuration. + Valid values are 1 to 4294967295. + When omitted, this defaults to 64512. + format: int64 + maximum: 4294967295 + minimum: 1 + type: integer + bgpTopology: + description: |- + bgpTopology defines the BGP topology to be used. + Allowed values are "FullMesh". + When set to "FullMesh", every node deploys a BGP router, forming a BGP full mesh. + This field is required when BGPManagedConfig is specified. + enum: + - FullMesh + type: string + required: + - bgpTopology + type: object + x-kubernetes-validations: + - message: bgpManagedConfig field is immutable + rule: self == oldSelf + defaultNetworkNoOverlayOptions: + description: |- + defaultNetworkNoOverlayOptions contains configuration for no-overlay mode for the default network. + It is required when DefaultNetworkTransport is "NoOverlay". + When omitted, this means the user does not configure no-overlay mode options. + properties: + outboundSNAT: + description: |- + outboundSNAT defines the SNAT behavior for outbound traffic from pods. + Allowed values are "Enabled" and "Disabled". + When set to "Enabled", SNAT is performed on outbound traffic from pods. + When set to "Disabled", SNAT is not performed and pod IPs are preserved in outbound traffic. + This field is required when the network operates in no-overlay mode. + enum: + - Enabled + - Disabled + type: string + routing: + description: |- + routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. + Allowed values are "Managed" and "Unmanaged". + When set to "Managed", OVN-Kubernetes manages the pod network routing configuration through BGP. + When set to "Unmanaged", users are responsible for configuring the pod network routing. + This field is required when the network operates in no-overlay mode. + enum: + - Managed + - Unmanaged + type: string + required: + - outboundSNAT + - routing + type: object + x-kubernetes-validations: + - message: defaultNetworkNoOverlayOptions is immutable once + set + optionalOldSelf: true + rule: '!oldSelf.hasValue() || self == oldSelf.value()' + defaultNetworkTransport: + description: |- + defaultNetworkTransport describes the transport protocol for east-west traffic for the default network. + Allowed values are "NoOverlay" and "Geneve". + When set to "NoOverlay", the default network operates in no-overlay mode. + When set to "Geneve", the default network uses Geneve overlay. + When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. + The current default is "Geneve". + enum: + - NoOverlay + - Geneve + type: string + x-kubernetes-validations: + - message: defaultNetworkTransport is immutable once set + rule: oldSelf == '' || self == oldSelf + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.0.0/17 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/112 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + hybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: hybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + full: + description: |- + full defines configuration parameters for the IPsec `Full` mode. + This is permitted only when mode is configured with `Full`, + and forbidden otherwise. + minProperties: 1 + properties: + encapsulation: + description: |- + encapsulation option to configure libreswan on how inter-pod traffic across nodes + are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 + for the encapsulation. + Valid values are Always, Auto and omitted. + Always means enable UDP encapsulation regardless of whether NAT is detected. + Auto means enable UDP encapsulation based on the detection of NAT. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is Auto. + enum: + - Always + - Auto + type: string + type: object + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + - message: full is forbidden when mode is not Full + rule: 'has(self.mode) && self.mode == ''Full'' ? true : + !has(self.full)' + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default value is fd98::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is fd98::/64 + type: string + type: object + x-kubernetes-validations: + - message: defaultNetworkNoOverlayOptions is required when defaultNetworkTransport + is NoOverlay + rule: '!has(self.defaultNetworkTransport) || self.defaultNetworkTransport + != ''NoOverlay'' || has(self.defaultNetworkNoOverlayOptions)' + - message: bgpManagedConfig is required when defaultNetworkNoOverlayOptions.routing + is Managed + rule: '!has(self.defaultNetworkNoOverlayOptions) || self.defaultNetworkNoOverlayOptions.routing + != ''Managed'' || has(self.bgpManagedConfig)' + - message: defaultNetworkTransport cannot be removed once set + to a non-empty value + rule: '!has(oldSelf.defaultNetworkTransport) || oldSelf.defaultNetworkTransport + == '''' || has(self.defaultNetworkTransport)' + - message: defaultNetworkNoOverlayOptions cannot be removed once + set + rule: '!has(oldSelf.defaultNetworkNoOverlayOptions) || has(self.defaultNetworkNoOverlayOptions)' + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. + disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, + that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, + but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/manifests/0000_70_network_01_networks-Default.crd.yaml b/manifests/0000_70_network_01_networks-Default.crd.yaml new file mode 100644 index 0000000000..f26334ccad --- /dev/null +++ b/manifests/0000_70_network_01_networks-Default.crd.yaml @@ -0,0 +1,1046 @@ +# This file is automatically generated. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: Default + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: simpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: ipamConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: staticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: address is the IP address in + CIDR format + type: string + gateway: + description: gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: dns configures DNS for the interface + properties: + domain: + description: domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: destination points the IP route + destination + type: string + gateway: + description: |- + gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openshiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.0.0/17 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/112 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + hybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: hybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + full: + description: |- + full defines configuration parameters for the IPsec `Full` mode. + This is permitted only when mode is configured with `Full`, + and forbidden otherwise. + minProperties: 1 + properties: + encapsulation: + description: |- + encapsulation option to configure libreswan on how inter-pod traffic across nodes + are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 + for the encapsulation. + Valid values are Always, Auto and omitted. + Always means enable UDP encapsulation regardless of whether NAT is detected. + Auto means enable UDP encapsulation based on the detection of NAT. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is Auto. + enum: + - Always + - Auto + type: string + type: object + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + - message: full is forbidden when mode is not Full + rule: 'has(self.mode) && self.mode == ''Full'' ? true : + !has(self.full)' + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default value is fd98::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is fd98::/64 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. + disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, + that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, + but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml b/manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 0000000000..56f17edb8b --- /dev/null +++ b/manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,1046 @@ +# This file is automatically generated. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: simpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: ipamConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: staticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: address is the IP address in + CIDR format + type: string + gateway: + description: gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: dns configures DNS for the interface + properties: + domain: + description: domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: destination points the IP route + destination + type: string + gateway: + description: |- + gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openshiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.0.0/17 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/112 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + hybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: hybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + full: + description: |- + full defines configuration parameters for the IPsec `Full` mode. + This is permitted only when mode is configured with `Full`, + and forbidden otherwise. + minProperties: 1 + properties: + encapsulation: + description: |- + encapsulation option to configure libreswan on how inter-pod traffic across nodes + are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 + for the encapsulation. + Valid values are Always, Auto and omitted. + Always means enable UDP encapsulation regardless of whether NAT is detected. + Auto means enable UDP encapsulation based on the detection of NAT. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is Auto. + enum: + - Always + - Auto + type: string + type: object + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + - message: full is forbidden when mode is not Full + rule: 'has(self.mode) && self.mode == ''Full'' ? true : + !has(self.full)' + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default value is fd98::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is fd98::/64 + type: string + type: object + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. + disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, + that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, + but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/manifests/0000_70_network_01_networks.crd.yaml b/manifests/0000_70_network_01_networks-OKD.crd.yaml similarity index 99% rename from manifests/0000_70_network_01_networks.crd.yaml rename to manifests/0000_70_network_01_networks-OKD.crd.yaml index 2ba73154b4..94efe19334 100644 --- a/manifests/0000_70_network_01_networks.crd.yaml +++ b/manifests/0000_70_network_01_networks-OKD.crd.yaml @@ -7,6 +7,7 @@ metadata: api.openshift.io/merged-by-featuregates: "true" include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: OKD name: networks.operator.openshift.io spec: group: operator.openshift.io diff --git a/manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml b/manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 0000000000..2013a0f03b --- /dev/null +++ b/manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,1147 @@ +# This file is automatically generated. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/475 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + name: networks.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + Network describes the cluster's desired network configuration. It is + consumed by the cluster-network-operator. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + properties: + additionalNetworks: + description: |- + additionalNetworks is a list of extra networks to make available to pods + when multiple networks are enabled. + items: + description: |- + AdditionalNetworkDefinition configures an extra network that is available but not + created by default. Instead, pods must request them by name. + type must be specified, along with exactly one "Config" that matches the type. + properties: + name: + description: |- + name is the name of the network. This will be populated in the resulting CRD + This must be unique. + type: string + namespace: + description: |- + namespace is the namespace of the network. This will be populated in the resulting CRD + If not given the network will be created in the default namespace. + type: string + rawCNIConfig: + description: |- + rawCNIConfig is the raw CNI configuration json to create in the + NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: simpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + properties: + ipamConfig: + description: ipamConfig configures IPAM module will be used + for IP Address Management (IPAM). + properties: + staticIPAMConfig: + description: staticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + properties: + addresses: + description: addresses configures IP address for + the interface + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + properties: + address: + description: address is the IP address in + CIDR format + type: string + gateway: + description: gateway is IP inside of subnet + to designate as the gateway + type: string + type: object + type: array + x-kubernetes-list-type: atomic + dns: + description: dns configures DNS for the interface + properties: + domain: + description: domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: nameservers points DNS servers + for IP lookup + items: + type: string + type: array + x-kubernetes-list-type: atomic + search: + description: search configures priority ordered + search domains for short hostname lookups + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + routes: + description: routes configures IP routes for the + interface + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + properties: + destination: + description: destination points the IP route + destination + type: string + gateway: + description: |- + gateway is the route's next-hop IP address + If unset, a default gateway is assumed (as determined by the CNI plugin). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: + description: |- + type is the type of IPAM module will be used for IP Address Management(IPAM). + The supported values are IPAMTypeDHCP, IPAMTypeStatic + type: string + type: object + master: + description: |- + master is the host interface to create the macvlan interface from. + If not specified, it will be default route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: |- + mtu is the mtu to use for the macvlan interface. if unset, host's + kernel will select the value. + format: int32 + minimum: 0 + type: integer + type: object + type: + description: |- + type is the type of network + The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + additionalRoutingCapabilities: + description: |- + additionalRoutingCapabilities describes components and relevant + configuration providing additional routing capabilities. When set, it + enables such components and the usage of the routing capabilities they + provide for the machine network. Upstream operators, like MetalLB + operator, requiring these capabilities may rely on, or automatically set + this attribute. Network plugins may leverage advanced routing + capabilities acquired through the enablement of these components but may + require specific configuration on their side to do so; refer to their + respective documentation and configuration options. + properties: + providers: + description: |- + providers is a set of enabled components that provide additional routing + capabilities. Entries on this list must be unique. The only valid value + is currrently "FRR" which provides FRR routing capabilities through the + deployment of FRR. + items: + description: RoutingCapabilitiesProvider is a component providing + routing capabilities. + enum: + - FRR + type: string + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - rule: self.all(x, self.exists_one(y, x == y)) + required: + - providers + type: object + clusterNetwork: + description: |- + clusterNetwork is the IP address pool to use for pod IPs. + Some network providers support multiple ClusterNetworks. + Others only support one. This is equivalent to the cluster-cidr. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive + properties: + openshiftSDNConfig: + description: |- + openshiftSDNConfig was previously used to configure the openshift-sdn plugin. + DEPRECATED: OpenShift SDN is no longer supported. + properties: + enableUnidling: + description: |- + enableUnidling controls whether or not the service proxy will support idling + and unidling of services. By default, unidling is enabled. + type: boolean + mode: + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" + type: string + mtu: + description: |- + mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. + This must be 50 bytes smaller than the machine's uplink. + format: int32 + minimum: 0 + type: integer + useExternalOpenvswitch: + description: |- + useExternalOpenvswitch used to control whether the operator would deploy an OVS + DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always + run as a system service, and this flag is ignored. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + format: int32 + minimum: 0 + type: integer + type: object + ovnKubernetesConfig: + description: ovnKubernetesConfig configures the ovn-kubernetes + plugin. + properties: + bgpManagedConfig: + description: |- + bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) + in no-overlay mode that specify routing="Managed" in their NoOverlayOptions. + It is required when DefaultNetworkNoOverlayOptions.Routing is set to "Managed". + When omitted, this means the user does not configure BGP for managed routing. + properties: + asNumber: + default: 64512 + description: |- + asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) + to be used in the generated FRR configuration. + Valid values are 1 to 4294967295. + When omitted, this defaults to 64512. + format: int64 + maximum: 4294967295 + minimum: 1 + type: integer + bgpTopology: + description: |- + bgpTopology defines the BGP topology to be used. + Allowed values are "FullMesh". + When set to "FullMesh", every node deploys a BGP router, forming a BGP full mesh. + This field is required when BGPManagedConfig is specified. + enum: + - FullMesh + type: string + required: + - bgpTopology + type: object + x-kubernetes-validations: + - message: bgpManagedConfig field is immutable + rule: self == oldSelf + defaultNetworkNoOverlayOptions: + description: |- + defaultNetworkNoOverlayOptions contains configuration for no-overlay mode for the default network. + It is required when DefaultNetworkTransport is "NoOverlay". + When omitted, this means the user does not configure no-overlay mode options. + properties: + outboundSNAT: + description: |- + outboundSNAT defines the SNAT behavior for outbound traffic from pods. + Allowed values are "Enabled" and "Disabled". + When set to "Enabled", SNAT is performed on outbound traffic from pods. + When set to "Disabled", SNAT is not performed and pod IPs are preserved in outbound traffic. + This field is required when the network operates in no-overlay mode. + enum: + - Enabled + - Disabled + type: string + routing: + description: |- + routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. + Allowed values are "Managed" and "Unmanaged". + When set to "Managed", OVN-Kubernetes manages the pod network routing configuration through BGP. + When set to "Unmanaged", users are responsible for configuring the pod network routing. + This field is required when the network operates in no-overlay mode. + enum: + - Managed + - Unmanaged + type: string + required: + - outboundSNAT + - routing + type: object + x-kubernetes-validations: + - message: defaultNetworkNoOverlayOptions is immutable once + set + optionalOldSelf: true + rule: '!oldSelf.hasValue() || self == oldSelf.value()' + defaultNetworkTransport: + description: |- + defaultNetworkTransport describes the transport protocol for east-west traffic for the default network. + Allowed values are "NoOverlay" and "Geneve". + When set to "NoOverlay", the default network operates in no-overlay mode. + When set to "Geneve", the default network uses Geneve overlay. + When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. + The current default is "Geneve". + enum: + - NoOverlay + - Geneve + type: string + x-kubernetes-validations: + - message: defaultNetworkTransport is immutable once set + rule: oldSelf == '' || self == oldSelf + egressIPConfig: + description: egressIPConfig holds the configuration for EgressIP + options. + properties: + reachabilityTotalTimeoutSeconds: + description: |- + reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. + If the EgressIP node cannot be reached within this timeout, the node is declared down. + Setting a large value may cause the EgressIP feature to react slowly to node changes. + In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is 1 second. + A value of 0 disables the EgressIP node's reachability check. + format: int32 + maximum: 60 + minimum: 0 + type: integer + type: object + gatewayConfig: + description: gatewayConfig holds the configuration for node + gateway options. + properties: + ipForwarding: + description: |- + ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). + By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other + IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across + OVN-Kubernetes managed interfaces, then set this field to "Global". + The supported values are "Restricted" and "Global". + type: string + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv4 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /29). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is 169.254.0.0/17 + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 4 + - message: subnet must be in the range /0 to /29 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 29 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > + 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default + configuration is used. Check individual members fields within ipv6 for details of default values. + properties: + internalMasqueradeSubnet: + description: |- + internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by + ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these + addresses, as well as the shared gateway bridge interface. The values can be changed after + installation. The subnet chosen should not overlap with other networks specified for + OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must + be large enough to accommodate 6 IPs (maximum prefix length /125). + When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. + The current default subnet is fd69::/112 + Note that IPV6 dual addresses are not permitted + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == + 6 + - message: subnet must be in the range /0 to /125 + inclusive + rule: isCIDR(self) && cidr(self).prefixLength() + <= 125 + type: object + routingViaHost: + default: false + description: |- + routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port + into the host before sending it out. If this is not set, traffic will always egress directly + from OVN to outside without touching the host stack. Setting this to true means hardware + offload will not be supported. Default is false if GatewayConfig is specified. + type: boolean + type: object + genevePort: + description: |- + geneve port is the UDP port to be used by geneve encapulation. + Default is 6081 + format: int32 + minimum: 1 + type: integer + hybridOverlayConfig: + description: |- + hybridOverlayConfig configures an additional overlay network for peers that are + not using OVN. + properties: + hybridClusterNetwork: + description: hybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + items: + description: |- + ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size + HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If + the HostPrefix field is not used by the plugin, it can be left unset. + Not all network providers support multiple ClusterNetworks + properties: + cidr: + type: string + hostPrefix: + format: int32 + minimum: 0 + type: integer + type: object + type: array + x-kubernetes-list-type: atomic + hybridOverlayVXLANPort: + description: |- + hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. + Default is 4789 + format: int32 + type: integer + type: object + ipsecConfig: + default: + mode: Disabled + description: |- + ipsecConfig enables and configures IPsec for pods on the pod network within the + cluster. + properties: + full: + description: |- + full defines configuration parameters for the IPsec `Full` mode. + This is permitted only when mode is configured with `Full`, + and forbidden otherwise. + minProperties: 1 + properties: + encapsulation: + description: |- + encapsulation option to configure libreswan on how inter-pod traffic across nodes + are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 + for the encapsulation. + Valid values are Always, Auto and omitted. + Always means enable UDP encapsulation regardless of whether NAT is detected. + Auto means enable UDP encapsulation based on the detection of NAT. + When omitted, this means no opinion and the platform is left to choose a reasonable + default, which is subject to change over time. The current default is Auto. + enum: + - Always + - Auto + type: string + type: object + mode: + description: |- + mode defines the behaviour of the ipsec configuration within the platform. + Valid values are `Disabled`, `External` and `Full`. + When 'Disabled', ipsec will not be enabled at the node level. + When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. + This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. + When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. + Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), + this is left to the user to configure. + enum: + - Disabled + - External + - Full + type: string + type: object + x-kubernetes-validations: + - message: ipsecConfig.mode is required + rule: self == oldSelf || has(self.mode) + - message: full is forbidden when mode is not Full + rule: 'has(self.mode) && self.mode == ''Full'' ? true : + !has(self.full)' + ipv4: + description: |- + ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The current default value is 100.64.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The current default subnet is 100.88.0.0/16 + The subnet must be large enough to accommodate one IP per node in your cluster + The value must be in proper IPV4 CIDR format + maxLength: 18 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && int(self.split('.')[0]) > 0 + type: object + ipv6: + description: |- + ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + this means no opinions and the default configuration is used. Check individual + fields within ipv4 for details of default values. + properties: + internalJoinSubnet: + description: |- + internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default value is fd98::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + internalTransitSwitchSubnet: + description: |- + internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + architecture that connects the cluster routers on each node together to enable + east west traffic. The subnet chosen should not overlap with other networks + specified for OVN-Kubernetes as well as other networks used on the host. + When ommitted, this means no opinion and the platform is left to choose a reasonable + default which is subject to change over time. + The subnet must be large enough to accommodate one IP per node in your cluster + The current default subnet is fd97::/64 + The value must be in proper IPV6 CIDR format + Note that IPV6 dual addresses are not permitted + maxLength: 48 + type: string + x-kubernetes-validations: + - message: Subnet must be in valid IPV6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 + type: object + mtu: + description: |- + mtu is the MTU to use for the tunnel interface. This must be 100 + bytes smaller than the uplink mtu. + Default is 1400 + format: int32 + minimum: 0 + type: integer + policyAuditConfig: + description: |- + policyAuditConfig is the configuration for network policy audit events. If unset, + reported defaults are used. + properties: + destination: + default: "null" + description: |- + destination is the location for policy log messages. + Regardless of this config, persistent logs will always be dumped to the host + at /var/log/ovn/ however + Additionally syslog output may be configured as follows. + Valid values are: + - "libc" -> to use the libc syslog() function of the host node's journdald process + - "udp:host:port" -> for sending syslog over UDP + - "unix:file" -> for using the UNIX domain socket directly + - "null" -> to discard all messages logged to syslog + The default is "null" + type: string + maxFileSize: + default: 50 + description: |- + maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs + Units are in MB and the Default is 50MB + format: int32 + minimum: 1 + type: integer + maxLogFiles: + default: 5 + description: maxLogFiles specifies the maximum number + of ACL_audit log files that can be present. + format: int32 + minimum: 1 + type: integer + rateLimit: + default: 20 + description: |- + rateLimit is the approximate maximum number of messages to generate per-second per-node. If + unset the default of 20 msg/sec is used. + format: int32 + minimum: 1 + type: integer + syslogFacility: + default: local0 + description: syslogFacility the RFC5424 facility for generated + messages, e.g. "kern". Default is "local0" + type: string + type: object + routeAdvertisements: + description: |- + routeAdvertisements determines if the functionality to advertise cluster + network routes through a dynamic routing protocol, such as BGP, is + enabled or not. This functionality is configured through the + ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing + capability provider to be enabled as an additional routing capability. + Allowed values are "Enabled", "Disabled" and ommited. When omitted, this + means the user has no opinion and the platform is left to choose + reasonable defaults. These defaults are subject to change over time. The + current default is "Disabled". + enum: + - "" + - Enabled + - Disabled + type: string + v4InternalSubnet: + description: |- + v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is 100.64.0.0/16 + type: string + v6InternalSubnet: + description: |- + v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the + default one is being already used by something else. It must not overlap with + any other subnet being used by OpenShift or by the node network. The size of the + subnet must be larger than the number of nodes. + Default is fd98::/64 + type: string + type: object + x-kubernetes-validations: + - message: defaultNetworkNoOverlayOptions is required when defaultNetworkTransport + is NoOverlay + rule: '!has(self.defaultNetworkTransport) || self.defaultNetworkTransport + != ''NoOverlay'' || has(self.defaultNetworkNoOverlayOptions)' + - message: bgpManagedConfig is required when defaultNetworkNoOverlayOptions.routing + is Managed + rule: '!has(self.defaultNetworkNoOverlayOptions) || self.defaultNetworkNoOverlayOptions.routing + != ''Managed'' || has(self.bgpManagedConfig)' + - message: defaultNetworkTransport cannot be removed once set + to a non-empty value + rule: '!has(oldSelf.defaultNetworkTransport) || oldSelf.defaultNetworkTransport + == '''' || has(self.defaultNetworkTransport)' + - message: defaultNetworkNoOverlayOptions cannot be removed once + set + rule: '!has(oldSelf.defaultNetworkNoOverlayOptions) || has(self.defaultNetworkNoOverlayOptions)' + type: + description: |- + type is the type of network + All NetworkTypes are supported except for NetworkTypeRaw + type: string + type: object + deployKubeProxy: + description: |- + deployKubeProxy specifies whether or not a standalone kube-proxy should + be deployed by the operator. Some network providers include kube-proxy + or similar functionality. If unset, the plugin will attempt to select + the correct value, which is false when ovn-kubernetes is used and true + otherwise. + type: boolean + disableMultiNetwork: + description: |- + disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. + disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, + that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, + but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect. + type: boolean + disableNetworkDiagnostics: + default: false + description: |- + disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck + CRs from a test pod to every node, apiserver and LB should be disabled or not. + If unset, this property defaults to 'false' and network diagnostics is enabled. + Setting this to 'true' would reduce the additional load of the pods performing the checks. + type: boolean + exportNetworkFlows: + description: |- + exportNetworkFlows enables and configures the export of network flow metadata from the pod network + by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. + If unset, flows will not be exported to any collector. + properties: + ipfix: + description: ipfix defines IPFIX configuration. + properties: + collectors: + description: ipfixCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + netFlow: + description: netFlow defines the NetFlow configuration. + properties: + collectors: + description: |- + netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. + It is a list of strings formatted as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + sFlow: + description: sFlow defines the SFlow configuration. + properties: + collectors: + description: sFlowCollectors is list of strings formatted + as ip:port with a maximum of ten items + items: + pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ + type: string + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + type: object + type: object + kubeProxyConfig: + description: |- + kubeProxyConfig lets us configure desired proxy configuration, if + deployKubeProxy is true. If not specified, sensible defaults will be chosen by + OpenShift directly. + properties: + bindAddress: + description: |- + The address to "bind" on + Defaults to 0.0.0.0 + type: string + iptablesSyncPeriod: + description: |- + An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted + in large clusters for performance reasons, but this is no longer necessary, and there is no reason + to change this from the default value. + Default: 30s + type: string + proxyArguments: + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + items: + type: string + type: array + x-kubernetes-list-type: atomic + description: Any additional arguments to pass to the kubeproxy + process + type: object + type: object + logLevel: + default: Normal + description: |- + logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for their operands. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + migration: + description: |- + migration enables and configures cluster network migration, for network changes + that cannot be made instantly. + properties: + features: + description: |- + features was previously used to configure which network plugin features + would be migrated in a network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + properties: + egressFirewall: + default: true + description: |- + egressFirewall specified whether or not the Egress Firewall configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + egressIP: + default: true + description: |- + egressIP specified whether or not the Egress IP configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + multicast: + default: true + description: |- + multicast specified whether or not the multicast configuration was migrated. + DEPRECATED: network type migration is no longer supported. + type: boolean + type: object + mode: + description: |- + mode indicates the mode of network type migration. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + enum: + - Live + - Offline + - "" + type: string + mtu: + description: |- + mtu contains the MTU migration configuration. Set this to allow changing + the MTU values for the default network. If unset, the operation of + changing the MTU for the default network will be rejected. + properties: + machine: + description: |- + machine contains MTU migration configuration for the machine's uplink. + Needs to be migrated along with the default network MTU unless the + current uplink MTU already accommodates the default network MTU. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + network: + description: |- + network contains information about MTU migration for the default network. + Migrations are only allowed to MTU values lower than the machine's uplink + MTU by the minimum appropriate offset. + properties: + from: + description: from is the MTU to migrate from. + format: int32 + minimum: 0 + type: integer + to: + description: to is the MTU to migrate to. + format: int32 + minimum: 0 + type: integer + type: object + type: object + networkType: + description: |- + networkType was previously used when changing the default network type. + DEPRECATED: network type migration is no longer supported, and setting + this to a non-empty value will result in the network operator rejecting + the configuration. + type: string + type: object + x-kubernetes-validations: + - message: networkType migration in mode other than 'Live' may not + be configured at the same time as mtu migration + rule: '!has(self.mtu) || !has(self.networkType) || self.networkType + == "" || has(self.mode) && self.mode == ''Live''' + observedConfig: + description: |- + observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + default: Normal + description: |- + operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a + simple way to manage coarse grained logging choices that operators have to interpret for themselves. + + Valid values are: "Normal", "Debug", "Trace", "TraceAll". + Defaults to "Normal". + enum: + - "" + - Normal + - Debug + - Trace + - TraceAll + type: string + serviceNetwork: + description: |- + serviceNetwork is the ip address pool to use for Service IPs + Currently, all existing network providers only support a single value + here, but this is an array to allow for growth. + items: + type: string + type: array + x-kubernetes-list-type: atomic + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides overrides the final configuration that was computed by the operator. + Red Hat does not support the use of this field. + Misuse of this field could lead to unexpected behavior or conflict with other configuration options. + Seek guidance from the Red Hat support before using this field. + Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + useMultiNetworkPolicy: + description: |- + useMultiNetworkPolicy enables a controller which allows for + MultiNetworkPolicy objects to be used on additional networks as + created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy + objects, but NetworkPolicy objects only apply to the primary interface. + With MultiNetworkPolicy, you can control the traffic that a pod can receive + over the secondary interfaces. If unset, this property defaults to 'false' + and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is + 'true' then the value of this field is ignored. + type: boolean + type: object + x-kubernetes-validations: + - message: Route advertisements cannot be Enabled if 'FRR' routing capability + provider is not available + rule: (has(self.additionalRoutingCapabilities) && ('FRR' in self.additionalRoutingCapabilities.providers)) + || !has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements) + || self.defaultNetwork.ovnKubernetesConfig.routeAdvertisements != + 'Enabled' + - message: invalid value for IPForwarding, valid values are 'Restricted' + or 'Global' + rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) + || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || + !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding + == ''Global''' + status: + description: |- + NetworkStatus is detailed operator status, which is distilled + up to the Network clusteroperator object. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + required: + - group + - name + - namespace + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - group + - resource + - namespace + - name + x-kubernetes-list-type: map + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + x-kubernetes-validations: + - message: must only increase + rule: self >= oldSelf + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/network/ovn_kubernetes.go b/pkg/network/ovn_kubernetes.go index 906202ecf6..ff72e2b27d 100644 --- a/pkg/network/ovn_kubernetes.go +++ b/pkg/network/ovn_kubernetes.go @@ -13,6 +13,7 @@ import ( "os" "path/filepath" "reflect" + "slices" "strconv" "strings" "time" @@ -333,6 +334,57 @@ func renderOVNKubernetes(conf *operv1.NetworkSpec, bootstrapResult *bootstrap.Bo data.Data["IP_FORWARDING_MODE"] = c.GatewayConfig.IPForwarding } + // No-overlay mode configuration + // The NoOverlayMode feature gate enables no-overlay networking for both the default network + // and CUDNs (Cluster User-Defined Networks). BGP managed configuration is cluster-wide and + // applies to any network using no-overlay mode with managed routing. + data.Data["DefaultNetworkTransport"] = "" + data.Data["NoOverlayEnabled"] = false + data.Data["NoOverlayOutboundSNAT"] = "" + data.Data["NoOverlayRouting"] = "" + data.Data["NoOverlayManagedEnabled"] = false + data.Data["NoOverlayManagedASNumber"] = "" + data.Data["NoOverlayManagedTopology"] = "" + + noOverlayFeatureEnabled := isFeatureGateEnabled(featureGates, apifeatures.FeatureGateNoOverlayMode) + + if noOverlayFeatureEnabled && c.DefaultNetworkTransport == operv1.TransportOptionNoOverlay { + data.Data["DefaultNetworkTransport"] = "no-overlay" + data.Data["NoOverlayEnabled"] = true + + // No-overlay specific options for the default network + if c.DefaultNetworkNoOverlayOptions.OutboundSNAT != "" { + // Convert API value (e.g., "Enabled") to lowercase for ovn-kubernetes config ("enable", "disabled") + data.Data["NoOverlayOutboundSNAT"] = strings.ToLower(string(c.DefaultNetworkNoOverlayOptions.OutboundSNAT)) + } + if c.DefaultNetworkNoOverlayOptions.Routing != "" { + // Convert API value (e.g., "Managed") to lowercase for ovn-kubernetes config ("managed", "unmanaged") + data.Data["NoOverlayRouting"] = strings.ToLower(string(c.DefaultNetworkNoOverlayOptions.Routing)) + } + } + + // BGP managed configuration is cluster-wide and applies to any network (default or CUDN) + // using no-overlay mode with managed routing. + // BGPTopology is required when BGPManagedConfig is specified. + if noOverlayFeatureEnabled && c.BGPManagedConfig.BGPTopology != "" { + data.Data["NoOverlayManagedEnabled"] = true + klog.V(2).Infof("BGP managed configuration enabled for no-overlay mode") + + // ASNumber is optional, will have a default if not set + if c.BGPManagedConfig.ASNumber > 0 { + data.Data["NoOverlayManagedASNumber"] = c.BGPManagedConfig.ASNumber + } + + var topology string + switch c.BGPManagedConfig.BGPTopology { + case operv1.BGPTopologyFullMesh: + topology = "full-mesh" + default: + return nil, progressing, fmt.Errorf("unsupported BGP topology: %s", c.BGPManagedConfig.BGPTopology) + } + data.Data["NoOverlayManagedTopology"] = topology + } + // leverage feature gates data.Data["OVN_ADMIN_NETWORK_POLICY_ENABLE"] = featureGates.Enabled(apifeatures.FeatureGateAdminNetworkPolicy) data.Data["DNS_NAME_RESOLVER_ENABLE"] = featureGates.Enabled(apifeatures.FeatureGateDNSNameResolver) @@ -2140,3 +2192,13 @@ func getOVNKubernetesConfigOverrides(client cnoclient.Client) (map[string]string } return configMap.Data, nil } + +// isFeatureGateEnabled safely checks if a feature gate is enabled. +// It returns false if the feature gate is not known (not registered in the cluster's feature gates) +// to avoid panics from calling Enabled() on unknown feature gates. +func isFeatureGateEnabled(fg featuregates.FeatureGate, name configv1.FeatureGateName) bool { + if !slices.Contains(fg.KnownFeatures(), name) { + return false + } + return fg.Enabled(name) +} diff --git a/pkg/network/ovn_kubernetes_test.go b/pkg/network/ovn_kubernetes_test.go index de41d07665..cfd13cc43c 100644 --- a/pkg/network/ovn_kubernetes_test.go +++ b/pkg/network/ovn_kubernetes_test.go @@ -76,7 +76,7 @@ var manifestDirOvn = "../../bindata" func getDefaultFeatureGates() featuregates.FeatureGate { return featuregates.NewFeatureGate( []configv1.FeatureGateName{apifeatures.FeatureGateAdminNetworkPolicy, apifeatures.FeatureGateDNSNameResolver, - apifeatures.FeatureGateNetworkSegmentation, apifeatures.FeatureGateOVNObservability}, + apifeatures.FeatureGateNetworkSegmentation, apifeatures.FeatureGateOVNObservability, apifeatures.FeatureGateNoOverlayMode}, []configv1.FeatureGateName{ apifeatures.FeatureGatePreconfiguredUDNAddresses, }, @@ -932,6 +932,7 @@ logfile-maxage=0`, apifeatures.FeatureGateNetworkSegmentation, apifeatures.FeatureGateOVNObservability, apifeatures.FeatureGatePreconfiguredUDNAddresses, + apifeatures.FeatureGateNoOverlayMode, } s := sets.New[configv1.FeatureGateName](tc.enabledFeatureGates...) enabled := []configv1.FeatureGateName{} @@ -1044,6 +1045,9 @@ func TestFillOVNKubernetesDefaults(t *testing.T) { OVNKubernetesConfig: &operv1.OVNKubernetesConfig{ MTU: ptrToUint32(8900), GenevePort: ptrToUint32(6081), + // Note: DefaultNetworkTransport is not set by fillOVNKubernetesDefaults + // When NoOverlayMode feature gate is disabled, the CRD doesn't have this field + // When enabled, the CRD itself provides the default PolicyAuditConfig: &operv1.PolicyAuditConfig{ RateLimit: ptrToUint32(20), MaxFileSize: ptrToUint32(50), @@ -1085,6 +1089,7 @@ func TestFillOVNKubernetesDefaultsIPsec(t *testing.T) { MTU: ptrToUint32(8854), GenevePort: ptrToUint32(8061), IPsecConfig: &operv1.IPsecConfig{Mode: operv1.IPsecModeFull}, + // Note: DefaultNetworkTransport is not set by fillOVNKubernetesDefaults PolicyAuditConfig: &operv1.PolicyAuditConfig{ RateLimit: ptrToUint32(20), MaxFileSize: ptrToUint32(50), @@ -3827,6 +3832,7 @@ func TestRenderOVNKubernetesEnablePersistentIPs(t *testing.T) { apifeatures.FeatureGateDNSNameResolver, apifeatures.FeatureGateNetworkSegmentation, apifeatures.FeatureGateOVNObservability, + apifeatures.FeatureGateNoOverlayMode, }, []configv1.FeatureGateName{ apifeatures.FeatureGatePreconfiguredUDNAddresses, @@ -4102,6 +4108,7 @@ func Test_renderOVNKubernetes(t *testing.T) { apifeatures.FeatureGateNetworkSegmentation, apifeatures.FeatureGateOVNObservability, apifeatures.FeatureGatePreconfiguredUDNAddresses, + apifeatures.FeatureGateNoOverlayMode, }, ) } @@ -4115,6 +4122,7 @@ func Test_renderOVNKubernetes(t *testing.T) { apifeatures.FeatureGateDNSNameResolver, apifeatures.FeatureGateOVNObservability, apifeatures.FeatureGatePreconfiguredUDNAddresses, + apifeatures.FeatureGateNoOverlayMode, }, ) } @@ -4128,6 +4136,7 @@ func Test_renderOVNKubernetes(t *testing.T) { apifeatures.FeatureGateAdminNetworkPolicy, apifeatures.FeatureGateDNSNameResolver, apifeatures.FeatureGateOVNObservability, + apifeatures.FeatureGateNoOverlayMode, }, ) } @@ -4471,3 +4480,300 @@ func TestOVNKubernetesScriptLibCombined(t *testing.T) { }) } } + +// TestRenderOVNKubernetesNoOverlay tests no-overlay mode rendering +func TestRenderOVNKubernetesNoOverlay(t *testing.T) { + g := NewGomegaWithT(t) + + noOverlayEnabledFeatureGates := func() featuregates.FeatureGate { + return featuregates.NewFeatureGate( + []configv1.FeatureGateName{ + apifeatures.FeatureGateAdminNetworkPolicy, + apifeatures.FeatureGateDNSNameResolver, + apifeatures.FeatureGateNetworkSegmentation, + apifeatures.FeatureGateOVNObservability, + apifeatures.FeatureGateNoOverlayMode, + }, + []configv1.FeatureGateName{ + apifeatures.FeatureGatePreconfiguredUDNAddresses, + }, + ) + } + + noOverlayDisabledFeatureGates := func() featuregates.FeatureGate { + return featuregates.NewFeatureGate( + []configv1.FeatureGateName{ + apifeatures.FeatureGateAdminNetworkPolicy, + apifeatures.FeatureGateDNSNameResolver, + apifeatures.FeatureGateNetworkSegmentation, + apifeatures.FeatureGateOVNObservability, + }, + []configv1.FeatureGateName{ + apifeatures.FeatureGatePreconfiguredUDNAddresses, + apifeatures.FeatureGateNoOverlayMode, + }, + ) + } + + testCases := []struct { + name string + defaultNetworkTransport operv1.TransportOption + noOverlayOptions *operv1.NoOverlayOptions + bgpManagedConfig *operv1.BGPManagedConfig + featureGates func() featuregates.FeatureGate + expectTransport string // expected rendered transport value (e.g., "no-overlay", not "NoOverlay") + expectNoOverlayEnabled bool + expectNoOverlayRouting string + expectNoOverlaySNAT string + expectManagedEnabled bool + expectManagedTopology string + expectManagedASNumber any // int64 when BGP managed is enabled, empty string otherwise + expectErr bool + }{ + { + name: "default (Geneve) - no-overlay disabled", + defaultNetworkTransport: operv1.TransportOptionGeneve, + featureGates: noOverlayEnabledFeatureGates, + expectTransport: "", + expectNoOverlayEnabled: false, + expectNoOverlayRouting: "", + expectNoOverlaySNAT: "", + expectManagedEnabled: false, + expectManagedTopology: "", + expectManagedASNumber: "", + }, + { + name: "NoOverlay with Unmanaged routing", + defaultNetworkTransport: operv1.TransportOptionNoOverlay, + noOverlayOptions: &operv1.NoOverlayOptions{ + Routing: operv1.RoutingUnmanaged, + OutboundSNAT: operv1.SNATEnabled, + }, + featureGates: noOverlayEnabledFeatureGates, + expectTransport: "no-overlay", + expectNoOverlayEnabled: true, + expectNoOverlayRouting: "unmanaged", + expectNoOverlaySNAT: "enabled", + expectManagedEnabled: false, + expectManagedTopology: "", + expectManagedASNumber: "", + }, + { + name: "NoOverlay with Managed routing and BGP FullMesh", + defaultNetworkTransport: operv1.TransportOptionNoOverlay, + noOverlayOptions: &operv1.NoOverlayOptions{ + Routing: operv1.RoutingManaged, + OutboundSNAT: operv1.SNATDisabled, + }, + bgpManagedConfig: &operv1.BGPManagedConfig{ + BGPTopology: operv1.BGPTopologyFullMesh, + ASNumber: 65001, + }, + featureGates: noOverlayEnabledFeatureGates, + expectTransport: "no-overlay", + expectNoOverlayEnabled: true, + expectNoOverlayRouting: "managed", + expectNoOverlaySNAT: "disabled", + expectManagedEnabled: true, + expectManagedTopology: "full-mesh", + expectManagedASNumber: int64(65001), + }, + { + name: "NoOverlay with Managed routing, BGP FullMesh, default ASNumber", + defaultNetworkTransport: operv1.TransportOptionNoOverlay, + noOverlayOptions: &operv1.NoOverlayOptions{ + Routing: operv1.RoutingManaged, + OutboundSNAT: operv1.SNATDisabled, + }, + bgpManagedConfig: &operv1.BGPManagedConfig{ + BGPTopology: operv1.BGPTopologyFullMesh, + // ASNumber defaults to 64512 via CRD default (+kubebuilder:default=64512) + // The API server will set this before CNO sees it + ASNumber: 64512, + }, + featureGates: noOverlayEnabledFeatureGates, + expectTransport: "no-overlay", + expectNoOverlayEnabled: true, + expectNoOverlayRouting: "managed", + expectNoOverlaySNAT: "disabled", + expectManagedEnabled: true, + expectManagedTopology: "full-mesh", + expectManagedASNumber: int64(64512), + }, + { + name: "NoOverlay enabled but feature gate disabled - falls back to Geneve behavior", + defaultNetworkTransport: operv1.TransportOptionNoOverlay, + noOverlayOptions: &operv1.NoOverlayOptions{ + Routing: operv1.RoutingUnmanaged, + OutboundSNAT: operv1.SNATEnabled, + }, + featureGates: noOverlayDisabledFeatureGates, + expectTransport: "", + expectNoOverlayEnabled: false, + expectNoOverlayRouting: "", + expectNoOverlaySNAT: "", + expectManagedEnabled: false, + expectManagedTopology: "", + expectManagedASNumber: "", + }, + { + name: "empty DefaultNetworkTransport defaults to Geneve", + defaultNetworkTransport: "", // Empty, should be filled by fillDefaults + featureGates: noOverlayEnabledFeatureGates, + expectTransport: "", + expectNoOverlayEnabled: false, + expectNoOverlayRouting: "", + expectNoOverlaySNAT: "", + expectManagedEnabled: false, + expectManagedTopology: "", + expectManagedASNumber: "", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + config := &crd.Spec + config.DefaultNetwork.OVNKubernetesConfig.MTU = ptrToUint32(1500) + config.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport = tc.defaultNetworkTransport + + if tc.noOverlayOptions != nil { + config.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkNoOverlayOptions = *tc.noOverlayOptions + } + if tc.bgpManagedConfig != nil { + config.DefaultNetwork.OVNKubernetesConfig.BGPManagedConfig = *tc.bgpManagedConfig + } + + errs := validateOVNKubernetes(config) + g.Expect(errs).To(HaveLen(0)) + fillDefaults(config, nil) + + bootstrapResult := fakeBootstrapResult() + bootstrapResult.OVN = bootstrap.OVNBootstrapResult{ + ControlPlaneReplicaCount: 3, + OVNKubernetesConfig: &bootstrap.OVNConfigBoostrapResult{ + DpuHostModeLabel: OVN_NODE_SELECTOR_DEFAULT_DPU_HOST, + DpuModeLabel: OVN_NODE_SELECTOR_DEFAULT_DPU, + SmartNicModeLabel: OVN_NODE_SELECTOR_DEFAULT_SMART_NIC, + MgmtPortResourceName: "", + HyperShiftConfig: &bootstrap.OVNHyperShiftBootstrapResult{ + Enabled: false, + }, + }, + } + + fakeClient := cnofake.NewFakeClient() + objs, _, err := renderOVNKubernetes(config, bootstrapResult, manifestDirOvn, fakeClient, tc.featureGates()) + + if tc.expectErr { + g.Expect(err).To(HaveOccurred()) + return + } + g.Expect(err).NotTo(HaveOccurred()) + + // Find the ovnkube-config ConfigMap and check the template data + var configMap *uns.Unstructured + for _, obj := range objs { + if obj.GetKind() == "ConfigMap" && obj.GetName() == "ovnkube-config" { + configMap = obj + break + } + } + g.Expect(configMap).NotTo(BeNil(), "ovnkube-config ConfigMap should exist") + + // Check the transport value in the rendered ConfigMap + configMapData, found, err := uns.NestedStringMap(configMap.Object, "data") + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(found).To(BeTrue(), "ConfigMap should have data field") + ovnkubeConf := configMapData["ovnkube.conf"] + if tc.expectTransport != "" { + g.Expect(ovnkubeConf).To(ContainSubstring("transport=\""+tc.expectTransport+"\""), + "ConfigMap should contain transport=%q, got:\n%s", tc.expectTransport, ovnkubeConf) + } else { + g.Expect(ovnkubeConf).NotTo(ContainSubstring("transport=\"no-overlay\""), + "ConfigMap should not contain no-overlay transport when disabled") + } + + // Validate no-overlay section in ConfigMap + if tc.expectNoOverlayEnabled { + g.Expect(ovnkubeConf).To(ContainSubstring("[no-overlay]"), + "ConfigMap should contain [no-overlay] section when enabled") + if tc.expectNoOverlayRouting != "" { + g.Expect(ovnkubeConf).To(ContainSubstring("routing="+tc.expectNoOverlayRouting), + "ConfigMap should contain routing=%s", tc.expectNoOverlayRouting) + } + if tc.expectNoOverlaySNAT != "" { + g.Expect(ovnkubeConf).To(ContainSubstring("outbound-snat="+tc.expectNoOverlaySNAT), + "ConfigMap should contain outbound-snat=%s", tc.expectNoOverlaySNAT) + } + } else { + g.Expect(ovnkubeConf).NotTo(ContainSubstring("[no-overlay]"), + "ConfigMap should not contain [no-overlay] section when disabled") + } + + // Validate bgp.managed section in ConfigMap + if tc.expectManagedEnabled { + g.Expect(ovnkubeConf).To(ContainSubstring("[bgp.managed]"), + "ConfigMap should contain [bgp.managed] section when enabled") + if tc.expectManagedTopology != "" { + g.Expect(ovnkubeConf).To(ContainSubstring("topology="+tc.expectManagedTopology), + "ConfigMap should contain topology=%s", tc.expectManagedTopology) + } + if tc.expectManagedASNumber != "" { + g.Expect(ovnkubeConf).To(ContainSubstring(fmt.Sprintf("as-number=%v", tc.expectManagedASNumber)), + "ConfigMap should contain as-number=%v", tc.expectManagedASNumber) + } + } else { + g.Expect(ovnkubeConf).NotTo(ContainSubstring("[bgp.managed]"), + "ConfigMap should not contain [bgp.managed] section when disabled") + } + + // Verify core objects exist + renderedNode := findInObjs("apps", "DaemonSet", "ovnkube-node", "openshift-ovn-kubernetes", objs) + g.Expect(renderedNode).NotTo(BeNil(), "ovnkube-node DaemonSet should exist") + + renderedControlPlane := findInObjs("apps", "Deployment", "ovnkube-control-plane", "openshift-ovn-kubernetes", objs) + g.Expect(renderedControlPlane).NotTo(BeNil(), "ovnkube-control-plane Deployment should exist") + }) + } +} + +// TestFillOVNKubernetesDefaultsNoOverlay tests DefaultNetworkTransport handling +// Note: CNO no longer sets DefaultNetworkTransport in fillOVNKubernetesDefaults because +// when the NoOverlayMode feature gate is disabled, the CRD schema doesn't have this field. +// When the feature gate is enabled, the CRD itself has a default value. +func TestFillOVNKubernetesDefaultsNoOverlay(t *testing.T) { + g := NewGomegaWithT(t) + + t.Run("empty DefaultNetworkTransport remains empty (feature gate controls default)", func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + conf := &crd.Spec + conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport = "" + + fillOVNKubernetesDefaults(conf, nil, 9000) + + // When feature gate is disabled, CNO doesn't touch this field + // When feature gate is enabled, CRD provides the default + g.Expect(conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport).To(Equal(operv1.TransportOption(""))) + }) + + t.Run("explicit Geneve is preserved", func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + conf := &crd.Spec + conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport = operv1.TransportOptionGeneve + + fillOVNKubernetesDefaults(conf, conf, 9000) + + g.Expect(conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport).To(Equal(operv1.TransportOptionGeneve)) + }) + + t.Run("explicit NoOverlay is preserved", func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + conf := &crd.Spec + conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport = operv1.TransportOptionNoOverlay + + fillOVNKubernetesDefaults(conf, conf, 9000) + + g.Expect(conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport).To(Equal(operv1.TransportOptionNoOverlay)) + }) +} From 95e3aecc3c60ce1d99f75b2d7e35161fa2d71339 Mon Sep 17 00:00:00 2001 From: Riccardo Ravaioli Date: Mon, 15 Dec 2025 09:37:17 +0100 Subject: [PATCH 04/10] Handle MTU for no-overlay mode in OVN-Kubernetes When no-overlay mode is enabled for the default network: - If MTU is not specified, set it to the host MTU - If MTU is specified, validate that it does not exceed the host MTU This ensures proper MTU configuration for no-overlay mode where packets are not encapsulated and can use the full host network MTU. Signed-off-by: Riccardo Ravaioli --- .../operconfig/operconfig_controller.go | 8 + pkg/network/ovn_kubernetes.go | 42 ++++- pkg/network/ovn_kubernetes_test.go | 143 ++++++++++++++++++ 3 files changed, 192 insertions(+), 1 deletion(-) diff --git a/pkg/controller/operconfig/operconfig_controller.go b/pkg/controller/operconfig/operconfig_controller.go index ba29f0e9b6..c76448cf8a 100644 --- a/pkg/controller/operconfig/operconfig_controller.go +++ b/pkg/controller/operconfig/operconfig_controller.go @@ -302,6 +302,14 @@ func (r *ReconcileOperConfig) Reconcile(ctx context.Context, request reconcile.R // Fill all defaults explicitly network.FillDefaults(&newOperConfig.Spec, prev, mtu) + // Validate MTU for no-overlay mode (must be done after FillDefaults since we need hostMTU) + if err := network.ValidateMTUForNoOverlay(&newOperConfig.Spec, mtu); err != nil { + log.Printf("Failed to validate MTU for no-overlay mode: %v", err) + r.status.SetDegraded(statusmanager.OperatorConfig, "InvalidOperatorConfig", + fmt.Sprintf("Invalid MTU configuration for no-overlay mode: %v. Use 'oc edit network.operator.openshift.io cluster' to fix.", err)) + return reconcile.Result{}, err + } + // Compare against previous applied configuration to see if this change // is safe. if prev != nil { diff --git a/pkg/network/ovn_kubernetes.go b/pkg/network/ovn_kubernetes.go index ff72e2b27d..b7a2f5339d 100644 --- a/pkg/network/ovn_kubernetes.go +++ b/pkg/network/ovn_kubernetes.go @@ -1142,6 +1142,40 @@ func getOVNEncapOverhead(conf *operv1.NetworkSpec) uint32 { return encapOverhead } +// ValidateMTUForNoOverlay validates that the configured MTU does not exceed the host MTU +// when no-overlay mode is enabled for the default network. In no-overlay mode, there is +// no encapsulation overhead, so the MTU can be set up to the host MTU but not higher. +// This validation must be called after FillDefaults since it requires the hostMTU value. +func ValidateMTUForNoOverlay(conf *operv1.NetworkSpec, hostMTU int) error { + if conf.DefaultNetwork.OVNKubernetesConfig == nil { + return nil + } + + oc := conf.DefaultNetwork.OVNKubernetesConfig + + // Only validate for no-overlay mode + if oc.DefaultNetworkTransport != operv1.TransportOptionNoOverlay { + return nil + } + + // If MTU is not set, nothing to validate (fillDefaults will set it) + if oc.MTU == nil { + return nil + } + + // hostMTU of 0 means we couldn't probe it - skip validation + if hostMTU == 0 { + klog.Warningf("Cannot validate MTU for no-overlay mode: host MTU is unknown") + return nil + } + + if *oc.MTU > uint32(hostMTU) { + return errors.Errorf("invalid MTU %d for no-overlay mode: cannot exceed host MTU %d", *oc.MTU, hostMTU) + } + + return nil +} + // isOVNKubernetesChangeSafe currently returns an error if any changes to immutable // fields are made. // In the future, we may support rolling out MTU or other alterations. @@ -1227,7 +1261,13 @@ func fillOVNKubernetesDefaults(conf, previous *operv1.NetworkSpec, hostMTU int) panic("BUG: Probed MTU wasn't supplied, host MTU invalid") } } - mtu = uint32(hostMTU) - getOVNEncapOverhead(conf) + // In no-overlay mode, use the host MTU directly since there's no encapsulation overhead. + // In overlay mode (Geneve), subtract the encapsulation overhead. + if sc.DefaultNetworkTransport == operv1.TransportOptionNoOverlay { + mtu = uint32(hostMTU) + } else { + mtu = uint32(hostMTU) - getOVNEncapOverhead(conf) + } } sc.MTU = &mtu } diff --git a/pkg/network/ovn_kubernetes_test.go b/pkg/network/ovn_kubernetes_test.go index cfd13cc43c..f9a88ccecd 100644 --- a/pkg/network/ovn_kubernetes_test.go +++ b/pkg/network/ovn_kubernetes_test.go @@ -4777,3 +4777,146 @@ func TestFillOVNKubernetesDefaultsNoOverlay(t *testing.T) { g.Expect(conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport).To(Equal(operv1.TransportOptionNoOverlay)) }) } + +// TestFillOVNKubernetesDefaultsMTUNoOverlay tests that MTU is set correctly for no-overlay mode +func TestFillOVNKubernetesDefaultsMTUNoOverlay(t *testing.T) { + g := NewGomegaWithT(t) + + t.Run("no-overlay mode sets MTU to hostMTU (no overhead subtraction)", func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + conf := &crd.Spec + conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport = operv1.TransportOptionNoOverlay + conf.DefaultNetwork.OVNKubernetesConfig.MTU = nil // not set + + hostMTU := 9000 + fillOVNKubernetesDefaults(conf, nil, hostMTU) + + g.Expect(conf.DefaultNetwork.OVNKubernetesConfig.MTU).NotTo(BeNil()) + g.Expect(*conf.DefaultNetwork.OVNKubernetesConfig.MTU).To(Equal(uint32(hostMTU))) + }) + + t.Run("Geneve mode subtracts encapsulation overhead from hostMTU", func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + conf := &crd.Spec + conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport = operv1.TransportOptionGeneve + conf.DefaultNetwork.OVNKubernetesConfig.MTU = nil // not set + + hostMTU := 9000 + fillOVNKubernetesDefaults(conf, nil, hostMTU) + + g.Expect(conf.DefaultNetwork.OVNKubernetesConfig.MTU).NotTo(BeNil()) + // Geneve overhead is 100 bytes + g.Expect(*conf.DefaultNetwork.OVNKubernetesConfig.MTU).To(Equal(uint32(hostMTU - 100))) + }) + + t.Run("empty transport (defaults to Geneve) subtracts overhead", func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + conf := &crd.Spec + conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport = "" // empty + conf.DefaultNetwork.OVNKubernetesConfig.MTU = nil // not set + + hostMTU := 9000 + fillOVNKubernetesDefaults(conf, nil, hostMTU) + + g.Expect(conf.DefaultNetwork.OVNKubernetesConfig.MTU).NotTo(BeNil()) + // Empty defaults to Geneve, so overhead is 100 bytes + g.Expect(*conf.DefaultNetwork.OVNKubernetesConfig.MTU).To(Equal(uint32(hostMTU - 100))) + }) + + t.Run("previous MTU is preserved even in no-overlay mode", func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + conf := &crd.Spec + conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport = operv1.TransportOptionNoOverlay + conf.DefaultNetwork.OVNKubernetesConfig.MTU = nil // not set + + prev := crd.DeepCopy() + prevMTU := uint32(1500) + prev.Spec.DefaultNetwork.OVNKubernetesConfig.MTU = &prevMTU + + hostMTU := 9000 + fillOVNKubernetesDefaults(conf, &prev.Spec, hostMTU) + + g.Expect(conf.DefaultNetwork.OVNKubernetesConfig.MTU).NotTo(BeNil()) + g.Expect(*conf.DefaultNetwork.OVNKubernetesConfig.MTU).To(Equal(prevMTU)) + }) +} + +// TestValidateMTUForNoOverlay tests the MTU validation for no-overlay mode +func TestValidateMTUForNoOverlay(t *testing.T) { + g := NewGomegaWithT(t) + + t.Run("valid MTU equal to hostMTU", func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + conf := &crd.Spec + mtu := uint32(9000) + conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport = operv1.TransportOptionNoOverlay + conf.DefaultNetwork.OVNKubernetesConfig.MTU = &mtu + + err := ValidateMTUForNoOverlay(conf, 9000) + g.Expect(err).To(BeNil()) + }) + + t.Run("valid MTU less than hostMTU", func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + conf := &crd.Spec + mtu := uint32(1500) + conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport = operv1.TransportOptionNoOverlay + conf.DefaultNetwork.OVNKubernetesConfig.MTU = &mtu + + err := ValidateMTUForNoOverlay(conf, 9000) + g.Expect(err).To(BeNil()) + }) + + t.Run("invalid MTU greater than hostMTU", func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + conf := &crd.Spec + mtu := uint32(9001) + conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport = operv1.TransportOptionNoOverlay + conf.DefaultNetwork.OVNKubernetesConfig.MTU = &mtu + + err := ValidateMTUForNoOverlay(conf, 9000) + g.Expect(err).NotTo(BeNil()) + g.Expect(err.Error()).To(ContainSubstring("cannot exceed host MTU")) + }) + + t.Run("Geneve mode skips validation", func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + conf := &crd.Spec + mtu := uint32(9001) // MTU > hostMTU, but should be allowed for Geneve + conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport = operv1.TransportOptionGeneve + conf.DefaultNetwork.OVNKubernetesConfig.MTU = &mtu + + err := ValidateMTUForNoOverlay(conf, 9000) + g.Expect(err).To(BeNil()) + }) + + t.Run("nil OVNKubernetesConfig returns no error", func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + conf := &crd.Spec + conf.DefaultNetwork.OVNKubernetesConfig = nil + + err := ValidateMTUForNoOverlay(conf, 9000) + g.Expect(err).To(BeNil()) + }) + + t.Run("nil MTU returns no error", func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + conf := &crd.Spec + conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport = operv1.TransportOptionNoOverlay + conf.DefaultNetwork.OVNKubernetesConfig.MTU = nil + + err := ValidateMTUForNoOverlay(conf, 9000) + g.Expect(err).To(BeNil()) + }) + + t.Run("hostMTU of 0 skips validation", func(t *testing.T) { + crd := OVNKubernetesConfig.DeepCopy() + conf := &crd.Spec + mtu := uint32(9001) + conf.DefaultNetwork.OVNKubernetesConfig.DefaultNetworkTransport = operv1.TransportOptionNoOverlay + conf.DefaultNetwork.OVNKubernetesConfig.MTU = &mtu + + err := ValidateMTUForNoOverlay(conf, 0) + g.Expect(err).To(BeNil()) + }) +} From 75c846e42df8f3842a6ce0bbec0b6bfd940defb2 Mon Sep 17 00:00:00 2001 From: Riccardo Ravaioli Date: Tue, 9 Dec 2025 11:46:20 +0100 Subject: [PATCH 05/10] Fix race condition: wait for FRR-k8s webhook before deploying OVNK MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When installing a cluster with no-overlay mode and routeAdvertisements enabled, there was a race condition where OVN-Kubernetes would start before the FRR-k8s webhook was ready. This caused RouteAdvertisements validation to fail, and OVNK would eventually give up retrying before FRR became ready. This fix adds a check in renderDefaultNetwork() that skips OVNK rendering until the FRR-k8s webhook has ready endpoints. The check only applies when: - OVNK is not yet running (fresh install) - FRR provider is enabled in additionalRoutingCapabilities - RouteAdvertisements is set to Enabled When these conditions are met and FRR webhook isn't ready, CNO returns progressing=true to continue reconciling until FRR is ready. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Riccardo Ravaioli --- pkg/network/frr_readiness_test.go | 349 ++++++++++++++++++++++++++++++ pkg/network/render.go | 96 ++++++++ 2 files changed, 445 insertions(+) create mode 100644 pkg/network/frr_readiness_test.go diff --git a/pkg/network/frr_readiness_test.go b/pkg/network/frr_readiness_test.go new file mode 100644 index 0000000000..a37f722332 --- /dev/null +++ b/pkg/network/frr_readiness_test.go @@ -0,0 +1,349 @@ +package network + +import ( + "testing" + + . "github.com/onsi/gomega" + operv1 "github.com/openshift/api/operator/v1" + "github.com/openshift/cluster-network-operator/pkg/bootstrap" + cnoclient "github.com/openshift/cluster-network-operator/pkg/client" + cnofake "github.com/openshift/cluster-network-operator/pkg/client/fake" + discoveryv1 "k8s.io/api/discovery/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" +) + +func TestIsFRRWebhookReady(t *testing.T) { + tests := []struct { + name string + endpointSlice *discoveryv1.EndpointSlice + expected bool + }{ + { + name: "no endpoint slice object", + endpointSlice: nil, + expected: false, + }, + { + name: "endpoint slice with no endpoints", + endpointSlice: &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Name: frrK8sWebhookService + "-abc", + Namespace: frrK8sNamespace, + Labels: map[string]string{ + "kubernetes.io/service-name": frrK8sWebhookService, + }, + }, + Endpoints: []discoveryv1.Endpoint{}, + }, + expected: false, + }, + { + name: "endpoint slice with endpoint but not ready", + endpointSlice: &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Name: frrK8sWebhookService + "-abc", + Namespace: frrK8sNamespace, + Labels: map[string]string{ + "kubernetes.io/service-name": frrK8sWebhookService, + }, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"10.0.0.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: ptr.To(false), + }, + }, + }, + }, + expected: false, + }, + { + name: "endpoint slice with endpoint but Ready is nil", + endpointSlice: &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Name: frrK8sWebhookService + "-abc", + Namespace: frrK8sNamespace, + Labels: map[string]string{ + "kubernetes.io/service-name": frrK8sWebhookService, + }, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"10.0.0.1"}, + Conditions: discoveryv1.EndpointConditions{}, + }, + }, + }, + expected: false, + }, + { + name: "endpoint slice with ready endpoint", + endpointSlice: &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Name: frrK8sWebhookService + "-abc", + Namespace: frrK8sNamespace, + Labels: map[string]string{ + "kubernetes.io/service-name": frrK8sWebhookService, + }, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"10.0.0.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: ptr.To(true), + }, + }, + }, + }, + expected: true, + }, + { + name: "endpoint slice with multiple ready endpoints", + endpointSlice: &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Name: frrK8sWebhookService + "-abc", + Namespace: frrK8sNamespace, + Labels: map[string]string{ + "kubernetes.io/service-name": frrK8sWebhookService, + }, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"10.0.0.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: ptr.To(true), + }, + }, + { + Addresses: []string{"10.0.0.2"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: ptr.To(true), + }, + }, + { + Addresses: []string{"10.0.0.3"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: ptr.To(true), + }, + }, + }, + }, + expected: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + var fakeClient cnoclient.Client + if tt.endpointSlice != nil { + fakeClient = cnofake.NewFakeClient(tt.endpointSlice) + } else { + fakeClient = cnofake.NewFakeClient() + } + + result := isFRRWebhookReady(fakeClient) + g.Expect(result).To(Equal(tt.expected)) + }) + } +} + +func TestShouldSkipOVNKUntilFRRReady(t *testing.T) { + tests := []struct { + name string + conf *operv1.NetworkSpec + bootstrapResult *bootstrap.BootstrapResult + endpointSlice *discoveryv1.EndpointSlice + expectedSkip bool + }{ + { + name: "OVNK already running - should not skip", + conf: &operv1.NetworkSpec{ + DefaultNetwork: operv1.DefaultNetworkDefinition{ + Type: operv1.NetworkTypeOVNKubernetes, + OVNKubernetesConfig: &operv1.OVNKubernetesConfig{ + RouteAdvertisements: operv1.RouteAdvertisementsEnabled, + }, + }, + AdditionalRoutingCapabilities: &operv1.AdditionalRoutingCapabilities{ + Providers: []operv1.RoutingCapabilitiesProvider{operv1.RoutingCapabilitiesProviderFRR}, + }, + }, + bootstrapResult: &bootstrap.BootstrapResult{ + OVN: bootstrap.OVNBootstrapResult{ + NodeUpdateStatus: &bootstrap.OVNUpdateStatus{ + Name: "ovnkube-node", + }, + }, + }, + endpointSlice: nil, + expectedSkip: false, + }, + { + name: "No FRR provider - should not skip", + conf: &operv1.NetworkSpec{ + DefaultNetwork: operv1.DefaultNetworkDefinition{ + Type: operv1.NetworkTypeOVNKubernetes, + OVNKubernetesConfig: &operv1.OVNKubernetesConfig{ + RouteAdvertisements: operv1.RouteAdvertisementsEnabled, + }, + }, + AdditionalRoutingCapabilities: nil, + }, + bootstrapResult: &bootstrap.BootstrapResult{ + OVN: bootstrap.OVNBootstrapResult{ + NodeUpdateStatus: nil, + }, + }, + endpointSlice: nil, + expectedSkip: false, + }, + { + name: "RouteAdvertisements not enabled - should not skip", + conf: &operv1.NetworkSpec{ + DefaultNetwork: operv1.DefaultNetworkDefinition{ + Type: operv1.NetworkTypeOVNKubernetes, + OVNKubernetesConfig: &operv1.OVNKubernetesConfig{ + RouteAdvertisements: operv1.RouteAdvertisementsDisabled, + }, + }, + AdditionalRoutingCapabilities: &operv1.AdditionalRoutingCapabilities{ + Providers: []operv1.RoutingCapabilitiesProvider{operv1.RoutingCapabilitiesProviderFRR}, + }, + }, + bootstrapResult: &bootstrap.BootstrapResult{ + OVN: bootstrap.OVNBootstrapResult{ + NodeUpdateStatus: nil, + }, + }, + endpointSlice: nil, + expectedSkip: false, + }, + { + name: "No OVNKubernetesConfig - should not skip", + conf: &operv1.NetworkSpec{ + DefaultNetwork: operv1.DefaultNetworkDefinition{ + Type: operv1.NetworkTypeOVNKubernetes, + OVNKubernetesConfig: nil, + }, + AdditionalRoutingCapabilities: &operv1.AdditionalRoutingCapabilities{ + Providers: []operv1.RoutingCapabilitiesProvider{operv1.RoutingCapabilitiesProviderFRR}, + }, + }, + bootstrapResult: &bootstrap.BootstrapResult{ + OVN: bootstrap.OVNBootstrapResult{ + NodeUpdateStatus: nil, + }, + }, + endpointSlice: nil, + expectedSkip: false, + }, + { + name: "All conditions met but FRR ready - should not skip", + conf: &operv1.NetworkSpec{ + DefaultNetwork: operv1.DefaultNetworkDefinition{ + Type: operv1.NetworkTypeOVNKubernetes, + OVNKubernetesConfig: &operv1.OVNKubernetesConfig{ + RouteAdvertisements: operv1.RouteAdvertisementsEnabled, + }, + }, + AdditionalRoutingCapabilities: &operv1.AdditionalRoutingCapabilities{ + Providers: []operv1.RoutingCapabilitiesProvider{operv1.RoutingCapabilitiesProviderFRR}, + }, + }, + bootstrapResult: &bootstrap.BootstrapResult{ + OVN: bootstrap.OVNBootstrapResult{ + NodeUpdateStatus: nil, + }, + }, + endpointSlice: &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Name: frrK8sWebhookService + "-abc", + Namespace: frrK8sNamespace, + Labels: map[string]string{ + "kubernetes.io/service-name": frrK8sWebhookService, + }, + }, + Endpoints: []discoveryv1.Endpoint{ + { + Addresses: []string{"10.0.0.1"}, + Conditions: discoveryv1.EndpointConditions{ + Ready: ptr.To(true), + }, + }, + }, + }, + expectedSkip: false, + }, + { + name: "All conditions met and FRR not ready - should skip", + conf: &operv1.NetworkSpec{ + DefaultNetwork: operv1.DefaultNetworkDefinition{ + Type: operv1.NetworkTypeOVNKubernetes, + OVNKubernetesConfig: &operv1.OVNKubernetesConfig{ + RouteAdvertisements: operv1.RouteAdvertisementsEnabled, + }, + }, + AdditionalRoutingCapabilities: &operv1.AdditionalRoutingCapabilities{ + Providers: []operv1.RoutingCapabilitiesProvider{operv1.RoutingCapabilitiesProviderFRR}, + }, + }, + bootstrapResult: &bootstrap.BootstrapResult{ + OVN: bootstrap.OVNBootstrapResult{ + NodeUpdateStatus: nil, + }, + }, + endpointSlice: nil, + expectedSkip: true, + }, + { + name: "FRR not ready with empty endpoints - should skip", + conf: &operv1.NetworkSpec{ + DefaultNetwork: operv1.DefaultNetworkDefinition{ + Type: operv1.NetworkTypeOVNKubernetes, + OVNKubernetesConfig: &operv1.OVNKubernetesConfig{ + RouteAdvertisements: operv1.RouteAdvertisementsEnabled, + }, + }, + AdditionalRoutingCapabilities: &operv1.AdditionalRoutingCapabilities{ + Providers: []operv1.RoutingCapabilitiesProvider{operv1.RoutingCapabilitiesProviderFRR}, + }, + }, + bootstrapResult: &bootstrap.BootstrapResult{ + OVN: bootstrap.OVNBootstrapResult{ + NodeUpdateStatus: nil, + }, + }, + endpointSlice: &discoveryv1.EndpointSlice{ + ObjectMeta: metav1.ObjectMeta{ + Name: frrK8sWebhookService + "-abc", + Namespace: frrK8sNamespace, + Labels: map[string]string{ + "kubernetes.io/service-name": frrK8sWebhookService, + }, + }, + Endpoints: []discoveryv1.Endpoint{}, + }, + expectedSkip: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := NewWithT(t) + + var fakeClient cnoclient.Client + if tt.endpointSlice != nil { + fakeClient = cnofake.NewFakeClient(tt.endpointSlice) + } else { + fakeClient = cnofake.NewFakeClient() + } + + result := shouldSkipOVNKUntilFRRReady(tt.conf, tt.bootstrapResult, fakeClient) + g.Expect(result).To(Equal(tt.expectedSkip)) + }) + } +} diff --git a/pkg/network/render.go b/pkg/network/render.go index 38d1c6a516..69a905e18c 100644 --- a/pkg/network/render.go +++ b/pkg/network/render.go @@ -19,6 +19,7 @@ import ( "github.com/openshift/cluster-network-operator/pkg/hypershift" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" + discoveryv1 "k8s.io/api/discovery/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" uns "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/util/sets" @@ -29,6 +30,7 @@ import ( "github.com/openshift/cluster-network-operator/pkg/render" iputil "github.com/openshift/cluster-network-operator/pkg/util/ip" "github.com/openshift/library-go/pkg/operator/configobserver/featuregates" + crclient "sigs.k8s.io/controller-runtime/pkg/client" ) var dualStackPlatforms = sets.NewString( @@ -40,8 +42,94 @@ var dualStackPlatforms = sets.NewString( const ( pluginName = "networking-console-plugin" + + // FRR-k8s constants for webhook readiness check + frrK8sNamespace = "openshift-frr-k8s" + frrK8sWebhookService = "frr-k8s-webhook-service" ) +// isFRRWebhookReady checks if the FRR-k8s webhook service has ready endpoints. +// This is used to determine if the FRR webhook is ready to accept requests, +// which is required before deploying OVN-Kubernetes when route advertisements are enabled. +func isFRRWebhookReady(client cnoclient.Client) bool { + endpointSliceList := &discoveryv1.EndpointSliceList{} + if err := client.ClientFor("").CRClient().List(context.TODO(), endpointSliceList, + crclient.InNamespace(frrK8sNamespace), + crclient.MatchingLabels{"kubernetes.io/service-name": frrK8sWebhookService}); err != nil { + log.Printf("FRR webhook EndpointSlices for service %s/%s not found: %v", frrK8sNamespace, frrK8sWebhookService, err) + return false + } + + if len(endpointSliceList.Items) == 0 { + log.Printf("FRR webhook service %s/%s has no EndpointSlices yet", frrK8sNamespace, frrK8sWebhookService) + return false + } + + readyEndpoints := 0 + for _, slice := range endpointSliceList.Items { + for _, endpoint := range slice.Endpoints { + if endpoint.Conditions.Ready != nil && *endpoint.Conditions.Ready { + readyEndpoints++ + } + } + } + + if readyEndpoints > 0 { + log.Printf("FRR webhook service %s/%s is ready with %d endpoints", frrK8sNamespace, frrK8sWebhookService, readyEndpoints) + return true + } + log.Printf("FRR webhook service %s/%s has no ready endpoints yet", frrK8sNamespace, frrK8sWebhookService) + return false +} + +// shouldSkipOVNKUntilFRRReady determines if OVNK rendering should be skipped +// until FRR-k8s webhook is ready. This prevents a race condition where OVNK +// starts before FRR webhook is ready, causing RouteAdvertisements to fail. +// +// Returns true (skip OVNK) when ALL of these conditions are met: +// - OVNK is not running yet (fresh install) +// - FRR provider is enabled in additionalRoutingCapabilities +// - RouteAdvertisements is set to Enabled +// - FRR webhook is NOT ready yet +// +// Returns false (proceed with OVNK) in all other cases. +func shouldSkipOVNKUntilFRRReady(conf *operv1.NetworkSpec, bootstrapResult *bootstrap.BootstrapResult, client cnoclient.Client) bool { + // If OVNK is already running, don't skip - apply everything normally + if bootstrapResult.OVN.NodeUpdateStatus != nil { + return false + } + + // Check if FRR provider is enabled + if conf.AdditionalRoutingCapabilities == nil { + return false + } + hasFRR := false + for _, provider := range conf.AdditionalRoutingCapabilities.Providers { + if provider == operv1.RoutingCapabilitiesProviderFRR { + hasFRR = true + break + } + } + if !hasFRR { + return false + } + + // Check if RouteAdvertisements is enabled + if conf.DefaultNetwork.OVNKubernetesConfig == nil || + conf.DefaultNetwork.OVNKubernetesConfig.RouteAdvertisements != operv1.RouteAdvertisementsEnabled { + return false + } + + // All conditions met - check if FRR webhook is ready + if isFRRWebhookReady(client) { + log.Printf("FRR webhook is ready, proceeding with OVNK deployment") + return false // FRR ready, proceed with OVNK + } + + log.Printf("Skipping OVNK rendering: waiting for FRR-k8s webhook to be ready (OVNK not yet deployed, FRR enabled, RouteAdvertisements enabled)") + return true // Skip OVNK this iteration +} + func Render(operConf *operv1.NetworkSpec, clusterConf *configv1.NetworkSpec, manifestDir string, client cnoclient.Client, featureGates featuregates.FeatureGate, bootstrapResult *bootstrap.BootstrapResult) ([]*uns.Unstructured, bool, error) { log.Printf("Starting render phase") var progressing bool @@ -631,6 +719,14 @@ func renderDefaultNetwork(conf *operv1.NetworkSpec, bootstrapResult *bootstrap.B return append(objs, ovnObjs...), sdnProgressing || ovnProgressing, nil } + // Check if we should skip OVNK rendering until FRR-k8s webhook is ready. + // This prevents a race condition during fresh installs where OVNK starts + // before FRR webhook is ready, causing RouteAdvertisements to fail validation. + if dn.Type == operv1.NetworkTypeOVNKubernetes && shouldSkipOVNKUntilFRRReady(conf, bootstrapResult, client) { + // Return progressing=true to signal CNO should keep reconciling + return nil, true, nil + } + switch dn.Type { case operv1.NetworkTypeOpenShiftSDN: return renderOpenShiftSDN(conf, bootstrapResult, manifestDir) From af1bd57737e9eaec15c15ec21747b8ba9e2671c4 Mon Sep 17 00:00:00 2001 From: Riccardo Ravaioli Date: Tue, 9 Dec 2025 16:01:07 +0100 Subject: [PATCH 06/10] frr-k8s: Add not-ready toleration to statuscleaner deployment Add toleration for node.kubernetes.io/not-ready:NoSchedule to the frr-k8s-statuscleaner deployment. This allows the FRR webhook pod to be scheduled on nodes during cluster bootstrap when nodes have the not-ready taint because the CNI is not yet configured. Without this toleration, the pod cannot be scheduled, blocking the FRR webhook from becoming ready. Signed-off-by: Riccardo Ravaioli --- bindata/network/frr-k8s/node-status-cleaner.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bindata/network/frr-k8s/node-status-cleaner.yaml b/bindata/network/frr-k8s/node-status-cleaner.yaml index 7a558d73fb..3a0e499016 100644 --- a/bindata/network/frr-k8s/node-status-cleaner.yaml +++ b/bindata/network/frr-k8s/node-status-cleaner.yaml @@ -77,6 +77,9 @@ spec: - key: node-role.kubernetes.io/control-plane effect: NoSchedule operator: Exists + - key: node.kubernetes.io/not-ready + effect: NoSchedule + operator: Exists volumes: - name: cert secret: From a5203090fb9865c3f7e65aefb4dbd0176ea5b5e6 Mon Sep 17 00:00:00 2001 From: Riccardo Ravaioli Date: Thu, 11 Dec 2025 18:24:30 +0100 Subject: [PATCH 07/10] frr-k8s: Use OperatorPKI for webhook TLS to fix bootstrap deadlock During fresh cluster installation with no-overlay mode and RouteAdvertisements enabled, there was a circular dependency: - FRR-k8s webhook needs TLS certs from service-ca - service-ca needs a working CNI to start - CNI (OVN-K) needs FRR-k8s webhook to validate RouteAdvertisements This commit breaks the cycle by using CNO's built-in OperatorPKI for the FRR-k8s webhook certificate. OperatorPKI creates certs directly without needing service-ca or network connectivity. Changes: - Add 003-pki.yaml with OperatorPKI for frr-k8s-webhook - Update node-status-cleaner.yaml to use frr-k8s-webhook-cert secret - Update webhook.yaml to inject CA bundle from OperatorPKI ConfigMap - Update render.go to fetch and base64-encode the CA bundle Signed-off-by: Riccardo Ravaioli --- bindata/network/frr-k8s/003-pki.yaml | 17 ++++++++ bindata/network/frr-k8s/frr-k8s.yaml | 2 +- bindata/network/frr-k8s/monitor.yaml | 2 +- .../network/frr-k8s/node-status-cleaner.yaml | 2 +- bindata/network/frr-k8s/webhook.yaml | 7 +--- pkg/network/render.go | 39 ++++++++++++++++++- pkg/network/render_test.go | 4 +- 7 files changed, 60 insertions(+), 13 deletions(-) create mode 100644 bindata/network/frr-k8s/003-pki.yaml diff --git a/bindata/network/frr-k8s/003-pki.yaml b/bindata/network/frr-k8s/003-pki.yaml new file mode 100644 index 0000000000..6525d05d0b --- /dev/null +++ b/bindata/network/frr-k8s/003-pki.yaml @@ -0,0 +1,17 @@ +# Request that the cluster network operator PKI controller +# creates certificates for the FRR-k8s webhook. +# This avoids dependency on service-ca operator during bootstrap, +# which is critical because the webhook must be ready before OVN-Kubernetes +# starts when RouteAdvertisements are enabled. +# +# Both webhook and metrics need OperatorPKI because the FRR DaemonSet +# requires the metrics TLS secret to start, and service-ca is not +# available during bootstrap (it depends on CNI being ready). +apiVersion: network.operator.openshift.io/v1 +kind: OperatorPKI +metadata: + name: frr-k8s-webhook + namespace: openshift-frr-k8s +spec: + targetCert: + commonName: frr-k8s-webhook-service.openshift-frr-k8s.svc diff --git a/bindata/network/frr-k8s/frr-k8s.yaml b/bindata/network/frr-k8s/frr-k8s.yaml index 2dea1ac26f..1e53833448 100644 --- a/bindata/network/frr-k8s/frr-k8s.yaml +++ b/bindata/network/frr-k8s/frr-k8s.yaml @@ -51,7 +51,7 @@ spec: emptyDir: {} - name: metrics-certs secret: - secretName: frr-k8s-certs-secret + secretName: frr-k8s-metrics-certs initContainers: # Copies the initial config files with the right permissions to the shared volume. - name: cp-frr-files diff --git a/bindata/network/frr-k8s/monitor.yaml b/bindata/network/frr-k8s/monitor.yaml index 42c4531108..7588df2f91 100644 --- a/bindata/network/frr-k8s/monitor.yaml +++ b/bindata/network/frr-k8s/monitor.yaml @@ -8,7 +8,7 @@ metadata: name: frr-k8s-monitor-service annotations: prometheus.io/scrape: "true" - service.beta.openshift.io/serving-cert-secret-name: frr-k8s-certs-secret + service.beta.openshift.io/serving-cert-secret-name: frr-k8s-metrics-certs spec: selector: app: frr-k8s diff --git a/bindata/network/frr-k8s/node-status-cleaner.yaml b/bindata/network/frr-k8s/node-status-cleaner.yaml index 3a0e499016..fbfb10de96 100644 --- a/bindata/network/frr-k8s/node-status-cleaner.yaml +++ b/bindata/network/frr-k8s/node-status-cleaner.yaml @@ -84,7 +84,7 @@ spec: - name: cert secret: defaultMode: 420 - secretName: frr-k8s-webhook-server-cert + secretName: frr-k8s-webhook-cert serviceAccountName: frr-k8s-daemon priorityClassName: system-cluster-critical terminationGracePeriodSeconds: 10 diff --git a/bindata/network/frr-k8s/webhook.yaml b/bindata/network/frr-k8s/webhook.yaml index e22da8808c..469f96736d 100644 --- a/bindata/network/frr-k8s/webhook.yaml +++ b/bindata/network/frr-k8s/webhook.yaml @@ -1,11 +1,8 @@ ---- apiVersion: v1 kind: Service metadata: name: frr-k8s-webhook-service namespace: openshift-frr-k8s - annotations: - service.beta.openshift.io/serving-cert-secret-name: frr-k8s-webhook-server-cert spec: ports: - port: 443 @@ -17,12 +14,11 @@ apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: frr-k8s-validating-webhook-configuration-ocp - annotations: - service.beta.openshift.io/inject-cabundle: "true" webhooks: - admissionReviewVersions: - v1 clientConfig: + caBundle: "{{.FRRK8sWebhookCABundle}}" service: name: frr-k8s-webhook-service namespace: openshift-frr-k8s @@ -40,4 +36,3 @@ webhooks: resources: - frrconfigurations sideEffects: None ---- diff --git a/pkg/network/render.go b/pkg/network/render.go index 69a905e18c..1a26dc5ea3 100644 --- a/pkg/network/render.go +++ b/pkg/network/render.go @@ -2,6 +2,7 @@ package network import ( "context" + "encoding/base64" "fmt" "log" "net" @@ -234,7 +235,7 @@ func Render(operConf *operv1.NetworkSpec, clusterConf *configv1.NetworkSpec, man } objs = append(objs, o...) - o, err = renderAdditionalRoutingCapabilities(operConf, manifestDir) + o, err = renderAdditionalRoutingCapabilities(operConf, manifestDir, client) if err != nil { return nil, progressing, err } @@ -1073,7 +1074,7 @@ func isSupportedDualStackPlatform(platformType configv1.PlatformType) bool { return dualStackPlatforms.Has(string(platformType)) } -func renderAdditionalRoutingCapabilities(conf *operv1.NetworkSpec, manifestDir string) ([]*uns.Unstructured, error) { +func renderAdditionalRoutingCapabilities(conf *operv1.NetworkSpec, manifestDir string, client cnoclient.Client) ([]*uns.Unstructured, error) { if conf == nil || conf.AdditionalRoutingCapabilities == nil { return nil, nil } @@ -1085,6 +1086,11 @@ func renderAdditionalRoutingCapabilities(conf *operv1.NetworkSpec, manifestDir s data.Data["FRRK8sImage"] = os.Getenv("FRR_K8S_IMAGE") data.Data["KubeRBACProxyImage"] = os.Getenv("KUBE_RBAC_PROXY_IMAGE") data.Data["ReleaseVersion"] = os.Getenv("RELEASE_VERSION") + + // Fetch the webhook CA bundle from the ConfigMap created by OperatorPKI + caBundle := getFRRK8sWebhookCABundle(client) + data.Data["FRRK8sWebhookCABundle"] = caBundle + objs, err := render.RenderDir(filepath.Join(manifestDir, "network/frr-k8s"), &data) if err != nil { return nil, fmt.Errorf("failed to render frr-k8s manifests: %w", err) @@ -1095,3 +1101,32 @@ func renderAdditionalRoutingCapabilities(conf *operv1.NetworkSpec, manifestDir s return out, nil } + +// getFRRK8sWebhookCABundle fetches the CA bundle from the ConfigMap created by OperatorPKI. +// Returns base64-encoded CA bundle or empty string if not available yet. +func getFRRK8sWebhookCABundle(client cnoclient.Client) string { + if client == nil { + return "" + } + + cm := &corev1.ConfigMap{} + err := client.ClientFor("").CRClient().Get(context.TODO(), crclient.ObjectKey{ + Namespace: frrK8sNamespace, + Name: "frr-k8s-webhook-ca", + }, cm) + if err != nil { + log.Printf("FRR webhook CA ConfigMap not available yet: %v", err) + return "" + } + + caBundle, ok := cm.Data["ca-bundle.crt"] + if !ok || caBundle == "" { + log.Printf("FRR webhook CA ConfigMap does not contain ca-bundle.crt") + return "" + } + + // Base64 encode the CA bundle for the ValidatingWebhookConfiguration + encoded := base64.StdEncoding.EncodeToString([]byte(caBundle)) + log.Printf("FRR webhook CA bundle loaded and encoded successfully") + return encoded +} diff --git a/pkg/network/render_test.go b/pkg/network/render_test.go index 10f7bf41a6..b5b7f6710c 100644 --- a/pkg/network/render_test.go +++ b/pkg/network/render_test.go @@ -638,13 +638,13 @@ func Test_renderAdditionalRoutingCapabilities(t *testing.T) { }, }, }, - want: 19, + want: 21, // 19 original + 1 OperatorPKI + 1 document separator expectedErr: nil, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := renderAdditionalRoutingCapabilities(tt.args.operConf, manifestDir) + got, err := renderAdditionalRoutingCapabilities(tt.args.operConf, manifestDir, nil) if !reflect.DeepEqual(tt.expectedErr, err) { t.Errorf("renderAdditionalRoutingCapabilities() err = %v, want %v", err, tt.expectedErr) } From ba3cb37767dff493a6822ae5231934e0a2bb6bfe Mon Sep 17 00:00:00 2001 From: Riccardo Ravaioli Date: Thu, 11 Dec 2025 20:26:09 +0100 Subject: [PATCH 08/10] frr-k8s: use OperatorPKI for metrics TLS to fix bootstrap deadlock The FRR DaemonSet requires a TLS secret for kube-rbac-proxy to start. Previously this used service-ca, but service-ca is not available during bootstrap (it depends on CNI being ready first), causing a deadlock. This commit adds a second OperatorPKI for metrics certificates, so both webhook and metrics use OperatorPKI with no service-ca dependency during bootstrap. Changes: - Add frr-k8s-metrics OperatorPKI to 003-pki.yaml - Update frr-k8s.yaml to use frr-k8s-metrics-cert secret - Remove service-ca annotation from monitor.yaml Service - Use insecureSkipVerify in ServiceMonitor (Prometheus doesn't have OperatorPKI CA in its trust bundle, but TLS encryption is still active) Signed-off-by: Riccardo Ravaioli --- bindata/network/frr-k8s/003-pki.yaml | 11 ++++++++++- bindata/network/frr-k8s/frr-k8s.yaml | 2 +- bindata/network/frr-k8s/monitor.yaml | 7 ++----- pkg/network/render_test.go | 2 +- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/bindata/network/frr-k8s/003-pki.yaml b/bindata/network/frr-k8s/003-pki.yaml index 6525d05d0b..840343b578 100644 --- a/bindata/network/frr-k8s/003-pki.yaml +++ b/bindata/network/frr-k8s/003-pki.yaml @@ -1,5 +1,5 @@ # Request that the cluster network operator PKI controller -# creates certificates for the FRR-k8s webhook. +# creates certificates for the FRR-k8s webhook and metrics. # This avoids dependency on service-ca operator during bootstrap, # which is critical because the webhook must be ready before OVN-Kubernetes # starts when RouteAdvertisements are enabled. @@ -15,3 +15,12 @@ metadata: spec: targetCert: commonName: frr-k8s-webhook-service.openshift-frr-k8s.svc +--- +apiVersion: network.operator.openshift.io/v1 +kind: OperatorPKI +metadata: + name: frr-k8s-metrics + namespace: openshift-frr-k8s +spec: + targetCert: + commonName: frr-k8s-monitor-service.openshift-frr-k8s.svc diff --git a/bindata/network/frr-k8s/frr-k8s.yaml b/bindata/network/frr-k8s/frr-k8s.yaml index 1e53833448..f524e538dd 100644 --- a/bindata/network/frr-k8s/frr-k8s.yaml +++ b/bindata/network/frr-k8s/frr-k8s.yaml @@ -51,7 +51,7 @@ spec: emptyDir: {} - name: metrics-certs secret: - secretName: frr-k8s-metrics-certs + secretName: frr-k8s-metrics-cert initContainers: # Copies the initial config files with the right permissions to the shared volume. - name: cp-frr-files diff --git a/bindata/network/frr-k8s/monitor.yaml b/bindata/network/frr-k8s/monitor.yaml index 7588df2f91..383b7d67a7 100644 --- a/bindata/network/frr-k8s/monitor.yaml +++ b/bindata/network/frr-k8s/monitor.yaml @@ -8,7 +8,6 @@ metadata: name: frr-k8s-monitor-service annotations: prometheus.io/scrape: "true" - service.beta.openshift.io/serving-cert-secret-name: frr-k8s-metrics-certs spec: selector: app: frr-k8s @@ -41,15 +40,13 @@ spec: port: metricshttps scheme: https tlsConfig: - caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt - serverName: frr-k8s-monitor-service.openshift-frr-k8s.svc + insecureSkipVerify: true - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token honorLabels: true port: frrmetricshttps scheme: https tlsConfig: - caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt - serverName: frr-k8s-monitor-service.openshift-frr-k8s.svc + insecureSkipVerify: true jobLabel: app namespaceSelector: matchNames: diff --git a/pkg/network/render_test.go b/pkg/network/render_test.go index b5b7f6710c..dc6c4d3e31 100644 --- a/pkg/network/render_test.go +++ b/pkg/network/render_test.go @@ -638,7 +638,7 @@ func Test_renderAdditionalRoutingCapabilities(t *testing.T) { }, }, }, - want: 21, // 19 original + 1 OperatorPKI + 1 document separator + want: 22, // 19 original + 2 OperatorPKI (webhook + metrics) + 1 document separator expectedErr: nil, }, } From a0abdd6bed973920b4a6b912790b217bd5576f13 Mon Sep 17 00:00:00 2001 From: Riccardo Ravaioli Date: Mon, 15 Dec 2025 18:24:23 +0100 Subject: [PATCH 09/10] Fix FRR pods unable to reach Kubernetes API during bootstrap FRR pods use hostNetwork: true but were trying to reach the Kubernetes API at the service IP (172.30.0.1), which kubelet auto-injects as KUBERNETES_SERVICE_HOST. During bootstrap, this service IP is not routable because the CNI (OVN-K) is not running yet, creating a deadlock: CNO waits for FRR webhook -> FRR pods can't reach API at 172.30.0.1 -> Service IP needs CNI routing -> CNI waits for FRR -> DEADLOCK Add KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT environment variables to FRR pods, overriding the kubelet-injected values with the actual API server address (the API VIP, e.g., 192.168.111.5). Since FRR pods use hostNetwork, they can reach the API VIP directly via L2 without needing CNI routing, breaking the deadlock. This follows the pattern used by other CNO hostNetwork components (ovnkube-node, multus, sdn). Signed-off-by: Riccardo Ravaioli --- bindata/network/frr-k8s/frr-k8s.yaml | 10 +++++++++- bindata/network/frr-k8s/node-status-cleaner.yaml | 4 ++++ pkg/network/render.go | 14 ++++++++++++-- pkg/network/render_test.go | 4 ++-- 4 files changed, 27 insertions(+), 5 deletions(-) diff --git a/bindata/network/frr-k8s/frr-k8s.yaml b/bindata/network/frr-k8s/frr-k8s.yaml index f524e538dd..c20c166acc 100644 --- a/bindata/network/frr-k8s/frr-k8s.yaml +++ b/bindata/network/frr-k8s/frr-k8s.yaml @@ -100,6 +100,10 @@ spec: - --metrics-bind-address=127.0.0.1:7572 - $(LOG_LEVEL) env: + - name: KUBERNETES_SERVICE_HOST + value: "{{.KUBERNETES_SERVICE_HOST}}" + - name: KUBERNETES_SERVICE_PORT + value: "{{.KUBERNETES_SERVICE_PORT}}" - name: FRR_CONFIG_FILE value: /etc/frr_reloader/frr.conf - name: FRR_RELOADER_PID_FILE @@ -113,7 +117,7 @@ spec: configMapKeyRef: name: env-overrides key: frrk8s-loglevel - optional: true + optional: true - name: NAMESPACE valueFrom: fieldRef: @@ -259,6 +263,10 @@ spec: command: - /etc/frr_status/frr-status env: + - name: KUBERNETES_SERVICE_HOST + value: "{{.KUBERNETES_SERVICE_HOST}}" + - name: KUBERNETES_SERVICE_PORT + value: "{{.KUBERNETES_SERVICE_PORT}}" - name: NODE_NAME valueFrom: fieldRef: diff --git a/bindata/network/frr-k8s/node-status-cleaner.yaml b/bindata/network/frr-k8s/node-status-cleaner.yaml index fbfb10de96..9c67d406df 100644 --- a/bindata/network/frr-k8s/node-status-cleaner.yaml +++ b/bindata/network/frr-k8s/node-status-cleaner.yaml @@ -30,6 +30,10 @@ spec: - --frrk8s-selector=component=frr-k8s - $(LOG_LEVEL) env: + - name: KUBERNETES_SERVICE_HOST + value: "{{.KUBERNETES_SERVICE_HOST}}" + - name: KUBERNETES_SERVICE_PORT + value: "{{.KUBERNETES_SERVICE_PORT}}" - name: NAMESPACE valueFrom: fieldRef: diff --git a/pkg/network/render.go b/pkg/network/render.go index 1a26dc5ea3..eedd57a304 100644 --- a/pkg/network/render.go +++ b/pkg/network/render.go @@ -235,7 +235,7 @@ func Render(operConf *operv1.NetworkSpec, clusterConf *configv1.NetworkSpec, man } objs = append(objs, o...) - o, err = renderAdditionalRoutingCapabilities(operConf, manifestDir, client) + o, err = renderAdditionalRoutingCapabilities(operConf, manifestDir, client, bootstrapResult) if err != nil { return nil, progressing, err } @@ -1074,7 +1074,7 @@ func isSupportedDualStackPlatform(platformType configv1.PlatformType) bool { return dualStackPlatforms.Has(string(platformType)) } -func renderAdditionalRoutingCapabilities(conf *operv1.NetworkSpec, manifestDir string, client cnoclient.Client) ([]*uns.Unstructured, error) { +func renderAdditionalRoutingCapabilities(conf *operv1.NetworkSpec, manifestDir string, client cnoclient.Client, bootstrapResult *bootstrap.BootstrapResult) ([]*uns.Unstructured, error) { if conf == nil || conf.AdditionalRoutingCapabilities == nil { return nil, nil } @@ -1087,6 +1087,16 @@ func renderAdditionalRoutingCapabilities(conf *operv1.NetworkSpec, manifestDir s data.Data["KubeRBACProxyImage"] = os.Getenv("KUBE_RBAC_PROXY_IMAGE") data.Data["ReleaseVersion"] = os.Getenv("RELEASE_VERSION") + // Add Kubernetes API server host/port for hostNetwork pods. + // During bootstrap, the service IP (172.30.0.1) is not routable because + // the CNI is not yet running. These env vars allow FRR pods to connect + // to the API server directly using the actual API server address. + if bootstrapResult != nil { + apiServer := bootstrapResult.Infra.APIServers[bootstrap.APIServerDefault] + data.Data["KUBERNETES_SERVICE_HOST"] = apiServer.Host + data.Data["KUBERNETES_SERVICE_PORT"] = apiServer.Port + } + // Fetch the webhook CA bundle from the ConfigMap created by OperatorPKI caBundle := getFRRK8sWebhookCABundle(client) data.Data["FRRK8sWebhookCABundle"] = caBundle diff --git a/pkg/network/render_test.go b/pkg/network/render_test.go index dc6c4d3e31..e80746d7b9 100644 --- a/pkg/network/render_test.go +++ b/pkg/network/render_test.go @@ -638,13 +638,13 @@ func Test_renderAdditionalRoutingCapabilities(t *testing.T) { }, }, }, - want: 22, // 19 original + 2 OperatorPKI (webhook + metrics) + 1 document separator + want: 21, // 19 original + 2 OperatorPKI (webhook + metrics) expectedErr: nil, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := renderAdditionalRoutingCapabilities(tt.args.operConf, manifestDir, nil) + got, err := renderAdditionalRoutingCapabilities(tt.args.operConf, manifestDir, nil, fakeBootstrapResult()) if !reflect.DeepEqual(tt.expectedErr, err) { t.Errorf("renderAdditionalRoutingCapabilities() err = %v, want %v", err, tt.expectedErr) } From d653c928662d3b7da3fe8e8a6b23af32664d223c Mon Sep 17 00:00:00 2001 From: Riccardo Ravaioli Date: Wed, 17 Dec 2025 10:34:15 +0100 Subject: [PATCH 10/10] frr-k8s: Only render ValidatingWebhookConfiguration when CA is available The ValidatingWebhookConfiguration requires a valid caBundle to verify the webhook's TLS certificate. The caBundle comes from a ConfigMap created by the OperatorPKI controller. On the first reconcile, the OperatorPKI CR is created but the CA ConfigMap doesn't exist yet. If we render the VWC with an empty caBundle, the API server will reject all webhook calls with: x509: certificate signed by unknown authority Fix this by only rendering the VWC when the CA bundle is available. CNO will keep reconciling, and once the OperatorPKI generates the CA ConfigMap, the next reconcile will render the VWC with the correct caBundle. Signed-off-by: Riccardo Ravaioli --- bindata/network/frr-k8s/webhook.yaml | 2 ++ pkg/network/render_test.go | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/bindata/network/frr-k8s/webhook.yaml b/bindata/network/frr-k8s/webhook.yaml index 469f96736d..77e072ab2f 100644 --- a/bindata/network/frr-k8s/webhook.yaml +++ b/bindata/network/frr-k8s/webhook.yaml @@ -9,6 +9,7 @@ spec: targetPort: webhook selector: component: frr-k8s-statuscleaner +{{- if .FRRK8sWebhookCABundle }} --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration @@ -36,3 +37,4 @@ webhooks: resources: - frrconfigurations sideEffects: None +{{- end }} diff --git a/pkg/network/render_test.go b/pkg/network/render_test.go index e80746d7b9..a7105d7cf1 100644 --- a/pkg/network/render_test.go +++ b/pkg/network/render_test.go @@ -638,7 +638,8 @@ func Test_renderAdditionalRoutingCapabilities(t *testing.T) { }, }, }, - want: 21, // 19 original + 2 OperatorPKI (webhook + metrics) + // 19 original + 2 OperatorPKI (webhook + metrics) - 1 VWC (not rendered without CA bundle) + want: 20, expectedErr: nil, }, }